diff --git a/.github/workflows/deploy_frontend_main.yml b/.github/workflows/deploy_frontend_main.yml index 4b506375..bd20b49f 100644 --- a/.github/workflows/deploy_frontend_main.yml +++ b/.github/workflows/deploy_frontend_main.yml @@ -1,18 +1,19 @@ name: Deploy Frontend Main + on: push: - # EDGI: DISABLE THIS WORKFLOW FOR NOW. It comes from the original DOI - # implementation, and we don't have the same deployment setup. - branches: [not-a-real-branch] + branches: [main] paths: + - ".github/workflows/deploy_frontend_main.yml" - "client/**/*" + concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true + jobs: build: runs-on: ubuntu-latest - environment: Staging defaults: run: working-directory: client @@ -21,69 +22,59 @@ jobs: node-version: [18.x] steps: - uses: actions/checkout@v4 + - name: Use Node.js ${{ matrix.node-version }} uses: actions/setup-node@v2 with: node-version: ${{ matrix.node-version }} - - name: Set DESTINATION_FOLDER for main - run: | - echo "DESTINATION_FOLDER=main" >> $GITHUB_ENV + - name: Install run: npm ci + - name: Build - run: npm run build --if-present + run: npm run build env: # See the client readme for more info on environment variables: # https://github.com/usds/justice40-tool/blob/main/client/README.md DATA_SOURCE: cdn - # TODO: Update main URL when either is back up - SITE_URL: "${{ secrets.SITE_URL }}" + SITE_URL: "${{ vars.SITE_URL }}" + PATH_PREFIX: "${{ vars.PATH_PREFIX }}" + - name: Get directory contents run: ls -la public + - name: Lint run: npm run lint - # Disabling for now due to jsonlint - TODO: put this back - # - name: License Check - # run: npm run licenses + + - name: License Check + run: npm run licenses + - name: Test run: npm test + + # TODO: This was disabled in the original DOI repo. Much of the code here + # is pretty out of date, so it is nowhere near passing a security audit, + # but it would be good to fix that and re-enable this. + # # - name: Check for security vulnerabilities # run: npm audit --production - - name: Upload Artifact - uses: actions/upload-artifact@v4 + + - name: Upload static files as artifact + id: deployment + uses: actions/upload-pages-artifact@v3 with: - name: J40Static - # Upload-artifact does not support the default working directory - # See more: https://github.com/actions/upload-artifact/issues/87 path: ./client/public + deploy: runs-on: ubuntu-latest needs: build - environment: Staging + permissions: + pages: write + id-token: write + environment: + name: github-pages + url: ${{ steps.deployment.outputs.page_url }} steps: - - name: Checkout source - uses: actions/checkout@v4 - - name: Download Artifacts - uses: actions/download-artifact@v4 - with: - name: J40Static - path: ./public - - name: Set DESTINATION_FOLDER for main - run: | - echo "DESTINATION_FOLDER=main" >> $GITHUB_ENV - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ secrets.CLIENT_DEV_AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.CLIENT_DEV_AWS_SECRET_ACCESS_KEY }} - aws-region: us-east-1 - - name: Deploy to Geoplatform AWS - run: aws s3 sync ./public/ s3://${{secrets.S3_WEBSITE_BUCKET}}/justice40-tool/${{env.DESTINATION_FOLDER}} --delete - - name: Invalidate cache on AWS CDNs - uses: chetan/invalidate-cloudfront-action@master - env: - DISTRIBUTION: ${{secrets.WEB_CDN_ID}} - PATHS: "/*" - AWS_REGION: "us-east-1" - AWS_ACCESS_KEY_ID: ${{ secrets.CLIENT_DEV_AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.CLIENT_DEV_AWS_SECRET_ACCESS_KEY }} + - name: Deploy to GitHub Pages + id: deployment + uses: actions/deploy-pages@v4