website-25(staging): Disallow indexing & update tracking keys #767
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ci_cd | |
| on: | |
| push: | |
| branches: | |
| - master | |
| pull_request: | |
| branches: | |
| - master | |
| env: | |
| TURBO_CACHE_DIR: .turbo | |
| jobs: | |
| ci: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 20 | |
| steps: | |
| - name: Checkout ${{ github.sha }} | |
| uses: actions/checkout@v4 | |
| - name: Cache turbo build setup | |
| uses: actions/cache@v4 | |
| with: | |
| path: .turbo | |
| key: ${{ runner.os }}-turbo-${{ github.sha }} | |
| restore-keys: | | |
| ${{ runner.os }}-turbo- | |
| - name: Use Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22 | |
| cache: 'npm' | |
| registry-url: https://registry.npmjs.org/ | |
| - name: Install NPM dependencies | |
| run: npm ci | |
| - name: Lint | |
| run: npm run lint --if-present | |
| - name: Build | |
| run: npm run build --if-present | |
| - name: Test | |
| run: npm run test --if-present | |
| - name: Get all apps | |
| id: get_apps | |
| run: | | |
| APPS=$(ls -d apps/*/ | cut -d'/' -f2 | jq -R -s -c 'split("\n")[:-1]') | |
| echo "apps=$APPS" >> $GITHUB_OUTPUT | |
| outputs: | |
| apps: ${{ steps.get_apps.outputs.apps }} | |
| cd: | |
| needs: ci | |
| if: ${{ github.ref == 'refs/heads/master' }} | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| app: ${{ fromJson(needs.ci.outputs.apps) }} | |
| concurrency: | |
| group: cd_${{ matrix.app }} | |
| timeout-minutes: 20 | |
| steps: | |
| - name: Checkout ${{ github.sha }} | |
| uses: actions/checkout@v4 | |
| - name: Use Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22 | |
| registry-url: https://registry.npmjs.org/ | |
| - name: Get app dependency paths | |
| id: get_paths | |
| run: | | |
| npm install --global turbo | |
| PATHS=$(node .github/workflows/get-app-paths.js ${{ matrix.app }}) | |
| echo "paths=$PATHS" >> $GITHUB_OUTPUT | |
| - name: Check if app needs deployment | |
| id: check_deployment | |
| uses: fkirc/skip-duplicate-actions@v5 | |
| with: | |
| paths: ${{ steps.get_paths.outputs.paths }} | |
| paths_ignore: '["**/README.md"]' | |
| - name: Skip deployment | |
| if: steps.check_deployment.outputs.should_skip == 'true' | |
| run: | | |
| echo "Skipping deployment - no relevant changes detected" | |
| exit 0 | |
| - name: Install NPM dependencies | |
| if: steps.check_deployment.outputs.should_skip != 'true' | |
| run: npm ci | |
| - name: Configure infra deployment | |
| if: steps.check_deployment.outputs.should_skip != 'true' && matrix.app == 'infra' | |
| run: | | |
| echo "$INFRA_PULUMI_PASSPHRASE" > apps/infra/passphrase.prod.txt | |
| mkdir -p ~/.aws | |
| echo "$INFRA_AWS_CREDENTIALS" > ~/.aws/credentials | |
| env: | |
| INFRA_PULUMI_PASSPHRASE: ${{ secrets.INFRA_PULUMI_PASSPHRASE }} | |
| INFRA_AWS_CREDENTIALS: ${{ secrets.INFRA_AWS_CREDENTIALS }} | |
| - name: Configure k8s deployment | |
| if: steps.check_deployment.outputs.should_skip != 'true' && matrix.app != 'infra' | |
| run: | | |
| docker login https://sjc.vultrcr.com/bluedot -u dbaa58f3-01f1-4fcc-9c14-93cc28f524e0 -p $VULTR_CONTAINER_REGISTRY_PASSWORD | |
| mkdir -p ~/.kube | |
| echo "$K8S_KUBECONFIG" > ~/.kube/config | |
| env: | |
| K8S_KUBECONFIG: ${{ secrets.K8S_KUBECONFIG }} | |
| VULTR_CONTAINER_REGISTRY_PASSWORD: ${{ secrets.VULTR_CONTAINER_REGISTRY_PASSWORD }} | |
| - name: Deploy | |
| if: steps.check_deployment.outputs.should_skip != 'true' | |
| run: npm run deploy:cd --workspace apps/${{ matrix.app }} |