Even this website is OSS #289
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: cd | |
on: | |
push: | |
branches: main | |
workflow_dispatch: | |
concurrency: | |
group: publish | |
cancel-in-progress: true | |
# WARNING WARNING | |
# we do --size-only because there is no other easy strategy to ensure that | |
# we are not invalidating cloudfront for files that have not changed | |
# this is risky for `/index.html` which is why we go the extra mile | |
# and do a content hash check | |
jobs: | |
publish: | |
runs-on: ubuntu-latest | |
name: ${{ matrix.cfg.host }} | |
strategy: | |
matrix: | |
cfg: | |
- host: pkgx.dev | |
cfid: E15VQ3SI584CSG | |
s3id: www.pkgx.dev | |
- host: pkgx.sh | |
cfid: E8ZRC36XS5K65 | |
s3id: www.pkgx.sh | |
- host: pkgx.app | |
cfid: EFLDW0FN49Z5Z | |
s3id: www.pkgx.app | |
- host: mash.pkgx.sh | |
cfid: E1H6XLDEJ08BJK | |
s3id: hub.pkgx.sh | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
aws-access-key-id: ${{ secrets.WWW_AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.WWW_AWS_SECRET_ACCESS_KEY }} | |
aws-region: us-east-2 | |
- run: npm ci | |
- run: npm run build | |
env: | |
VITE_HOST: ${{ matrix.cfg.host }} | |
NODE_ENV: production | |
- name: determine paths to invalidate | |
run: | | |
aws s3 \ | |
sync dist s3://${{ matrix.cfg.s3id }} \ | |
--size-only \ | |
--dryrun | \ | |
awk '{print $3}' | \ | |
sed 's/^dist//' > paths-to-invalidate.txt | |
- name: sync immutable assets | |
run: aws s3 sync | |
dist/assets | |
s3://${{ matrix.cfg.s3id }}/assets | |
--metadata-directive REPLACE | |
--cache-control max-age=31536000,immutable | |
--size-only | |
- name: sync mutable, cachable assets | |
run: aws s3 | |
sync dist/ s3://${{ matrix.cfg.s3id }} | |
--exclude assets | |
--exclude index.html | |
--metadata-directive REPLACE | |
--cache-control max-age=86400 | |
--size-only | |
- name: sync index.html | |
id: invalidate | |
run: | | |
aws s3 cp s3://${{ matrix.cfg.s3id }}/index.html ./index.html.remote | |
local_hash=$(shasum dist/index.html | awk '{print $1}') | |
remote_hash=$(shasum index.html.remote | awk '{print $1}') | |
if [ "$local_hash" != "$remote_hash" ]; then | |
aws s3 cp dist/index.html s3://${{ matrix.cfg.s3id }}/index.html \ | |
--metadata-directive REPLACE \ | |
--cache-control no-cache,must-revalidate | |
echo /index.html >> paths-to-invalidate.txt | |
fi | |
if [ -s paths-to-invalidate.txt ]; then | |
echo "status=proceed" >> $GITHUB_OUTPUT | |
fi | |
- name: invalidate | |
if: ${{ steps.invalidate.outputs.status == 'proceed' }} | |
run: | |
aws cloudfront | |
create-invalidation | |
--distribution-id ${{ matrix.cfg.cfid }} | |
--paths $(cat paths-to-invalidate.txt) | |
blog: | |
name: blog.pkgx.dev | |
runs-on: ubuntu-latest | |
defaults: | |
run: | |
working-directory: blog | |
steps: | |
- uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
aws-access-key-id: ${{ secrets.WWW_AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.WWW_AWS_SECRET_ACCESS_KEY }} | |
aws-region: us-east-2 | |
- uses: actions/checkout@v4 | |
- uses: pkgxdev/setup@v2 | |
- run: pkgx hugo | |
- run: pkgx hugo deploy | |
indexer: | |
needs: publish | |
uses: ./.github/workflows/indexer.yml | |
secrets: inherit |