Merge pull request #126 from cagov/jbum-security-fix #130
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy Production | |
| on: | |
| push: | |
| branches: | |
| - main | |
| workflow_dispatch: | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| deploy: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@v4 | |
| - name: Use Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22 | |
| - name: Build site | |
| run: | | |
| mkdir _dist | |
| # using npm ci instead of npm install to reduce threat of installing newer packages than intended | |
| npm ci | |
| npm run build | |
| # Modify when site goes live. | |
| - name: Write robots.txt | |
| run: | | |
| echo 'User-agent: *' > _dist/robots.txt | |
| echo 'Allow: /' >> _dist/robots.txt | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@master | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: us-west-1 | |
| - name: Deploy site to S3 | |
| run: aws s3 sync --follow-symlinks --delete ./_dist s3://engaged.ca.gov | |
| - name: Invalidate Cloudfront cache | |
| run: AWS_MAX_ATTEMPTS=10 aws cloudfront create-invalidation --distribution-id E17BKU1V60O1VJ --paths "/*" | |