Deploy viewer to Production environment #351
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: Deploy viewer to Production environment | |
on: | |
push: | |
branches: | |
- "main" | |
workflow_dispatch: | |
schedule: | |
# Run daily at 03:15 UTC (10:15/11:15 ET) | |
- cron: "15 3 * * *" | |
concurrency: | |
group: "viewer-prod" | |
cancel-in-progress: false | |
jobs: | |
build: | |
name: Build site | |
runs-on: ubuntu-latest | |
defaults: | |
run: | |
shell: bash | |
permissions: | |
contents: read | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Setup Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 18 | |
cache: "npm" | |
- name: Install global dependencies | |
run: | | |
npm install -g npm@latest lerna@latest | |
- name: Install npm dependencies | |
run: | | |
npm ci | |
- name: Build viewer | |
run: | |
lerna exec --include-dependencies --scope "@easydynamics/oscal-viewer" -- npm run build | |
env: | |
REACT_APP_GOOGLE_ANALYTICS: "${{ secrets.GA4_CODE }}" | |
PUBLIC_URL: "/" | |
- name: Archive viewer | |
uses: actions/upload-artifact@v4 | |
with: | |
name: oscal-viewer | |
path: packages/oscal-viewer/build | |
deploy: | |
name: Deploy artifact | |
needs: ["build"] | |
runs-on: ubuntu-latest | |
defaults: | |
run: | |
shell: bash | |
permissions: | |
contents: read | |
id-token: write | |
environment: | |
name: production | |
url: https://viewer.oscal.io/ | |
steps: | |
- name: Download artifact | |
uses: actions/download-artifact@v3 | |
with: | |
path: oscal-viewer | |
- name: Sign in to AWS | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: "${{ secrets.ROLE_ARN }}" | |
aws-region: "${{ vars.AWS_REGION }}" | |
- name: Deploy files | |
run: | | |
aws s3 sync . s3://${{ secrets.S3_BUCKET_NAME }} --delete | |
# The directory is doubled because of the trip through the GitHub artifact | |
# storage. | |
working-directory: oscal-viewer/oscal-viewer | |
- name: Invalidate CloudFront cache | |
run: | |
aws cloudfront create-invalidation --distribution-id ${{ secrets.DISTRIBUTION_ID }} --paths "/index.html" |