From c0b6f6b1d24edb3ff6fc65f129d3ed3efdfd4e78 Mon Sep 17 00:00:00 2001 From: "Jeremy T. Bouse" Date: Mon, 15 Apr 2024 15:43:19 -0400 Subject: [PATCH] New release workflow Signed-off-by: Jeremy T. Bouse --- .github/workflows/release.yml | 131 ++++++++++++++++++++++++++++++++++ 1 file changed, 131 insertions(+) create mode 100644 .github/workflows/release.yml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..9788df6 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,131 @@ +name: Deploy Hugo site + +on: + push: + branches: + - main + pull_request: + +permissions: + id-token: write + contents: read + pull-requests: write + +defaults: + run: + shell: bash + +jobs: + deploy-infra: + name: Deploy Terraform Infrastructure as Code + runs-on: ubuntu-latest + outputs: + distribution: ${{ steps.terraform.outputs.DID }} + bucket: ${{ steps.terraform.outputs.URL }} + baseurl: ${{ steps.terraform.outputs.BASE }} + + defaults: + run: + working-directory: terraform/ + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Setup Terraform + uses: hashicorp/setup-terraform@v3 + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.AWS_GITHUB_ACTIONS_ROLE }} + aws-region: us-east-1 + + - name: Terraform Format + id: fmt + run: terraform fmt -no-color -check + continue-on-error: true + + - name: Terraform Init + id: init + run: terraform init -no-color + + - name: Terraform Validate + id: validate + run: terraform validate -no-color + + - name: Terraform Plan + id: plan + run: terraform plan -no-color + + - name: Terraform Apply + if: github.ref == 'refs/heads/main' && github.event_name == 'push' + run: terraform apply -no-color -auto-approve + + - name: Output Terraform values + id: terraform + run: | + echo "DID=$(terraform output -raw cloudFrontDistributionID)" >> "$GITHUB_OUTPUT" + echo "URL=$(terraform output -raw URL)" >> "$GITHUB_OUTPUT" + echo "BASE=$(terraform output -raw hostname)" >> "$GITHUB_OUTPUT" + + build-hugo: + name: Generate Hugo site + runs-on: ubuntu-latest + needs: deploy-infra + + env: + HUGO_ENV: production + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Setup node + uses: actions/setup-node@v4 + with: + node-version: 'lts/*' + + - run: npm ci + + - name: Setup Hugo + uses: peaceiris/actions-hugo@v3 + with: + hugo-version: '0.124.1' + extended: true + + # - uses: actions/cache@v4 + # with: + # path: ~/.cache/hugo_cache # <-- with hugo version v0.116.0 and above + # key: ${{ runner.os }}-hugomod-${{ hashFiles('**/go.sum') }} + # restore-keys: | + # ${{ runner.os }}-hugomod- + + - name: Hugo Build + run: hugo --gc --enableGitInfo --minify --baseURL https://${{ needs.deploy-infra.outputs.baseurl }}/ + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.AWS_GITHUB_ACTIONS_ROLE }} + aws-region: us-east-1 + + - name: Assume IAM Role + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.AWS_TERRAFORM_DEPLOY_ROLE }} + role-chaining: true + aws-region: us-east-1 + + - name: Update Hugo Deployment + run: | + sed -i "s@CLOUDFRONT_DISTRIBUTION_ID@${{ needs.deploy-infra.outputs.distribution }}@g" config/production/deployment.yaml + sed -i "s@S3_BUCKET_URL@${{ needs.deploy-infra.outputs.bucket }}@g" config/production/deployment.yaml + + - name: Hugo Deploy (dry-run) + if: github.event_name == 'pull_request' + run: hugo deploy --dryRun --target AWS + + - name: Hugo Deploy + if: github.ref == 'refs/heads/main' && github.event_name == 'push' + run: hugo deploy --maxDeletes -1 --target AWS --logLevel info