Skip to content

Protect landing during static deploy#385

Merged
SoundBlaster merged 1 commit into
mainfrom
codex/protect-landing-deploy
May 16, 2026
Merged

Protect landing during static deploy#385
SoundBlaster merged 1 commit into
mainfrom
codex/protect-landing-deploy

Conversation

@SoundBlaster
Copy link
Copy Markdown
Member

@SoundBlaster SoundBlaster commented May 16, 2026

Summary

  • What changed? Protect the FTP webroot deploy from deleting the landing page, and add a separate FTP landing-page deploy job.
  • Link related issue/task (if any): follow-up to static artifact FTP deployment.

Motivation

  • Why is this change needed? The artifact deploy previously mirrored bundle contents into the site root with --delete, which can remove index.html and other landing/hosting files.
  • What problem, gap, or user need does it address? Keep https://specgraph.tech/ as a landing page while still publishing /specs/, /runs/, artifact_manifest.json, and checksums for SpecSpace/static consumers.

Goals

  • What should this PR achieve? Make artifact upload non-destructive, publish landing/ through a separate FTP job, and document/test the webroot safety contract.
  • What is intentionally out of scope? Cleaning stale remote artifact files; consumers should use artifact_manifest.json as the authority.

Changes

  • Remove root-level mirror --delete from static artifact upload.
  • Add deploy_landing job that uploads tracked landing/ to the same SFTP_REMOTE_ROOT without deleting remote files.
  • Update workflow triggers, docs, and regression tests for the landing/artifact split.

Validation

  • Tests added/updated for changed behavior
  • Local checks passed

Commands run:

python3 -m pytest -q tests/test_publish_static_artifacts_workflow.py tests/test_static_artifact_deploy_plan.py
git diff --check
python3 - <<'PY'
from pathlib import Path
import yaml
for path in Path('.github/workflows').glob('*.yml'):
    yaml.safe_load(path.read_text())
PY

Results:

  • 18 passed in 0.03s
  • git diff --check passed
  • Workflow YAML parsed successfully

Risks / Notes

  • Backward compatibility impact: Existing artifact URLs remain unchanged.
  • Migration/config changes required: No new secrets; the landing job reuses the existing FTP environment secrets.
  • Known limitations: Artifact upload is now non-destructive, so stale remote files may remain; consumers must rely on artifact_manifest.json and checksums.

Checklist

  • PR title clearly describes the change
  • Scope is focused and minimal
  • Documentation updated (or N/A)
  • No secrets or sensitive data added

@SoundBlaster SoundBlaster merged commit 3b9d0b7 into main May 16, 2026
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@SoundBlaster