ci: deploy blog to GitHub Pages on apex techquests.dev

[aanogueira]

Summary

• New workflow .github/workflows/deploy-pages.yml that builds the SvelteKit site with bun and publishes to GitHub Pages on every push to main
• static/CNAME pinning the apex domain techquests.dev into the deploy artifact (adapter-static copies static/ → build/ unchanged)

Pre-merge / post-merge requirements

• Repo Settings → Pages → Source = GitHub Actions
• Cloudflare DNS for techquests.dev apex — replace existing apex A records with GitHub Pages IPs:

  A    @    185.199.108.153   DNS only (gray cloud)
  A    @    185.199.109.153   DNS only
  A    @    185.199.110.153   DNS only
  A    @    185.199.111.153   DNS only
  

  Optional IPv6 (AAAA): 2606:50c0:8000::153, ...8001::153, ...8002::153, ...8003::153
• Settings → Pages → Custom domain: techquests.dev → Save
• Wait for Let's Encrypt cert (minutes to ~24h on first issuance)
• Tick "Enforce HTTPS"

Notes

• Apex domains cannot use CNAME — must use A records to GitHub Pages IPs
• Keep Cloudflare proxy off (gray cloud) until the cert issues, otherwise ACME validation hits Cloudflare instead of GH Pages
• After HTTPS works, Cloudflare proxy can be re-enabled if desired, but switch Cloudflare SSL mode to Full (strict) to avoid a redirect loop

Test plan

• Merge PR, watch Deploy Pages workflow succeed
• Confirm artifact contains CNAME at the root
• Once DNS is repointed, browse to https://techquests.dev/ and verify the site loads with a valid cert

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 5 package(s) with unknown licenses.

See the Details below.

License Issues

.github/workflows/deploy-pages.yml

Package	Version	License	Issue Type
actions/checkout	6.*.*	Null	Unknown License
actions/configure-pages	5.*.*	Null	Unknown License
actions/deploy-pages	4.*.*	Null	Unknown License
actions/upload-pages-artifact	3.*.*	Null	Unknown License
oven-sh/setup-bun	2.*.*	Null	Unknown License

Allowed Licenses:

MIT, Apache-2.0, BSD-2-Clause, BSD-3-Clause, ISC, 0BSD

OpenSSF Scorecard

Package	Version	Score	Details
actions/actions/checkout	6.*.*	🟢 5.7	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Code-Review 🟢 10 all changesets reviewed Maintained ⚠️ 0 1 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches SAST 🟢 8 SAST tool detected but not run on all commits
actions/actions/configure-pages	5.*.*	🟢 6.2	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Maintained ⚠️ 1 2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Security-Policy 🟢 9 security policy file detected SAST 🟢 7 SAST tool detected but not run on all commits Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches
actions/actions/deploy-pages	4.*.*	🟢 5.4	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 10 all changesets reviewed Maintained ⚠️ 0 1 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 7 SAST tool detected but not run on all commits Branch-Protection ⚠️ 1 branch protection is not maximal on development and all release branches
actions/actions/upload-pages-artifact	3.*.*	🟢 5.8	Details Check Score Reason Code-Review 🟢 8 Found 8/9 approved changesets -- score normalized to 8 Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 5 6 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5 Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches
actions/oven-sh/setup-bun	2.*.*	Unknown	Unknown

Scanned Files

• .github/workflows/deploy-pages.yml

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!