-
Notifications
You must be signed in to change notification settings - Fork 7
123 lines (109 loc) · 3.52 KB
/
cd.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
name: cd
on:
push:
branches: main
workflow_dispatch:
concurrency:
group: publish
cancel-in-progress: true
# WARNING WARNING
# we do --size-only because there is no other easy strategy to ensure that
# we are not invalidating cloudfront for files that have not changed
# this is risky for `/index.html` which is why we go the extra mile
# and do a content hash check
jobs:
publish:
runs-on: ubuntu-latest
name: ${{ matrix.cfg.host }}
strategy:
matrix:
cfg:
- host: pkgx.dev
cfid: E15VQ3SI584CSG
s3id: www.pkgx.dev
- host: pkgx.sh
cfid: E8ZRC36XS5K65
s3id: www.pkgx.sh
- host: pkgx.app
cfid: EFLDW0FN49Z5Z
s3id: www.pkgx.app
- host: mash.pkgx.sh
cfid: E1H6XLDEJ08BJK
s3id: hub.pkgx.sh
steps:
- uses: actions/checkout@v4
- uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.WWW_AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.WWW_AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-2
- run: npm ci
- run: npm run build
env:
VITE_HOST: ${{ matrix.cfg.host }}
NODE_ENV: production
- name: determine paths to invalidate
run: |
aws s3 \
sync dist s3://${{ matrix.cfg.s3id }} \
--size-only \
--dryrun | \
awk '{print $3}' | \
sed 's/^dist//' > paths-to-invalidate.txt
- name: sync immutable assets
run: aws s3 sync
dist/assets
s3://${{ matrix.cfg.s3id }}/assets
--metadata-directive REPLACE
--cache-control max-age=31536000,immutable
--size-only
- name: sync mutable, cachable assets
run: aws s3
sync dist/ s3://${{ matrix.cfg.s3id }}
--exclude assets
--exclude index.html
--metadata-directive REPLACE
--cache-control max-age=86400
--size-only
- name: sync index.html
id: invalidate
run: |
aws s3 cp s3://${{ matrix.cfg.s3id }}/index.html ./index.html.remote
local_hash=$(shasum dist/index.html | awk '{print $1}')
remote_hash=$(shasum index.html.remote | awk '{print $1}')
if [ "$local_hash" != "$remote_hash" ]; then
aws s3 cp dist/index.html s3://${{ matrix.cfg.s3id }}/index.html \
--metadata-directive REPLACE \
--cache-control no-cache,must-revalidate
echo /index.html >> paths-to-invalidate.txt
fi
if [ -s paths-to-invalidate.txt ]; then
echo "status=proceed" >> $GITHUB_OUTPUT
fi
- name: invalidate
if: ${{ steps.invalidate.outputs.status == 'proceed' }}
run:
aws cloudfront
create-invalidation
--distribution-id ${{ matrix.cfg.cfid }}
--paths $(cat paths-to-invalidate.txt)
blog:
name: blog.pkgx.dev
runs-on: ubuntu-latest
defaults:
run:
working-directory: blog
steps:
- uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.WWW_AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.WWW_AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-2
- uses: actions/checkout@v4
- uses: pkgxdev/setup@v2
- run: pkgx hugo
- run: pkgx hugo deploy
indexer:
needs: publish
uses: ./.github/workflows/indexer.yml
secrets: inherit