From 4346521d080b24d53ff83b3009e708fad274da5d Mon Sep 17 00:00:00 2001 From: Mukhtar Mukhtar <‘mukkhtarr@gmail.com’> Date: Fri, 2 Aug 2024 11:50:16 -0700 Subject: [PATCH] aws transition prep --- .github/workflows/eleventy_build_main.yml | 34 ++++---- ...ukhtar.yml => eleventy_build_main_old.yml} | 32 +++---- .github/workflows/eleventy_build_pr.yml | 10 +-- .github/workflows/eleventy_build_pr_old.yml | 65 ++++++++++++++ .github/workflows/eleventy_build_staging.yml | 24 +++--- .../workflows/eleventy_build_staging_old.yml | 85 +++++++++++++++++++ 6 files changed, 196 insertions(+), 54 deletions(-) rename .github/workflows/{eleventy_build_main_mukhtar.yml => eleventy_build_main_old.yml} (80%) create mode 100644 .github/workflows/eleventy_build_pr_old.yml create mode 100644 .github/workflows/eleventy_build_staging_old.yml diff --git a/.github/workflows/eleventy_build_main.yml b/.github/workflows/eleventy_build_main.yml index c3a699f48a3..f4e34583302 100644 --- a/.github/workflows/eleventy_build_main.yml +++ b/.github/workflows/eleventy_build_main.yml @@ -1,6 +1,6 @@ name: 11ty build Production Site # site: https://headless.cannabis.ca.gov -# s3 bucket http://headless.cannabis.ca.gov.s3-website-us-west-1.amazonaws.com/ +# s3 bucket http://cannabis.ca.gov.live.s3-website-us-west-1.amazonaws.com # editor: https://api.cannabis.ca.gov on: workflow_run: @@ -49,38 +49,38 @@ jobs: - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@master with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_MUKHTAR }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_MUKHTAR }} aws-region: us-west-1 # Deploy to cannabis.ca.gov # jbum added exclude - - name: Deploy to S3 (cannabis.ca.gov) - run: aws s3 sync --follow-symlinks --delete ./docs s3://cannabis.ca.gov --exclude 'wp-content/uploads/*' + - name: Deploy to S3 (cannabis.ca.gov.live) + run: aws s3 sync --follow-symlinks --delete ./docs s3://cannabis.ca.gov.live --exclude 'wp-content/uploads/*' # Reset the cache-control headers on static assets on production S3 bucket - name: Reset cache-control on fonts uses: prewk/s3-cp-action@v2 with: - aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_MUKHTAR }} + aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_MUKHTAR }} aws_region: 'us-west-1' # optional: defaults to us-east-1 source: './docs/fonts' - dest: 's3://cannabis.ca.gov/fonts' + dest: 's3://cannabis.ca.gov.live/fonts' flags: --recursive --cache-control max-age=15552000 - name: Reset cache-control on assets uses: prewk/s3-cp-action@v2 with: - aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_MUKHTAR }} + aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_MUKHTAR }} aws_region: 'us-west-1' # optional: defaults to us-east-1 source: './docs/assets' - dest: 's3://cannabis.ca.gov/assets' + dest: 's3://cannabis.ca.gov.live/assets' flags: --recursive --cache-control max-age=15552000 # - name: Reset cache-control on media # uses: prewk/s3-cp-action@v2 # with: - # aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} - # aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + # aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_MUKHTAR }} + # aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_MUKHTAR }} # aws_region: 'us-west-1' # optional: defaults to us-east-1 # source: './docs/wp-content/uploads/sites/2' # dest: 's3://cannabis.ca.gov/wp-content/uploads/sites/2' @@ -88,14 +88,10 @@ jobs: - name: Deploy redirects run: | - AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY }} npm run deploy:redirects + AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID_MUKHTAR }} AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY_MUKHTAR }} npm run deploy:redirects - name: Invalidate Cloudfront (cannabis.ca.gov) env: AWS_RETRY_MODE: standard AWS_MAX_ATTEMPTS: 6 - run: aws cloudfront create-invalidation --distribution-id E2RLC9PDB1JLNI --paths "/*" - - - - + run: aws cloudfront create-invalidation --distribution-id E314Q1K8WYSBBI --paths "/*" \ No newline at end of file diff --git a/.github/workflows/eleventy_build_main_mukhtar.yml b/.github/workflows/eleventy_build_main_old.yml similarity index 80% rename from .github/workflows/eleventy_build_main_mukhtar.yml rename to .github/workflows/eleventy_build_main_old.yml index ceff578a6b0..3219d230da0 100644 --- a/.github/workflows/eleventy_build_main_mukhtar.yml +++ b/.github/workflows/eleventy_build_main_old.yml @@ -49,38 +49,38 @@ jobs: - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@master with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_MUKHTAR }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_MUKHTAR }} + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-region: us-west-1 # Deploy to cannabis.ca.gov # jbum added exclude - - name: Deploy to S3 (cannabis.ca.gov.live) - run: aws s3 sync --follow-symlinks --delete ./docs s3://cannabis.ca.gov.live --exclude 'wp-content/uploads/*' + - name: Deploy to S3 (cannabis.ca.gov) + run: aws s3 sync --follow-symlinks --delete ./docs s3://cannabis.ca.gov --exclude 'wp-content/uploads/*' # Reset the cache-control headers on static assets on production S3 bucket - name: Reset cache-control on fonts uses: prewk/s3-cp-action@v2 with: - aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_MUKHTAR }} - aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_MUKHTAR }} + aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws_region: 'us-west-1' # optional: defaults to us-east-1 source: './docs/fonts' - dest: 's3://cannabis.ca.gov.live/fonts' + dest: 's3://cannabis.ca.gov/fonts' flags: --recursive --cache-control max-age=15552000 - name: Reset cache-control on assets uses: prewk/s3-cp-action@v2 with: - aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_MUKHTAR }} - aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_MUKHTAR }} + aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws_region: 'us-west-1' # optional: defaults to us-east-1 source: './docs/assets' - dest: 's3://cannabis.ca.gov.live/assets' + dest: 's3://cannabis.ca.gov/assets' flags: --recursive --cache-control max-age=15552000 # - name: Reset cache-control on media # uses: prewk/s3-cp-action@v2 # with: - # aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_MUKHTAR }} - # aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_MUKHTAR }} + # aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} + # aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} # aws_region: 'us-west-1' # optional: defaults to us-east-1 # source: './docs/wp-content/uploads/sites/2' # dest: 's3://cannabis.ca.gov/wp-content/uploads/sites/2' @@ -88,14 +88,10 @@ jobs: - name: Deploy redirects run: | - AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID_MUKHTAR }} AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY_MUKHTAR }} npm run deploy:redirects + AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY }} npm run deploy:redirects - name: Invalidate Cloudfront (cannabis.ca.gov) env: AWS_RETRY_MODE: standard AWS_MAX_ATTEMPTS: 6 - run: aws cloudfront create-invalidation --distribution-id E314Q1K8WYSBBI --paths "/*" - - - - + run: aws cloudfront create-invalidation --distribution-id E2RLC9PDB1JLNI --paths "/*" diff --git a/.github/workflows/eleventy_build_pr.yml b/.github/workflows/eleventy_build_pr.yml index 2e964ff474b..745436cb53c 100644 --- a/.github/workflows/eleventy_build_pr.yml +++ b/.github/workflows/eleventy_build_pr.yml @@ -1,6 +1,6 @@ name: Deploy PR Preview cannabis.ca.gov # site: https://[branch-name].pr.cannabis.ca.gov -# s3 bucket http://pr.cannabis.ca.gov.s3-website-us-west-1.amazonaws.com/ +# s3 bucket http://pr.cannabis.ca.gov.live.s3-website-us-west-1.amazonaws.com # editor: https://api.cannabis.ca.gov on: pull_request: @@ -47,14 +47,14 @@ jobs: - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@master with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_MUKHTAR }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_MUKHTAR }} aws-region: us-west-1 # jbum added exclude - name: Deploy to S3 - run: aws s3 sync --follow-symlinks --delete ./docs s3://pr.cannabis.ca.gov/pr/${URLSAFE_BRANCH_NAME} --exclude 'wp-content/uploads/*' + run: aws s3 sync --follow-symlinks --delete ./docs s3://pr.cannabis.ca.gov.live/pr/${URLSAFE_BRANCH_NAME} --exclude 'wp-content/uploads/*' - name: Invalidate CloudFront cache - run: aws cloudfront create-invalidation --distribution-id ELR9BZ6ZDNOSW --paths "/*" + run: aws cloudfront create-invalidation --distribution-id E36Q5U59Q91THE --paths "/*" - name: Post URL to PR uses: mshick/add-pr-comment@v1 with: diff --git a/.github/workflows/eleventy_build_pr_old.yml b/.github/workflows/eleventy_build_pr_old.yml new file mode 100644 index 00000000000..2e964ff474b --- /dev/null +++ b/.github/workflows/eleventy_build_pr_old.yml @@ -0,0 +1,65 @@ +name: Deploy PR Preview cannabis.ca.gov +# site: https://[branch-name].pr.cannabis.ca.gov +# s3 bucket http://pr.cannabis.ca.gov.s3-website-us-west-1.amazonaws.com/ +# editor: https://api.cannabis.ca.gov +on: + pull_request: + types: + - opened + - synchronize + - ready_for_review + - reopened +jobs: + build_deploy: + runs-on: ubuntu-20.04 + steps: + - uses: n1hility/cancel-previous-runs@v2 + with: + token: ${{ secrets.GITHUB_TOKEN }} + - uses: actions/checkout@master + - name: Use Node.js 18.x + uses: actions/setup-node@v1 + with: + node-version: 18.16.0 + - name: Get branch name (merge) + if: github.event_name != 'pull_request' + shell: bash + run: echo "BRANCH_NAME=$(echo ${GITHUB_REF#refs/heads/})" >> $GITHUB_ENV + - name: Get branch name (pull request) + if: github.event_name == 'pull_request' + shell: bash + run: echo "BRANCH_NAME=$(echo ${GITHUB_HEAD_REF})" >> $GITHUB_ENV + - name: Escape branch name for URL + shell: bash + run: echo "URLSAFE_BRANCH_NAME=$(echo ${BRANCH_NAME} | tr '[:upper:]' '[:lower:]' | sed 's|[^A-Za-z0-9-]|-|g' | sed -E 's|-*([A-Za-z0-9]*.*[A-Za-z0-9]+)-*|\1|')" >> $GITHUB_ENV + - name: Report escaped branch name + shell: bash + run: echo ${URLSAFE_BRANCH_NAME} + - name: Build 11ty + run: | + mkdir dist + npm ci --legacy-peer-deps + SITE_ENV=production DOMAIN=${URLSAFE_BRANCH_NAME}.pr.cannabis.ca.gov npm run build + - name: Write robots.txt + run: | + echo 'User-agent: *' > docs/robots.txt + echo 'Disallow: /' >> docs/robots.txt + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@master + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: us-west-1 + # jbum added exclude + - name: Deploy to S3 + run: aws s3 sync --follow-symlinks --delete ./docs s3://pr.cannabis.ca.gov/pr/${URLSAFE_BRANCH_NAME} --exclude 'wp-content/uploads/*' + - name: Invalidate CloudFront cache + run: aws cloudfront create-invalidation --distribution-id ELR9BZ6ZDNOSW --paths "/*" + - name: Post URL to PR + uses: mshick/add-pr-comment@v1 + with: + message: | + Preview site available at [${{ env.URLSAFE_BRANCH_NAME }}.pr.cannabis.ca.gov](https://${{ env.URLSAFE_BRANCH_NAME }}.pr.cannabis.ca.gov/). + repo-token: ${{ secrets.GITHUB_TOKEN }} + repo-token-user-login: 'github-actions[bot]' + allow-repeats: false \ No newline at end of file diff --git a/.github/workflows/eleventy_build_staging.yml b/.github/workflows/eleventy_build_staging.yml index e7bd4df17db..3b3622d0128 100644 --- a/.github/workflows/eleventy_build_staging.yml +++ b/.github/workflows/eleventy_build_staging.yml @@ -1,6 +1,6 @@ name: 11ty build Staging Site # site: https://staging.cannabis.ca.gov -# s3 bucket http://staging.cannabis.ca.gov.s3-website-us-west-1.amazonaws.com/ +# s3 bucket http://staging.cannabis.ca.gov.live.s3-website-us-west-1.amazonaws.com # editor: https://api.cannabis.ca.gov on: workflow_run: @@ -48,38 +48,38 @@ jobs: - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@master with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_MUKHTAR }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_MUKHTAR }} aws-region: us-west-1 - name: Deploy to S3 (staging.cannabis.ca.gov) - run: aws s3 sync --follow-symlinks --delete ./docs s3://staging.cannabis.ca.gov --exclude 'wp-content/uploads/*' + run: aws s3 sync --follow-symlinks --delete ./docs s3://staging.cannabis.ca.gov.live --exclude 'wp-content/uploads/*' # Reset the cache-control headers on static assets on S3 bucket - name: Reset cache-control on static files uses: prewk/s3-cp-action@v2 with: - aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_MUKHTAR }} + aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_MUKHTAR }} aws_region: 'us-west-1' # optional: defaults to us-east-1 source: './docs/fonts' - dest: 's3://staging.cannabis.ca.gov/fonts' + dest: 's3://staging.cannabis.ca.gov.live/fonts' flags: --recursive --cache-control max-age=15552000 - name: Reset cache-control on assets uses: prewk/s3-cp-action@v2 with: - aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_MUKHTAR }} + aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_MUKHTAR }} aws_region: 'us-west-1' # optional: defaults to us-east-1 source: './docs/assets' - dest: 's3://staging.cannabis.ca.gov/assets' + dest: 's3://staging.cannabis.ca.gov.live/assets' flags: --recursive --cache-control max-age=15552000 # - name: Deploy redirects # run: | - # AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY }} npm run deploy:redirects + # AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID_MUKHTAR }} AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY_MUKHTAR }} npm run deploy:redirects # Invalidate Cloudfront production distribution - name: Invalidate Cloudfront (cannabis.ca.gov) - run: aws cloudfront create-invalidation --distribution-id EQTK6QDHAMA8Z --paths "/*" + run: aws cloudfront create-invalidation --distribution-id E3DT30NBQC365Z --paths "/*" diff --git a/.github/workflows/eleventy_build_staging_old.yml b/.github/workflows/eleventy_build_staging_old.yml new file mode 100644 index 00000000000..e7bd4df17db --- /dev/null +++ b/.github/workflows/eleventy_build_staging_old.yml @@ -0,0 +1,85 @@ +name: 11ty build Staging Site +# site: https://staging.cannabis.ca.gov +# s3 bucket http://staging.cannabis.ca.gov.s3-website-us-west-1.amazonaws.com/ +# editor: https://api.cannabis.ca.gov +on: + workflow_run: + workflows: ["Update static content [staging]"] + types: ['completed'] + branches: + - staging + push: + branches: + - staging + +concurrency: + group: sync_staging_deployments + cancel-in-progress: true + +jobs: + build_deploy: + runs-on: ubuntu-20.04 + steps: + - uses: actions/checkout@master + - uses: actions/setup-node@master + with: + node-version: 18.16.0 + cache: 'npm' + - name: Install packages + run: | + mkdir dist + npm ci --production + - name: Build 11ty + run: | + SITE_ENV=staging DOMAIN=staging.cannabis.ca.gov npm run build + - name: Write robots.txt + run: | + echo 'User-agent: *' > docs/robots.txt + echo 'Disallow: /' >> docs/robots.txt + # deploy built files to separate branch that contains only built files that github pages uses to serve site + - name: Deploy to github pages branch + uses: peaceiris/actions-gh-pages@v3.9.3 + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + publish_dir: ./docs + publish_branch: deploy_staging + + # Set up AWS CLI + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@master + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: us-west-1 + + - name: Deploy to S3 (staging.cannabis.ca.gov) + run: aws s3 sync --follow-symlinks --delete ./docs s3://staging.cannabis.ca.gov --exclude 'wp-content/uploads/*' + + # Reset the cache-control headers on static assets on S3 bucket + - name: Reset cache-control on static files + uses: prewk/s3-cp-action@v2 + with: + aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws_region: 'us-west-1' # optional: defaults to us-east-1 + source: './docs/fonts' + dest: 's3://staging.cannabis.ca.gov/fonts' + flags: --recursive --cache-control max-age=15552000 + - name: Reset cache-control on assets + uses: prewk/s3-cp-action@v2 + with: + aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws_region: 'us-west-1' # optional: defaults to us-east-1 + source: './docs/assets' + dest: 's3://staging.cannabis.ca.gov/assets' + flags: --recursive --cache-control max-age=15552000 + + + # - name: Deploy redirects + # run: | + # AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY }} npm run deploy:redirects + + # Invalidate Cloudfront production distribution + - name: Invalidate Cloudfront (cannabis.ca.gov) + run: aws cloudfront create-invalidation --distribution-id EQTK6QDHAMA8Z --paths "/*"