privacy.sexy/.github/workflows/deploy-site.yaml

name: Deploy site

on:
 release:
   types: [created] # will be triggered when a NON-draft release is created and published.

jobs:
  aws-deploy: # see: https://github.com/undergroundwires/aws-static-site-with-cd
    runs-on: ubuntu-latest
    steps:
      -
        name: "Infrastructure: Checkout"
        uses: actions/checkout@v2
        with:
          path: aws
          repository: undergroundwires/aws-static-site-with-cd
      -
        name: "Infrastructure: Create AWS user profile & session name"
        run: >-
          bash "scripts/configure/create-user-profile.sh" \
            --profile user \
            --access-key-id ${{secrets.AWS_DEPLOYMENT_USER_ACCESS_KEY_ID}} \
            --secret-access-key ${{secrets.AWS_DEPLOYMENT_USER_SECRET_ACCESS_KEY}} \
            --region us-east-1 \
          && \
            echo "SESSION_NAME=${{github.actor}}-${{github.event_name}}-$(echo ${{github.sha}} | cut -c1-8)" >> $GITHUB_ENV
        working-directory: aws
      -
        name: "Infrastructure: Deploy IAM stack"
        run: >-
          bash "scripts/deploy/deploy-stack.sh" \
            --template-file stacks/iam-stack.yaml \
            --stack-name privacysexy-iam-stack \
            --capabilities CAPABILITY_IAM \
            --parameter-overrides "WebStackName=privacysexy-web-stack DnsStackName=privacysexy-dns-stack \
                                   CertificateStackName=privacysexy-cert-stack RootDomainName=privacy.sexy" \
            --region us-east-1 --role-arn ${{secrets.AWS_IAM_STACK_DEPLOYMENT_ROLE_ARN}} \
            --profile user --session ${{ env.SESSION_NAME }}
        working-directory: aws
      -
        name: "Infrastructure: Deploy DNS stack"
        run: >-
          bash "scripts/deploy/deploy-stack.sh" \
            --template-file stacks/dns-stack.yaml \
            --stack-name privacysexy-dns-stack \
            --parameter-overrides "RootDomainName=privacy.sexy" \
            --region us-east-1 \
            --role-arn ${{secrets.AWS_DNS_STACK_DEPLOYMENT_ROLE_ARN}} \
            --profile user --session ${{ env.SESSION_NAME }}
        working-directory: aws
      -
        name: "Infrastructure: Deploy certificate stack"
        run: >-
          bash "scripts/deploy/deploy-stack.sh" \
            --template-file stacks/certificate-stack.yaml \
            --stack-name privacysexy-cert-stack \
            --capabilities CAPABILITY_IAM \
            --parameter-overrides "IamStackName=privacysexy-iam-stack RootDomainName=privacy.sexy DnsStackName=privacysexy-dns-stack" \
            --region us-east-1 \
            --role-arn ${{secrets.AWS_CERTIFICATE_STACK_DEPLOYMENT_ROLE_ARN}} \
            --profile user --session ${{ env.SESSION_NAME }}
        working-directory: aws
      -
        name: "Infrastructure: Deploy web stack"
        run: >-
          bash "scripts/deploy/deploy-stack.sh" \
            --template-file stacks/web-stack.yaml \
            --stack-name privacysexy-web-stack \
            --parameter-overrides "CertificateStackName=privacysexy-cert-stack DnsStackName=privacysexy-dns-stack \
                                   RootDomainName=privacy.sexy UseDeepLinks=true" \
            --capabilities CAPABILITY_IAM \
            --region us-east-1 \
            --role-arn ${{secrets.AWS_WEB_STACK_DEPLOYMENT_ROLE_ARN}} \
            --profile user --session ${{ env.SESSION_NAME }}
        working-directory: aws
      -
        name: "App: Checkout"
        uses: actions/checkout@v2
        with:
          path: site
          ref: master # otherwise we don't get version bump commit
      -
        name: "App: Setup node"
        uses: actions/setup-node@v1
        with:
          node-version: 15.x
      -
        name: "App: Install dependencies"
        run: npm ci
        working-directory: site
      -
        name: "App: Run unit tests"
        run: npm run test:unit
        working-directory: site
      - 
        name: "App: Build"
        run: npm run build
        working-directory: site
      -
        name: "App: Deploy to S3"
        run: >-
          bash "aws/scripts/deploy/deploy-to-s3.sh" \
            --folder site/dist \
            --web-stack-name privacysexy-web-stack --web-stack-s3-name-output-name S3BucketName \
            --storage-class ONEZONE_IA \
            --role-arn ${{secrets.AWS_S3_SITE_DEPLOYMENT_ROLE_ARN}} \
            --region us-east-1 \
            --profile user --session ${{ env.SESSION_NAME }}
      -
        name: "App: Invalidate CloudFront cache"
        run: >-
          bash "aws/scripts/deploy/invalidate-cloudfront-cache.sh" \
            --paths "/*" \
            --web-stack-name privacysexy-web-stack --web-stack-cloudfront-arn-output-name CloudFrontDistributionArn \
            --role-arn ${{secrets.AWS_CLOUDFRONT_SITE_DEPLOYMENT_ROLE_ARN}} \
            --region us-east-1 \
            --profile user --session ${{ env.SESSION_NAME }}