-
-
Notifications
You must be signed in to change notification settings - Fork 106
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upload build preview site as artifact #822
Conversation
📝 Walkthrough📝 WalkthroughWalkthroughThe pull request modifies the GitHub Actions workflow for "Website Deploy Preview" by adding a new step to upload build artifacts. This step utilizes the Changes
Assessment against linked issues
Suggested labels
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
Documentation and Community
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 0
🧹 Outside diff range and nitpick comments (2)
.github/workflows/website-deploy-preview.yml (2)
66-73
: Consider compressing artifacts to optimize storage and transfer.Since website builds can be sizeable, adding compression would reduce storage costs and speed up artifact operations.
- name: Upload artifacts uses: actions/upload-artifact@v4 with: name: website path: website/build + compression-level: 9 if-no-files-found: error retention-days: 1
Environment protection rules need to be configured for secure fork PR deployments
The API response shows an empty array for both deployment branch policy and protection rules, indicating that the 'preview' environment lacks security configurations. For fork PR support, it's crucial to:
- Configure branch protection rules to control which branches can deploy
- Set up required reviewers for deployment approvals
- Consider adding wait timer protection for additional security
🔗 Analysis chain
Line range hint
34-37
: Verify environment protection rules for fork PR security.Since this workflow is being enhanced for fork PR support, ensure the 'preview' environment has appropriate protection rules configured.
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash # Description: Check environment protection rules # Note: This requires appropriate permissions gh api -X GET repos/{owner}/{repo}/environments/preview \ --jq '.deployment_branch_policy, .protection_rules'Length of output: 115
📜 Review details
Configuration used: .coderabbit.yaml
Review profile: CHILL
📒 Files selected for processing (1)
.github/workflows/website-deploy-preview.yml
(1 hunks)
🔇 Additional comments (1)
.github/workflows/website-deploy-preview.yml (1)
66-73
: Strong addition! The artifact upload step is well configured.
The step is strategically placed after the build and properly configured with error detection and reasonable retention period. This supports the goal of improving preview deployments from forks.
Let's verify the build directory path is consistent:
✅ Verification successful
Let me search for build configuration in other common locations.
Path verification confirmed! The artifact upload configuration is correct.
The website build directory path website/build
aligns perfectly with Docusaurus's default build output directory, and the build script in package.json confirms this setup through the standard docusaurus build
command.
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Description: Verify the build output directory path
# Expected: Confirm website/build is the correct output path
# Check for build directory configuration in package.json or similar
rg -A 5 "build.*directory|outDir|output.*dir" website/
Length of output: 6501
Script:
#!/bin/bash
# Check docusaurus config and package.json for build directory settings
rg -l "build" website/docusaurus.config.js
cat website/docusaurus.config.js | grep -A 5 "build"
# Check package.json build scripts
cat website/package.json | jq '.scripts | select(.build != null)'
Length of output: 533
…dposse/atmos into preview-deployment-upload-artifacts * 'preview-deployment-upload-artifacts' of github.com:cloudposse/atmos: Update README.md
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 1
🧹 Outside diff range and nitpick comments (1)
.github/workflows/deploy-preview.yml (1)
24-32
: LGTM! Well-structured job configuration with clear conditions.The preview environment and deployment URL are properly configured. Consider documenting the special
website-no-deploy
label in the repository's contributing guidelines.Would you like me to help create a PR to update the contributing documentation?
📜 Review details
Configuration used: .coderabbit.yaml
Review profile: CHILL
📒 Files selected for processing (1)
.github/workflows/deploy-preview.yml
(1 hunks)
🧰 Additional context used
🪛 actionlint (1.7.4)
.github/workflows/deploy-preview.yml
12-12: got unexpected character 'n' while lexing fraction part of float number, expecting '0'..'9'
(expression)
14-14: got unexpected character 'n' while lexing fraction part of float number, expecting '0'..'9'
(expression)
15-15: got unexpected character 'n' while lexing fraction part of float number, expecting '0'..'9'
(expression)
🔇 Additional comments (3)
.github/workflows/deploy-preview.yml (3)
3-8
: LGTM! Workflow trigger and permissions are well configured.
The workflow is correctly set up to run after "Website Deploy Preview" completes, with appropriate OIDC token permissions for AWS authentication.
Let's verify the workflow dependency:
Also applies to: 19-23
✅ Verification successful
Workflow trigger configuration is correctly set up and verified
The workflow dependency is properly configured as the referenced workflow "Website Deploy Preview" exists at .github/workflows/website-deploy-preview.yml
.
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Verify the referenced workflow exists
rg -g "*.yml" -g "*.yaml" "name:.*Website Deploy Preview" .github/workflows/
Length of output: 154
56-61
: Verify Algolia reindex script location.
The script path ./website/algolia/reindex.sh
is hardcoded. Ensure this script exists and is executable.
Let's verify the script:
✅ Verification successful
Script location and permissions verified successfully
The Algolia reindex script exists at the specified path website/algolia/reindex.sh
and has the proper executable permissions (755). The workflow can execute this script without any issues.
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Check if the reindex script exists and is executable
fd -t f "reindex.sh" website/algolia/
Length of output: 64
Script:
#!/bin/bash
# Check if the script has executable permissions
ls -l website/algolia/reindex.sh
Length of output: 109
49-54
: Verify S3 sync deletion behavior.
The --delete
flag will remove files in the destination that don't exist in the source. While this is often desired for clean deployments, ensure this behavior is intended and documented.
Let's check for similar sync patterns:
✅ Verification successful
S3 sync deletion behavior is consistently implemented
The --delete
flag usage is consistent across all deployment workflows:
- Preview deployments (both files) sync to isolated PR-specific folders
- Production deployment follows the same pattern for the root bucket
- All implementations include proper AWS identity verification and result summarization
The deletion behavior is safe as it:
- Only affects the specific PR folder in preview deployments
- Ensures clean deployments by removing stale files
- Follows AWS best practices with identity verification
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Check for other S3 sync commands that might need alignment
rg "aws s3 sync.*--delete" .github/workflows/
Length of output: 413
Script:
#!/bin/bash
# Let's check the context of these S3 sync commands to understand their usage
echo "=== deploy-preview.yml ==="
rg -A 5 -B 5 "aws s3 sync.*--delete" .github/workflows/deploy-preview.yml
echo -e "\n=== website-deploy-preview.yml ==="
rg -A 5 -B 5 "aws s3 sync.*--delete" .github/workflows/website-deploy-preview.yml
echo -e "\n=== website-deploy-prod.yml ==="
rg -A 5 -B 5 "aws s3 sync.*--delete" .github/workflows/website-deploy-prod.yml
Length of output: 1804
These changes were released in v1.118.0. |
* Upload build preview site as artifacts * Update README.md * Added new deploy workflow
what
why
references
Summary by CodeRabbit
New Features
Bug Fixes
Style
website/README.md
file by adding additional blank lines after the "Getting Started" section.