Skip to content

Prod astro deployment #231

Prod astro deployment

Prod astro deployment #231

Workflow file for this run

#
# Build the astro-based artifacts and deploy them to the S3 website bucket
#
name: Prod astro deployment
env:
BUCKET_NAME: "fusionauth-io-website-2023"
PUBLISHER_ROLE_ARN: "${{ secrets.PUBLISHER_ROLE_ARN }}"
AWS_REGION: "us-east-2"
on:
# Runs on pushes targeting the default branch
push:
branches: ["master"]
paths:
- 'astro/**'
- 'src/cloudfront/fusionauth-website-request-handler.js'
- '.github/workflows/prod-astro.yml'
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
permissions:
id-token: write # Used to get an access token, which is then used to assume an AWS IAM role
contents: read
# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued.
# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete.
concurrency:
group: "astro"
cancel-in-progress: false
jobs:
deploy:
runs-on: ubuntu-latest
defaults:
run:
working-directory: ./astro
permissions:
id-token: write
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: ${{ env.PUBLISHER_ROLE_ARN }}
role-session-name: site_publisher_session
aws-region: ${{ env.AWS_REGION }}
- name: Install modules
run: npm ci
- name: Build application
run: npm run build
- name: Deploy to S3
run: |
aws s3 sync ./dist/ s3://${{ env.BUCKET_NAME }} --delete
aws s3 sync ./cdn/ s3://${{ env.BUCKET_NAME }}/cdn/
- name: CloudFront request handler and cache invalidation
working-directory: .
run: |
CLOUDFRONT_FUNCTION_ETAG=$(aws cloudfront describe-function --name fusionauth-website-request-handler --query 'ETag' --output text)
CLOUDFRONT_FUNCTION_ETAG=$(aws cloudfront update-function --name fusionauth-website-request-handler --function-code fileb://src/cloudfront/fusionauth-website-request-handler.js --function-config Comment="Request handler for the FusionAuth website",Runtime="cloudfront-js-1.0" --if-match ${CLOUDFRONT_FUNCTION_ETAG} --query 'ETag' --output text)
aws cloudfront publish-function --name fusionauth-website-request-handler --if-match ${CLOUDFRONT_FUNCTION_ETAG}
aws cloudfront create-invalidation --distribution-id ${{ secrets.DISTRIBUTION_ID }} --paths "/*"