Deploy #461
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deploy | |
on: | |
release: | |
types: [published] | |
workflow_dispatch: | |
permissions: | |
id-token: write | |
contents: write | |
issues: write | |
jobs: | |
main: | |
runs-on: ubuntu-latest | |
environment: production | |
env: | |
BASE_URL: /map/ | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: "20.x" | |
cache: "npm" | |
- name: Install dependencies | |
run: npm ci --no-audit | |
- name: Set version | |
run: | |
echo "VERSION=`git describe --tags HEAD | tr -d '\n'`" >> $GITHUB_ENV | |
- name: Build | |
env: | |
VERSION: ${{ env.VERSION }} | |
REGISTRY_ENDPOINT: ${{ vars.REGISTRY_ENDPOINT }} | |
DOMAIN_NAME: ${{ vars.DOMAIN_NAME }} | |
SENTRY_DSN: ${{ vars.SENTRY_DSN }} | |
run: | | |
npm run build | |
mkdir ./dist/.well-known | |
echo ${{ env.VERSION }} > ./dist/.well-known/release | |
cp assets/* dist/assets | |
- name: Cache AWS CLI (Linux) | |
id: cache-aws-cli | |
uses: actions/cache@v4 | |
with: | |
path: aws/ | |
key: cache-aws-cli | |
- name: Install AWS | |
if: steps.cache-aws-cli.outputs.cache-hit != 'true' | |
run: | | |
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" | |
unzip -q awscliv2.zip | |
sudo ./aws/install --update | |
- name: configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{ secrets.AWS_ROLE }} | |
role-session-name: gh-actions-publish | |
aws-region: ${{ vars.AWS_REGION }} | |
- name: Get bucket name | |
run: | | |
BUCKET_NAME=`aws cloudformation describe-stacks --stack-name ${{ vars.STACK_NAME }} | jq -r '.Stacks[0].Outputs[] | select(.OutputKey == "bucketName") | .OutputValue'` | |
echo "BUCKET_NAME=${BUCKET_NAME}" >> $GITHUB_ENV | |
echo "S3_LOCATION=${BUCKET_NAME}${{ env.BASE_URL }}" >> $GITHUB_ENV | |
- name: Delete old files | |
run: | | |
aws s3 rm s3://${{ env.S3_LOCATION }} --recursive | |
- name: Upload build | |
run: | | |
aws s3 sync dist s3://${{ env.S3_LOCATION }} | |
- name: Set cache metadata | |
run: | | |
# All files to 1 year | |
aws s3 cp s3://${{ env.S3_LOCATION }} s3://${{ env.S3_LOCATION }} --recursive --cache-control max-age=30758400,public | |
# HTML files and .well-known/ to 10 minutes | |
aws s3 cp s3://${{ env.S3_LOCATION }} s3://${{ env.S3_LOCATION }} --exclude "*" --include "*.html" --include ".well-known/*" --recursive --cache-control max-age=600,public --content-type "text/html; charset=UTF-8" | |
# Trigger CloudFront cache invalidation for fixed resources | |
# (all other files have unique names) | |
- name: Invalidate CloudFront cache | |
env: | |
STACK_NAME: ${{ vars.STACK_NAME }} | |
run: npx tsx .github/workflows/invalidate-cloudfront.ts |