Updated some packages using npm audit. #982
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy PR Preview | |
| on: | |
| pull_request: | |
| types: | |
| - opened | |
| - synchronize | |
| - ready_for_review | |
| - reopened | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| deploy: | |
| if: "!contains(github.head_ref, 'dependabot')" | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: read | |
| pull-requests: write | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@v4 | |
| - name: Use Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22 | |
| - name: Get branch name (merge) | |
| if: github.event_name != 'pull_request' | |
| shell: bash | |
| run: echo "BRANCH_NAME=$(echo ${GITHUB_REF#refs/heads/})" >> $GITHUB_ENV | |
| - name: Get branch name (pull request) | |
| if: github.event_name == 'pull_request' | |
| shell: bash | |
| run: echo "BRANCH_NAME=$(echo ${GITHUB_HEAD_REF})" >> $GITHUB_ENV | |
| - name: Escape branch name for URL | |
| shell: bash | |
| run: echo "URLSAFE_BRANCH_NAME=$(echo ${BRANCH_NAME} | tr '[:upper:]' '[:lower:]' | sed 's|[^A-Za-z0-9-]|-|g' | sed -E 's|-*([A-Za-z0-9]*.*[A-Za-z0-9]+)-*|\1|')" >> $GITHUB_ENV | |
| - name: Report escaped branch name | |
| shell: bash | |
| run: echo ${URLSAFE_BRANCH_NAME} | |
| - name: Build site | |
| run: | | |
| mkdir _dist | |
| # using npm ci instead of npm install to reduce threat of installing newer packages than intended | |
| npm ci | |
| DOMAIN=${URLSAFE_BRANCH_NAME}.pr.engaged.ca.gov npm run build | |
| - name: Write robots.txt | |
| run: | | |
| echo 'User-agent: *' > _dist/robots.txt | |
| echo 'Disallow: /' >> _dist/robots.txt | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@master | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: us-west-1 | |
| - name: Deploy site to S3 | |
| run: aws s3 sync --follow-symlinks --delete ./_dist s3://pr.engaged.ca.gov/pr/${URLSAFE_BRANCH_NAME} | |
| - name: Invalidate Cloudfront cache | |
| run: AWS_MAX_ATTEMPTS=10 aws cloudfront create-invalidation --distribution-id EJBCVN0CVEA2Z --paths "/*" | |
| - name: Post URL to PR | |
| uses: mshick/add-pr-comment@v2.8.2 | |
| with: | |
| message: | | |
| Preview site available at [${{ env.URLSAFE_BRANCH_NAME }}.pr.engaged.ca.gov](https://${{ env.URLSAFE_BRANCH_NAME }}.pr.engaged.ca.gov/). | |
| allow-repeats: false |