From 012cefaaf85c7164c595b1cf7bbf621744722a45 Mon Sep 17 00:00:00 2001
From: Mayo Jordanov <mayo@oyam.ca>
Date: Tue, 11 Jun 2024 20:54:46 -0700
Subject: [PATCH] Add deploy workflow

---
 .github/workflows/build.yml  | 15 +++++++++---
 .github/workflows/deploy.yml | 45 ++++++++++++++++++++++++++++++++++++
 2 files changed, 57 insertions(+), 3 deletions(-)
 create mode 100644 .github/workflows/deploy.yml

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index ae3de89..92e3949 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -16,16 +16,25 @@ jobs:
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
+
       - name: Setup Zola environment
         uses: taiki-e/install-action@v2
         with:
           tool: zola
+
       - name: Build site
         run: make build
+
       - name: Save artifact
         uses: actions/upload-artifact@v4
         with:
-          name: website-public
+          name: website-${{ github.ref_name }}
           path: public/
-  # call-deploy-workflow:
-  #   uses: ./.github/workflows/deploy.yml
\ No newline at end of file
+
+  call-deploy-workflow:
+    uses: ./.github/workflows/deploy.yml
+    needs: build
+    with:
+      artifact-name: website-${{ github.ref_name }}
+    secrets:
+      AWS_IAM_ROLE_GITHUB: ${{ secrets.AWS_IAM_ROLE_GITHUB }}
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
new file mode 100644
index 0000000..bc4ae74
--- /dev/null
+++ b/.github/workflows/deploy.yml
@@ -0,0 +1,45 @@
+name: Deploy site
+
+on:
+  workflow_call:
+    inputs:
+      artifact-name:
+        required: true
+        type: string
+    secrets:
+      AWS_IAM_ROLE_GITHUB:
+        required: true
+
+permissions:
+  id-token: write
+
+env:
+  AWS_REGION: us-east-1
+  S3_BUCKET: draft.oyam.ca
+
+concurrency:
+  group: site-deploy-${{ github.ref_name }}
+  cancel-in-progress: true
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Download the build artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: ${{ inputs.artifact-name }}
+          path: public
+      
+      - uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.AWS_IAM_ROLE_GITHUB }}
+          role-session-name: GitHub-Action-Role
+          aws-region: ${{ env.AWS_REGION }}
+
+      - name: Upload Artifact to s3
+        run: aws s3 sync --acl public-read --delete public/ s3://${{ env.S3_BUCKET }}/
+
+
+#  invalidate-cache:
+#    runs-on: ubuntu-latest
\ No newline at end of file