Summary
Migrated the website deployment pipeline from a brittle cross-repo git push setup to a modern GitHub-native Pages deployment, and tightened the trigger semantics so the live site always matches a real release.
Motivation
Previous setup had several pain points:
- Cross-repo deploy: Build ran in
Spectara/Revela, output was force-pushed to a separate Spectara/Revela.Website repo via PAT (WEBSITE_DEPLOY_TOKEN).
- PAT-based auth: Long-lived token with write access to a separate repo. Originally used because
actions/deploy-pages was unstable when this was set up.
- Trigger drift: Deploy ran on
push: main for samples/revela-website/** AND after Release. Could publish website content describing features that weren't in the latest released binary yet.
- No deployment history:
git push -f overwrites everything; no rollback story beyond git revert.
Changes
Phase 1 — Trigger cleanup (#63)
- Removed
push: trigger on samples/revela-website/**
- Website is now deployed only after a successful Release workflow run, or manually via
workflow_dispatch
- Added "Deploy Website" to the workflows README table (was missing)
Rationale: the live site should always match the latest release users can actually download. Local preview via dotnet run --project src/Cli -- generate all is sufficient for content iteration, and avoids drift between deployed website content and the binary it describes.
Phase 2 — Pages-action migration (#64)
- Replaced
git push -f to Spectara/Revela.Website with actions/upload-pages-artifact + actions/deploy-pages@v5
- Pages source for
Spectara/Revela set to "GitHub Actions"
- Custom domain
revela.website re-claimed (Apex A/AAAA + www CNAME → spectara.github.io)
- OIDC authentication; PAT removed
- Concurrency group renamed to
pages (Pages backend convention) with cancel-in-progress: false
- Verify step fails the workflow if
CNAME or .nojekyll ever go missing from the build output (would otherwise drop the custom domain)
- Environment protection rule on
github-pages: only main branch may deploy
Spectara/Revela.Website repo deleted (was empty: 0 stars, 0 forks, 0 issues)
Result
| Aspect |
Before |
After |
| Repos |
2 |
1 |
| Auth |
PAT (WEBSITE_DEPLOY_TOKEN) |
OIDC |
| Deploy mechanism |
git push -f |
actions/deploy-pages@v5 |
| Triggers |
Push + Release + manual |
Release + manual |
| Deployment history |
None |
Native Pages UI with one-click rollback |
| Branch protection |
None |
Only main may deploy |
| HEAD vs. release drift |
Possible |
Impossible (live = last release) |
Verification
- Manual
workflow_dispatch ran successfully (workflow run 25282279323)
https://revela.website returns HTTP 200 served by GitHub Pages with HTTPS enforced
Follow-ups
Tracked in repo memory, will revisit when relevant:
- At 1.0 release: flip
release-downloader's preRelease: true to latest: true so the live site only follows production-grade releases
- PR previews:
actions/deploy-pages has an alpha preview input — re-evaluate for staging/PR previews when it goes public
- Optional: add
www.revela.website if we ever want the www-redirect (DNS already in place, just needs to point CNAME at spectara.github.io instead of the apex)
Summary
Migrated the website deployment pipeline from a brittle cross-repo
git pushsetup to a modern GitHub-native Pages deployment, and tightened the trigger semantics so the live site always matches a real release.Motivation
Previous setup had several pain points:
Spectara/Revela, output was force-pushed to a separateSpectara/Revela.Websiterepo via PAT (WEBSITE_DEPLOY_TOKEN).actions/deploy-pageswas unstable when this was set up.push: mainforsamples/revela-website/**AND after Release. Could publish website content describing features that weren't in the latest released binary yet.git push -foverwrites everything; no rollback story beyondgit revert.Changes
Phase 1 — Trigger cleanup (#63)
push:trigger onsamples/revela-website/**workflow_dispatchRationale: the live site should always match the latest release users can actually download. Local preview via
dotnet run --project src/Cli -- generate allis sufficient for content iteration, and avoids drift between deployed website content and the binary it describes.Phase 2 — Pages-action migration (#64)
git push -ftoSpectara/Revela.Websitewithactions/upload-pages-artifact+actions/deploy-pages@v5Spectara/Revelaset to "GitHub Actions"revela.websitere-claimed (Apex A/AAAA +wwwCNAME →spectara.github.io)pages(Pages backend convention) withcancel-in-progress: falseCNAMEor.nojekyllever go missing from the build output (would otherwise drop the custom domain)github-pages: onlymainbranch may deploySpectara/Revela.Websiterepo deleted (was empty: 0 stars, 0 forks, 0 issues)Result
WEBSITE_DEPLOY_TOKEN)git push -factions/deploy-pages@v5mainmay deployVerification
workflow_dispatchran successfully (workflow run 25282279323)https://revela.websitereturns HTTP 200 served by GitHub Pages with HTTPS enforcedFollow-ups
Tracked in repo memory, will revisit when relevant:
release-downloader'spreRelease: truetolatest: trueso the live site only follows production-grade releasesactions/deploy-pageshas an alphapreviewinput — re-evaluate for staging/PR previews when it goes publicwww.revela.websiteif we ever want the www-redirect (DNS already in place, just needs to point CNAME atspectara.github.ioinstead of the apex)