This Pull Request introduces the proposed build-and-hash job in our CI/CD pipeline. The new job is designed to enhance the integrity and transparency of our deployment process, particularly for the main branch.
Changes Made
Added a new job build-and-hash to the .github/workflows/ci.yaml file.
Configured the job to trigger exclusively on push events to the main branch.
The job includes steps for checking out the code, installing dependencies, building the project, calculating the SHA-256 hash of the resulting HTML file, and publishing both the HTML file and its hash as build artifacts.
Modified the job execution flow to ensure that build-and-hash runs independently of other CI jobs, which are primarily focused on Pull Requests.
Rationale
The primary motivation for these changes is to provide our users with verifiable proof that the HTML file on our domain is a direct build from the source code in the main branch. By automating the build and hash generation process, we are taking a significant step towards ensuring the integrity and authenticity of our deployments.
Introduction
This Pull Request introduces the proposed
build-and-hashjob in our CI/CD pipeline. The new job is designed to enhance the integrity and transparency of our deployment process, particularly for the main branch.Changes Made
build-and-hashto the.github/workflows/ci.yamlfile.mainbranch.build-and-hashruns independently of other CI jobs, which are primarily focused on Pull Requests.Rationale
The primary motivation for these changes is to provide our users with verifiable proof that the HTML file on our domain is a direct build from the source code in the main branch. By automating the build and hash generation process, we are taking a significant step towards ensuring the integrity and authenticity of our deployments.