-
Notifications
You must be signed in to change notification settings - Fork 0
203 lines (174 loc) · 5.63 KB
/
deploy-to-cloudfront.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
name: Deploy to CloudFront
on:
workflow_call:
inputs:
aws_account_id:
required: true
description: Destination AWS Account
type: string
build_container:
required: true
description: Base image to build
type: string
runs-on:
required: false
description: 'Platform to execute on. Default ["self-hosted", "cere-network-large"]'
type: string
default: '["self-hosted", "cere-network-large"]'
build_static_files:
required: false
default: true
description: Build static files?
type: boolean
install_dependencies_command:
required: false
type: string
install_packages_command:
required: false
description: Command to install packages
type: string
build_command:
required: false
description: Build command
type: string
path_to_static_files_to_upload:
required: false
default: "build"
description: Path to files to upload
type: string
client_path:
required: false
default: "."
type: string
s3_bucket_name:
required: false
description: Name of S3 bucket for CloudFront. Defaults to cloudfront_name
type: string
s3_delete_enabled:
required: false
description: Is delete enabled with new deploy to s3
type: boolean
default: true
send_notification_to_slack:
required: false
type: boolean
default: false
disable_cache_restoring:
required: false
type: boolean
default: false
secrets:
NPM_TOKEN:
required: false
SLACK_WEBHOOK:
required: false
jobs:
build:
if: ${{ inputs.build_static_files }}
name: Build static files
runs-on: ${{ fromJSON(inputs.runs-on) }}
container:
image: ${{ inputs.build_container }}
timeout-minutes: 20
steps:
- uses: actions/checkout@v3
- name: Install system packages
run: ${{ inputs.install_dependencies_command }}
- name: Restore cache
if: ${{ !inputs.disable_cache_restoring }}
uses: actions/cache@v3
with:
path: '${{ inputs.client_path }}/node_modules'
key: ${{ runner.os }}-modules-${{ hashFiles('${{ inputs.client_path }}/yarn.lock') }}
- name: Install packages
working-directory: ${{ inputs.client_path }}
run: ${{ inputs.install_packages_command }}
env:
NPM_TOKEN: ${{secrets.NPM_TOKEN}}
- name: Build
working-directory: ${{ inputs.client_path }}
env:
CI: false
NPM_TOKEN: ${{secrets.NPM_TOKEN}}
run: ${{ inputs.build_command }}
- name: Zip artifacts
uses: montudor/action-zip@v1
with:
args: zip -qq -r artifacts.zip ${{ inputs.path_to_static_files_to_upload }}
- name: Prepare artifacts
uses: actions/upload-artifact@v3
with:
name: build
path: ${{ github.workspace }}/artifacts.zip
deploy:
needs: build
name: Deploy static files
if: needs.build.result == 'success' || needs.build.result == 'skipped'
runs-on: ubuntu-latest
timeout-minutes: 10
permissions:
contents: read
id-token: write
steps:
- name: Restore build
if: ${{ inputs.build_static_files }}
uses: actions/download-artifact@v3
with:
name: build
path: artifacts
- name: Unzip artifacts
if: ${{ inputs.build_static_files }}
uses: montudor/action-zip@v1
with:
args: unzip -qq artifacts/artifacts.zip
- name: Checkout repository
if: ${{ !inputs.build_static_files }}
uses: actions/checkout@v3
- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v2
with:
role-skip-session-tagging: true
role-to-assume: arn:aws:iam::${{ inputs.aws_account_id }}:role/github
role-session-name: ${{ github.event.repository.name }}
aws-region: us-east-1
- name: Upload files
run: |
args=('--metadata-directive=REPLACE' '--exclude ".*"')
if [[ ${{inputs.s3_delete_enabled}} ]]; then
args+=('--delete')
fi
aws s3 sync ${args[@]} \
${{ inputs.path_to_static_files_to_upload }}/ s3://${{ inputs.s3_bucket_name }}
- name: Invalidate cache
run: |
for id in $(
aws cloudfront list-distributions \
--query 'DistributionList.Items[*].{id:Id,origin:Origins.Items[0].DomainName}[?starts_with(origin, `${{ inputs.s3_bucket_name }}`)].id' \
--output text
); do
invalidation_id=$(
aws cloudfront create-invalidation \
--distribution-id $id \
--paths "/*" \
--query Invalidation.Id \
--output text
)
aws cloudfront wait invalidation-completed \
--distribution-id $id \
--id ${invalidation_id}
done
outputs:
fqdn: "https://${{ inputs.s3_bucket_name }}/"
slack_notify:
if: ${{ inputs.send_notification_to_slack }}
needs: deploy
name: Send notification to slack
runs-on: ubuntu-latest
timeout-minutes: 1
steps:
- uses: rtCamp/action-slack-notify@v2
env:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
SLACK_USERNAME: 'GITHUB_ACTIONS'
SLACK_ICON: 'https://github.com/cere-io/reusable-workflows/raw/master/Documentation/logo.ico'
SLACK_FOOTER: ''