-
-
Notifications
You must be signed in to change notification settings - Fork 27
85 lines (70 loc) · 2.84 KB
/
website-deploy-release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
name: "🚀 Docs Release"
on:
workflow_dispatch:
schedule:
- cron: "0 8 * * *"
release:
types:
- published
env:
AWS_REGION: us-east-2
IAM_ROLE_ARN: arn:aws:iam::557075604627:role/cplive-plat-ue2-prod-cloudposse-docs-gha
IAM_ROLE_SESSION_NAME: cloudposse-docs-ci-deploy-release
S3_BUCKET_NAME: cplive-plat-ue2-prod-cloudposse-docs-origin
DEPLOYMENT_HOST: docs.cloudposse.com
ALGOLIA_INDEX_NAME: docs.cloudposse.com
ALGOLIA_APP_ID: 32YOERUX83
GOOGLE_TAG_MANAGER: GTM-WQWH2XV
GOOGLE_SITE_VERIFICATION_ID: uY7FoBLCwsBfMMXefHxUz3lvHjZuWyURCIgpA-ia3_g
# These permissions are needed to interact with the GitHub's OIDC Token endpoint
permissions:
id-token: write
contents: read
jobs:
deploy-release:
runs-on: ubuntu-latest
environment:
name: production
url: https://${{ env.DEPLOYMENT_HOST }}
steps:
- name: Checkout Repository
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Build Website
uses: ./.github/actions/build-website
with:
aws_region: ${{ env.AWS_REGION }}
iam_role_arn: ${{ env.IAM_ROLE_ARN }}
iam_role_session_name: ${{ env.IAM_ROLE_SESSION_NAME }}
google_tag_manager: ${{ env.GOOGLE_TAG_MANAGER }}
google_site_verification_id: ${{ env.GOOGLE_SITE_VERIFICATION_ID }}
repo_access_token: ${{ secrets.REPO_ACCESS_TOKEN }}
# "assets/refarch/handoffs/*" are handled by cloudposse-corp/demos
- name: Copy Website to S3 Bucket
run: |
cd build
aws sts get-caller-identity
aws s3 sync . s3://${{ env.S3_BUCKET_NAME }} --delete --exclude "pr-*" --exclude "assets/refarch/handoffs/*"
aws s3 ls s3://${{ env.S3_BUCKET_NAME }}/ --recursive --human-readable --summarize
- name: Invalidate cache for Cloudfront
run: |
echo "Sending invalidation request"
invalidation_id=$(aws cloudfront create-invalidation \
--distribution-id ${{ secrets.CLOUDFRONT_DISTRIBUTION_ID }} \
--paths "/*" \
--output json | jq -r '.Invalidation.Id')
echo "Waiting for invalidation to complete..."
aws cloudfront wait invalidation-completed \
--id $invalidation_id \
--distribution-id ${{ secrets.CLOUDFRONT_DISTRIBUTION_ID }}
echo "done."
- name: Invalidate cache for Cloudflare
run: |
curl -v -X POST \
-d '{"purge_everything": true}' \
--header 'Content-Type: application/json' \
--header "Authorization: Bearer ${{ secrets.CLOUDFLARE_CACHE_PURGE_API_KEY }}" \
"https://api.cloudflare.com/client/v4/zones/${{ vars.CLOUDFLARE_CLOUDPOSSE_COM_ZONE_ID }}/purge_cache"
# Sleep after sending request to give some time before Algolia Index triggers
sleep 30s