Update product-design.rituals.yml (#22440) #6594
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy Fleet website | |
| on: | |
| push: | |
| branches: [ main ] | |
| paths: | |
| - 'website/**' | |
| - 'docs/**' | |
| - 'handbook/**' | |
| - 'articles/**' | |
| - 'schema/**' | |
| # This allows a subsequently queued workflow run to interrupt previous runs | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.head_ref || github.run_id}} | |
| cancel-in-progress: true | |
| defaults: | |
| run: | |
| # fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference | |
| shell: bash | |
| permissions: | |
| contents: read | |
| jobs: | |
| build: | |
| if: ${{ github.repository == 'fleetdm/fleet' }} | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| node-version: [16.x] | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
| # Configure our access credentials for the Heroku CLI | |
| - uses: akhileshns/heroku-deploy@79ef2ae4ff9b897010907016b268fd0f88561820 # v3.6.8 | |
| with: | |
| heroku_api_key: ${{secrets.HEROKU_API_TOKEN_FOR_BOT_USER}} | |
| heroku_app_name: "" # this has to be blank or it doesn't work | |
| heroku_email: ${{secrets.HEROKU_EMAIL_FOR_BOT_USER}} | |
| justlogin: true | |
| - run: heroku auth:whoami | |
| # Install the heroku-repo plugin in the Heroku CLI | |
| - run: heroku plugins:install heroku-repo | |
| # Set the Node.js version | |
| - name: Use Node.js ${{ matrix.node-version }} | |
| uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| # Install the right version of Go for the Golang child process that we are currently using for CSR signing | |
| - name: Set up Go | |
| uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 | |
| with: | |
| go-version-file: 'go.mod' | |
| # Download top-level dependencies and build Storybook in the website's assets/ folder | |
| - run: npm install --legacy-peer-deps && npm run build-storybook -- -o ./website/assets/storybook --loglevel verbose | |
| # Now start building! | |
| # > …but first, get a little crazy for a sec and delete the top-level package.json file | |
| # > i.e. the one used by the Fleet server. This is because require() in node will go | |
| # > hunting in ancestral directories for missing dependencies, and since some of the | |
| # > bundled transpiler tasks sniff for package availability using require(), this trips | |
| # > up when it encounters another Node universe in the parent directory. | |
| - run: rm -rf package.json package-lock.json node_modules/ | |
| # > Turns out there's a similar issue with how eslint plugins are looked up, so we | |
| # > delete the top level .eslintrc file too. | |
| - run: rm -f .eslintrc.js | |
| # > And, as a change to the top-level fleetdm/fleet .gitignore on May 2, 2022 revealed, | |
| # > we also need to delete the top level .gitignore file too, so that its rules don't | |
| # > interfere with the committing and force-pushing we're doing as part of our deploy | |
| # > script here. For more info, see: https://github.com/fleetdm/fleet/pull/5549 | |
| - run: rm -f .gitignore | |
| # Download dependencies (including dev deps) | |
| - run: cd website/ && npm install | |
| # Run sanity checks | |
| - run: cd website/ && npm test | |
| # Compile browser assets & markdown content into generated collateral | |
| - run: cd website/ && BUILD_SCRIPT_ARGS="--githubAccessToken=${{ secrets.FLEET_GITHUB_TOKEN_FOR_WEBSITE_TEST }}" npm run build-for-prod | |
| # Build the go binary we use to sign APNS certificates in the website/.tools/ folder. | |
| - run: cd ee/tools/mdm/ && GOOS=linux GOARCH=amd64 go build -o ../../../website/.tools/mdm-gen-cert . | |
| # Reset the Heroku app's git repo to prevent errors when pushing to the repo. (See https://github.com/fleetdm/fleet/issues/14162 for more details) | |
| - run: heroku repo:reset -a production-fleetdm-website | |
| # Commit newly-generated collateral locally so we can push them to Heroku below. | |
| # (This commit will never be pushed to GitHub- only to Heroku.) | |
| # > The local config flags make this work in GitHub's environment. | |
| - run: git add website/.www | |
| - run: git add website/.tools | |
| - run: git add -f website/views/partials/built-from-markdown > /dev/null 2>&1 || echo '* * * WARNING - Silently ignoring the fact that there are no HTML partials generated from markdown to include in automated commit...' | |
| - run: git -c "user.name=Fleetwood" -c "user.email=github@example.com" commit -am 'AUTOMATED COMMIT - Deployed the latest, including generated collateral such as compiled documentation, modified HTML layouts, and a .sailsrc file that references minified client-side code assets.' | |
| # Configure the Heroku app we'll be deploying to | |
| - run: heroku git:remote -a production-fleetdm-website | |
| - run: git remote -v | |
| # Deploy to Heroku (by pushing) | |
| # > Since a shallow clone was grabbed, we have to "unshallow" it before forcepushing. | |
| - run: echo "Unshallowing local repository…" | |
| - run: git fetch --prune --unshallow | |
| - run: echo "Deploying branch '${GITHUB_REF##*/}' to Heroku…" | |
| - run: git push heroku +${GITHUB_REF##*/}:master # note that Heroku, at least as of Jun 10 2021, still uses "master" on their end | |
| - name: 🌐 https://fleetdm.com | |
| run: echo '' && echo '--' && echo 'OK, done. It should be live momentarily.' && echo '(if you get impatient, check the Heroku dashboard for status)' && echo && echo ' 🌐–• https://fleetdm.com' |