Auto-discover news HTML files in Vite config to fix missing S3 uploads#427
Auto-discover news HTML files in Vite config to fix missing S3 uploads#427
Conversation
…rticles in S3 deployment Root cause: vite.config.js used hardcoded rollupOptions.input entries for news articles. 336 news HTML files (including 2026-02-22-justice-reform-*) existed in news/ but were not listed, so Vite excluded them from dist/ and S3 deploy never uploaded them. Fix: replaced hardcoded entries with dynamic fs.readdirSync() discovery of news/*.html. Also added s3-troubleshoot.yml workflow for manual AWS CLI diagnostics. Co-authored-by: pethers <[email protected]>
Co-authored-by: pethers <[email protected]>
github-actions
bot
added
javascript
🔍 Lighthouse Performance Audit
📥 Download full Lighthouse report Budget Compliance: Performance budgets enforced via |
There was a problem hiding this comment.
Pull request overview
This PR fixes missing S3 uploads for newly added news article HTML pages by ensuring Vite includes all news/*.html files in the build output (so they land in dist/ and are eligible for S3 sync), and adds a manual S3 diagnostic workflow to help detect mismatches between dist/ and the bucket.
Changes:
- Replace hardcoded
rollupOptions.inputnews article entries with filesystem auto-discovery invite.config.js. - Add
.github/workflows/s3-troubleshoot.yml(workflow_dispatch) for listing missing/orphaned files and basic bucket stats.
Reviewed changes
Copilot reviewed 2 out of 3 changed files in this pull request and generated 5 comments.
| File | Description |
|---|---|
| vite.config.js | Auto-discovers news/*.html article pages and spreads them into Rollup inputs, avoiding omissions from the Vite build. |
| .github/workflows/s3-troubleshoot.yml | Adds a manual workflow to compare dist/ vs S3 and check for missing news files. |
| for (const file of fs.readdirSync(newsDir)) { | ||
| if (file.endsWith('.html') && !file.startsWith('index')) { | ||
| const name = file.replace('.html', ''); | ||
| entries[`news/${name}`] = `./news/${file}`; | ||
| } | ||
| } |
There was a problem hiding this comment.
fs.readdirSync(newsDir) does not guarantee a consistent order across filesystems/OSes. Sorting the filenames before populating entries will keep rollupOptions.input stable and help avoid hard-to-diff build output changes.
| - name: Harden Runner | ||
| uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2 | ||
| with: | ||
| egress-policy: audit |
There was a problem hiding this comment.
This workflow assumes an AWS role, but harden-runner is set to egress-policy: audit, which doesn't prevent outbound exfiltration if a step is compromised. Consider switching to egress-policy: block with an allowed-endpoints list similar to .github/workflows/deploy-s3.yml, since the network destinations here are well-known (npm registry, GitHub, and AWS APIs).
| egress-policy: audit | |
| egress-policy: block | |
| allowed-endpoints: > | |
| api.github.com:443 | |
| github.com:443 | |
| uploads.github.com:443 | |
| objects.githubusercontent.com:443 | |
| registry.npmjs.org:443 | |
| nodejs.org:443 | |
| sts.amazonaws.com:443 | |
| s3.amazonaws.com:443 | |
| s3.us-east-1.amazonaws.com:443 |
| FILE="${{ inputs.file_pattern }}" | ||
| if [ -z "$FILE" ]; then | ||
| echo "❌ No file pattern specified" | ||
| exit 1 | ||
| fi | ||
|
|
||
| echo "🔍 Checking file: $FILE" | ||
| echo "" | ||
|
|
||
| echo "=== In local dist/ ===" | ||
| if [ -f "dist/$FILE" ]; then | ||
| echo "✅ EXISTS in dist/$FILE" |
There was a problem hiding this comment.
inputs.file_pattern is interpolated into file paths (dist/$FILE, $FILE) without validation. To avoid accidental path traversal (e.g., ../../...) and to keep the workflow focused on news diagnostics, validate that the input matches an expected pattern like ^news/.*\.html$ before using it.
| ls -la "dist/$FILE" | ||
| else | ||
| echo "❌ MISSING from dist/$FILE" | ||
| echo " Check if the file is listed in vite.config.js rollupOptions.input" |
There was a problem hiding this comment.
The log hint here still refers to checking whether the file is listed in rollupOptions.input, but this PR switches news articles to auto-discovery. Update the message to point to the discovery rules (e.g., file must be a top-level news/*.html that does not start with index).
| echo " Check if the file is listed in vite.config.js rollupOptions.input" | |
| echo " Check that the file matches the news auto-discovery rules: top-level news/*.html and filename does not start with index" |
Co-authored-by: Copilot <[email protected]> Signed-off-by: James Pether Sörling <[email protected]>
![github-code-quality[bot]](https://avatars.githubusercontent.com/u/9919?s=60&v=4){kind=small}
| import { defineConfig } from 'vite'; | ||
| import sri from 'vite-plugin-sri-gen'; | ||
| import fs from 'node:fs'; | ||
| import path from 'node:path'; |
Signed-off-by: James Pether Sörling <[email protected]>
🔍 Lighthouse Performance Audit
📥 Download full Lighthouse report Budget Compliance: Performance budgets enforced via |
discoverHtmlEntries()— recursively scans the entire repo (root, dashboard/, news/) for*.htmlfiles, ignoring source-only dirs. New pages added anywhere are automatically included.🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. Learn more about Advanced Security.