-
-
Notifications
You must be signed in to change notification settings - Fork 0
113 lines (88 loc) · 2.67 KB
/
build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
name: build
on:
push:
branches: [ main, deploy ]
paths-ignore:
- '**/*.gitattributes'
- '**/*.gitignore'
pull_request:
branches: [ main ]
workflow_dispatch:
env:
FORCE_COLOR: 3
TERM: xterm
permissions:
contents: read
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Ruby
uses: ruby/setup-ruby@v1
with:
ruby-version: 3.3
- name: Update file timestamps
shell: bash
run: |
git ls-files | xargs -I{} git log -1 --date=format:%Y%m%d%H%M.%S --format='touch -t %ad "{}"' "{}" | $SHELL
- name: Build blog
shell: pwsh
run: |
bundler config path vendor/bundle
bundler install
./build.ps1
- name: Publish blog
uses: actions/upload-artifact@v4
with:
name: blog
path: ./build
if-no-files-found: error
lint:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Add actionlint problem matcher
run: echo "::add-matcher::.github/actionlint-matcher.json"
- name: Lint workflows
uses: docker://rhysd/actionlint@sha256:7617f05bd698cd2f1c3aedc05bc733ccec92cca0738f3e8722c32c5b42c70ae6 # v1.7.3
with:
args: -color
- name: Lint markdown
uses: DavidAnson/markdownlint-cli2-action@v17
with:
config: '.markdownlint.json'
globs: |
**/*.md
deploy:
if: github.event.repository.fork == false && github.ref_name == 'deploy'
runs-on: ubuntu-latest
needs: [ build, lint ]
environment:
name: production
url: https://blog.martincostello.com
permissions:
id-token: write
steps:
- name: Download blog
uses: actions/download-artifact@v4
with:
name: blog
path: ./build
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_DEPLOYMENT_ROLE }}
role-session-name: ${{ github.event.repository.name }}-${{ github.run_id }}-deploy
aws-region: eu-west-2
- name: Deploy to S3
run: aws s3 sync ./build/ s3://blog.martincostello.com --cache-control 'max-age=604800' --delete
- name: Create CloudFront invalidation
shell: pwsh
env:
DISTRIBUTION_ID: ${{ secrets.CLOUDFRONT_DISTRIBUTION_ID }}
run: |
$invalidationId = aws cloudfront create-invalidation --distribution-id "${env:DISTRIBUTION_ID}" --paths "/*" --output text --query "Invalidation.Id"
aws cloudfront wait invalidation-completed --distribution-id "${env:DISTRIBUTION_ID}" --id $invalidationId