-
Notifications
You must be signed in to change notification settings - Fork 2
59 lines (47 loc) · 1.88 KB
/
push.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
name: PushAction
on:
push:
branches: [ main ]
workflow_dispatch:
# Cancel in-progress jobs or runs for the current workflow
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
process-push:
runs-on: self-hosted
steps:
- name: Fetch git repository
uses: actions/checkout@v3
with:
path: website
- name: Initialise environment
run: cat "$GITHUB_WORKSPACE/website/.github-env-${GITHUB_REF##*/}" >> $GITHUB_ENV
- name: set branch env
run: echo "BRANCH=${{ github.ref_name }}" >> $GITHUB_ENV
- name: security.txt
# If running on main branch, add signed security.txt file to repo before building
if: env.BRANCH == 'main'
run: |
cd "$GITHUB_WORKSPACE/website"
/srv/github-action-scripts/sign-security.sh
if [ -f "security.txt.asc" ]; then
mkdir "public/.well-known"
mv security.txt.asc "public/.well-known/security.txt"
else
echo "No security.txt.asc produced"
fi
- name: Build site
run: cd ${{ github.workspace }}/website && /srv/github-action-scripts/build-astro-site.sh
- name: Check links
run: /srv/github-action-scripts/check-links.sh ${{ github.workspace }}/website/dist
- name: Make staging directory
run: mkdir -p /srv/s3-staging/${{ env.SITE_URL }}
- name: Sync build to staging directory
run: rsync -crui ${{ github.workspace }}/website/dist/ /srv/s3-staging/${{ env.SITE_URL }} --delete
- name: Upload to S3
run: /srv/github-action-scripts/upload-to-s3-root.sh
- name: Set up security headers
run: cd /srv/github-action-scripts && pipenv run python lambda-security-headers.py
- name: Invalidate CloudFront cache
run: /srv/github-action-scripts/invalidate-cloudfront.sh