-
Notifications
You must be signed in to change notification settings - Fork 0
127 lines (114 loc) · 5.61 KB
/
cdn-shared-publish.yml
File metadata and controls
127 lines (114 loc) · 5.61 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
# Static Site Web Publishing to CDN
name: Publish Static Site to CDN
on:
workflow_call:
inputs:
AWS_REGION:
required: true
type: string
GHA_ROLE:
required: true
type: string
ENVIRONMENT:
required: true
type: string
S3URI:
required: true
type: string
DOMAIN:
required: false
type: string
default: standard
SYNC_PARAMS:
required: false
type: string
# Set defaults
defaults:
run:
shell: bash
jobs:
publish:
name: Publish content to CDN
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
steps:
- uses: actions/checkout@v4
- name: DEV Configure AWS credentials
# Only run this step if the environment is "dev"
if: ${{ inputs.ENVIRONMENT == 'dev' }}
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCT_DEV }}:role/${{ inputs.GHA_ROLE }}
aws-region: ${{ inputs.AWS_REGION }}
- name: STAGE Configure AWS credentials
# Only run this step if the environment is "stage"
if: ${{ inputs.ENVIRONMENT == 'stage' }}
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCT_STAGE }}:role/${{ inputs.GHA_ROLE }}
aws-region: ${{ inputs.AWS_REGION }}
- name: PROD Configure AWS credentials
# Only run this step if the environment is "prod"
if: ${{ inputs.ENVIRONMENT == 'prod' }}
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCT_PROD }}:role/${{ inputs.GHA_ROLE }}
aws-region: ${{ inputs.AWS_REGION }}
- name: Sync custom domain CDN S3 content
# Only run this step if this is custom domain content (e.g., a folder at the root of bucket)
if: ${{ inputs.DOMAIN == 'custom' }}
run: |
if [ '${{ inputs.SYNC_PARAMS }}' != '' ]; then
aws s3 sync . ${{ inputs.S3URI }} --delete --exclude ".github/*" --exclude ".git/*" --exclude ".gitignore" ${{ inputs.SYNC_PARAMS }}
else
aws s3 sync . ${{ inputs.S3URI }} --delete --exclude ".github/*" --exclude ".git/*" --exclude ".gitignore"
fi
echo "Content is synchronized to ${{ inputs.S3URI }}" >> $GITHUB_STEP_SUMMARY
- name: Sync standard CDN S3 content
# Only run this step if this is standard content (e.g., a subfolder of the cdn/ folder)
if: ${{ inputs.DOMAIN == 'standard' }}
run: |
if [ '${{ inputs.SYNC_PARAMS }}' != '' ]; then
aws s3 sync ./$(echo ${{ inputs.S3URI }} | awk -F/ '{print $5}') ${{ inputs.S3URI }} --delete --exclude ".github/*" --exclude ".git/*" --exclude ".gitignore" ${{ inputs.SYNC_PARAMS }}
else
aws s3 sync ./$(echo ${{ inputs.S3URI }} | awk -F/ '{print $5}') ${{ inputs.S3URI }} --delete --exclude ".github/*" --exclude ".git/*" --exclude ".gitignore"
fi
echo "Content is synchronized to ${{ inputs.S3URI }}" >> $GITHUB_STEP_SUMMARY
- name: Invalidate cache
run: |
if [ '${{ inputs.DOMAIN }}' == 'standard' ]; then
aws cloudfront create-invalidation --distribution-id $(aws ssm get-parameter --name "/tfvars/libraries-website/standard-cdn-id" --query 'Parameter.Value' --output text) --paths "/*"
echo "The cache for the $(echo ${{ inputs.S3URI }} | awk -F/ '{print $5}') folder has been cleared." >> $GITHUB_STEP_SUMMARY
else
aws cloudfront create-invalidation --distribution-id $(aws ssm get-parameter --name "/tfvars/libraries-website/custom-cdn-id" --query 'Parameter.Value' --output text) --paths "/$(echo ${{ inputs.S3URI }} | awk -F/ '{print $5}')/*"
echo "The cache for the $(echo ${{ inputs.S3URI }} | awk -F/ '{print $4}') site has been cleared." >> $GITHUB_STEP_SUMMARY
fi
- name: Generate DEV Summary
# Only run this step if the environment is "dev"
if: ${{ inputs.ENVIRONMENT == 'dev' }}
run: |
if [ '${{ inputs.DOMAIN }}' == 'standard' ]; then
echo "The updates to https://cdn.dev1.mitlibrary.net/$(echo ${{ inputs.S3URI }} | awk -F/ '{print $5}') are now available" >> $GITHUB_STEP_SUMMARY
else
echo "The updates to https://$(echo ${{ inputs.S3URI }} | awk -F/ '{print $4}').dev1.mitlibrary.net site are now available" >> $GITHUB_STEP_SUMMARY
fi
- name: Generate STAGE Summary
# Only run this step if the environment is "stage"
if: ${{ inputs.ENVIRONMENT == 'stage' }}
run: |
if [ '${{ inputs.DOMAIN }}' == 'standard' ]; then
echo "The updates to https://cdn.stage.mitlibrary.net/$(echo ${{ inputs.S3URI }} | awk -F/ '{print $5}') are now available" >> $GITHUB_STEP_SUMMARY
else
echo "The updates to https://$(echo ${{ inputs.S3URI }} | awk -F/ '{print $4}').stage.mitlibrary.net site are now available" >> $GITHUB_STEP_SUMMARY
fi
- name: Generate PROD Summary
# Only run this step if the environment is "prod"
if: ${{ inputs.ENVIRONMENT == 'prod' }}
run: |
if [ '${{ inputs.DOMAIN }}' == 'standard' ]; then
echo "The updates to https://cdn.libraries.mit.edu/$(echo ${{ inputs.S3URI }} | awk -F/ '{print $5}') are now available" >> $GITHUB_STEP_SUMMARY
else
echo "The updates to https://$(echo ${{ inputs.S3URI }} | awk -F/ '{print $4}').libraries.mit.edu site are now available" >> $GITHUB_STEP_SUMMARY
fi