From 058f1fafdf4fb82b9ab4fe24d4d5df5ea024e5a2 Mon Sep 17 00:00:00 2001 From: Matt McKay Date: Wed, 25 Mar 2026 14:45:22 +1100 Subject: [PATCH 1/2] Migrate to native GitHub Pages deployment (no gh-pages branch) - Replace peaceiris/actions-gh-pages@v4 with native actions/deploy-pages@v4 - Add required permissions (pages: write, id-token: write) and environment - Add concurrency group to prevent deployment conflicts - Update linkcheck.yml to download Pages artifact instead of checking out gh-pages - Enables future deletion of gh-pages branch to reclaim ~300MB repo space Closes #419 --- .github/workflows/linkcheck.yml | 16 +++++++++++----- .github/workflows/publish.yml | 28 +++++++++++++++++++++++----- 2 files changed, 34 insertions(+), 10 deletions(-) diff --git a/.github/workflows/linkcheck.yml b/.github/workflows/linkcheck.yml index 69048996..6efc75e9 100644 --- a/.github/workflows/linkcheck.yml +++ b/.github/workflows/linkcheck.yml @@ -11,15 +11,21 @@ jobs: permissions: issues: write # required for QuantEcon link-checker steps: - # Checkout the live site (html) - - name: Checkout - uses: actions/checkout@v6 + # Download the latest deployed site artifact + - name: Download latest Pages artifact + uses: dawidd6/action-download-artifact@v19 with: - ref: gh-pages + workflow: publish.yml + name: github-pages + path: _site_artifact + - name: Extract Pages artifact + run: | + mkdir -p _site + tar -xf _site_artifact/artifact.tar -C _site - name: AI-Powered Link Checker uses: QuantEcon/action-link-checker@main with: - html-path: '.' # gh-pages live html + html-path: '_site' fail-on-broken: 'false' silent-codes: '403,503' ai-suggestions: 'true' diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 662ab9fd..8f6a74e4 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -3,10 +3,23 @@ on: push: tags: - 'publish*' + +permissions: + contents: write + pages: write + id-token: write + +concurrency: + group: "pages" + cancel-in-progress: false + jobs: publish: if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags') runs-on: "runs-on=${{ github.run_id }}/family=g4dn.2xlarge/image=quantecon_ubuntu2404/disk=large" + environment: + name: github-pages + url: ${{ steps.deployment.outputs.page_url }} steps: - name: Checkout uses: actions/checkout@v6 @@ -113,12 +126,17 @@ jobs: html-manifest.json env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: Deploy website to gh-pages - uses: peaceiris/actions-gh-pages@v4 + - name: Add CNAME for custom domain + run: echo "python-programming.quantecon.org" > _build/html/CNAME + - name: Setup Pages + uses: actions/configure-pages@v5 + - name: Upload Pages artifact + uses: actions/upload-pages-artifact@v3 with: - github_token: ${{ secrets.GITHUB_TOKEN }} - publish_dir: _build/html/ - cname: python-programming.quantecon.org + path: _build/html/ + - name: Deploy to GitHub Pages + id: deployment + uses: actions/deploy-pages@v4 - name: Prepare lecture-python-programming.notebooks sync shell: bash -l {0} run: | From 2578001a668f4bbc3e3252595e1b345a0896ebf4 Mon Sep 17 00:00:00 2001 From: Matt McKay Date: Wed, 25 Mar 2026 15:10:04 +1100 Subject: [PATCH 2/2] Address Copilot review: add actions:read permission, use release assets for linkcheck - Add actions: read permission to publish.yml (needed by dawidd6/action-download-artifact) - Switch linkcheck.yml from expiring Pages artifact to permanent release asset (tar.gz) - Eliminates dependency on artifact retention window for link checking --- .github/workflows/linkcheck.yml | 20 +++++++++++--------- .github/workflows/publish.yml | 1 + 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/.github/workflows/linkcheck.yml b/.github/workflows/linkcheck.yml index 6efc75e9..22022eb9 100644 --- a/.github/workflows/linkcheck.yml +++ b/.github/workflows/linkcheck.yml @@ -11,17 +11,19 @@ jobs: permissions: issues: write # required for QuantEcon link-checker steps: - # Download the latest deployed site artifact - - name: Download latest Pages artifact - uses: dawidd6/action-download-artifact@v19 - with: - workflow: publish.yml - name: github-pages - path: _site_artifact - - name: Extract Pages artifact + # Download the latest release HTML archive (permanent, not subject to artifact expiry) + - name: Get latest release asset URL + id: release + env: + GH_TOKEN: ${{ github.token }} + run: | + ASSET_URL=$(gh api repos/${{ github.repository }}/releases/latest \ + --jq '.assets[] | select(.name | endswith(".tar.gz")) | .browser_download_url') + echo "asset-url=$ASSET_URL" >> $GITHUB_OUTPUT + - name: Download and extract release HTML run: | mkdir -p _site - tar -xf _site_artifact/artifact.tar -C _site + curl -sL "${{ steps.release.outputs.asset-url }}" | tar -xz -C _site - name: AI-Powered Link Checker uses: QuantEcon/action-link-checker@main with: diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 8f6a74e4..06abe7ca 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -6,6 +6,7 @@ on: permissions: contents: write + actions: read pages: write id-token: write