# This workflow will do a clean install of node dependencies, build the source code and run tests across different versions of node # For more information see: https://help.github.com/actions/language-and-framework-guides/using-nodejs-with-github-actions name: Deploy prod on: pull_request: types: [closed] branches: [main] paths: - "client/**/*" env: PR_NUMBER: ${{github.event.pull_request.number}} WEB_CDN_ID: E27WCOZZ03KIBX jobs: build: runs-on: ubuntu-latest defaults: run: working-directory: client strategy: matrix: node-version: [14.x] steps: - uses: actions/checkout@v2 - name: Use Node.js ${{ matrix.node-version }} uses: actions/setup-node@v2 with: node-version: ${{ matrix.node-version }} - name: Set DESTINATION_FOLDER for main run: | echo "DESTINATION_FOLDER=main" >> $GITHUB_ENV - name: Install run: npm ci - name: Build run: npm run build --if-present env: # See the client readme for more info on environment variables: # https://github.com/usds/justice40-tool/blob/main/client/README.md DATA_SOURCE: cdn # TODO: Update main URL when either is back up SITE_URL: https://d29zfl8cj7y1zf.cloudfront.net/ MAPBOX_STYLES_READ_TOKEN: "${{ secrets.MAPBOX_STYLES_READ_TOKEN }}" - name: Get directory contents run: ls -la public - name: Lint run: npm run lint # Disabling for now due to jsonlint - TODO: put this back # - name: License Check # run: npm run licenses - name: Test run: npm test - name: Check for security vulnerabilities run: npm audit --production - name: Upload Artifact uses: actions/upload-artifact@v2 with: name: J40Static # Upload-artifact does not support the default working directory # See more: https://github.com/actions/upload-artifact/issues/87 path: ./client/public deploy: runs-on: ubuntu-latest needs: build steps: - name: Checkout source uses: actions/checkout@v2 - name: Download Artifacts uses: actions/download-artifact@v2 with: name: J40Static path: ./public - name: Set DESTINATION_FOLDER for main run: | echo "DESTINATION_FOLDER=main" >> $GITHUB_ENV - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@v1 with: aws-access-key-id: ${{ secrets.CLIENT_DEV_AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.CLIENT_DEV_AWS_SECRET_ACCESS_KEY }} aws-region: us-east-1 - name: Deploy to Geoplatform AWS run: aws s3 sync ./public/ s3://usds-geoplatform-justice40-website/justice40-tool/${{env.DESTINATION_FOLDER}} --acl public-read --delete - name: Invalidate cache on AWS CDNs uses: chetan/invalidate-cloudfront-action@master env: DISTRIBUTION: ${{env.WEB_CDN_ID}} PATHS: "/*" AWS_REGION: "us-east-1" AWS_ACCESS_KEY_ID: ${{ secrets.CLIENT_DEV_AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.CLIENT_DEV_AWS_SECRET_ACCESS_KEY }} - name: Remove staging artifacts run: aws s3 rm s3://usds-geoplatform-justice40-website/justice40-tool/ --exclude "*" --include "$(echo $PR_NUMBER)-*" --recursive - name: Update PR with deployed URL uses: mshick/add-pr-comment@v1 with: message: | **🚢 PR Deployed! 🚢** Find it here: https://d29zfl8cj7y1zf.cloudfront.net/ ! repo-token: ${{ secrets.GITHUB_TOKEN }} repo-token-user-login: "github-actions[bot]" # The user.login for temporary GitHub tokens allow-repeats: false # This is the default - name: Printing deployment URLs run: | echo "Geoplatform official site (may or may not be up): https://screeningtool.geoplatform.gov/" echo "The Cloudfront behind this official site: https://d29zfl8cj7y1zf.cloudfront.net/" echo "Github pages: https://usds.github.io/justice40-tool/$DESTINATION_FOLDER/en" echo "The origin S3 bucket (http only) : http://usds-geoplatform-justice40-website.s3-website-us-east-1.amazonaws.com/justice40-tool/$DESTINATION_FOLDER/en"