ci: add GitHub Pages deployment workflow

[rrabenda]

Summary

• Add GitHub Actions workflow to deploy index.html to GitHub Pages
• Triggers on push to main (when index.html or the workflow changes), on PRs to main, and manual dispatch
• Uses actions/deploy-pages@v4 with concurrency protection

Test plan

• Verify workflow runs on PR
• Verify Pages deployment after merge to main

Summary by CodeRabbit

• Chores
  • Added an automated deployment workflow to publish the site to GitHub Pages on main-branch updates and manual triggers.
  • Uploads build artifacts and runs a deployment job that exposes the published site URL as output.
  • Manages concurrent deployments to avoid conflicts and ensure reliable publishing.

[coderabbitai]

Warning

Rate limit exceeded

@rrabenda has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 13 minutes and 19 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 31f9b3b9-1408-487b-ae46-a2d77f18e384

📥 Commits

Reviewing files that changed from the base of the PR and between 9b94f06 and 3e38fac.

📒 Files selected for processing (1)

• .github/workflows/deploy-website.yml

📝 Walkthrough

Walkthrough

Adds a new GitHub Actions workflow to automate deploying a static site to GitHub Pages, triggered on pushes to main (index.html or the workflow file), workflow_dispatch, and PRs; includes checkout, pages setup, artifact upload, and deploy steps with required permissions and environment.

Changes

Cohort / File(s)	Summary
GitHub Actions Deployment Workflow .github/workflows/deploy-website.yml	New workflow added to publish the repository root as a Pages site. Defines triggers (push on main for index.html and the workflow file, workflow_dispatch, PRs), permissions (contents: read, pages: write, id-token: write), concurrency group pages, and steps: checkout, configure-pages, upload-pages-artifact, deploy-pages; sets environment github-pages and exposes page_url output from deployment.

Sequence Diagram(s)

sequenceDiagram
    participant Dev as Developer
    participant Repo as Repository
    participant Runner as Actions Runner
    participant Pages as GitHub Pages

    Dev->>Repo: push to main / trigger workflow_dispatch
    Repo->>Runner: start "deploy" job
    Runner->>Repo: checkout code
    Runner->>Runner: configure-pages
    Runner->>Runner: upload-pages-artifact (path: .)
    Runner->>Pages: deploy artifact
    Pages-->>Runner: deployment result (page_url)
    Runner-->>Repo: workflow outputs page_url

Loading

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐇 A rabbit taps "deploy" with glee,
Pages wake up and dance — whee!
Artifacts bundled, uploaded with care,
A new site springs into the air. ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'ci: add GitHub Pages deployment workflow' accurately and concisely summarizes the main change—adding a new GitHub Actions workflow for automated GitHub Pages deployment.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/deploy-website-workflow

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

.github/workflows/deploy-website.yml (1)

29-41: Pin GitHub Actions to commit SHAs instead of floating major version tags.

The current workflow uses floating tags like @v4 and @v5, which are mutable and can be moved or deleted, creating a supply-chain risk. GitHub's security best practice is to pin actions to full-length commit SHAs (the only immutable way to reference an action release). Include a human-readable SemVer comment alongside the SHA for clarity, and use Dependabot to automate updates.

Example:

- uses: actions/checkout@8f4b7f0c6a0d3d7c6f8b1c2d3e4f5a6b7c8d9e0f # v4.1.0
- uses: actions/configure-pages@abf4e2e1f7d5c2b9a8e3f4d6c7b8a9e0f1c2d3e4 # v5.0.0

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/deploy-website.yml around lines 29 - 41, Replace mutable
action references (actions/checkout@v4, actions/configure-pages@v5,
actions/upload-pages-artifact@v3, actions/deploy-pages@v4) with their
corresponding full commit SHAs and add a trailing human-readable SemVer comment
for each (e.g., "# v4.1.0"); update the four "uses:" entries in the workflow to
use those SHAs and leave the SemVer as a comment for clarity, and enable
Dependabot to bump these SHAs automatically in future updates.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/deploy-website.yml:
- Around line 34-37: The Upload artifact step named "Upload artifact" currently
sets path: . which uploads the entire repo; change it to upload only the
generated site output (e.g., the built site directory or index.html) so GitHub
Pages receives only the site files. Update the actions/upload-pages-artifact@v3
step's with.path value from "." to the specific build output path used by your
workflow (for example "public", "docs", or "index.html") to match the push
trigger's scope and avoid including README.md, LICENSE, .github/, Taskfile.yaml,
etc.
- Around line 10-11: The workflow currently triggers on pull_request (the
"pull_request" event with branches: [main]) which causes deployments on PRs;
change the "on" triggers to only include "push" for the default branch (e.g.,
push: branches: [main]) and optionally "workflow_dispatch" so deployments run
only on direct pushes or manual dispatch; update any job-level assumptions if
you used the pull_request context so the deploy job (actions/deploy-pages@v4)
only runs for push/workflow_dispatch triggers.

---

Nitpick comments:
In @.github/workflows/deploy-website.yml:
- Around line 29-41: Replace mutable action references (actions/checkout@v4,
actions/configure-pages@v5, actions/upload-pages-artifact@v3,
actions/deploy-pages@v4) with their corresponding full commit SHAs and add a
trailing human-readable SemVer comment for each (e.g., "# v4.1.0"); update the
four "uses:" entries in the workflow to use those SHAs and leave the SemVer as a
comment for clarity, and enable Dependabot to bump these SHAs automatically in
future updates.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 643e1df9-f38e-4151-9aa9-e1ac126916bb

📥 Commits

Reviewing files that changed from the base of the PR and between 43c4681 and 5c0758e.

📒 Files selected for processing (1)

• .github/workflows/deploy-website.yml