Merge pull request #19613 from dvdksn/build-gha-reproducible-builds #2758
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: deploy | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
on: | |
workflow_dispatch: | |
push: | |
branches: | |
- lab | |
- main | |
- published | |
# these permissions are needed to interact with GitHub's OIDC Token endpoint. | |
permissions: | |
id-token: write | |
contents: read | |
jobs: | |
publish: | |
runs-on: ubuntu-22.04 | |
if: github.repository_owner == 'docker' | |
steps: | |
- | |
name: Prepare | |
run: | | |
HUGO_ENV=development | |
DOCS_AWS_REGION=us-east-1 | |
if [ "${{ github.ref }}" = "refs/heads/main" ]; then | |
HUGO_ENV=staging | |
DOCS_URL="https://docs-stage.docker.com" | |
DOCS_AWS_IAM_ROLE="arn:aws:iam::710015040892:role/stage-docs-docs.docker.com-20220818202135984800000001" | |
DOCS_S3_BUCKET="stage-docs-docs.docker.com" | |
DOCS_S3_CONFIG="s3-config.json" | |
DOCS_CLOUDFRONT_ID="E1R7CSW3F0X4H8" | |
DOCS_LAMBDA_FUNCTION_REDIRECTS="DockerDocsRedirectFunction-stage" | |
DOCS_SLACK_MSG="Successfully deployed docs-stage from main branch. $DOCS_URL" | |
elif [ "${{ github.ref }}" = "refs/heads/published" ]; then | |
HUGO_ENV=production | |
DOCS_URL="https://docs.docker.com" | |
DOCS_AWS_IAM_ROLE="arn:aws:iam::710015040892:role/prod-docs-docs.docker.com-20220818202218674300000001" | |
DOCS_S3_BUCKET="prod-docs-docs.docker.com" | |
DOCS_S3_CONFIG="s3-config.json" | |
DOCS_CLOUDFRONT_ID="E228TTN20HNU8F" | |
DOCS_LAMBDA_FUNCTION_REDIRECTS="DockerDocsRedirectFunction-prod" | |
DOCS_SLACK_MSG="Successfully deployed docs from published branch. $DOCS_URL" | |
elif [ "${{ github.ref }}" = "refs/heads/lab" ]; then | |
HUGO_ENV=lab | |
DOCS_URL="https://docs-labs.docker.com" | |
DOCS_AWS_IAM_ROLE="arn:aws:iam::710015040892:role/labs-docs-docs.docker.com-20220818202218402500000001" | |
DOCS_S3_BUCKET="labs-docs-docs.docker.com" | |
DOCS_S3_CONFIG="s3-config.json" | |
DOCS_CLOUDFRONT_ID="E1MYDYF65FW3HG" | |
DOCS_LAMBDA_FUNCTION_REDIRECTS="DockerDocsRedirectFunction-labs" | |
else | |
echo >&2 "ERROR: unknown branch ${{ github.ref }}" | |
exit 1 | |
fi | |
SEND_SLACK_MSG="true" | |
if [ -z "$DOCS_AWS_IAM_ROLE" ] || [ -z "$DOCS_S3_BUCKET" ] || [ -z "$DOCS_CLOUDFRONT_ID" ] || [ -z "$DOCS_SLACK_MSG" ]; then | |
SEND_SLACK_MSG="false" | |
fi | |
echo "BRANCH_NAME=${GITHUB_REF#refs/heads/}" >> $GITHUB_ENV | |
echo "HUGO_ENV=$HUGO_ENV" >> $GITHUB_ENV | |
echo "DOCS_URL=$DOCS_URL" >> $GITHUB_ENV | |
echo "DOCS_AWS_REGION=$DOCS_AWS_REGION" >> $GITHUB_ENV | |
echo "DOCS_AWS_IAM_ROLE=$DOCS_AWS_IAM_ROLE" >> $GITHUB_ENV | |
echo "DOCS_S3_BUCKET=$DOCS_S3_BUCKET" >> $GITHUB_ENV | |
echo "DOCS_S3_CONFIG=$DOCS_S3_CONFIG" >> $GITHUB_ENV | |
echo "DOCS_CLOUDFRONT_ID=$DOCS_CLOUDFRONT_ID" >> $GITHUB_ENV | |
echo "DOCS_LAMBDA_FUNCTION_REDIRECTS=$DOCS_LAMBDA_FUNCTION_REDIRECTS" >> $GITHUB_ENV | |
echo "DOCS_SLACK_MSG=$DOCS_SLACK_MSG" >> $GITHUB_ENV | |
echo "SEND_SLACK_MSG=$SEND_SLACK_MSG" >> $GITHUB_ENV | |
- | |
name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- | |
name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- | |
name: Build website | |
uses: docker/bake-action@v4 | |
with: | |
files: | | |
docker-bake.hcl | |
targets: release | |
set: | | |
*.cache-from=type=gha,scope=deploy-${{ env.BRANCH_NAME }} | |
*.cache-to=type=gha,scope=deploy-${{ env.BRANCH_NAME }},mode=max | |
provenance: false | |
- | |
name: Configure AWS Credentials | |
if: ${{ env.DOCS_AWS_IAM_ROLE != '' }} | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{ env.DOCS_AWS_IAM_ROLE }} | |
aws-region: ${{ env.DOCS_AWS_REGION }} | |
- | |
name: Upload files to S3 bucket | |
if: ${{ env.DOCS_S3_BUCKET != '' }} | |
run: | | |
aws --region ${{ env.DOCS_AWS_REGION }} s3 sync \ | |
--acl public-read \ | |
--delete \ | |
--exclude "*" \ | |
--include "*.webp" \ | |
--metadata-directive="REPLACE" \ | |
--no-guess-mime-type \ | |
--content-type="image/webp" \ | |
public s3://${{ env.DOCS_S3_BUCKET }}/ | |
aws --region ${{ env.DOCS_AWS_REGION }} s3 sync \ | |
--acl public-read \ | |
--delete \ | |
--exclude "*.webp" \ | |
public s3://${{ env.DOCS_S3_BUCKET }}/ | |
- | |
name: Update S3 config | |
if: ${{ env.DOCS_S3_BUCKET != '' && env.DOCS_S3_CONFIG != '' }} | |
uses: docker/bake-action@v4 | |
with: | |
files: | | |
docker-bake.hcl | |
targets: aws-s3-update-config | |
set: | | |
*.cache-from=type=gha,scope=releaser | |
env: | |
AWS_REGION: ${{ env.DOCS_AWS_REGION }} | |
AWS_S3_BUCKET: ${{ env.DOCS_S3_BUCKET }} | |
AWS_S3_CONFIG: ${{ env.DOCS_S3_CONFIG }} | |
- | |
name: Update Cloudfront config | |
if: ${{ env.DOCS_CLOUDFRONT_ID != '' }} | |
uses: docker/bake-action@v4 | |
with: | |
files: | | |
docker-bake.hcl | |
targets: aws-cloudfront-update | |
env: | |
AWS_REGION: us-east-1 # cloudfront and lambda edge functions are only available in us-east-1 region | |
AWS_CLOUDFRONT_ID: ${{ env.DOCS_CLOUDFRONT_ID }} | |
AWS_LAMBDA_FUNCTION: ${{ env.DOCS_LAMBDA_FUNCTION_REDIRECTS }} | |
- | |
name: Invalidate Cloudfront cache | |
if: ${{ env.DOCS_CLOUDFRONT_ID != '' }} | |
run: | | |
aws cloudfront create-invalidation --distribution-id ${{ env.DOCS_CLOUDFRONT_ID }} --paths "/*" | |
env: | |
AWS_REGION: us-east-1 # cloudfront is only available in us-east-1 region | |
AWS_MAX_ATTEMPTS: 5 | |
- | |
name: Send Slack notification | |
if: ${{ env.SEND_SLACK_MSG == 'true' }} | |
run: | | |
curl -X POST -H 'Content-type: application/json' --data '{"text":"${{ env.DOCS_SLACK_MSG }}"}' ${{ secrets.SLACK_WEBHOOK }} |