Skip to content

Commit

Permalink
feat/github-action
Browse files Browse the repository at this point in the history
  • Loading branch information
@pattersonbl2
pattersonbl2 committed Mar 5, 2024
1 parent ff2d27c commit 59fd4a1
Show file tree
Hide file tree
Showing 2 changed files with 121 additions and 0 deletions.
33 changes: 33 additions & 0 deletions .github/gcp_deploy.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
name: Deploy to GCS

on:
workflow_dispatch:
branches:
- gcs-pipeline

jobs:
deploy:
runs-on: ubuntu-latest
enviroment: stage
steps:
- name: Checkout code
uses: actions/checkout@v2

- name: Set up Google Cloud SDK
uses: google-github-actions/[email protected]
with:
version: 'latest'
service_account_key: ${{ secrets.GCP_SA_KEY }}
project_id: ${{ secrets.GCP_PROJECT_ID }}
- name: Echo pwd
run: pwd
- name: stage build with unpublsiehd contents
run: |
yarn install
yarn build:unpublished
- name: Run deployment script
run: |
bash ${Github_Workspace}/bin/gcs-deploy.sh
env:
EXTENSION_WORKSHOP_BUCKET_GCS = ${{ secrets.EXTENSION_WORKSHOP_BUCKET_GCS }}

88 changes: 88 additions & 0 deletions bin/gcs-deploy.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,88 @@
#!/bin/bash

set -ex

CODE_DIR="dist"
# For short-lived assets; in seconds
TEN_MINS="600"

# For long-lived assets; in seconds
ONE_YEAR="31536000"

CSPSTATIC="x-goog-meta-content-security-policy: default-src 'none'; base-uri 'none'; form-action 'none'; frame-ancestors: 'none'; object-src 'none'"
CSP="x-goog-meta-content-security-policy: default-src 'none'; img-src 'self' data:; form-action 'self' https://www.mozilla.org/en-US/newsletter/; media-src 'self' blob:; script-src 'self' https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ 'sha256-vqFvYKh0rwFP9fSa0PuzUff2ElHQ+rkjGfycqUNqufQ=' https://www.googletagmanager.com/gtag/js ; font-src 'self'; frame-ancestors 'none'; frame-src https://www.youtube.com/embed/ https://calendar.google.com/calendar/appointments/; base-uri 'none'; style-src 'self' 'unsafe-inline'; connect-src 'self' https://blog.mozilla.org/addons/feed/ https://www.mozilla.org/en-US/newsletter/ https://*.google-analytics.com;"
ACAO="x-goog-meta-access-control-allow-origin: *"
if [ -z "$EXTENSION_WORKSHOP_BUCKET_GCS" ]; then
echo "The GCS bucket is not set. Failing."
exit 1
fi


if [ -e version.json ]; then
mv version.json dist/__version__
# __version__ JSON; short cache
gcloud storage cp dist/__version__ gs://${EXTENSION_WORKSHOP_BUCKET_GCS}/__version__

fi


deploy_code() {

# The basic strategy is to sync all the files that need special attention
# first, and then sync everything else which will get defaults
#
# Note that we use single quotes below for the regex pattern so that we don't
# have to deal with history expansion in shell.

# HTML; short cache
gsutil \
-h "cache-control: max-age=${TEN_MINS}" \
-h "content-type: text/html" \
-h "$CSP" \
-h "$ACAO" \
rsync \
-R \
-J \
-a public-read \
-x '.*(?<!\.html)$' \
dist "gs://$EXTENSION_WORKSHOP_BUCKET_GCS/"

# JS; short cache
gsutil \
-h "cache-control: max-age=${TEN_MINS}" \
-h "content-type: text/javascript" \
-h "$CSPSTATIC" \
rsync \
-R \
-J \
-a public-read \
-x '.*(?<!\.js)$' \
dist "gs://$EXTENSION_WORKSHOP_BUCKET_GCS/"

# SVG; cache forever, assign correct content-type
gsutil \
-h "cache-control: max-age=${ONE_YEAR}, immutable" \
-h "content-type: image/svg+xml" \
-h "$CSPSTATIC" \
-m \
rsync \
-R \
-J \
-a public-read \
-x '.*(?<!\.svg)$' \
dist "gs://$EXTENSION_WORKSHOP_BUCKET_GCS/"

# evertying else in bucket.
gsutil \
-h "cache-control: max-age=${ONE_YEAR}, immutable" \
-h "$CSPSTATIC" \
-m \
rsync \
-R \
-d \
-a public-read \
dist "gs://$EXTENSION_WORKSHOP_BUCKET_GCS/"

}

deploy_code

0 comments on commit 59fd4a1

Please sign in to comment.