diff --git a/README.md b/README.md index 45b5ec8..3d43df7 100644 --- a/README.md +++ b/README.md @@ -44,13 +44,13 @@ How to use it? runs-on: ubuntu-latest steps: - name: Check out - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Generate your content run: echo "Optional placeholder. Put your project's static website generator command here." - name: Publish current workdir (which contains generated content) to GitHub Pages - uses: rayluo/github-pages-overwriter@v1.1 + uses: rayluo/github-pages-overwriter@v1.3 with: @@ -67,12 +67,12 @@ How to use it? ``` -2. In your Github Pages setting, choose your publish source like this: +2. In your Github Pages setting, choose your publish source to match your Github Page Overwriter (GPO) settings. - | Github Page Overwriter settings | Github Pages settings | - | ------------------------------- | --------------------- | - | `source-directory` can be any directory you choose | *Always* choose folder `/ (root)` for your publishing source, regardless of what `source-directory` is. ![Choose "/ (root)" as folder](github-pages-settings.png) | - | `target-branch` can be any branch that match the setting on the right | Choose any branch that matches the `target-branch` setting on the left | + | Github Page Overwriter (GPO) settings in your workflow's yml file | Github Pages settings | + | ----------------------------------------------------------------- | --------------------- | + | `target-branch` could be any branch you want to *overwrite* with your static website. By default, it will be "gh_pages". | You MUST choose the branch that matches the `target-branch` setting on the left | + | `source-directory` MUST be the directory containing your "index.html" | *Always* choose folder `/ (root)` for your publishing source, regardless of what `source-directory` is. So, a typical setting looks like this: ![Choose "/ (root)" as folder](github-pages-settings.png) | How does it work? @@ -168,7 +168,7 @@ I did look around. But the following reasons made me start this `Github Pages Ov 3. The Security. Any 3rd-party github action could potentially mess up with your central repo. - [Security concern on github action is a real thing](https://github.community/t/are-github-actions-safe-to-use/17895). + [Security concern on github action is a real thing](https://blog.gitguardian.com/github-actions-security-cheat-sheet/#use-specific-action-version-tags). The only way to be sure, is to review their implementation. This is another reason why “#2 how it is implemented” is important. I feel more comfortable to trust an action that I can fully understand what it works. diff --git a/action.yml b/action.yml index 177bd07..fb2d6be 100644 --- a/action.yml +++ b/action.yml @@ -27,16 +27,20 @@ runs: git branch -f ${{ inputs.target-branch }} HEAD git checkout ${{ inputs.target-branch }} + # The commit and push happen to work without authentication + # https://docs.github.com/en/actions/reference/authentication-in-a-workflow + git config user.name "Github Pages Overwriter" + git config user.email "GithubPagesOverwriter@users.noreply.github.com" + + # The previous commit message may contain reference to github issues, + # we wipe it out, so that it won't show up in the inevitable duplicate commit. + git commit --amend -m "This commit will be automatically published" + # Generate such a new file to make sure the subsequent commit would succeed # Such a file WITHOUT leading dot (.) is also visible in outcome website. # FYI: filename with leading dot (.) or underscore (_) would be ignored by Jekyll, # which Github Pages depends on. So we use a normal filename here. date > ${{ inputs.source-directory}}/publish_date.txt - - # The commit and push happen to work without authentication - # https://docs.github.com/en/actions/reference/authentication-in-a-workflow - git config user.name "Github Pages Overwriter" - git config user.email "GithubPagesOverwriter@users.noreply.github.com" git add -A git commit -m "Automated publish"