Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use new GitHub pages workflow #4000

Merged
merged 1 commit into from
Jul 7, 2023
Merged

Use new GitHub pages workflow #4000

merged 1 commit into from
Jul 7, 2023

Conversation

FossPrime
Copy link
Contributor

@FossPrime FossPrime commented Jun 5, 2023

The new one allows you to specify GITHUB_TOKEN permissions in the workflows file... which means forkers don't need to dig through GUI settings to get it working. It also doesn't require a second noisy branch to function, and can help reduce package size for large repos. An 800MB repo doesn't sound like a lot, but thats before Yarn and Playwright have a go at your poor computer, also my 16GB computer has been screaming at me about RAM usage, not sure if that had something to do with it.

P.S. I was working on something far more exciting... this is just to test the waters.

Also, I was surprised to see so many samples, good ones, that aren't exposed on the website.

proof that it works:
https://github.com/FossPrime/monaco-editor/actions/runs/5166983110

@FossPrime
Copy link
Contributor Author

@microsoft-github-policy-service agree

permissions:
contents: read
pages: write
id-token: write
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is this permission needed for?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

GitHub pages needs it internally to write to the pages container registry.
https://github.com/actions/deploy-pages/blob/b580d214b4e13b2a70d0e04376a86ed862ebb558/README.md?plain=1#L31

The Id token allows it to use JWTs internally, somehow it's more secure according to them. It's quite a bit more secure and convenient than what's currently there, as to make it work currently you have to blanket grant all actions write access in GitHub settings's GUI, just for pages to work via the old commit to a branch method.

The old code made all workflows have write access to all code and pages. The new. Odd gives write access to pages for one workflow, while keeping all other ones read-only.

@hediet
Copy link
Member

hediet commented Jun 5, 2023

Thanks for the PR!

@hediet hediet added this to the July 2023 milestone Jul 7, 2023
@hediet hediet merged commit b79687e into microsoft:main Jul 7, 2023
@FossPrime
Copy link
Contributor Author

FossPrime commented Jul 7, 2023

@hediet in GitHub pages settings you'll have to switch the deployment from "branch deployment" to CI deployment.

This is in regards to the HttpError: Invalid deployment branch error on the deploy pages manual action.

@github-actions github-actions bot locked and limited conversation to collaborators Aug 21, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants