Upload build preview site as artifact

[goruha]

what

• Upload preview site static files as github actions artifact

why

• This is the first step of previed deployment strategy refactoring to support preview deployments from forks

references

• https://linear.app/cloudposse/issue/DEV-2677/fix-preview-deployments-for-prs-from-forked-repositories

Summary by CodeRabbit

• New Features

  • Introduced a new GitHub Actions workflow for automating the deployment of a preview environment for the website.
  • Added a step to the website deployment workflow for uploading build artifacts, improving retrieval and debugging processes.

• Bug Fixes

  • Enhanced error handling to ensure the workflow raises an error if no files are found during the artifact upload process.

• Style

  • Made formatting changes to the website/README.md file by adding additional blank lines after the "Getting Started" section.

[coderabbitai]

📝 Walkthrough

📝 Walkthrough

Walkthrough

The pull request modifies the GitHub Actions workflow for "Website Deploy Preview" by adding a new step to upload build artifacts. This step utilizes the actions/upload-artifact@v4 action, specifying the artifact name and path, while maintaining existing workflow steps related to AWS credentials, repository checkout, Node.js setup, and website syncing.

Changes

File	Change Summary
.github/workflows/website-deploy-preview.yml	Added a new step to upload artifacts after the website build process.
.github/workflows/deploy-preview.yml	Introduced a new workflow for automating preview environment deployment.
website/README.md	Added additional blank lines after the "Getting Started" section.

Assessment against linked issues

Objective	Addressed	Explanation
Fix preview deployments for PRs from forked repositories (DEV-2677)	❌	The changes do not address the issue of preview deployments from forks.

Suggested labels

minor

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary or @auto-summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai or @auto-title anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Outside diff range and nitpick comments (2)

.github/workflows/website-deploy-preview.yml (2)

66-73: Consider compressing artifacts to optimize storage and transfer.

Since website builds can be sizeable, adding compression would reduce storage costs and speed up artifact operations.

       - name: Upload artifacts
         uses: actions/upload-artifact@v4
         with:
           name: website
           path: website/build
+          compression-level: 9
           if-no-files-found: error
           retention-days: 1

---

Environment protection rules need to be configured for secure fork PR deployments

The API response shows an empty array for both deployment branch policy and protection rules, indicating that the 'preview' environment lacks security configurations. For fork PR support, it's crucial to:

• Configure branch protection rules to control which branches can deploy
• Set up required reviewers for deployment approvals
• Consider adding wait timer protection for additional security

🔗 Analysis chain

Line range hint 34-37: Verify environment protection rules for fork PR security.

Since this workflow is being enhanced for fork PR support, ensure the 'preview' environment has appropriate protection rules configured.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check environment protection rules
# Note: This requires appropriate permissions

gh api -X GET repos/{owner}/{repo}/environments/preview \
  --jq '.deployment_branch_policy, .protection_rules'

Length of output: 115

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 0ff08d5 and 37faef1.

📒 Files selected for processing (1)

• .github/workflows/website-deploy-preview.yml (1 hunks)

🔇 Additional comments (1)

.github/workflows/website-deploy-preview.yml (1)

66-73: Strong addition! The artifact upload step is well configured.

The step is strategically placed after the build and properly configured with error detection and reasonable retention period. This supports the goal of improving preview deployments from forks.

Let's verify the build directory path is consistent:

✅ Verification successful

Let me search for build configuration in other common locations.

---

Path verification confirmed! The artifact upload configuration is correct.

The website build directory path website/build aligns perfectly with Docusaurus's default build output directory, and the build script in package.json confirms this setup through the standard docusaurus build command.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the build output directory path
# Expected: Confirm website/build is the correct output path

# Check for build directory configuration in package.json or similar
rg -A 5 "build.*directory|outDir|output.*dir" website/

Length of output: 6501

---

Script:

#!/bin/bash
# Check docusaurus config and package.json for build directory settings
rg -l "build" website/docusaurus.config.js
cat website/docusaurus.config.js | grep -A 5 "build"

# Check package.json build scripts
cat website/package.json | jq '.scripts | select(.build != null)'

Length of output: 533

[coderabbitai]

Actionable comments posted: 1

🧹 Outside diff range and nitpick comments (1)

.github/workflows/deploy-preview.yml (1)

24-32: LGTM! Well-structured job configuration with clear conditions.

The preview environment and deployment URL are properly configured. Consider documenting the special website-no-deploy label in the repository's contributing guidelines.

Would you like me to help create a PR to update the contributing documentation?

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 90ca6fb and 37129c6.

📒 Files selected for processing (1)

• .github/workflows/deploy-preview.yml (1 hunks)

🧰 Additional context used

🪛 actionlint (1.7.4)

.github/workflows/deploy-preview.yml

12-12: got unexpected character 'n' while lexing fraction part of float number, expecting '0'..'9'

(expression)

---

14-14: got unexpected character 'n' while lexing fraction part of float number, expecting '0'..'9'

(expression)

---

15-15: got unexpected character 'n' while lexing fraction part of float number, expecting '0'..'9'

(expression)

🔇 Additional comments (3)

.github/workflows/deploy-preview.yml (3)

3-8: LGTM! Workflow trigger and permissions are well configured.

The workflow is correctly set up to run after "Website Deploy Preview" completes, with appropriate OIDC token permissions for AWS authentication.

Let's verify the workflow dependency:

Also applies to: 19-23

✅ Verification successful

Workflow trigger configuration is correctly set up and verified

The workflow dependency is properly configured as the referenced workflow "Website Deploy Preview" exists at .github/workflows/website-deploy-preview.yml.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Verify the referenced workflow exists
rg -g "*.yml" -g "*.yaml" "name:.*Website Deploy Preview" .github/workflows/

Length of output: 154

---

56-61: Verify Algolia reindex script location.

The script path ./website/algolia/reindex.sh is hardcoded. Ensure this script exists and is executable.

Let's verify the script:

✅ Verification successful

Script location and permissions verified successfully

The Algolia reindex script exists at the specified path website/algolia/reindex.sh and has the proper executable permissions (755). The workflow can execute this script without any issues.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check if the reindex script exists and is executable
fd -t f "reindex.sh" website/algolia/

Length of output: 64

---

Script:

#!/bin/bash
# Check if the script has executable permissions
ls -l website/algolia/reindex.sh

Length of output: 109

---

49-54: Verify S3 sync deletion behavior.

The --delete flag will remove files in the destination that don't exist in the source. While this is often desired for clean deployments, ensure this behavior is intended and documented.

Let's check for similar sync patterns:

✅ Verification successful

S3 sync deletion behavior is consistently implemented

The --delete flag usage is consistent across all deployment workflows:

• Preview deployments (both files) sync to isolated PR-specific folders
• Production deployment follows the same pattern for the root bucket
• All implementations include proper AWS identity verification and result summarization

The deletion behavior is safe as it:

1. Only affects the specific PR folder in preview deployments
2. Ensures clean deployments by removing stale files
3. Follows AWS best practices with identity verification

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check for other S3 sync commands that might need alignment
rg "aws s3 sync.*--delete" .github/workflows/

Length of output: 413

---

Script:

#!/bin/bash
# Let's check the context of these S3 sync commands to understand their usage
echo "=== deploy-preview.yml ==="
rg -A 5 -B 5 "aws s3 sync.*--delete" .github/workflows/deploy-preview.yml

echo -e "\n=== website-deploy-preview.yml ==="
rg -A 5 -B 5 "aws s3 sync.*--delete" .github/workflows/website-deploy-preview.yml

echo -e "\n=== website-deploy-prod.yml ==="
rg -A 5 -B 5 "aws s3 sync.*--delete" .github/workflows/website-deploy-prod.yml

Length of output: 1804

[github-actions]

These changes were released in v1.118.0.