Last active
December 30, 2021 09:46
-
-
Save reaperes/02fbe4c237963a891e53e2d1771ea442 to your computer and use it in GitHub Desktop.
Web front deploy on AWS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy main branch to production | |
| on: | |
| push: | |
| branches: [ main ] | |
| env: | |
| DEPLOY_IAM_ROLE: arn:aws:iam::111111111111:role/deployer | |
| DEPLOY_BUCKET: s3://bucket-name | |
| CACHE_DIR: ${{ github.workspace }}/node_modules | |
| CLOUDFRONT_DISTRIBUTION: id | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: read | |
| strategy: | |
| matrix: | |
| node-version: [16.x] | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Use Node.js ${{ matrix.node-version }} | |
| uses: actions/setup-node@v2 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| - name: Assume IAM role | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| role-to-assume: ${{ env.DEPLOY_IAM_ROLE }} | |
| aws-region: ap-northeast-2 | |
| - name: Compute dependency cache key | |
| id: compute_lockfile_hash | |
| run: echo "::set-output name=hash::${{ hashFiles('package-lock.json') }}" | |
| - name: Check dependency cache | |
| uses: actions/cache@v2 | |
| id: cache_dependencies | |
| with: | |
| path: ${{ env.CACHE_DIR }} | |
| key: ${{ steps.compute_lockfile_hash.outputs.hash }} | |
| - name: Install dependencies | |
| if: steps.cache_dependencies.outputs.cache-hit == '' | |
| run: npm ci | |
| - name: Run build | |
| run: npm run prod:build | |
| - name: Copy files to production bucket | |
| run: aws s3 sync build ${{ env.DEPLOY_BUCKET }} | |
| - name: Invalidate cloudfront | |
| run: aws cloudfront create-invalidation --distribution-id ${{ env.CLOUDFRONT_DISTRIBUTION }} --paths /* --no-cli-pager |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Effect": "Allow", | |
| "Action": [ | |
| "s3:GetObject", | |
| "s3:PutObject", | |
| "s3:ListBucket" | |
| ], | |
| "Resource": [ | |
| "arn:aws:s3:::bucket-name", | |
| "arn:aws:s3:::bucket-name/*" | |
| ] | |
| }, | |
| { | |
| "Effect": "Allow", | |
| "Action": [ | |
| "cloudfront:CreateInvalidation" | |
| ], | |
| "Resource": [ | |
| "arn:aws:cloudfront::111111111111:distribution/id" | |
| ] | |
| } | |
| ] | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Effect": "Allow", | |
| "Principal": { | |
| "Federated": "arn:aws:iam::111111111111:oidc-provider/token.actions.githubusercontent.com" | |
| }, | |
| "Action": "sts:AssumeRoleWithWebIdentity", | |
| "Condition": { | |
| "StringEquals": { | |
| "token.actions.githubusercontent.com:aud": "sts.amazonaws.com" | |
| }, | |
| "StringLike": { | |
| "token.actions.githubusercontent.com:sub": "repo:org/repo-name:*" | |
| } | |
| } | |
| } | |
| ] | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment