feat(Orama): don't rely on static build

.github/workflows/build.yml

@@ -10,13 +10,10 @@ on:
   push:
     branches:
       - main
-  pull_request_target:
+  pull_request:
     branches:
       - main
-    types:
-      - labeled
   merge_group:
-  workflow_dispatch:
 
 defaults:
   run:
@@ -33,11 +30,6 @@ env:
 
 jobs:
   build:
-    # This Job should run either on non-`pull_request_target` events,
-    # or `pull_request_target` event with a `labeled` action with a label named `github_actions:pull-request`
-    # since we want to run Website Builds on all these occasions. As this allows us to be certain the that builds are passing
-    if: github.event_name != 'pull_request_target' || github.event.label.name == 'github_actions:pull-request'
-
     name: Build on ${{ matrix.os }}
     runs-on: ${{ matrix.os }}
 
@@ -60,15 +52,6 @@ jobs:
 
       - name: Git Checkout
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          # Provides the Pull Request commit SHA or the GitHub merge group ref
-          ref: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.sha || github.ref }}
-          # We only need to fetch the last commit from the head_ref
-          # since we're not using the `--filter` operation from turborepo
-          # We don't use the `--filter` as we always want to force builds regardless of having changes or not
-          # this ensures that our bundle analysis script always runs and that we always ensure next.js is building
-          # regardless of having code changes or not
-          fetch-depth: 1
 
       - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
         with:
@@ -90,59 +73,13 @@ jobs:
         # We only want to install required production packages
         run: pnpm install --prod --frozen-lockfile
 
-      - name: Build Next.js (ISR)
+      - name: Build Next.js
         # We want a ISR build on CI to ensure that regular Next.js builds work as expected.
         run: node_modules/.bin/turbo build ${{ env.TURBO_ARGS }}
         env:
           # We want to ensure we have enough RAM allocated to the Node.js process
           # this should be a last resort in case by any chances the build memory gets too high
           # but in general this should never happen
           NODE_OPTIONS: '--max_old_space_size=4096'
-          # Used for API requests that require GitHub API scopes
-          NEXT_GITHUB_API_KEY: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Build Next.js (Static All Locales)
-        # We only run full static builds within Pull Requests. This step is also used to export
-        # static output in all languages, and it only works on `push` events.
-        if: github.event_name == 'push'
-        run: node_modules/.bin/turbo deploy ${{ env.TURBO_ARGS }}
-        env:
-          # We want to ensure we have enough RAM allocated to the Node.js process
-          # this should be a last resort in case by any chances the build memory gets too high
-          # but in general this should never happen
-          NODE_OPTIONS: '--max_old_space_size=4096'
-          # Used for API requests that require GitHub API scopes
-          NEXT_GITHUB_API_KEY: ${{ secrets.GITHUB_TOKEN }}
-          # We want to ensure that static exports for all locales are triggered only on `push` events to save resources
-          # and time.
-          NEXT_PUBLIC_STATIC_EXPORT_LOCALE: true
-
-      - name: Build Next.js (Static Default Locale)
-        # We want to generate static output in the default language within Pull Requests
-        # in order to reduce source wastages and build times.
-        # Note that we skip full static builds on Crowdin-based Pull Requests as these PRs should only contain translation changes
-        if: |
-          (github.event_name == 'pull_request_target' &&
-            github.event.pull_request.head.ref != 'chore/crowdin')
-        run: node_modules/.bin/turbo deploy ${{ env.TURBO_ARGS }}
-        env:
-          # We want to ensure we have enough RAM allocated to the Node.js process
-          # this should be a last resort in case by any chances the build memory gets too high
-          # but in general this should never happen
-          NODE_OPTIONS: '--max_old_space_size=4096'
-          # Used for API requests that require GitHub API scopes
-          NEXT_GITHUB_API_KEY: ${{ secrets.GITHUB_TOKEN }}
-          # We want to ensure that static exports for all locales do not occur on `pull_request_target` events
-          NEXT_PUBLIC_STATIC_EXPORT_LOCALE: false
-
-      - name: Sync Orama Cloud
-        # We only want to sync the Orama Cloud production indexes on `push` events.
-        # We also want to sync the Orama Cloud preview (deployment) indexes on `pull_request_target` events (or manual triggers).
-        # We also want to ensure that the sync only happens on the `ubuntu-latest` runner to avoid duplicate syncs
-        # or Windows-based path issues.
-        env:
-          ORAMA_INDEX_ID: ${{ github.event_name == 'push' && secrets.ORAMA_PRODUCTION_INDEX_ID || secrets.ORAMA_INDEX_ID }}
-          ORAMA_SECRET_KEY: ${{ github.event_name == 'push' && secrets.ORAMA_PRODUCTION_SECRET_KEY || secrets.ORAMA_SECRET_KEY }}
-        if: matrix.os == 'ubuntu-latest' && github.event_name != 'merge_group'
-        working-directory: apps/site
-        run: node --run sync-orama
+          # We want to ensure that static exports for all locales do not occur on `pull_request` events
+          NEXT_PUBLIC_STATIC_EXPORT_LOCALE: ${{ github.event_name == 'push' }}

.github/workflows/sync-orama.yml

@@ -0,0 +1,59 @@
+# Security Notes
+# This workflow uses `pull_request_target`, so will run against all PRs automatically (without approval), be careful with allowing any user-provided code to be run here
+# Only selected Actions are allowed within this repository. Please refer to (https://github.com/nodejs/nodejs.org/settings/actions)
+# for the full list of available actions. If you want to add a new one, please reach out a maintainer with Admin permissions.
+# REVIEWERS, please always double-check security practices before merging a PR that contains Workflow changes!!
+# AUTHORS, please only use actions with explicit SHA references, and avoid using `@master` or `@main` references or `@version` tags.
+# MERGE QUEUE NOTE: This Workflow does not run on `merge_group` trigger, as this Workflow is not required for Merge Queue's
+
+name: Sync Orama Cloud
+
+on:
+  push:
+    branches:
+      - main
+  pull_request_target:
+    branches:
+      - main
+    types:
+      - labeled
+
+permissions:
+  contents: read
+
+jobs:
+  sync-orama-cloud:
+    name: Sync Orama Cloud
+    runs-on: ubuntu-latest
+
+    # This Job should run either on non-`pull_request_target` events,
+    # or `pull_request_target` event with a `labeled` action with a label named `github_actions:pull-request`
+    # since we want to run Website Builds on all these occasions. As this allows us to be certain the that builds are passing
+    if: github.event_name != 'pull_request_target' || github.event.label.name == 'github_actions:pull-request'
+
+    steps:
+      - name: Git Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          ref: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.sha || github.ref }}
+
+      - name: Set up pnpm
+        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
+
+      - name: Set up Node.js
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        with:
+          # We want to ensure that the Node.js version running here respects our supported versions
+          node-version-file: '.nvmrc'
+          cache: 'pnpm'
+
+      - name: Install packages
+        run: pnpm install --frozen-lockfile
+
+      - name: Sync Orama Cloud
+        working-directory: apps/site
+        run: node --run sync-orama
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          ORAMA_INDEX_ID: ${{ github.event_name == 'push' && secrets.ORAMA_PRODUCTION_INDEX_ID || secrets.ORAMA_INDEX_ID }}
+          ORAMA_SECRET_KEY: ${{ github.event_name == 'push' && secrets.ORAMA_PRODUCTION_SECRET_KEY || secrets.ORAMA_SECRET_KEY }}

apps/site/next.constants.mjs

@@ -161,14 +161,6 @@ export const ORAMA_CLOUD_ENDPOINT =
 export const ORAMA_CLOUD_API_KEY =
   process.env.NEXT_PUBLIC_ORAMA_API_KEY || 'qopIuAERiWP2EZOpDjvczjws7WV40yrj';
 
-/**
- * A GitHub Access Token for accessing the GitHub API and not being rate-limited
- * The current token is registered on the "nodejs-vercel" GitHub Account.
- *
- * Note: This has no NEXT_PUBLIC prefix as it should not be exposed to the Browser.
- */
-export const GITHUB_API_KEY = process.env.NEXT_GITHUB_API_KEY || '';
-
 /**
  * The resource we point people to when discussing internationalization efforts.
  */

apps/site/package.json

@@ -88,6 +88,7 @@
     "@testing-library/user-event": "~14.6.1",
     "@types/mdx": "^2.0.13",
     "@types/semver": "~7.7.0",
+    "dedent": "^1.6.0",
     "eslint-config-next": "15.5.0",
     "eslint-import-resolver-typescript": "~4.4.4",
     "eslint-plugin-mdx": "~3.6.2",
@@ -96,6 +97,9 @@
     "global-jsdom": "^26.0.0",
     "handlebars": "4.7.8",
     "jsdom": "^26.0.0",
+    "mdast-util-from-markdown": "^2.0.2",
+    "mdast-util-to-string": "^4.0.0",
+    "nock": "^14.0.10",
     "remark-frontmatter": "^5.0.0",
     "stylelint": "16.23.0",
     "stylelint-config-standard": "39.0.0",