.github/workflows/build.yaml

name: Build and Deploy
on:
  workflow_dispatch:
  push:
    branches:
      - main
jobs:
  Build:
    runs-on: ubuntu-latest
    env:
        BUILD_DIR: /home/runner/work/buddhist-uni.github.io/jekyll_build
    steps:
      - name: Checkout the Code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - name: Check Filenames and Headers
        shell: bash
        run: |
          whitelist=(
            "ACKNOWLEDGEMENTS.md"
            "CNAME"
            "COLLECTION_POLICY.md"
            "CONTRIBUTING.md"
            "CONTRIBUTORS.md"
            "README.md"
            "README.txt"
            "Gemfile"
            "Gemfile.lock"
            "cssCacheToken.yml"
            ".gitignore"
          )
          invalid_files=()
          exit_code=0
          readarray -t tracked_files < <(git diff-tree --no-commit-id --diff-filter=d --diff-merges=1 --name-only -r HEAD)
          for file in "${tracked_files[@]}"; do
            if [[ -f "$file" ]]; then
              filename=$(basename "$file")
              # Check if file is whitelisted
              if [[ " ${whitelist[@]} " =~ " $filename " ]]; then
                continue
              fi
              echo "Checking $file..."
              if ! grep -qE '^[+0-9a-z_\.-]+\.(bash|bib|code-workspace|gitignore|html|ico|js|json|liquid|md|png|py|rb|scss|sh|svg|txt|webmanifest|xml|yaml|yml)$' <<< "$filename"; then
                invalid_files+=("$file")
              fi
              if [[ "${file: -3}" == ".md" ]]; then
                first_bytes=$(xxd -p -l 4 "$file")  # Read the first 4 bytes in hexadecimal format

                if [[ $first_bytes != "2d2d2d0a" ]]; then
                    echo "Invalid header in file: $file"
                    exit_code=1
                fi
              fi
            fi
          done
          if [[ ${#invalid_files[@]} -gt 0 ]]; then
            echo "Invalid characters found in the following files:"
            for file in "${invalid_files[@]}"; do
              echo "$file"
            done
            exit 1
          else
            echo "All files have valid names."
            exit $exit_code
          fi
      - name: Download prod build
        uses: dawidd6/action-download-artifact@master
        with:
          workflow: build.yaml
          branch: main
          name: github-pages
          path: prod
      - name: Prepare cover images
        run: |
          cd $GITHUB_WORKSPACE/prod
          tar -xf artifact.tar
          cd assets/imgs
          mkdir -p covers
          mv covers/ "$GITHUB_WORKSPACE/assets/imgs/"
          cd $GITHUB_WORKSPACE
          rm -rf prod
          if git show | grep -q "olid"; then
              cd scripts
              pip install titlecase pyyaml python-frontmatter
              python dl-book-covers.py
          else
              echo "The previous commit didn't touch any olid's, so short-circuiting the download script"
          fi
      - name: Install node
        uses: actions/setup-node@v4
        with:
          node-version: 18.16
          cache: 'npm'
          cache-dependency-path: 'package-lock.json'
      - run: npm ci
      - run: bash ./scripts/install-deps.bash
      - name: Install build requirements
        uses: ruby/setup-ruby@v1
        with:
          ruby-version: 3.2
          bundler-cache: true
      - name: Build the site
        run: |
          mkdir $BUILD_DIR
          export RUBYOPT="--enable=yjit"
          ruby --version
          JEKYLL_ENV=production bundle exec jekyll build -d $BUILD_DIR --trace
      - name: Purge CSS
        run: |
          npx purgecss -v --content "$BUILD_DIR/**/*.html" "$BUILD_DIR/assets/js/*.js" --css $BUILD_DIR/assets/css/main.css -o $BUILD_DIR/assets/css/purged-main.css
          test -s $BUILD_DIR/assets/css/purged-main.css
      - name: Upload Build as Artifact
        uses: actions/upload-pages-artifact@v3
        with:
          path: ${{ env.BUILD_DIR }}
          retention-days: 62
  Deploy:
    runs-on: ubuntu-latest
    needs: Build
    permissions:
      pages: write
      id-token: write
    environment:
      name: github-pages
      url: ${{ steps.deployment.outputs.page_url }}
    steps:
      - name: Deploy the Artifact to GitHub Pages
        id: deployment
        uses: actions/deploy-pages@v4
      - name: Invalidate the CloudFlare Cache
        shell: bash
        run: |
          echo "Hitting the CloudFlare API..."
          HTTP_RESPONSE=$(curl -sSX POST "https://api.cloudflare.com/client/v4/zones/${{ secrets.CF_ZONE }}/purge_cache" -H "Authorization: Bearer ${{ secrets.CF_API_TOKEN }}" -H "Content-Type:application/json" -w "HTTP_STATUS:%{http_code}" --data '{"purge_everything":true}')
          HTTP_BODY=$(echo "${HTTP_RESPONSE}" | sed -E 's/HTTP_STATUS\:[0-9]{3}$//')
          HTTP_STATUS=$(echo "${HTTP_RESPONSE}" | tr -d '\n' | sed -E 's/.*HTTP_STATUS:([0-9]{3})$/\1/')
          if [ "${HTTP_STATUS}" -eq "200" ]; then
            SUCCESS=$(echo ${HTTP_BODY} | python3 -c "import sys, json;print(json.load(sys.stdin)['success'])")
            if [ "${SUCCESS}" = "True" ]; then
              echo "Successfully purged!"
              echo "::group::Raw response"
              echo "${HTTP_BODY}"
              echo "::endgroup::"
              exit 0
            else
              echo "Unsuccessful purge!"
              echo "API response was:"
              echo "${HTTP_BODY}"
              exit 1
            fi
          else
            echo "Request failed. API response was ($HTTP_STATUS): "
            echo "${HTTP_BODY}"
            exit 1
          fi