-
Notifications
You must be signed in to change notification settings - Fork 4
158 lines (135 loc) · 4.79 KB
/
preview-s3-deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
name: S3 Preview Bucket - Deploy
on:
pull_request:
branches: '**'
permissions:
id-token: write
contents: read
issues: write
pull-requests: write
env:
# The bucket name must follow the pattern ds-preview-<REPO_ID>-${{ github.event.number }}
# The AWS Role only has permissions to manage buckets that start with ds-preview.
BUCKET_NAME: ds-preview-satsummit-${{ github.event.number }}
# The ARN of the role created in AWS.
AWS_ROLE_ARN: arn:aws:iam::552819999234:role/ds-preview-satsummit
# The AWS region where the bucket will be created.
AWS_REGION: us-east-1
# The name of the directory where the site is built.
DIST_DIRECTORY: public
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Use Node.js
uses: actions/setup-node@v4
with:
node-version-file: '.nvmrc'
- name: Cache dependencies
uses: actions/cache@v4
id: cache-yarn
with:
path: |
/home/runner/.cache/yarn
node_modules
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/package.json') }}
- name: Cache dist
uses: actions/cache@v4
id: cache-dist
with:
path: ${{env.DIST_DIRECTORY}}
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ github.sha }}
- name: Post building comment
uses: actions/github-script@v6
with:
script: |
const { createDeployingComment } = require('./.github/workflows/github-pr-update.js')
await createDeployingComment({ github, context, core })
- name: Install
run: yarn install --ignore-engines
- name: Build
run: yarn build
- name: Post error comment
uses: actions/github-script@v6
if: failure()
with:
script: |
const { createFailedComment } = require('./.github/workflows/github-pr-update.js')
await createFailedComment({ github, context, core })
deploy:
runs-on: ubuntu-latest
needs: build
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ env.AWS_ROLE_ARN }}
aws-region: ${{ env.AWS_REGION }}
- name: Checkout
uses: actions/checkout@v4
- name: Restore dist cache
uses: actions/cache@v4
id: cache-dist
with:
path: ${{env.DIST_DIRECTORY}}
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ github.sha }}
- name: Check if bucket exists
id: check_bucket
run: |
if aws s3 ls "s3://${{ env.BUCKET_NAME }}" 2>&1 | grep -q 'NoSuchBucket'; then
echo "Bucket does not exist."
echo "::set-output name=exists::false"
else
echo "Bucket exists."
echo "::set-output name=exists::true"
fi
- name: Create S3 bucket
if: steps.check_bucket.outputs.exists == 'false'
run: |
aws s3 mb s3://${{ env.BUCKET_NAME }}
- name: Enable static website hosting
if: steps.check_bucket.outputs.exists == 'false'
run: |
aws s3 website \
s3://${{ env.BUCKET_NAME }} \
--index-document index.html \
--error-document index.html
- name: Sync files
run: |
aws s3 sync \
./${{env.DIST_DIRECTORY}} s3://${{ env.BUCKET_NAME }} \
--delete \
--quiet
- name: Make bucket public access
if: steps.check_bucket.outputs.exists == 'false'
run: |
aws s3api delete-public-access-block --bucket ${{ env.BUCKET_NAME }}
- name: Add bucket policy for public access
if: steps.check_bucket.outputs.exists == 'false'
run: |
echo '{
"Version": "2012-10-17",
"Statement": [{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::${{ env.BUCKET_NAME }}/*"
}]
}' > bucket-policy.json
aws s3api put-bucket-policy --bucket ${{ env.BUCKET_NAME }} --policy file://bucket-policy.json
- name: Post error comment
uses: actions/github-script@v6
if: success()
with:
script: |
const { createSuccessComment } = require('./.github/workflows/github-pr-update.js')
await createSuccessComment({ github, context, core })
- name: Post comment with preview URL
uses: actions/github-script@v6
if: failure()
with:
script: |
const { createFailedComment } = require('./.github/workflows/github-pr-update.js')
await createFailedComment({ github, context, core })