Merge pull request #428 from OpenNews/staging #11
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy to S3 | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - staging | |
| permissions: | |
| contents: read | |
| id-token: write # Required for OIDC authentication | |
| jobs: | |
| deploy: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v6 | |
| - name: Setup Ruby | |
| uses: ruby/setup-ruby@v1 | |
| with: | |
| ruby-version: ".ruby-version" | |
| bundler-cache: true | |
| - name: Validate YAML files | |
| run: bundle exec rake validate_yaml | |
| - name: Build Jekyll site | |
| run: bundle exec jekyll build | |
| - name: Extract deployment config from _config.yml | |
| id: config | |
| run: | | |
| mapfile -t DEPLOYMENT_VALUES < <(ruby -ryaml -e "config = YAML.safe_load_file('_config.yml', permitted_classes: [], aliases: true); deployment = config['deployment'] || {}; puts deployment['bucket'].to_s; puts deployment['staging_bucket'].to_s; puts deployment['cloudfront_distribution_id'].to_s") | |
| BUCKET="${DEPLOYMENT_VALUES[0]}" | |
| if [ -z "$BUCKET" ]; then | |
| echo "Error: S3 bucket name not configured. Please set deployment.bucket in _config.yml." >&2 | |
| exit 1 | |
| fi | |
| STAGING_BUCKET="${DEPLOYMENT_VALUES[1]}" | |
| if [ -z "$STAGING_BUCKET" ]; then | |
| echo "Error: Staging bucket name not configured. Please set deployment.staging_bucket in _config.yml." >&2 | |
| exit 1 | |
| fi | |
| CLOUDFRONT="${DEPLOYMENT_VALUES[2]}" | |
| echo "bucket=$BUCKET" >> $GITHUB_OUTPUT | |
| echo "staging_bucket=$STAGING_BUCKET" >> $GITHUB_OUTPUT | |
| echo "cloudfront=$CLOUDFRONT" >> $GITHUB_OUTPUT | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v6 | |
| with: | |
| role-to-assume: ${{ secrets.AWS_ROLE_ARN }} | |
| aws-region: us-east-1 | |
| role-session-name: Deploy-${{ github.event.repository.name }}-${{ github.run_id }} | |
| - name: Deploy to S3 (Staging) | |
| if: github.ref == 'refs/heads/staging' | |
| run: | | |
| aws s3 sync _site/ s3://${{ steps.config.outputs.staging_bucket }} \ | |
| --delete \ | |
| --cache-control "public, max-age=3600" | |
| - name: Deploy to S3 (Production) | |
| if: github.ref == 'refs/heads/main' | |
| run: | | |
| aws s3 sync _site/ s3://${{ steps.config.outputs.bucket }} \ | |
| --delete \ | |
| --cache-control "public, max-age=3600" | |
| - name: Invalidate CloudFront (Production) | |
| if: github.ref == 'refs/heads/main' && steps.config.outputs.cloudfront != '' | |
| run: | | |
| aws cloudfront create-invalidation \ | |
| --distribution-id ${{ steps.config.outputs.cloudfront }} \ | |
| --paths "/*" |