Prod astro deployment #231
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# Build the astro-based artifacts and deploy them to the S3 website bucket | |
# | |
name: Prod astro deployment | |
env: | |
BUCKET_NAME: "fusionauth-io-website-2023" | |
PUBLISHER_ROLE_ARN: "${{ secrets.PUBLISHER_ROLE_ARN }}" | |
AWS_REGION: "us-east-2" | |
on: | |
# Runs on pushes targeting the default branch | |
push: | |
branches: ["master"] | |
paths: | |
- 'astro/**' | |
- 'src/cloudfront/fusionauth-website-request-handler.js' | |
- '.github/workflows/prod-astro.yml' | |
# Allows you to run this workflow manually from the Actions tab | |
workflow_dispatch: | |
permissions: | |
id-token: write # Used to get an access token, which is then used to assume an AWS IAM role | |
contents: read | |
# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued. | |
# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete. | |
concurrency: | |
group: "astro" | |
cancel-in-progress: false | |
jobs: | |
deploy: | |
runs-on: ubuntu-latest | |
defaults: | |
run: | |
working-directory: ./astro | |
permissions: | |
id-token: write | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
role-to-assume: ${{ env.PUBLISHER_ROLE_ARN }} | |
role-session-name: site_publisher_session | |
aws-region: ${{ env.AWS_REGION }} | |
- name: Install modules | |
run: npm ci | |
- name: Build application | |
run: npm run build | |
- name: Deploy to S3 | |
run: | | |
aws s3 sync ./dist/ s3://${{ env.BUCKET_NAME }} --delete | |
aws s3 sync ./cdn/ s3://${{ env.BUCKET_NAME }}/cdn/ | |
- name: CloudFront request handler and cache invalidation | |
working-directory: . | |
run: | | |
CLOUDFRONT_FUNCTION_ETAG=$(aws cloudfront describe-function --name fusionauth-website-request-handler --query 'ETag' --output text) | |
CLOUDFRONT_FUNCTION_ETAG=$(aws cloudfront update-function --name fusionauth-website-request-handler --function-code fileb://src/cloudfront/fusionauth-website-request-handler.js --function-config Comment="Request handler for the FusionAuth website",Runtime="cloudfront-js-1.0" --if-match ${CLOUDFRONT_FUNCTION_ETAG} --query 'ETag' --output text) | |
aws cloudfront publish-function --name fusionauth-website-request-handler --if-match ${CLOUDFRONT_FUNCTION_ETAG} | |
aws cloudfront create-invalidation --distribution-id ${{ secrets.DISTRIBUTION_ID }} --paths "/*" | |