Skip to content

meta: bump crowdin/github-action from 2.5.2 to 2.6.1 (#7529) #4910

meta: bump crowdin/github-action from 2.5.2 to 2.6.1 (#7529)

meta: bump crowdin/github-action from 2.5.2 to 2.6.1 (#7529) #4910

Workflow file for this run

# Security Notes
# Only selected Actions are allowed within this repository. Please refer to (
# for the full list of available actions. If you want to add a new one, please reach out a maintainer with Admin permissions.
# REVIEWERS, please always double-check security practices before merging a PR that contains Workflow changes!!
# AUTHORS, please only use actions with explicit SHA references, and avoid using `@master` or `@main` references or `@version` tags.
name: Build
- main
- main
- labeled
# This ensures that the working directory is the root of the repository
working-directory: ./
contents: read
actions: read
# This Job should run either on `merge_groups` or `push` events
# or `pull_request_target` event with a `labeled` action with a label named `github_actions:pull-request`
# since we want to run Website Builds on all these 3 occasions. As this allows us to be certain the that builds are passing
if: |
(github.event_name == 'push' || github.event_name == 'merge_group') ||
(github.event_name == 'pull_request_target' && == 'github_actions:pull-request')
name: Build on ${{ matrix.os }}
runs-on: ${{ matrix.os }}
fail-fast: false
os: [ubuntu-latest]
- name: Harden Runner
uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
egress-policy: audit
- name: Provide Turborepo Arguments
# This step is responsible for providing a reusable string that can be used within other steps and jobs
# that use the `turbo` cli command as a way of easily providing shared arguments to the `turbo` command
id: turborepo_arguments
# See
# See
run: echo "turbo_args=--force=true --cache-dir=.turbo/cache" >> "$GITHUB_OUTPUT"
- name: Use GNU tar instead BSD tar
# This ensures that we use GNU `tar` which is more efficient for extracting caches's
if: matrix.os == 'windows-latest'
shell: cmd
run: echo C:\Program Files\Git\usr\bin>>"%GITHUB_PATH%"
- name: Git Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
# Provides the Pull Request commit SHA or the GitHub merge group ref
ref: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.sha || github.ref }}
# We only need to fetch the last commit from the head_ref
# since we're not using the `--filter` operation from turborepo
# We don't use the `--filter` as we always want to force builds regardless of having changes or not
# this ensures that our bundle analysis script always runs and that we always ensure next.js is building
# regardless of having code changes or not
fetch-depth: 1
- uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2
# See here for caching with `yarn` or you can leverage caching with actions/setup-node
path: |
${{ github.workspace }}/apps/site/.next/cache
# Generate a new cache whenever packages or source files change.
key: ${{ runner.os }}-nextjs-${{ hashFiles('**/package-lock.json') }}-${{ hashFiles('**/*.js', '**/*.jsx', '**/*.ts', '**/*.tsx') }}
# If source files changed but packages didn't, rebuild from a prior cache.
restore-keys: |
${{ runner.os }}-nextjs-${{ hashFiles('**/package-lock.json') }}-
- name: Set up Node.js
uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
# We want to ensure that the Node.js version running here respects our supported versions
node-version-file: '.nvmrc'
cache: 'npm'
- name: Install npm packages
# We want to avoid npm from running the Audit Step and Funding messages on a CI environment
# We also use `npm i` instead of `npm ci` so that the node_modules/.cache folder doesn't get deleted
# We also use `--omit=dev` to avoid installing devDependencies as we don't need them during the build step
run: npm i --no-audit --no-fund --userconfig=/dev/null --omit=dev
- name: Build Next.js (ISR)
# We want a ISR build on CI to ensure that regular Next.js builds work as expected.
# We want to enforce that the actual `turbo@latest` package is used instead of a possible hijack from the user
# the `${{ steps.turborepo_arguments.outputs.turbo_args }}` is a string substitution coming from a previous step
run: npx --package=turbo@latest -- turbo build ${{ steps.turborepo_arguments.outputs.turbo_args }}
# We want to ensure we have enough RAM allocated to the Node.js process
# this should be a last resort in case by any chances the build memory gets too high
# but in general this should never happen
NODE_OPTIONS: '--max_old_space_size=4096'
# Used for API requests that require GitHub API scopes
- name: Build Next.js (Static All Locales)
# We only run full static builds within Pull Requests. This step is also used to export
# static output in all languages, and it only works on `push` events.
if: github.event_name == 'push'
# We want to enforce that the actual `turbo@latest` package is used instead of a possible hijack from the user
# the `${{ steps.turborepo_arguments.outputs.turbo_args }}` is a string substitution coming from a previous step
run: npx --package=turbo@latest -- turbo deploy ${{ steps.turborepo_arguments.outputs.turbo_args }}
# We want to ensure we have enough RAM allocated to the Node.js process
# this should be a last resort in case by any chances the build memory gets too high
# but in general this should never happen
NODE_OPTIONS: '--max_old_space_size=4096'
# Used for API requests that require GitHub API scopes
# We want to ensure that static exports for all locales are triggered only on `push` events to save resources
# and time.
- name: Build Next.js (Static Default Locale)
# We want to generate static output in the default language within Pull Requests
# in order to reduce source wastages and build times.
# Note that we skip full static builds on Crowdin-based Pull Requests as these PRs should only contain translation changes
if: |
(github.event_name == 'pull_request_target' &&
github.event.pull_request.head.ref != 'chore/crowdin')
# We want to enforce that the actual `turbo@latest` package is used instead of a possible hijack from the user
# the `${{ steps.turborepo_arguments.outputs.turbo_args }}` is a string substitution coming from a previous step
run: npx --package=turbo@latest -- turbo deploy ${{ steps.turborepo_arguments.outputs.turbo_args }}
# We want to ensure we have enough RAM allocated to the Node.js process
# this should be a last resort in case by any chances the build memory gets too high
# but in general this should never happen
NODE_OPTIONS: '--max_old_space_size=4096'
# Used for API requests that require GitHub API scopes
# We want to ensure that static exports for all locales do not occur on `pull_request_target` events
- name: Sync Orama Cloud
# We only want to sync the Orama Cloud production indexes on `push` events.
# We also want to sync the Orama Cloud preview (deployment) indexes on `pull_request_target` events.
# We also want to ensure that the sync only happens on the `ubuntu-latest` runner to avoid duplicate syncs
# or Windows-based path issues.
ORAMA_INDEX_ID: ${{ github.event_name == 'push' && secrets.ORAMA_PRODUCTION_INDEX_ID || secrets.ORAMA_INDEX_ID }}
ORAMA_SECRET_KEY: ${{ github.event_name == 'push' && secrets.ORAMA_PRODUCTION_SECRET_KEY || secrets.ORAMA_SECRET_KEY }}
if: |
(matrix.os == 'ubuntu-latest') &&
((github.event_name == 'push') || (github.event_name == 'pull_request_target'))
run: |
cd apps/site && npm run sync-orama