Skip to content

Commit 67f80d9

Browse files
peaceirispeaceiris
committed
docs: add Release Strategy
1 parent 0051bc9 commit 67f80d9

File tree

1 file changed

+44
-0
lines changed

1 file changed

+44
-0
lines changed

README.md

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -111,6 +111,7 @@ Note that the `GITHUB_TOKEN` that is created by the runner might not inherently
111111
- [⭐️ First Deployment with `GITHUB_TOKEN`](#%EF%B8%8F-first-deployment-with-github_token)
112112
- [⭐️ Use the latest and specific release](#%EF%B8%8F-use-the-latest-and-specific-release)
113113
- [⭐️ Schedule and Manual Deployment](#%EF%B8%8F-schedule-and-manual-deployment)
114+
- [⭐️ Release Strategy](#%EF%B8%8F-release-strategy)
114115
- [Examples](#examples)
115116
- [⭐️ Static Site Generators with Node.js](#%EF%B8%8F-static-site-generators-with-nodejs)
116117
- [⭐️ Gatsby](#%EF%B8%8F-gatsby)
@@ -649,6 +650,49 @@ jobs:
649650
...
650651
```
651652

653+
### ⭐️ Release Strategy
654+
655+
cf. [support: execution from hashref disabled/broken vs GitHub Actions Security Best Practice? · Issue #712 · peaceiris/actions-gh-pages](https://github.com/peaceiris/actions-gh-pages/issues/712)
656+
657+
Our project builds and provides build assets only when creating a release. This is to prevent the user from executing this action with a specific branch (like main). For example, if we maintain build assets in the main branch and users use this action as follows, a major release including breaking changes will break the CI workflow of the users silently.
658+
659+
```yaml
660+
- uses: peaceiris/actions-gh-pages@main # Bad example!
661+
with:
662+
github_token: ${{ secrets.GITHUB_TOKEN }}
663+
publish_dir: ./public
664+
```
665+
666+
In this project, a major tag (e.g. v3) is guaranteed to contain no breaking changes. But, we recommend using a tag or a commit hash for the stability of your workflows.
667+
668+
```yaml
669+
- uses: peaceiris/[email protected] # tag: Better
670+
with:
671+
github_token: ${{ secrets.GITHUB_TOKEN }}
672+
publish_dir: ./public
673+
```
674+
675+
```yaml
676+
- uses: peaceiris/actions-gh-pages@373f7f263a76c20808c831209c920827a82a2847 # commit hash of v3.9.3: Best!
677+
with:
678+
github_token: ${{ secrets.GITHUB_TOKEN }}
679+
publish_dir: ./public
680+
```
681+
682+
For verifying the release asset, we can use the following commands.
683+
684+
```sh
685+
git clone https://github.com/peaceiris/actions-gh-pages.git
686+
cd ./actions-gh-pages
687+
git checkout v3.9.3
688+
nvm install
689+
nvm use
690+
npm i -g npm
691+
npm ci
692+
npm run build
693+
git diff ./lib/index.js # We will get zero exit code
694+
```
695+
652696
<div align="right">
653697
<a href="#table-of-contents">Back to TOC ☝️</a>
654698
</div>

0 commit comments

Comments
 (0)