release-site #41
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: release-site | |
| on: | |
| release: | |
| types: [created] # will be triggered when a NON-draft release is created and published. | |
| jobs: | |
| aws-deploy: # see: https://github.com/undergroundwires/aws-static-site-with-cd | |
| runs-on: ubuntu-latest | |
| steps: | |
| - | |
| name: "App: Checkout" | |
| uses: actions/checkout@v4 | |
| with: | |
| path: app | |
| ref: master # otherwise we don't get version bump commit | |
| - | |
| name: "App: Setup node" | |
| uses: ./app/.github/actions/setup-node | |
| - | |
| name: "App: Install dependencies" | |
| uses: ./app/.github/actions/npm-install-dependencies | |
| with: | |
| working-directory: app | |
| - | |
| name: "App: Run unit tests" | |
| run: npm run test:unit | |
| working-directory: app | |
| - | |
| name: "App: Build" | |
| run: npm run build | |
| working-directory: app | |
| - | |
| name: "App: Verify web build artifacts" | |
| run: npm run check:verify-build-artifacts -- --web | |
| shell: bash # Required for correct argument passing (--) | |
| working-directory: app | |
| - | |
| name: "Infrastructure: Checkout" | |
| uses: actions/checkout@v4 | |
| with: | |
| path: aws | |
| repository: undergroundwires/aws-static-site-with-cd | |
| - | |
| name: "Infrastructure: Deploy website" | |
| run: |- | |
| declare web_output_dir | |
| if ! web_output_dir=$(cd app && node scripts/print-dist-dir.js --web); then | |
| echo 'Error: Could not determine distribution directory.' | |
| exit 1 | |
| fi | |
| bash "aws/scripts/deploy.sh" \ | |
| --access-key-id '${{ secrets.AWS_DEPLOYMENT_USER_ACCESS_KEY_ID }}' \ | |
| --secret-access-key '${{ secrets.AWS_DEPLOYMENT_USER_SECRET_ACCESS_KEY }}' \ | |
| --region 'us-east-1' \ | |
| --root-domain 'privacy.sexy' \ | |
| --resource-prefix 'privacysexy' \ | |
| --site-dist-dir "$web_output_dir" \ | |
| --session-name "${{ github.actor }}-${{ github.event_name }}-$(echo '${{ github.sha }}' | cut -c1-8)" \ | |
| --role-arn-iam '${{ secrets.AWS_IAM_STACK_DEPLOYMENT_ROLE_ARN }}' \ | |
| --role-arn-dns '${{ secrets.AWS_DNS_STACK_DEPLOYMENT_ROLE_ARN }}' \ | |
| --role-arn-cert '${{ secrets.AWS_CERTIFICATE_STACK_DEPLOYMENT_ROLE_ARN }}' \ | |
| --role-arn-web '${{ secrets.AWS_WEB_STACK_DEPLOYMENT_ROLE_ARN }}' \ | |
| --role-arn-cf-lambda-sync '${{ secrets.AWS_CLOUDFRONT_LAMBDA_SYNC_ROLE_ARN }}' \ | |
| --role-arn-cf-invalidate '${{ secrets.AWS_CLOUDFRONT_SITE_DEPLOYMENT_ROLE_ARN }}' \ | |
| --role-arn-s3-upload '${{ secrets.AWS_S3_SITE_DEPLOYMENT_ROLE_ARN }}' \ | |
| --use-deep-links 'true' |