-
Notifications
You must be signed in to change notification settings - Fork 0
100 lines (83 loc) · 3.23 KB
/
deploy.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
name: Deploy
on:
release:
types: [published]
workflow_dispatch:
permissions:
id-token: write
contents: write
issues: write
jobs:
main:
runs-on: ubuntu-latest
environment: production
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: actions/setup-node@v4
with:
node-version: "20.x"
- name: Keep npm cache around to speed up installs
uses: actions/cache@v3
with:
path: ~/.npm
key: ${{ runner.OS }}-build-${{ hashFiles('**/package-lock.json') }}
- name: Install dependencies
run: npm ci --no-audit
- name: Set version
run:
echo "VERSION=`git describe --tags HEAD | tr -d '\n'`" >> $GITHUB_ENV
- name: Build
env:
VERSION: ${{ env.VERSION }}
REGISTRY_ENDPOINT: ${{ vars.REGISTRY_ENDPOINT }}
DOMAIN_NAME: ${{ vars.DOMAIN_NAME }}
SENTRY_DSN: ${{ vars.SENTRY_DSN }}
run: |
npm run build
cp -L -r ./static ./build/client
mkdir -p build/client/node_modules/maplibre-gl/dist/
cp node_modules/maplibre-gl/dist/maplibre-gl.css build/client/node_modules/maplibre-gl/dist/
mkdir -p build/client/node_modules/bootstrap/dist/css/
cp node_modules/bootstrap/dist/css/bootstrap.css build/client/node_modules/bootstrap/dist/css/
mkdir ./build/client/.well-known
echo ${{ env.VERSION }} > ./build/client/.well-known/release
- name: Cache AWS CLI (Linux)
id: cache-aws-cli
uses: actions/cache@v3
with:
path: aws/
key: cache-aws-cli
- name: Install AWS
if: steps.cache-aws-cli.outputs.cache-hit != 'true'
run: |
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip -q awscliv2.zip
sudo ./aws/install --update
- name: configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_ROLE }}
role-session-name: gh-actions-publish
aws-region: ${{ vars.AWS_REGION }}
- name: Get bucket name
run:
echo "BUCKET_NAME=`aws cloudformation describe-stacks --stack-name ${{
vars.STACK_NAME }} | jq -r '.Stacks[0].Outputs[] | select(.OutputKey
== "bucketName") | .OutputValue'`" >> $GITHUB_ENV
- name: Upload build
run: |
aws s3 sync build/client s3://${{ env.BUCKET_NAME }}
- name: Set cache metadata
run: |
# All files to 1 year
aws s3 cp s3://${{ env.BUCKET_NAME }} s3://${{ env.BUCKET_NAME }} --recursive --cache-control max-age=30758400,public
# HTML files and .well-known/ to 10 minutes
aws s3 cp s3://${{ env.BUCKET_NAME }} s3://${{ env.BUCKET_NAME }} --exclude "*" --include "*.html" --include ".well-known/*" --recursive --cache-control max-age=600,public --content-type "text/html; charset=UTF-8"
- name:
Trigger CloudFront cache invalidation for fixed resources (all other
files have unique names)
env:
STACK_NAME: ${{ vars.STACK_NAME }}
run: npx tsx .github/workflows/invalidate-cloudfront.ts