Chore/fix manifesto link (#1566) #13
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy Website | |
| on: | |
| push: | |
| branches: [main] | |
| paths: | |
| - 'website/**' | |
| - 'infra/terraform/website/**' | |
| - '.github/workflows/deploy-website.yml' | |
| workflow_dispatch: | |
| inputs: | |
| ref: | |
| description: 'Git ref to deploy (default: current default branch)' | |
| required: false | |
| type: string | |
| concurrency: | |
| group: deploy-website | |
| cancel-in-progress: false | |
| permissions: | |
| contents: read | |
| id-token: write | |
| jobs: | |
| deploy: | |
| name: Deploy to S3 + CloudFront | |
| runs-on: ubuntu-latest | |
| environment: iii-website-prod | |
| timeout-minutes: 15 | |
| env: | |
| AWS_REGION: us-east-1 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ inputs.ref || github.ref }} | |
| - name: Configure AWS credentials (GitHub OIDC) | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.AWS_DEPLOY_ROLE_ARN }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Sync static assets (long cache, immutable) | |
| run: | | |
| aws s3 sync website/ "s3://${{ vars.S3_BUCKET }}/" \ | |
| --delete \ | |
| --cache-control "public,max-age=31536000,immutable" \ | |
| --exclude "*.html" \ | |
| --exclude "node_modules/*" \ | |
| --exclude "package.json" \ | |
| --exclude "package-lock.json" \ | |
| --exclude "pnpm-lock.yaml" \ | |
| --exclude ".gitignore" \ | |
| --exclude "README.md" \ | |
| --exclude "vercel.json" | |
| - name: Sync HTML (no cache, must revalidate) | |
| run: | | |
| aws s3 sync website/ "s3://${{ vars.S3_BUCKET }}/" \ | |
| --delete \ | |
| --cache-control "public,max-age=0,must-revalidate" \ | |
| --exclude "*" \ | |
| --include "*.html" | |
| - name: Create CloudFront invalidation | |
| id: invalidation | |
| run: | | |
| inv_id=$(aws cloudfront create-invalidation \ | |
| --distribution-id "${{ vars.CF_DISTRIBUTION_ID }}" \ | |
| --paths '/*' \ | |
| --query 'Invalidation.Id' \ | |
| --output text) | |
| echo "id=$inv_id" >> "$GITHUB_OUTPUT" | |
| echo "Invalidation $inv_id created." | |
| - name: Job summary | |
| run: | | |
| cat >> "$GITHUB_STEP_SUMMARY" <<EOF | |
| ## iii.dev deploy complete | |
| - Bucket: \`${{ vars.S3_BUCKET }}\` | |
| - Distribution: \`${{ vars.CF_DISTRIBUTION_ID }}\` | |
| - Invalidation: \`${{ steps.invalidation.outputs.id }}\` | |
| - Commit: \`${{ github.sha }}\` | |
| EOF |