mirror
/
vapor-docs
mirror of https://github.com/vapor/docs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Modernize deploy workflow (#942) 

Switches to OIDC provider, replaces very old S3 and CloudFront actions
with modern CLI usage, de-hardcodes region and S3 bucket name, unlocks
pin of old version of CloudFormation deploy action, add concurrency
safety.
This commit is contained in:
Gwynne Raskind 2023-11-11 11:28:20 -06:00 committed by GitHub
parent 882b8a521f
commit 7da0d44088
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 42 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.github/workflows/check.yml vendored
View File

@ -1,5 +1,7 @@
name: Build docs and check cloudformation and dead links
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
on:
pull_request:
branches:

89
.github/workflows/deploy.yml vendored
View File

@ -1,60 +1,49 @@
name: Build and deploy the Vapor documentation
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
on:
push:
branches:
- main
jobs:
deploy:
name: Build and deploy
runs-on: ubuntu-latest
permissions: { id-token: write, contents: read }
env: { AWS_PAGER: '' }
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Install dependencies
run: |
pip install -r requirements.txt
- name: Build the website
run: |
mkdocs build
swift fixSearchIndex.swift
cp googlefc012e5d94cfa05f.html site/googlefc012e5d94cfa05f.html;
swift setUpRedirects.swift
- name: Configure AWS credentials
id: cred
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.DOCS_DEPLOYER_AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.DOCS_DEPLOYER_AWS_SECRET_ACCESS_KEY }}
aws-region: 'eu-west-2'
- name: Deploy to AWS Cloudformation
id: clouddeploy
if: steps.cred.outcome == 'success'
uses: aws-actions/aws-cloudformation-github-deploy@v1.2.0
with:
name: vapor-docs-stack
template: stack.yml
no-fail-on-empty-changeset: "1"
parameter-overrides: >-
DomainName=docs.vapor.codes,
S3BucketName=vapor-docs-site,
AcmCertificateArn=${{ secrets.CERTIFICATE_ARN }}
- name: Deploy to S3
id: s3deploy
if: steps.clouddeploy.outcome == 'success'
uses: jakejarvis/s3-sync-action@master
with:
args: --acl public-read --follow-symlinks --delete
env:
AWS_S3_BUCKET: 'vapor-docs-site'
AWS_ACCESS_KEY_ID: ${{ secrets.DOCS_DEPLOYER_AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.DOCS_DEPLOYER_AWS_SECRET_ACCESS_KEY }}
AWS_REGION: 'eu-west-2'
SOURCE_DIR: 'site'
- name: Invalidate CloudFront
uses: awact/cloudfront-action@master
env:
SOURCE_PATH: '/*'
AWS_REGION: 'eu-west-2'
AWS_ACCESS_KEY_ID: ${{ secrets.DOCS_DEPLOYER_AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.DOCS_DEPLOYER_AWS_SECRET_ACCESS_KEY }}
DISTRIBUTION_ID: ${{ secrets.DOCS_DISTRIBUTION_ID }}
- name: Checkout repository
uses: actions/checkout@v4
- name: Install dependencies
run: pip install -r requirements.txt
- name: Build the website
run: |
mkdocs build
swift fixSearchIndex.swift
cp googlefc012e5d94cfa05f.html site/googlefc012e5d94cfa05f.html
swift setUpRedirects.swift
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ vars.OIDC_ROLE_ARN }}
aws-region: ${{ vars.OIDC_ROLE_REGION }}
- name: Deploy CloudFormation stack
uses: aws-actions/aws-cloudformation-github-deploy@v1
with:
name: vapor-docs-stack
template: stack.yml
no-fail-on-empty-changeset: '1'
parameter-overrides: >-
DomainName=docs.vapor.codes,
S3BucketName=${{ secrets.DOCS_S3_BUCKET_NAME }},
AcmCertificateArn=${{ secrets.CERTIFICATE_ARN }}
- name: Upload data to S3
run: |
aws s3 sync ./site 's3://${{ secrets.DOCS_S3_BUCKET_NAME }}' --no-progress --acl public-read
- name: Invalidate CloudFront
run: |
aws cloudfront create-invalidation --distribution-id '${{ secrets.DOCS_DISTRIBUTION_ID }}' --paths '/*'