Skip to content
Push to main

Merge pull request #27 from cycleseven/more-vulnerabilities #26

Sign in to view logs

Merge pull request #27 from cycleseven/more-vulnerabilities

Merge pull request #27 from cycleseven/more-vulnerabilities #26

Workflow file for this run

.github/workflows/on-mainline-push.yml at 2500ddc
name: Push to main
on:
push:
branches:
- main
jobs:
build:
name: Build cy7.io
runs-on: ubuntu-20.04
env:
GATSBY_BUILD_SHA: ${{ github.sha }}
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: 20.10.0
- uses: ./.github/actions/pnpm-install
- run: pnpm run build
- name: Store generated code
uses: actions/upload-artifact@v3
with:
name: generated
path: generated
- name: Store Gatsby build output
uses: actions/upload-artifact@v3
with:
name: bundle
path: public
build-storybook:
name: Build Storybook
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: 20.10.0
- uses: ./.github/actions/pnpm-install
- run: pnpm exec storybook build --docs --quiet
- name: Store Storybook build output
uses: actions/upload-artifact@v3
with:
name: storybook-bundle
path: storybook-static
check-frontend-code-quality:
name: Check frontend code quality
needs: build
uses: ./.github/workflows/check-frontend-code-quality.yml
check-terraform-code-quality:
name: Check Terraform code quality
uses: ./.github/workflows/check-terraform-code-quality.yml
secrets: inherit
query-existing-infrastructure:
name: Query existing infrastructure
runs-on: ubuntu-20.04
outputs:
website-cloudfront-distribution-id: ${{ steps.read-website-cloudfront-distribution-id.outputs.stdout }}
defaults:
run:
working-directory: deploy/infra
steps:
- uses: actions/checkout@v3
- uses: hashicorp/setup-terraform@v2
with:
terraform_version: 1.2.9
- uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
- name: Terraform init
run: terraform init
- name: Terraform output
id: read-website-cloudfront-distribution-id
run: terraform output -raw website_cloudfront_distribution_id
deploy:
name: Deploy cy7.io
needs:
- build
- check-frontend-code-quality
- check-terraform-code-quality
- query-existing-infrastructure
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v3
- name: Download bundle
uses: actions/download-artifact@v3
with:
name: bundle
path: public
- uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
- name: Upload bundle to S3
run: aws s3 sync public s3://cy7.io
- name: Invalidate CloudFront caches
run: aws cloudfront create-invalidation --distribution-id ${{ needs.query-existing-infrastructure.outputs.website-cloudfront-distribution-id }} --paths "/*"
deploy-storybook:
name: Deploy Storybook
needs:
- build-storybook
- check-frontend-code-quality
- check-terraform-code-quality
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v3
- uses: actions/download-artifact@v3
with:
name: storybook-bundle
path: storybook-static
- uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
- name: Upload bundle to S3
run: aws s3 sync storybook-static s3://storybook.cy7.io