1010 push :
1111 branches :
1212 - main
13- pull_request_target :
13+ pull_request :
1414 branches :
1515 - main
16- types :
17- - labeled
1816 merge_group :
19- workflow_dispatch :
2017
2118defaults :
2219 run :
3330
3431jobs :
3532 build :
36- # This Job should run either on non-`pull_request_target` events,
37- # or `pull_request_target` event with a `labeled` action with a label named `github_actions:pull-request`
38- # since we want to run Website Builds on all these occasions. As this allows us to be certain the that builds are passing
39- if : github.event_name != 'pull_request_target' || github.event.label.name == 'github_actions:pull-request'
40-
4133 name : Build on ${{ matrix.os }}
4234 runs-on : ${{ matrix.os }}
4335
4840
4941 steps :
5042 - name : Harden Runner
51- uses : step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
43+ uses : step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
5244 with :
5345 egress-policy : audit
5446
5951 run : echo C:\Program Files\Git\usr\bin>>"%GITHUB_PATH%"
6052
6153 - name : Git Checkout
62- uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
63- with :
64- # Provides the Pull Request commit SHA or the GitHub merge group ref
65- ref : ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.sha || github.ref }}
66- # We only need to fetch the last commit from the head_ref
67- # since we're not using the `--filter` operation from turborepo
68- # We don't use the `--filter` as we always want to force builds regardless of having changes or not
69- # this ensures that our bundle analysis script always runs and that we always ensure next.js is building
70- # regardless of having code changes or not
71- fetch-depth : 1
54+ uses : actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
7255
73- - uses : actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
56+ - uses : actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
7457 with :
7558 path : ${{ github.workspace }}/apps/site/.next/cache
7659 key : ${{ runner.os }}-nextjs-${{ hashFiles('**/pnpm-lock.yaml') }}-${{ hashFiles('**/*.js', '**/*.jsx', '**/*.ts', '**/*.tsx') }}
@@ -90,59 +73,13 @@ jobs:
9073 # We only want to install required production packages
9174 run : pnpm install --prod --frozen-lockfile
9275
93- - name : Build Next.js (ISR)
76+ - name : Build Next.js
9477 # We want a ISR build on CI to ensure that regular Next.js builds work as expected.
9578 run : node_modules/.bin/turbo build ${{ env.TURBO_ARGS }}
9679 env :
9780 # We want to ensure we have enough RAM allocated to the Node.js process
9881 # this should be a last resort in case by any chances the build memory gets too high
9982 # but in general this should never happen
10083 NODE_OPTIONS : ' --max_old_space_size=4096'
101- # Used for API requests that require GitHub API scopes
102- NEXT_GITHUB_API_KEY : ${{ secrets.GITHUB_TOKEN }}
103-
104- - name : Build Next.js (Static All Locales)
105- # We only run full static builds within Pull Requests. This step is also used to export
106- # static output in all languages, and it only works on `push` events.
107- if : github.event_name == 'push'
108- run : node_modules/.bin/turbo deploy ${{ env.TURBO_ARGS }}
109- env :
110- # We want to ensure we have enough RAM allocated to the Node.js process
111- # this should be a last resort in case by any chances the build memory gets too high
112- # but in general this should never happen
113- NODE_OPTIONS : ' --max_old_space_size=4096'
114- # Used for API requests that require GitHub API scopes
115- NEXT_GITHUB_API_KEY : ${{ secrets.GITHUB_TOKEN }}
116- # We want to ensure that static exports for all locales are triggered only on `push` events to save resources
117- # and time.
118- NEXT_PUBLIC_STATIC_EXPORT_LOCALE : true
119-
120- - name : Build Next.js (Static Default Locale)
121- # We want to generate static output in the default language within Pull Requests
122- # in order to reduce source wastages and build times.
123- # Note that we skip full static builds on Crowdin-based Pull Requests as these PRs should only contain translation changes
124- if : |
125- (github.event_name == 'pull_request_target' &&
126- github.event.pull_request.head.ref != 'chore/crowdin')
127- run : node_modules/.bin/turbo deploy ${{ env.TURBO_ARGS }}
128- env :
129- # We want to ensure we have enough RAM allocated to the Node.js process
130- # this should be a last resort in case by any chances the build memory gets too high
131- # but in general this should never happen
132- NODE_OPTIONS : ' --max_old_space_size=4096'
133- # Used for API requests that require GitHub API scopes
134- NEXT_GITHUB_API_KEY : ${{ secrets.GITHUB_TOKEN }}
135- # We want to ensure that static exports for all locales do not occur on `pull_request_target` events
136- NEXT_PUBLIC_STATIC_EXPORT_LOCALE : false
137-
138- - name : Sync Orama Cloud
139- # We only want to sync the Orama Cloud production indexes on `push` events.
140- # We also want to sync the Orama Cloud preview (deployment) indexes on `pull_request_target` events (or manual triggers).
141- # We also want to ensure that the sync only happens on the `ubuntu-latest` runner to avoid duplicate syncs
142- # or Windows-based path issues.
143- env :
144- ORAMA_INDEX_ID : ${{ github.event_name == 'push' && secrets.ORAMA_PRODUCTION_INDEX_ID || secrets.ORAMA_INDEX_ID }}
145- ORAMA_SECRET_KEY : ${{ github.event_name == 'push' && secrets.ORAMA_PRODUCTION_SECRET_KEY || secrets.ORAMA_SECRET_KEY }}
146- if : matrix.os == 'ubuntu-latest' && github.event_name != 'merge_group'
147- working-directory : apps/site
148- run : node --run sync-orama
84+ # We want to ensure that static exports for all locales do not occur on `pull_request` events
85+ NEXT_PUBLIC_STATIC_EXPORT_LOCALE : ${{ github.event_name == 'push' }}
0 commit comments