GHA security cleanup #4975
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build Docs | |
# We don't want pushes (or PRs) to gh-pages to kick anything off | |
on: | |
push: | |
branches: | |
- main | |
- '[0-9]+.[0-9]+.x' | |
tags: | |
- v[0-9]+.[0-9]+.[0-9]+ | |
pull_request: | |
concurrency: | |
group: ${{ github.workflow}}-${{ github.head_ref }} | |
cancel-in-progress: true | |
jobs: | |
# | |
# Build our docs on Linux against multiple Pythons | |
# | |
Docs: | |
name: "Linux ${{ matrix.python-version }}" | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
python-version: ['3.10', 3.11, 3.12] | |
check-links: [false] | |
include: | |
- python-version: 3.13 | |
check-links: true | |
outputs: | |
doc-version: ${{ steps.build-docs.outputs.doc-version }} | |
steps: | |
- name: Checkout source | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 150 | |
fetch-tags: true | |
persist-credentials: false | |
- name: Install using PyPI | |
uses: ./.github/actions/install-pypi | |
with: | |
type: 'doc' | |
python-version: ${{ matrix.python-version }} | |
need-extras: true | |
need-cartopy: true | |
- name: Build docs | |
id: build-docs | |
uses: ./.github/actions/build-docs | |
with: | |
run-linkchecker: ${{ github.event_name == 'pull_request' && matrix.check-links == true }} | |
key: ${{ runner.os }}-${{ matrix.python-version }} | |
Deploy: | |
if: ${{ github.event_name != 'pull_request' }} | |
needs: Docs | |
environment: | |
name: github-pages | |
runs-on: ubuntu-latest | |
env: | |
DOC_VERSION: dev | |
permissions: | |
contents: write | |
steps: | |
- name: Download doc build | |
uses: actions/download-artifact@v4 | |
with: | |
name: Linux-3.13-docs | |
path: ./docs/build/html | |
# This overrides the version "dev" with the proper version if we're building off a | |
# branch that's not main (which is confined to n.nn.x above) or on a tag. | |
- name: Set doc version | |
if: ${{ github.event_name != 'push' || !contains(github.ref, 'main') }} | |
run: echo "DOC_VERSION=v${{ needs.Docs.outputs.doc-version }}" >> $GITHUB_ENV | |
- name: Upload to GitHub Pages | |
uses: peaceiris/actions-gh-pages@v4 | |
with: | |
deploy_key: ${{ secrets.GHPAGES_DEPLOY_KEY }} | |
publish_dir: ./docs/build/html | |
exclude_assets: '.buildinfo,_static/jquery-*.js,_static/underscore-*.js' | |
destination_dir: ./${{ env.DOC_VERSION }} | |
keep_files: false | |
full_commit_message: Deploy ${{ env.DOC_VERSION }} to GitHub Pages |