Refactor preview deployments workflows (#836)

* Refactor preview deployments workflows * Update website-preview-build.yml
cloudposse · Dec 9, 2024 · 067a99f · 067a99f
1 parent 73c8c49
commit 067a99f
Show file tree

Hide file tree

Showing 4 changed files with 115 additions and 101 deletions.
diff --git a/.github/workflows/website-deploy-preview.yml b/.github/workflows/website-deploy-preview.yml
diff --git a/.github/workflows/website-preview-build.yml b/.github/workflows/website-preview-build.yml
@@ -0,0 +1,50 @@
+name: "Website Preview Build"
+
+on:
+  workflow_dispatch:
+
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+    paths:
+      - "website/**"
+
+# These permissions are needed to interact with the GitHub's OIDC Token endpoint
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  website-deploy-preview:
+    # Do not deploy the website to the preview environment if the PR has the label 'website-no-deploy'
+    if: ${{ !contains(github.event.*.labels.*.name, 'website-no-deploy') }}
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version-file: "website/.nvmrc"
+
+      - name: Install Dependencies and Build Website
+        run: |
+          node --version
+          cd website
+          npm ci --only=production
+          npm run build:site
+
+      - name: Upload artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: website
+          path: website/build
+          if-no-files-found: error
+          retention-days: 1
diff --git a/.github/workflows/deploy-preview.yml → .github/workflows/website-preview-deploy.yml b/.github/workflows/deploy-preview.yml → .github/workflows/website-preview-deploy.yml
@@ -1,18 +1,18 @@
-name: "Deploy Preview"
+name: "Website Preview Deploy"
 
 on:
   workflow_run:
-    workflows: [Website Deploy Preview]
+    workflows: [Website Preview Build]
     types:
       - completed
 
 env:
   AWS_REGION: us-east-2
   IAM_ROLE_ARN: arn:aws:iam::068007702576:role/cplive-plat-ue2-dev-atmos-docs-gha
-  IAM_ROLE_SESSION_NAME: cloudposse-atmos-ci-deploy-pr-${{ github.event.workflow_run.pull_requests.0.number }}
+  IAM_ROLE_SESSION_NAME: cloudposse-atmos-ci-deploy-pr-${{ github.event.workflow_run.pull_requests[0].number }}
   S3_BUCKET_NAME: cplive-plat-ue2-dev-atmos-docs-origin
-  PR_NUMBER: ${{ github.event.workflow_run.pull_requests.0.number }}
-  DEPLOYMENT_HOST: pr-${{ github.event.workflow_run.pull_requests.0.number }}.atmos-docs.ue2.dev.plat.cloudposse.org
+  PR_NUMBER: ${{ github.event.workflow_run.pull_requests[0].number }}
+  DEPLOYMENT_HOST: pr-${{ github.event.workflow_run.pull_requests[0].number }}.atmos-docs.ue2.dev.plat.cloudposse.org
   ALGOLIA_INDEX_NAME: atmos-preview.tools
   ALGOLIA_APP_ID: 32YOERUX83
 
@@ -27,10 +27,22 @@ jobs:
     if: ${{ github.event.workflow_run.conclusion == 'success' && !contains(github.event.workflow_run.pull_requests.*.labels.*.name, 'website-no-deploy')  }}
     runs-on: ubuntu-latest
     environment:
-      name: preview
-      url: https://${{ env.DEPLOYMENT_HOST }}
+      name: release
 
     steps:
+      - name: Start deployment
+        uses: bobheadxi/deployments@648679e8e4915b27893bd7dbc35cb504dc915bc8 # v1
+        id: deployment
+        with:
+          step: start
+          env: preview
+          ref: ${{ github.event.workflow_run.pull_requests[0].head.ref }}
+
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
       # https://github.com/marketplace/actions/configure-aws-credentials-action-for-github-actions
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v4
@@ -39,12 +51,19 @@ jobs:
           role-to-assume: ${{ env.IAM_ROLE_ARN }}
           role-session-name: ${{ env.IAM_ROLE_SESSION_NAME }}
 
+      - uses: actions/create-github-app-token@v1
+        id: github-app
+        with:
+          app-id: ${{ vars.BOT_GITHUB_APP_ID }}
+          private-key: ${{ secrets.BOT_GITHUB_APP_PRIVATE_KEY }}
+
       - name: Download artifacts
         uses: actions/download-artifact@v4
         with:
           name: website
           path: website/build
           run-id: ${{ github.event.workflow_run.id }}
+          github-token: ${{ steps.github-app.outputs.token }}
 
       - name: Copy Website to S3 Bucket PR Folder
         run: |
@@ -59,3 +78,14 @@ jobs:
           ALGOLIA_SCRAPER_API_KEY: ${{ secrets.ALGOLIA_SCRAPER_API_KEY }}
         run: |
           ./website/algolia/reindex.sh
+
+      - name: Update deployment status
+        uses: bobheadxi/deployments@648679e8e4915b27893bd7dbc35cb504dc915bc8 # v1
+        if: always()
+        with:
+          step: finish
+          status: ${{ job.status }}
+          env: ${{ steps.deployment.outputs.env }}
+          deployment_id: ${{ steps.deployment.outputs.deployment_id }}
+          env_url: https://${{ env.DEPLOYMENT_HOST }}
+          auto_inactive: true
diff --git a/...hub/workflows/website-destroy-preview.yml → ...hub/workflows/website-preview-destroy.yml b/...hub/workflows/website-destroy-preview.yml → ...hub/workflows/website-preview-destroy.yml
@@ -1,29 +1,33 @@
-name: "Website Destroy Preview"
+name: "Website Preview Destroy"
 
 on:
   workflow_dispatch:
 
-  pull_request:
+  pull_request_target:
     types:
       - closed
 
+# These permissions are needed to interact with the GitHub's OIDC Token endpoint
+permissions:
+  id-token: write
+  contents: read
+  deployments: write
+
 env:
   AWS_REGION: us-east-2
   IAM_ROLE_ARN: arn:aws:iam::068007702576:role/cplive-plat-ue2-dev-atmos-docs-gha
   IAM_ROLE_SESSION_NAME: cloudposse-atmos-ci-destroy-pr-${{ github.event.pull_request.number }}
   S3_BUCKET_NAME: cplive-plat-ue2-dev-atmos-docs-origin
   PR_NUMBER: ${{ github.event.pull_request.number }}
 
-# These permissions are needed to interact with the GitHub's OIDC Token endpoint
-permissions:
-  id-token: write
-  contents: read
-
 jobs:
   website-destroy-preview:
+    # Do not deploy the website to the preview environment if the PR has the label 'website-no-deploy'
+    if: ${{ !contains(github.event.*.labels.*.name, 'website-no-deploy') }}
+
     runs-on: ubuntu-latest
+
     steps:
-      # https://github.com/marketplace/actions/configure-aws-credentials-action-for-github-actions
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v4
         with:
@@ -35,3 +39,19 @@ jobs:
         run: |
           aws sts get-caller-identity
           aws s3 rm s3://${{ env.S3_BUCKET_NAME }}/ --recursive --exclude "*" --include "pr-${{ env.PR_NUMBER }}/*"
+
+      # see https://dev.to/bobheadxi/branch-previews-with-google-app-engine-and-github-actions-3pco
+      - name: extract branch name
+        id: get_branch
+        shell: bash
+        env:
+          PR_HEAD: ${{ github.head_ref }}
+        run: echo "##[set-output name=branch;]$(echo ${PR_HEAD#refs/heads/} | tr / -)"
+
+      - name: mark environment as deactivated
+        uses: bobheadxi/deployments@648679e8e4915b27893bd7dbc35cb504dc915bc8 # v1
+        with:
+          step: deactivate-env
+          env: preview
+          ref: ${{ steps.get_branch.outputs.branch }}
+          desc: Environment was pruned