Content Sync #12
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Content Sync | |
| on: | |
| schedule: | |
| - cron: "0 6 * * *" | |
| workflow_dispatch: | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| jobs: | |
| # Job 1: Always trigger a Vercel rebuild. | |
| # Whitelisted repos are ingested fresh at build time via the prebuild script. | |
| deploy: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Trigger Vercel deploy | |
| run: | | |
| if [ -z "${{ secrets.VERCEL_DEPLOY_HOOK }}" ]; then | |
| echo "::warning::VERCEL_DEPLOY_HOOK secret not set. Skipping deploy." | |
| exit 0 | |
| fi | |
| curl -s -X POST "${{ secrets.VERCEL_DEPLOY_HOOK }}" | |
| echo "Vercel deploy triggered." | |
| # Job 2: Check untrusted repos for content changes. | |
| # Runs ingestion with --all, diffs against committed content. | |
| # If untrusted content changed, opens a draft PR for review. | |
| check-untrusted: | |
| runs-on: ubuntu-latest | |
| env: | |
| FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: pnpm/action-setup@v4 | |
| with: | |
| version: 9 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22 | |
| cache: pnpm | |
| - run: pnpm install | |
| - name: Run full ingestion | |
| run: pnpm tsx scripts/ingest.ts --all | |
| - name: Check for untrusted content changes | |
| id: diff | |
| run: | | |
| git add content/ | |
| if git diff --cached --quiet content/; then | |
| echo "No untrusted content changes detected." | |
| echo "has_changes=false" >> "$GITHUB_OUTPUT" | |
| else | |
| echo "Untrusted content changes detected:" | |
| git diff --cached --stat content/ | tail -5 | |
| echo "has_changes=true" >> "$GITHUB_OUTPUT" | |
| fi | |
| - name: Create PR for untrusted content updates | |
| if: steps.diff.outputs.has_changes == 'true' | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| BRANCH="content-sync/$(date +%Y-%m-%d-%H%M%S)" | |
| git config user.name "github-actions[bot]" | |
| git config user.email "github-actions[bot]@users.noreply.github.com" | |
| # Delete stale remote branch if it exists | |
| git push origin --delete "content-sync/$(date +%Y-%m-%d)" 2>/dev/null || true | |
| git checkout -b "$BRANCH" | |
| git add content/ | |
| git commit -m "content: update untrusted courses from upstream gittorial repos" | |
| git push origin "$BRANCH" | |
| gh pr create \ | |
| --base master \ | |
| --head "$BRANCH" \ | |
| --title "content: upstream course updates ($(date +%Y-%m-%d))" \ | |
| --body "Automated content sync detected changes in untrusted course repos. | |
| Please review the diff to ensure the content is correct before merging. | |
| Triggered by the daily content sync workflow." |