fix(oauth): handle popup close race #56
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy to GitHub Pages | |
| on: | |
| push: | |
| branches: [main] | |
| workflow_dispatch: | |
| permissions: | |
| contents: write | |
| pages: write | |
| id-token: write | |
| concurrency: | |
| group: pages | |
| cancel-in-progress: true | |
| jobs: | |
| build: | |
| # Prevent infinite loops: | |
| # - This workflow may push snapshot commits (crawler outputs) using github-actions[bot]. | |
| # - The same run already has the updated files in its working tree and will build+deploy them. | |
| # - Therefore, the follow-up bot commit should NOT trigger another build+deploy cycle. | |
| if: github.actor != 'github-actions[bot]' | |
| runs-on: ubuntu-latest | |
| # JWXT crawl credentials are stored as environment secrets under `github-pages`. | |
| environment: | |
| name: github-pages | |
| defaults: | |
| run: | |
| working-directory: app | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20 | |
| cache: npm | |
| cache-dependency-path: app/package-lock.json | |
| - run: npm ci | |
| - name: Crawl JWXT snapshots (SSG bundled) | |
| # Cloud-side fallback only: prefer frontend-first runtime. | |
| # This step updates SSG-bundled snapshots under `app/static/crawler/data/**`. | |
| continue-on-error: true | |
| timeout-minutes: 6 | |
| run: | | |
| if [ -z "${JWXT_USERID:-}" ] || [ -z "${JWXT_PASSWORD:-}" ]; then | |
| echo "JWXT secrets not set; skip crawl" | |
| exit 0 | |
| fi | |
| set +e | |
| timeout 240s npm run crawl:jwxt | |
| code="$?" | |
| set -e | |
| if [ "$code" -ne 0 ]; then | |
| echo "JWXT crawl failed (code=$code); continue using existing snapshots" | |
| exit 0 | |
| fi | |
| env: | |
| JWXT_USERID: ${{ secrets.JWXT_USERID }} | |
| JWXT_PASSWORD: ${{ secrets.JWXT_PASSWORD }} | |
| JWXT_CRAWL_CONCURRENCY: 4 | |
| - name: Commit JWXT snapshots (SSG bundled) | |
| # Commit+push snapshot updates back to the repo. | |
| # | |
| # Important: | |
| # - This commit is produced by github-actions[bot]. | |
| # - The workflow is guarded by `if: github.actor != github-actions[bot]` above, | |
| # so this push will NOT cause an infinite loop. | |
| # - Deployment uses the CURRENT working tree (including these new files), | |
| # so we still deploy the latest snapshots in the same run. | |
| working-directory: . | |
| run: | | |
| if [ -z "${JWXT_USERID:-}" ] || [ -z "${JWXT_PASSWORD:-}" ]; then | |
| echo "JWXT secrets not set; skip snapshot commit" | |
| exit 0 | |
| fi | |
| git config user.name "github-actions[bot]" | |
| git config user.email "github-actions[bot]@users.noreply.github.com" | |
| git add app/static/crawler/data | |
| if git diff --cached --quiet; then | |
| echo "No snapshot changes to commit" | |
| exit 0 | |
| fi | |
| git commit -m "chore(crawler): auto update JWXT snapshots [skip ci]" | |
| # Push to the same branch that triggered this workflow. | |
| git push origin "HEAD:${{ github.ref_name }}" | |
| env: | |
| JWXT_USERID: ${{ secrets.JWXT_USERID }} | |
| JWXT_PASSWORD: ${{ secrets.JWXT_PASSWORD }} | |
| - name: Build site | |
| # Static output (SSG): includes the freshly crawled+committed snapshots. | |
| run: npm run build | |
| env: | |
| BASE_PATH: /${{ github.event.repository.name }} | |
| PUBLIC_GITHUB_CLIENT_ID: ${{ secrets.NEOXK_GITHUB_CLIENT_ID }} | |
| PUBLIC_GITHUB_OAUTH_PROXY_URL: ${{ vars.PUBLIC_GITHUB_OAUTH_PROXY_URL }} | |
| VITE_GITHUB_REPO: ${{ github.repository }} | |
| - uses: actions/upload-pages-artifact@v3 | |
| with: | |
| path: app/build | |
| deploy: | |
| needs: build | |
| if: github.actor != 'github-actions[bot]' && (github.ref_name == 'main' || github.ref_name == 'master') | |
| runs-on: ubuntu-latest | |
| environment: | |
| name: github-pages | |
| steps: | |
| - uses: actions/deploy-pages@v4 |