为保护源码私密性,同时白嫖公共仓库的 github pages,本博客自 23 年底采用用私有源码构建后产物公开部署的方法。 由下述 github workflow 实现:
yml
name: Deploy
on:
workflow_dispatch: {}
push:
branches:
- master
jobs:
deploy:
runs-on: ubuntu-latest
# permissions:
# pages: write
# id-token: write
# environment:
# name: github-pages
# url: ${{ steps.deployment.outputs.page_url }}
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Install Node.js
uses: actions/setup-node@v3
with:
node-version: 18
- name: Install pnpm
uses: pnpm/action-setup@v2
id: pnpm-install
with:
version: latest
run_install: false
- name: Get pnpm store directory
id: pnpm-cache
shell: bash
run: |
echo "STORE_PATH=$(pnpm store path)" >> $GITHUB_OUTPUT
- uses: actions/cache@v3
name: Setup pnpm cache
with:
path: ${{ steps.pnpm-cache.outputs.STORE_PATH }}
key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
restore-keys: |
${{ runner.os }}-pnpm-store-
- name: Install dependencies
run: pnpm install
- name: Build
run: pnpm build
# - uses: actions/configure-pages@v2
# - uses: actions/upload-pages-artifact@v1
# with:
# path: .vitepress/dist
# - name: Deploy
# id: deployment
# uses: actions/deploy-pages@v1
# 关键步骤:利用这个 action 将生成的文档 push 到指定仓库
- name: push to public repo
uses: peaceiris/actions-gh-pages@v3
with:
# Personal Access Token 下面讲
personal_token: ${{ secrets.PUBLISH_BLOG }}
# 指定 push 的仓库
external_repository: alephpi/alephpi.github.io
# 指定 push 的分支
publish_branch: main
# push 的目录
publish_dir: .vitepress/dist
# 是否只保留最新的提交记录
force_orphan: true其中,由于涉及到跨仓库访问,因而需要给私有仓库一个推送到公共仓库的权限,这里指定personal_token为 Develeper 中的 Personal access tokens 。这里可以生成一个 fine-grained token 只分配给 alephpi.github.io 的推送权限,然后将其保存在私有仓库的 Settings->Secrets and Variables->Actions->Repository Secrets->PUBLISH_BLOGS 中。