MAINT - CI improvements (security and maintenance) #8
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This workflow is checks that the documentation can be built across multiple OSes, Python, and Sphinx versions. | |
# It also checks for broken links in the documentation and runs Lighthouse audits on the built site. | |
name: docs-checks | |
# Concurrency group that uses the workflow name and PR number if available | |
# or commit SHA as a fallback. If a new build is triggered under that | |
# concurrency group while a previous build is running it will be canceled. | |
# Repeated pushes to a PR will cancel all previous builds, while multiple | |
# merges to main will not cancel. | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} | |
cancel-in-progress: true | |
env: | |
FORCE_COLOR: "1" # Make tools pretty | |
DEFAULT_PYTHON_VERSION: "3.12" # keep in sync with tox.ini | |
PIP_DISABLE_PIP_VERSION_CHECK: "1" # Don't check for pip updates | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
branches: | |
- "*" | |
# allows this to be used as a composite action in other workflows | |
workflow_call: | |
# allow manual triggering of the workflow, while debugging | |
workflow_dispatch: | |
jobs: | |
# Build our docs (PST) on major OSes and check for warnings | |
build-site: | |
name: "build PST docs" | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [ubuntu-latest, macos-latest, windows-latest] | |
python-version: ["3.12", "3.13"] | |
include: | |
# oldest Python version with the oldest Sphinx version | |
- os: ubuntu-latest | |
python-version: "3.9" | |
sphinx-version: "6.1" | |
runs-on: ${{ matrix.os }} | |
steps: | |
- name: "Checkout repository 🛎" | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
with: | |
persist-credentials: false | |
- name: "Setup CI environment 🛠" | |
uses: pydata/pydata-sphinx-theme/.github/actions/set-dev-env@01731d0cc57768b9eff1c97f38909932ecd7e7d1 | |
with: | |
python-version: ${{ matrix.python-version }} | |
pandoc: true | |
graphviz: true | |
- name: "Build docs and check for warnings 📖" | |
shell: bash | |
run: | | |
# check if there is a specific Sphinx version to build with | |
# example substitution: tox run -e py39-sphinx61-docs | |
if [ -n "${{matrix.sphinx-version}}" ]; then | |
python -Im tox run -e py$(echo ${{ matrix.python-version }} | tr -d .)-sphinx$(echo ${{ matrix.sphinx-version }} | tr -d .)-docs | |
# build with the default Sphinx version | |
# example substitution: tox run -e py312-docs | |
else | |
python -Im tox run -e py$(echo ${{ matrix.python-version }} | tr -d .)-docs | |
fi | |
# Run Lighthouse audits on the built site (kitchen-sink only) | |
lighthouse-audit: | |
needs: build-site | |
runs-on: ubuntu-latest | |
steps: | |
- name: "Checkout repository 🛎" | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
with: | |
persist-credentials: false | |
- name: "Setup CI environment 🛠" | |
uses: pydata/pydata-sphinx-theme/.github/actions/set-dev-env@01731d0cc57768b9eff1c97f38909932ecd7e7d1 | |
with: | |
python-version: ${{ env.DEFAULT_PYTHON_VERSION }} | |
- name: "Copy kitchen sink to a tiny site" | |
run: | | |
# ensuring proper scaping of the variable | |
docs_dir="${DOCS_DIR}" | |
mkdir -p $docs_dir/site | |
cp -r docs/examples/kitchen-sink $docs_dir/site/kitchen-sink | |
printf "Test\n====\n\n.. toctree::\n\n kitchen-sink/index\n" > $docs_dir/site/index.rst | |
echo 'html_theme = "pydata_sphinx_theme"' > $docs_dir/site/conf.py | |
echo '.. toctree::\n :glob:\n\n *' >> $docs_dir/site/index.rst | |
# build docs without checking for warnings | |
python -Im tox run -e docs-no-checks | |
env: | |
DOCS_DIR: "audit" | |
- name: "Audit with Lighthouse 🔦" | |
uses: treosh/lighthouse-ci-action@v12 | |
with: | |
configPath: ".github/workflows/lighthouserc.json" | |
temporaryPublicStorage: true | |
uploadArtifacts: true | |
runs: 3 # Multiple runs to reduce variance | |
# Check for broken links in our docs | |
link-check: | |
runs-on: ubuntu-latest | |
steps: | |
- name: "Checkout repository 🛎" | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
with: | |
persist-credentials: false | |
- name: "Setup CI environment 🛠" | |
uses: pydata/pydata-sphinx-theme/.github/actions/set-dev-env@01731d0cc57768b9eff1c97f38909932ecd7e7d1 | |
- name: "Check for broken links 🔗" | |
run: python -Im tox -e docs-linkcheck | |
- name: "Upload file with broken links 📤" | |
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 | |
with: | |
name: broken-links | |
path: docs/_build/linkcheck/output.txt | |
if: ${{ always() }} |