From e44ee515b2e44dd5062af7352f7528b3d5f1beb6 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 16 Apr 2026 14:06:31 +0000 Subject: [PATCH 01/14] refactor: change permissions --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 5c5ea8edde..02e99fff20 100644 --- a/Dockerfile +++ b/Dockerfile @@ -64,7 +64,7 @@ COPY --from=build /python /python # Copy the environment, but not the source code COPY --chown=1000:1000 --from=build /app/.venv /app/.venv -RUN chmod o+wrX /app/.venv +RUN chmod -R 777 /app ENV PATH=/app/.venv/bin:$PATH # Add copy of blueapi source to container for debugging From 803eab7109eacdca4163fb6c7a51b3bd080b4d36 Mon Sep 17 00:00:00 2001 From: Shreelakshmi Iyengar Date: Fri, 5 Jun 2026 18:42:22 +0100 Subject: [PATCH 02/14] Create CI workflow for deployment on tag This workflow triggers on pushes and pull requests to the main branch, allowing manual dispatch. It includes steps to check out the repository and run scripts. --- .github/workflows/deploy_on_tag | 36 +++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 .github/workflows/deploy_on_tag diff --git a/.github/workflows/deploy_on_tag b/.github/workflows/deploy_on_tag new file mode 100644 index 0000000000..01502b13e1 --- /dev/null +++ b/.github/workflows/deploy_on_tag @@ -0,0 +1,36 @@ +# This is a basic workflow to help you get started with Actions + +name: CI + +# Controls when the workflow will run +on: + # Triggers the workflow on push or pull request events but only for the "main" branch + push: + branches: [ "main" ] + pull_request: + branches: [ "main" ] + + # Allows you to run this workflow manually from the Actions tab + workflow_dispatch: + +# A workflow run is made up of one or more jobs that can run sequentially or in parallel +jobs: + # This workflow contains a single job called "build" + build: + # The type of runner that the job will run on + runs-on: ubuntu-latest + + # Steps represent a sequence of tasks that will be executed as part of the job + steps: + # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it + - uses: actions/checkout@v4 + + # Runs a single command using the runners shell + - name: Run a one-line script + run: echo Hello, world! + + # Runs a set of commands using the runners shell + - name: Run a multi-line script + run: | + echo Add other actions to build, + echo test, and deploy your project. From 63df0a5b5078160ce574262dd4e9a33c90b0b08b Mon Sep 17 00:00:00 2001 From: Shreelakshmi Iyengar Date: Fri, 5 Jun 2026 19:20:58 +0100 Subject: [PATCH 03/14] Add tag trigger to deploy workflow --- .github/workflows/deploy_on_tags | 37 ++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 .github/workflows/deploy_on_tags diff --git a/.github/workflows/deploy_on_tags b/.github/workflows/deploy_on_tags new file mode 100644 index 0000000000..78757ed8d7 --- /dev/null +++ b/.github/workflows/deploy_on_tags @@ -0,0 +1,37 @@ +# This is a basic workflow to help you get started with Actions + +name: CI + +# Controls when the workflow will run +on: + # Triggers the workflow on push or pull request events but only for the "main" branch + push: + tags: + - '*' + pull_request: + branches: [ "main" ] + + # Allows you to run this workflow manually from the Actions tab + workflow_dispatch: + +# A workflow run is made up of one or more jobs that can run sequentially or in parallel +jobs: + # This workflow contains a single job called "build" + build: + # The type of runner that the job will run on + runs-on: ubuntu-latest + + # Steps represent a sequence of tasks that will be executed as part of the job + steps: + # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it + - uses: actions/checkout@v4 + + # Runs a single command using the runners shell + - name: Run a one-line script + run: echo Hello, world! + + # Runs a set of commands using the runners shell + - name: Run a multi-line script + run: | + echo Add other actions to build, + echo test, and deploy your project. From 00f182e889156a50a5fdcc35a3efd8f9cc7f42b5 Mon Sep 17 00:00:00 2001 From: Shreelakshmi Iyengar Date: Mon, 8 Jun 2026 08:39:56 +0100 Subject: [PATCH 04/14] Delete .github/workflows/deploy_on_tags --- .github/workflows/deploy_on_tags | 37 -------------------------------- 1 file changed, 37 deletions(-) delete mode 100644 .github/workflows/deploy_on_tags diff --git a/.github/workflows/deploy_on_tags b/.github/workflows/deploy_on_tags deleted file mode 100644 index 78757ed8d7..0000000000 --- a/.github/workflows/deploy_on_tags +++ /dev/null @@ -1,37 +0,0 @@ -# This is a basic workflow to help you get started with Actions - -name: CI - -# Controls when the workflow will run -on: - # Triggers the workflow on push or pull request events but only for the "main" branch - push: - tags: - - '*' - pull_request: - branches: [ "main" ] - - # Allows you to run this workflow manually from the Actions tab - workflow_dispatch: - -# A workflow run is made up of one or more jobs that can run sequentially or in parallel -jobs: - # This workflow contains a single job called "build" - build: - # The type of runner that the job will run on - runs-on: ubuntu-latest - - # Steps represent a sequence of tasks that will be executed as part of the job - steps: - # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - - uses: actions/checkout@v4 - - # Runs a single command using the runners shell - - name: Run a one-line script - run: echo Hello, world! - - # Runs a set of commands using the runners shell - - name: Run a multi-line script - run: | - echo Add other actions to build, - echo test, and deploy your project. From a7de7d2a6028e77ea4f09674030e65e8dd997435 Mon Sep 17 00:00:00 2001 From: Shreelakshmi Iyengar Date: Mon, 8 Jun 2026 11:37:59 +0100 Subject: [PATCH 05/14] Upgrade GitHub Actions for pages deployment Updated GitHub Actions to use newer versions of upload and deploy pages actions. --- .github/workflows/_docs.yml | 31 ++++++++++++++++--------------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/.github/workflows/_docs.yml b/.github/workflows/_docs.yml index b912fb75f6..b6312183bd 100644 --- a/.github/workflows/_docs.yml +++ b/.github/workflows/_docs.yml @@ -28,12 +28,6 @@ jobs: - name: Remove environment.pickle run: rm build/html/.doctrees/environment.pickle - - name: Upload built docs artifact - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 - with: - name: docs - path: build - - name: Sanitize ref name for docs version run: echo "DOCS_VERSION=${GITHUB_REF_NAME//[^A-Za-z0-9._-]/_}" >> $GITHUB_ENV @@ -43,12 +37,19 @@ jobs: - name: Write switcher.json run: python .github/pages/make_switcher.py --add $DOCS_VERSION ${{ github.repository }} .github/pages/switcher.json - - name: Publish Docs to gh-pages - if: github.ref_type == 'tag' || github.ref_name == 'main' - # We pin to the SHA, not the tag, for security reasons. - # https://docs.github.com/en/actions/learn-github-actions/security-hardening-for-github-actions#using-third-party-actions - uses: peaceiris/actions-gh-pages@4f9cc6602d3f66b9c108549d475ec49e8ef4d45e # v4.0.0 - with: - github_token: ${{ secrets.GITHUB_TOKEN }} - publish_dir: .github/pages - keep_files: true + - name: Upload artifact + uses: actions/upload-pages-artifact@v5 + + deploy: + if: github.ref_type == 'tag' + environment: + name: github-pages + url: ${{ steps.deployment.outputs.page_url }} + runs-on: ubuntu-latest + needs: build + + steps: + - name: Deploy to GitHub Pages + id: deployment + uses: actions/deploy-pages@v5 + From 4d4c1af4b5caf40cf3bb9e3987915907d8a901ae Mon Sep 17 00:00:00 2001 From: Shreelakshmi Iyengar Date: Mon, 8 Jun 2026 11:42:47 +0100 Subject: [PATCH 06/14] Delete .github/workflows/deploy_on_tag --- .github/workflows/deploy_on_tag | 36 --------------------------------- 1 file changed, 36 deletions(-) delete mode 100644 .github/workflows/deploy_on_tag diff --git a/.github/workflows/deploy_on_tag b/.github/workflows/deploy_on_tag deleted file mode 100644 index 01502b13e1..0000000000 --- a/.github/workflows/deploy_on_tag +++ /dev/null @@ -1,36 +0,0 @@ -# This is a basic workflow to help you get started with Actions - -name: CI - -# Controls when the workflow will run -on: - # Triggers the workflow on push or pull request events but only for the "main" branch - push: - branches: [ "main" ] - pull_request: - branches: [ "main" ] - - # Allows you to run this workflow manually from the Actions tab - workflow_dispatch: - -# A workflow run is made up of one or more jobs that can run sequentially or in parallel -jobs: - # This workflow contains a single job called "build" - build: - # The type of runner that the job will run on - runs-on: ubuntu-latest - - # Steps represent a sequence of tasks that will be executed as part of the job - steps: - # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - - uses: actions/checkout@v4 - - # Runs a single command using the runners shell - - name: Run a one-line script - run: echo Hello, world! - - # Runs a set of commands using the runners shell - - name: Run a multi-line script - run: | - echo Add other actions to build, - echo test, and deploy your project. From f48b66afe298d7bba572653a28eaeffdefbe4cbe Mon Sep 17 00:00:00 2001 From: Shreelakshmi Iyengar Date: Mon, 8 Jun 2026 11:51:32 +0100 Subject: [PATCH 07/14] Update permissions in _docs.yml Add permissions for contents, pages, and id-token. --- .github/workflows/_docs.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/_docs.yml b/.github/workflows/_docs.yml index b6312183bd..4e8fc552a4 100644 --- a/.github/workflows/_docs.yml +++ b/.github/workflows/_docs.yml @@ -1,6 +1,11 @@ on: workflow_call: +permissions: + contents: read + pages: write + id-token: write + jobs: build: runs-on: ubuntu-latest From be195803b773f671a2e281ba03f50162f25369b9 Mon Sep 17 00:00:00 2001 From: Shreelakshmi Iyengar Date: Mon, 8 Jun 2026 11:52:27 +0100 Subject: [PATCH 08/14] Update permissions in _docs.yml Removed 'contents: read' permission from workflow. --- .github/workflows/_docs.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/_docs.yml b/.github/workflows/_docs.yml index 4e8fc552a4..df91b97f44 100644 --- a/.github/workflows/_docs.yml +++ b/.github/workflows/_docs.yml @@ -2,7 +2,6 @@ on: workflow_call: permissions: - contents: read pages: write id-token: write From 636e45cba79da4e4e17b1980c633b6609afd06c4 Mon Sep 17 00:00:00 2001 From: Shreelakshmi Iyengar Date: Mon, 8 Jun 2026 11:52:58 +0100 Subject: [PATCH 09/14] Update CI workflow to include permissions Add permissions for GitHub Pages and ID token --- .github/workflows/ci.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 93bcfcf42d..61fe14e704 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,5 +1,9 @@ name: CI +permissions: + pages: write + id-token: write + on: push: branches: From fecb2b66da797230a8808adabf422138b7a411f0 Mon Sep 17 00:00:00 2001 From: Shreelakshmi Iyengar Date: Mon, 8 Jun 2026 13:55:36 +0100 Subject: [PATCH 10/14] Remove permissions section from CI workflow --- .github/workflows/ci.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 61fe14e704..137485c60b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,9 +1,5 @@ name: CI -permissions: - pages: write - id-token: write - on: push: branches: @@ -48,6 +44,8 @@ jobs: uses: ./.github/workflows/_docs.yml permissions: contents: write + pages: write + id-token: write dist: uses: ./.github/workflows/_dist.yml From c2df2dd8659b3b0a6a906e00232f03fe62c12bdb Mon Sep 17 00:00:00 2001 From: root Date: Mon, 8 Jun 2026 14:21:04 +0000 Subject: [PATCH 11/14] style: newline --- .github/workflows/_docs.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/_docs.yml b/.github/workflows/_docs.yml index df91b97f44..61193f4dd8 100644 --- a/.github/workflows/_docs.yml +++ b/.github/workflows/_docs.yml @@ -56,4 +56,3 @@ jobs: - name: Deploy to GitHub Pages id: deployment uses: actions/deploy-pages@v5 - From e5352d3a2ee1bd45b3187943931b09ea30768a17 Mon Sep 17 00:00:00 2001 From: Shreelakshmi Iyengar Date: Tue, 9 Jun 2026 09:01:21 +0100 Subject: [PATCH 12/14] Add upload artifact step in GitHub Pages workflow Add artifact upload step for GitHub Pages workflow. --- .github/workflows/_docs.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/_docs.yml b/.github/workflows/_docs.yml index df91b97f44..7685237fd2 100644 --- a/.github/workflows/_docs.yml +++ b/.github/workflows/_docs.yml @@ -43,6 +43,8 @@ jobs: - name: Upload artifact uses: actions/upload-pages-artifact@v5 + with: + path: '.github/pages' deploy: if: github.ref_type == 'tag' From c4c244b900f459a4c36676225cee74c77413e6bf Mon Sep 17 00:00:00 2001 From: root Date: Tue, 9 Jun 2026 09:12:08 +0000 Subject: [PATCH 13/14] change path --- .github/workflows/_docs.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/_docs.yml b/.github/workflows/_docs.yml index bed1e0701f..7a2b9e26c4 100644 --- a/.github/workflows/_docs.yml +++ b/.github/workflows/_docs.yml @@ -44,7 +44,7 @@ jobs: - name: Upload artifact uses: actions/upload-pages-artifact@v5 with: - path: '.github/pages' + path: .github/pages/ deploy: if: github.ref_type == 'tag' From d64116c7d0caafad24e8af964a8010b5aaecd30b Mon Sep 17 00:00:00 2001 From: root Date: Fri, 12 Jun 2026 15:55:35 +0000 Subject: [PATCH 14/14] add permissions for pages.yml --- .github/workflows/_docs.yml | 32 +++++++++++++++----------------- .github/workflows/ci.yml | 9 +++++++++ 2 files changed, 24 insertions(+), 17 deletions(-) diff --git a/.github/workflows/_docs.yml b/.github/workflows/_docs.yml index 7a2b9e26c4..e17d1c1c98 100644 --- a/.github/workflows/_docs.yml +++ b/.github/workflows/_docs.yml @@ -35,26 +35,24 @@ jobs: - name: Sanitize ref name for docs version run: echo "DOCS_VERSION=${GITHUB_REF_NAME//[^A-Za-z0-9._-]/_}" >> $GITHUB_ENV - - name: Move to versioned directory - run: mv build/html .github/pages/$DOCS_VERSION - - - name: Write switcher.json - run: python .github/pages/make_switcher.py --add $DOCS_VERSION ${{ github.repository }} .github/pages/switcher.json - - name: Upload artifact uses: actions/upload-pages-artifact@v5 with: path: .github/pages/ - deploy: - if: github.ref_type == 'tag' - environment: - name: github-pages - url: ${{ steps.deployment.outputs.page_url }} - runs-on: ubuntu-latest - needs: build + - name: Zip main docs + if: github.ref_name == 'main' + run: | + mv build/html main + zip -r docs.zip main - steps: - - name: Deploy to GitHub Pages - id: deployment - uses: actions/deploy-pages@v5 + - name: Upload main docs.zip to main pre-release + if: github.ref_name == 'main' + uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3.0.0 + with: + tag_name: main-docs + prerelease: true + files: docs.zip + name: "Lastest main branch docs" + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN}} diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 137485c60b..4d0093b2ae 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -63,3 +63,12 @@ jobs: uses: ./.github/workflows/_release.yml permissions: contents: write + + pages: + needs: [docs] #might need needs: [releases] + if: github.ref_type == 'tag' || github.ref_type == 'main' + uses: ./.github/workflows/_pages.yml + permissions: + pages: write + id-token: write + contents: read