feat!: build and publish Zensical docs to Pages on release#23
Conversation
Add a `docs` job to the reusable release workflow that rebuilds the Zensical site (`uv run zensical build`) and deploys ./site to GitHub Pages whenever a release is cut and a zensical.toml exists at the repo root. Detection mirrors the .goreleaser.yaml path (a hashFiles output on the release-please job); the job only needs release-please, not goreleaser, so a repo can ship binaries and publish docs from one release. Same trusted-trigger allowlist as goreleaser, since it checks out a computed ref and runs the repo's locked deps. This folds in the per-repo inline docs job that consumers (dotty, bitwise-media-group.github.io) were duplicating. BREAKING CHANGE: callers must now grant `pages: write`. GitHub resolves a reusable workflow's permissions as the union of every job and ignores `if:`, so the docs job's pages:write is required even on repos without a zensical.toml or the run fails at startup. Add `pages: write` to the caller's permissions block (see examples/release.yaml). Consuming repos should also delete their inline docs job and set Settings -> Pages -> Source -> GitHub Actions. Signed-off-by: Deavon M. McCaffery <dmccaffery@users.noreply.github.com>
release.yaml now declares a docs job that requires pages:write; GitHub unions a reusable workflow's job permissions and ignores `if:`, so the dogfood caller must grant it even though this repo has no zensical.toml and the docs job is skipped. Signed-off-by: Deavon M. McCaffery <dmccaffery@users.noreply.github.com>
|
/auto-merge |
|
Note Merging this PR: this repository merges by fast-forward so every The branch must be up to date with |
|
Note Auto-merge armed. Once this PR is approved and every required check Remove the |
|
Cannot
|
|
Cannot
|
|
Cannot
|
|
Fast-forwarded |
00914ff
into
bitwise-media-group:main
Add a
docsjob to the reusable release workflow that rebuilds the Zensicalsite (
uv run zensical build) and deploys ./site to GitHub Pages whenever arelease is cut and a zensical.toml exists at the repo root. Detection mirrors
the .goreleaser.yaml path (a hashFiles output on the release-please job); the
job only needs release-please, not goreleaser, so a repo can ship binaries and
publish docs from one release. Same trusted-trigger allowlist as goreleaser,
since it checks out a computed ref and runs the repo's locked deps.
This folds in the per-repo inline docs job that consumers (dotty,
bitwise-media-group.github.io) were duplicating.
BREAKING CHANGE: callers must now grant
pages: write. GitHub resolves areusable workflow's permissions as the union of every job and ignores
if:,so the docs job's pages:write is required even on repos without a
zensical.toml or the run fails at startup. Add
pages: writeto the caller'spermissions block (see examples/release.yaml). Consuming repos should also
delete their inline docs job and set Settings -> Pages -> Source -> GitHub
Actions.
Signed-off-by: Deavon M. McCaffery dmccaffery@users.noreply.github.com