Switch to OIDC tokens (#30) #87
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: API Docs website deploy | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| on: | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| deploy: | |
| name: Build and deploy | |
| runs-on: ubuntu-latest | |
| permissions: { id-token: write, contents: read } | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Install latest Swift | |
| uses: vapor/[email protected] | |
| with: | |
| toolchain: latest | |
| - name: Build site | |
| run: swift generate-api-docs.swift | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: arn:aws:iam::177420307256:role/GithubOIdP-Role-zJ3kkJbhrNkr | |
| aws-region: 'eu-west-2' | |
| - name: Deploy to AWS CloudFormation | |
| uses: aws-actions/aws-cloudformation-github-deploy@v1 | |
| with: | |
| name: vapor-api-docs | |
| template: stack.yaml | |
| no-fail-on-empty-changeset: '1' | |
| parameter-overrides: >- | |
| BucketName=vapor-api-docs-site, | |
| SubDomainName=api, | |
| HostedZoneName=vapor.codes, | |
| AcmCertificateArn=${{ secrets.API_DOCS_CERTIFICATE_ARN }} | |
| - name: Deploy to S3 and invalidate CloudFront | |
| env: | |
| S3_BUCKET_URL: ${{ secrets.VAPOR_API_DOCS_S3_BUCKET_URL }} | |
| DISTRIBUTION_ID: ${{ secrets.VAPOR_API_DOCS_DISTRIBUTION_ID }} | |
| run: | | |
| aws --no-cli-pager s3 sync \ | |
| ./public "${S3_BUCKET_URL}" \ | |
| --no-progress \ | |
| --acl public-read | |
| aws --no-cli-pager cloudfront create-invalidation \ | |
| --distribution-id "${DISTRIBUTION_ID}" \ | |
| --paths '/*' |