mirror
/
vapor-docs
mirror of https://github.com/vapor/docs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Modernize deploy workflow (#942) 

Switches to OIDC provider, replaces very old S3 and CloudFront actions
with modern CLI usage, de-hardcodes region and S3 bucket name, unlocks
pin of old version of CloudFormation deploy action, add concurrency
safety.
This commit is contained in:
Gwynne Raskind 2023-11-11 11:28:20 -06:00 committed by GitHub
parent 882b8a521f
commit 7da0d44088
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 42 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.github/workflows/check.yml vendored
View File

@ -1,5 +1,7 @@
name: Build docs and check cloudformation and dead links name: Build docs and check cloudformation and dead links
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
on: on:
pull_request: pull_request:
branches: branches:

89
.github/workflows/deploy.yml vendored
View File

@ -1,60 +1,49 @@
name: Build and deploy the Vapor documentation name: Build and deploy the Vapor documentation
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
on: on:
push: push:
branches: branches:
- main - main
jobs: jobs:
deploy: deploy:
name: Build and deploy name: Build and deploy
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions: { id-token: write, contents: read }
env: { AWS_PAGER: '' }
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Install dependencies
run: | - name: Install dependencies
pip install -r requirements.txt run: pip install -r requirements.txt
- name: Build the website - name: Build the website
run: | run: |
mkdocs build mkdocs build
swift fixSearchIndex.swift swift fixSearchIndex.swift
cp googlefc012e5d94cfa05f.html site/googlefc012e5d94cfa05f.html; cp googlefc012e5d94cfa05f.html site/googlefc012e5d94cfa05f.html
swift setUpRedirects.swift swift setUpRedirects.swift
- name: Configure AWS credentials
id: cred - name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4 uses: aws-actions/configure-aws-credentials@v4
with: with:
aws-access-key-id: ${{ secrets.DOCS_DEPLOYER_AWS_ACCESS_KEY_ID }} role-to-assume: ${{ vars.OIDC_ROLE_ARN }}
aws-secret-access-key: ${{ secrets.DOCS_DEPLOYER_AWS_SECRET_ACCESS_KEY }} aws-region: ${{ vars.OIDC_ROLE_REGION }}
aws-region: 'eu-west-2' - name: Deploy CloudFormation stack
- name: Deploy to AWS Cloudformation uses: aws-actions/aws-cloudformation-github-deploy@v1
id: clouddeploy with:
if: steps.cred.outcome == 'success' name: vapor-docs-stack
uses: aws-actions/aws-cloudformation-github-deploy@v1.2.0 template: stack.yml
with: no-fail-on-empty-changeset: '1'
name: vapor-docs-stack parameter-overrides: >-
template: stack.yml DomainName=docs.vapor.codes,
no-fail-on-empty-changeset: "1" S3BucketName=${{ secrets.DOCS_S3_BUCKET_NAME }},
parameter-overrides: >- AcmCertificateArn=${{ secrets.CERTIFICATE_ARN }}
DomainName=docs.vapor.codes, - name: Upload data to S3
S3BucketName=vapor-docs-site, run: |
AcmCertificateArn=${{ secrets.CERTIFICATE_ARN }} aws s3 sync ./site 's3://${{ secrets.DOCS_S3_BUCKET_NAME }}' --no-progress --acl public-read
- name: Deploy to S3 - name: Invalidate CloudFront
id: s3deploy run: |
if: steps.clouddeploy.outcome == 'success' aws cloudfront create-invalidation --distribution-id '${{ secrets.DOCS_DISTRIBUTION_ID }}' --paths '/*'
uses: jakejarvis/s3-sync-action@master
with:
args: --acl public-read --follow-symlinks --delete
env:
AWS_S3_BUCKET: 'vapor-docs-site'
AWS_ACCESS_KEY_ID: ${{ secrets.DOCS_DEPLOYER_AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.DOCS_DEPLOYER_AWS_SECRET_ACCESS_KEY }}
AWS_REGION: 'eu-west-2'
SOURCE_DIR: 'site'
- name: Invalidate CloudFront
uses: awact/cloudfront-action@master
env:
SOURCE_PATH: '/*'
AWS_REGION: 'eu-west-2'
AWS_ACCESS_KEY_ID: ${{ secrets.DOCS_DEPLOYER_AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.DOCS_DEPLOYER_AWS_SECRET_ACCESS_KEY }}
DISTRIBUTION_ID: ${{ secrets.DOCS_DISTRIBUTION_ID }}