Add Referrer-Policy header to enhance security in staticwebapp.config… #47
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Validate Site and Deploy | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| rerender: | |
| description: 'Force re-render executable posts' | |
| type: boolean | |
| default: false | |
| push: | |
| branches: | |
| - main | |
| - feature/* | |
| pull_request: | |
| types: [closed] | |
| branches: | |
| - main | |
| jobs: | |
| render_site: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Install GDebi first | |
| run: sudo apt-get install gdebi-core | |
| - name: Download the deb file | |
| run: sudo curl -LO https://quarto.org/download/latest/quarto-linux-amd64.deb | |
| - name: Install the deb file | |
| run: sudo apt-get install -y ./quarto-linux-amd64.deb | |
| - name: Setup Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.12' | |
| - name: Install Jupyter | |
| run: pip install jupyter | |
| - name: Verify Install | |
| run: /usr/local/bin/quarto check | |
| - name: Setup post venvs and re-render | |
| if: inputs.rerender == true | |
| run: | | |
| for req_file in $(find site/tips site/Tutorials -name requirements.txt); do | |
| post_dir=$(dirname "$req_file") | |
| python3 -m venv "$post_dir/.venv" | |
| source "$post_dir/.venv/bin/activate" | |
| pip install --upgrade pip | |
| pip install -r "$req_file" | |
| for qmd_file in "$post_dir"/*.qmd; do | |
| quarto render "$qmd_file" | |
| done | |
| deactivate | |
| done | |
| env: | |
| DATABRICKS_HOST: ${{ secrets.DATABRICKS_HOST }} | |
| DATABRICKS_TOKEN: ${{ secrets.DATABRICKS_TOKEN }} | |
| DATABRICKS_CLUSTER_ID: ${{ secrets.DATABRICKS_CLUSTER_ID }} | |
| - name: render site | |
| run: quarto render site/ | |
| - name: Output folder directories | |
| run: ls | |
| - name: Upload _site directory for deploy job | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: site_deployment | |
| path: site/_site | |
| deploy_to_azure_static_webapp: | |
| needs: render_site | |
| if: success() && github.event.ref == 'refs/heads/main' | |
| runs-on: ubuntu-latest | |
| name: Deploy to Azure App Service | |
| steps: | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| name: site_deployment | |
| - name: Build And Deploy | |
| id: builddeploy | |
| uses: Azure/static-web-apps-deploy@v1 | |
| with: | |
| azure_static_web_apps_api_token: ${{ secrets.AZURE_STATIC_WEB_APPS_API_TOKEN_LEMON_FLOWER_08F5FF603 }} | |
| repo_token: ${{ secrets.GITHUB_TOKEN }} # Used for Github integrations (i.e. PR comments) | |
| action: "upload" | |
| ###### Repository/Build Configurations - These values can be configured to match your app requirements. ###### | |
| # For more information regarding Static Web App workflow configurations, please visit: https://aka.ms/swaworkflowconfig | |
| app_location: "/" # App source code path | |
| output_location: "public" # Built app content directory - optional | |
| ###### End of Repository/Build Configurations ###### |