-
Notifications
You must be signed in to change notification settings - Fork 0
144 lines (122 loc) · 3.81 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
name: Release
on:
push:
tags:
- v*.*.*
permissions:
id-token: write
contents: read
jobs:
staging_deploy:
environment: staging
runs-on: ubuntu-latest
env:
DIST: ./dist
permissions:
contents: read
id-token: write
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup node
uses: actions/setup-node@v4
with:
node-version: '20'
cache: 'yarn'
- name: Install yarn
run: |
: # set-version will always download the latest version of yarn
yarn policies set-version 4.3.0
yarn install --immutable
- name: Build Website
id: build_website_staging
run: yarn staging
- uses: actions/upload-artifact@v4
with:
name: build-staging
path: ${{ env.DIST }}
retention-days: 1
- uses: actions/download-artifact@v4
with:
name: build-staging
path: ${{ env.DIST }}
- name: Configure AWS credentials
id: aws_auth
uses: aws-actions/configure-aws-credentials@v4
with:
audience: sts.amazonaws.com
aws-region: ${{ vars.AWS_REGION }}
role-to-assume: ${{ vars.AWS_ROLE_ARN }}
- name: Copy files to the production website with the AWS CLI
run: |
aws s3 sync --delete ${{ env.DIST }} s3://${{ vars.BUCKET }} --region ${{ vars.AWS_REGION }}
- name: Clear cloudfront cache
run: |
aws cloudfront create-invalidation \
--distribution-id ${{ vars.DISTRIBUTION_ID }} \
--paths "/*" \
--region ${{ vars.AWS_REGION }}
production_deploy:
environment: production
runs-on: ubuntu-latest
needs: [staging_deploy]
env:
DIST: ./dist
permissions:
contents: read
id-token: write
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup node
uses: actions/setup-node@v4
with:
node-version: '20'
cache: 'yarn'
- name: Install yarn
run: |
: # set-version will always download the latest version of yarn
yarn policies set-version 4.3.0
yarn install --immutable
- name: Build Website
id: build_website_production
run: yarn prod
- uses: actions/upload-artifact@v4
with:
name: build-production
path: ${{ env.DIST }}
retention-days: 1
- uses: actions/download-artifact@v4
with:
name: build-production
path: ${{ env.DIST }}
- name: Generate App Token
uses: actions/create-github-app-token@v1
id: app-token
with:
app-id: ${{ vars.DEPLOY_APP_ID }}
private-key: ${{ secrets.DEPLOY_APP_PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
- name: Upload Artifacts to Release
run: |
artifacts='${{ steps.build_website_production.outputs }}'
echo "$json" > artifacts.json
gh release upload ${{ github.ref_name }} artifacts.json
env:
GH_TOKEN: ${{ steps.app-token.outputs.token }}
- name: Configure AWS credentials
id: aws_auth
uses: aws-actions/configure-aws-credentials@v4
with:
audience: sts.amazonaws.com
aws-region: ${{ vars.AWS_REGION }}
role-to-assume: ${{ vars.AWS_ROLE_ARN }}
- name: Copy files to the production website with the AWS CLI
run: |
aws s3 sync --delete ${{ env.DIST }} s3://${{ vars.BUCKET }} --region ${{ vars.AWS_REGION }}
- name: Clear cloudfront cache
run: |
aws cloudfront create-invalidation \
--distribution-id ${{ vars.DISTRIBUTION_ID }} \
--paths "/*" \
--region ${{ vars.AWS_REGION }}