Use nginx-unprivileged image; fix exposed port (#436) #510
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deploy Next.js site to Pages | |
on: | |
push: | |
branches: ["main"] | |
workflow_dispatch: | |
permissions: | |
contents: read | |
pages: write | |
id-token: write | |
concurrency: | |
group: "pages" | |
cancel-in-progress: true | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Setup Node | |
uses: actions/setup-node@v4 | |
with: | |
node-version: "20" | |
- uses: pnpm/action-setup@v4 | |
name: Install pnpm | |
with: | |
version: 9.1.4 | |
run_install: false | |
- name: Get pnpm store directory | |
shell: bash | |
run: | | |
echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV | |
- uses: actions/cache@v4 | |
name: Setup pnpm cache | |
with: | |
path: ${{ env.STORE_PATH }} | |
key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }} | |
restore-keys: | | |
${{ runner.os }}-pnpm-store- | |
- name: Setup Pages | |
uses: actions/configure-pages@v4 | |
with: | |
static_site_generator: next | |
- name: Restore cache | |
uses: actions/cache@v4 | |
with: | |
path: | | |
.next/cache | |
key: ${{ runner.os }}-nextjs-${{ hashFiles('**/package-lock.json', '**/pnpm-lock.yaml') }}-${{ hashFiles('**.[jt]s', '**.[jt]sx') }} | |
restore-keys: | | |
${{ runner.os }}-nextjs-${{ hashFiles('**/package-lock.json', '**/pnpm-lock.yaml') }}- | |
- name: Install dependencies | |
run: pnpm install | |
- name: Build with Next.js | |
run: pnpm next build | |
- name: Upload Build Artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: build-files | |
path: ./out/_next/static/chunks | |
- name: Upload artifact | |
uses: actions/upload-pages-artifact@v3 | |
with: | |
path: './out' | |
# Sentry job | |
sentry: | |
needs: build | |
runs-on: ubuntu-latest | |
env: | |
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
SENTRY_ORG: ${{ secrets.SENTRY_ORG }} | |
SENTRY_PROJECT: ${{ secrets.SENTRY_PROJECT }} | |
SENTRY_RELEASE: ${{ github.sha }} | |
SENTRY_SOURCEMAP_PATH: "./" | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- uses: actions/download-artifact@v4.1.7 | |
with: | |
name: build-files | |
- name: Download sentry-cli | |
run: curl -sL https://sentry.io/get-cli/ | SENTRY_CLI_VERSION="2.20.0" sh | |
- name: Create Release | |
run: sentry-cli releases new $SENTRY_RELEASE | |
- name: Inject Debug IDs to source files | |
run: sentry-cli sourcemaps inject $SENTRY_SOURCEMAP_PATH | |
- name: Upload Source Files | |
run: sentry-cli sourcemaps upload --validate -r=$SENTRY_RELEASE $SENTRY_SOURCEMAP_PATH | |
- name: Set Release Commits | |
run: sentry-cli releases set-commits $SENTRY_RELEASE --auto | |
- name: Deploy to Sentry | |
run: sentry-cli releases deploys $SENTRY_RELEASE new -e production | |
- name: Finalize Sentry Release | |
run: sentry-cli releases finalize $SENTRY_RELEASE | |
# Deployment job | |
deploy: | |
environment: | |
name: github-pages | |
url: ${{ steps.deployment.outputs.page_url }} | |
runs-on: ubuntu-latest | |
needs: build | |
steps: | |
- name: Deploy to GitHub Pages | |
id: deployment | |
uses: actions/deploy-pages@v4 | |