Add Confidential Computing category and Secret Network tooling (#719) #232
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Automatic Deployment to Dev/Staging | |
| # Run on pushes to main or PRs | |
| on: | |
| # Pull request hook without any config. Launches for every pull request | |
| pull_request: | |
| # Launches for pushes to main or dev | |
| push: | |
| branches: | |
| - main | |
| - dev | |
| # PRs created by external parties | |
| pull_request_target: | |
| types: | |
| - opened | |
| branches: | |
| - 'dev' | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| deploy: | |
| name: Deployment | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Remove broken apt repos [Ubuntu] | |
| if: ${{ matrix.os }} == 'ubuntu-latest' | |
| run: | | |
| for apt_file in `grep -lr microsoft /etc/apt/sources.list.d/`; do sudo rm $apt_file; done | |
| - uses: actions/checkout@v4 | |
| - uses: actions/cache@v2 | |
| with: | |
| path: '**/node_modules' | |
| key: ${{ runner.os }}-modules-${{ hashFiles('**/yarn.lock') }} | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v2 | |
| - name: Install | |
| run: | | |
| rm -rf .cache | |
| rm -rf build | |
| yarn config set cache-folder .yarn | |
| yarn install | |
| pip install awscli --upgrade --user | |
| - name: Build App | |
| env: | |
| ALGOLIA_ID: ${{ secrets.ALGOLIA_ID }} | |
| ALGOLIA_INDEX: ${{ secrets.ALGOLIA_INDEX }} | |
| ALGOLIA_KEY: ${{ secrets.ALGOLIA_KEY }} | |
| GOOGLE_ANALYTICS_ID: ${{ secrets.STAGING_GOOGLE_ANALYTICS_ID }} | |
| run: yarn build | |
| - name: Configure AWS Development credentials | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| if: ( github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/main' ) | |
| with: | |
| aws-access-key-id: ${{ secrets.DEV_AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.DEV_AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ secrets.DEV_AWS_DEFAULT_REGION }} | |
| # Script to deploy to development environment | |
| - name: 'Deploy to S3: Development' | |
| if: github.ref == 'refs/heads/dev' | |
| run: | | |
| aws s3 sync build/ s3://${{ secrets.DEV_BUCKET_NAME }}/dev --exclude "*.html" --cache-control max-age=0,no-cache,no-store,public --delete | |
| aws s3 sync build/ s3://${{ secrets.DEV_BUCKET_NAME }}/dev --exclude "*" --include "*.html" --cache-control max-age=0,no-cache,no-store,must-revalidate --content-type text/html --delete | |
| # Script to deploy to staging environment | |
| - name: 'Deploy to S3: Staging' | |
| if: github.ref == 'refs/heads/main' | |
| run: | | |
| aws s3 sync build/ s3://${{ secrets.DEV_BUCKET_NAME }}/main --exclude "*.html" --cache-control max-age=0,no-cache,no-store,public --delete | |
| aws s3 sync build/ s3://${{ secrets.DEV_BUCKET_NAME }}/main --exclude "*" --include "*.html" --cache-control max-age=0,no-cache,no-store,must-revalidate --content-type text/html --delete | |
| - name: 'Cloudfront: cache invalidation' | |
| if: ( github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/main' ) | |
| run: | | |
| aws cloudfront create-invalidation --distribution-id ${{ secrets.DEV_AWS_CLOUDFRONT_ID }} --paths "/*" |