Integrate resume build into Pages deploy via workflow_call

[Copilot]

• Add build-resume job calling pbhandari/resume/.github/workflows/build.yml@main via workflow_call with secrets: inherit
• Add needs: build-resume to build job; download and copy resume PDF artifact to site root
• Fix contents: read permission on build-resume job (removed redundant permissions block)
• Add workflow_dispatch trigger to allow manual runs
• Fix CI: pass upload_artifact: true to the called workflow so the artifact upload step is not skipped

---

🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. Learn more about Advanced Security.

[pbhandari]

resume is a private repository, that might be why you're not getting the data.

Can we also rely less on gh runs? I'd rather we use a workflow_call trigger to call into the workflow directly.

[pbhandari]

revert previous commit.

[Copilot]

revert previous commit.

Reverted in dc51955.

[pbhandari]

Invalid workflow file: .github/workflows/deploy.yml#L12
The workflow is not valid. .github/workflows/deploy.yml (Line: 12, Col: 3): Error calling workflow 'pbhandari/resume/.github/workflows/build.yml@main'. The nested job 'build' is requesting 'contents: read', but is only allowed 'contents: none'.

@copilot fix tihs

[Copilot]

Invalid workflow file: .github/workflows/deploy.yml#L12
The workflow is not valid. .github/workflows/deploy.yml (L...

Fixed in 8bfa548. The build-resume job had permissions: {} which prevented the called workflow from reading repository contents. Changed it to permissions: contents: read.

[pbhandari]

@copilot All that's missing is the updating of the Description to one that encompasses this delta, and not just the last instruction. And then I think we're all good.

[Copilot]

@copilot All that's missing is the updating of the Description to one that encompasses this delta, and not just the last instruction. And then I think we're all good.

Updated the PR description to cover the full delta: the new build-resume workflow_call job, the resume PDF download step added to build, and the removal of the redundant permissions block.

[pbhandari]

@copilot fix the failing CI.

[Copilot]

@copilot fix the failing CI.

The failure is in the build-resume / build job — make: No targets specified and no makefile found. When pbhandari/resume/.github/workflows/build.yml runs via workflow_call, github.repository resolves to the calling repo (pbhandari/pbhandari.github.io), so actions/checkout@v4 (without an explicit repository:) checks out this repo instead of pbhandari/resume. There's no Makefile here, so make fails. The GITHUB_TOKEN also only has contents: read for pbhandari/pbhandari.github.io and can't read the private resume repo.

The fix requires changes in pbhandari/resume/.github/workflows/build.yml:

1. Add repository: pbhandari/resume to the checkout step
2. Pass a PAT that has read access to the private resume repo (e.g. via a secret in pbhandari.github.io passed through secrets: inherit)

There's nothing to change in deploy.yml on our end — the issue is fully in the called workflow's checkout step.

[pbhandari]

@copilot add a workflow dispatch trigger

[Copilot]

@copilot add a workflow dispatch trigger

Added workflow_dispatch trigger in f096a06.

[pbhandari]

@copilot Fix the failing CI.

[Copilot]

@copilot Fix the failing CI.

Fixed in 724b117. The build-resume / build job was succeeding but the "Upload resume.pdf" step was being skipped because pbhandari/resume/.github/workflows/build.yml gates that step on inputs.upload_artifact (defaulting to false). Added with: upload_artifact: true to the build-resume job call so the artifact is uploaded and available for download in the build job.