fix(ci): Use PUBLISH_PAGES_TOKEN in github-pages environment #768
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rekmarks
changed the title
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
Contributor
Coverage Report
File CoverageNo changed files found. |
Replace GITHUB_TOKEN with PUBLISH_PAGES_TOKEN for GitHub Pages publishing. Create a reusable workflow that uses the github-pages environment where the token is provisioned. Split coverage reporting and publishing into separate jobs: - coverage-report: Posts PR comments on pull requests - publish-coverage: Publishes to GitHub Pages on push to main Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
rekmarks
force-pushed
the
rekm/fix-coverage-publishing
branch
from
a698800 to
434cf7e
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Attempts to fix our coverage publishing job by following org security practices and publishing (i.e. pushing) to the
gh-pagesbranch in a separate workflow and environment using the already-provisionedPUBLISH_PAGES_TOKEN.As with so many GitHub Actions PRs, we get to find out if this works after it's merged. Based on my reading of the docs, I think that the
PUBLISH_PAGES_TOKENenvironment secret will be available in thepublish-gh-pagesworkflow because we specify that it runs in the relevant environment (github-pages). That said, Bugbot has cast some doubt on this, so I guess we'll find out.Note
Decouples coverage reporting from publishing and aligns permissions/tokens for GitHub Pages deployment.
publish-gh-pages.ymlworkflow to download an artifact and deploy togh-pagesusingPUBLISH_PAGES_TOKENmain.ymlto runcoverage-reportonly on pull requests and introducepublish-coverageon pushes tomain(publishes./coveragetocoverage/on Pages)coverage-report.ymlby removing the Pages deploy step andcontents: write, keeping baseline fetch and PR comment postingWritten by Cursor Bugbot for commit 434cf7e. This will update automatically on new commits. Configure here.