forked from docker/docs
-
Notifications
You must be signed in to change notification settings - Fork 0
136 lines (132 loc) · 5.15 KB
/
deploy.yml
File metadata and controls
136 lines (132 loc) · 5.15 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
name: deploy
# Deploys the Docker Docs website when merging to the `main` branch.
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
on:
workflow_dispatch:
push:
branches:
- main
- lab
env:
# Use edge release of buildx (latest RC, fallback to latest stable)
SETUP_BUILDX_VERSION: edge
SETUP_BUILDKIT_IMAGE: "moby/buildkit:latest"
# these permissions are needed to interact with GitHub's OIDC Token endpoint.
permissions:
id-token: write
contents: read
# The `main` branch is deployed to the production environment.
# The `lab` branch is deployed to a separate environment for testing purposes.
jobs:
publish:
runs-on: ubuntu-24.04
if: github.repository_owner == 'docker'
steps:
-
name: Prepare
run: |
DOCS_AWS_REGION=us-east-1
HUGO_ENV=production
if [ "${{ github.ref }}" = "refs/heads/main" ]; then
DOCS_URL="https://docs.docker.com"
DOCS_AWS_IAM_ROLE="arn:aws:iam::710015040892:role/prod-docs-docs.docker.com-20220818202218674300000001"
DOCS_S3_BUCKET="prod-docs-docs.docker.com"
DOCS_CLOUDFRONT_ID="E228TTN20HNU8F"
DOCS_LAMBDA_FUNCTION_REDIRECTS="DockerDocsRedirectFunction-prod"
DOCS_SLACK_MSG="Successfully deployed docs from the main branch. $DOCS_URL"
elif [ "${{ github.ref }}" = "refs/heads/lab" ]; then
HUGO_ENV=lab
DOCS_URL="https://docs-labs.docker.com"
DOCS_AWS_IAM_ROLE="arn:aws:iam::710015040892:role/labs-docs-docs.docker.com-20220818202218402500000001"
DOCS_S3_BUCKET="labs-docs-docs.docker.com"
DOCS_CLOUDFRONT_ID="E1MYDYF65FW3HG"
DOCS_LAMBDA_FUNCTION_REDIRECTS="DockerDocsRedirectFunction-labs"
else
echo >&2 "ERROR: unknown branch ${{ github.ref }}"
exit 1
fi
SEND_SLACK_MSG="true"
if [ -z "$DOCS_AWS_IAM_ROLE" ] || [ -z "$DOCS_S3_BUCKET" ] || [ -z "$DOCS_CLOUDFRONT_ID" ] || [ -z "$DOCS_SLACK_MSG" ]; then
SEND_SLACK_MSG="false"
fi
echo "BRANCH_NAME=${GITHUB_REF#refs/heads/}" >> $GITHUB_ENV
echo "HUGO_ENV=$HUGO_ENV" >> $GITHUB_ENV
echo "DOCS_URL=$DOCS_URL" >> $GITHUB_ENV
echo "DOCS_AWS_REGION=$DOCS_AWS_REGION" >> $GITHUB_ENV
echo "DOCS_AWS_IAM_ROLE=$DOCS_AWS_IAM_ROLE" >> $GITHUB_ENV
echo "DOCS_S3_BUCKET=$DOCS_S3_BUCKET" >> $GITHUB_ENV
echo "DOCS_CLOUDFRONT_ID=$DOCS_CLOUDFRONT_ID" >> $GITHUB_ENV
echo "DOCS_LAMBDA_FUNCTION_REDIRECTS=$DOCS_LAMBDA_FUNCTION_REDIRECTS" >> $GITHUB_ENV
echo "DOCS_SLACK_MSG=$DOCS_SLACK_MSG" >> $GITHUB_ENV
echo "SEND_SLACK_MSG=$SEND_SLACK_MSG" >> $GITHUB_ENV
-
name: Checkout
uses: actions/checkout@v5
with:
fetch-depth: 0
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
version: ${{ env.SETUP_BUILDX_VERSION }}
driver-opts: image=${{ env.SETUP_BUILDKIT_IMAGE }}
-
name: Build website
uses: docker/bake-action@v6
with:
source: .
files: |
docker-bake.hcl
targets: release
provenance: false
-
name: Configure AWS Credentials
if: ${{ env.DOCS_AWS_IAM_ROLE != '' }}
uses: aws-actions/configure-aws-credentials@v5
with:
role-to-assume: ${{ env.DOCS_AWS_IAM_ROLE }}
aws-region: ${{ env.DOCS_AWS_REGION }}
-
name: Upload files to S3 bucket
if: ${{ env.DOCS_S3_BUCKET != '' }}
run: |
aws --region ${{ env.DOCS_AWS_REGION }} s3 sync \
--delete \
--exclude "*" \
--include "*.webp" \
--metadata-directive="REPLACE" \
--no-guess-mime-type \
--content-type="image/webp" \
public s3://${{ env.DOCS_S3_BUCKET }}/
aws --region ${{ env.DOCS_AWS_REGION }} s3 sync \
--delete \
--exclude "*.webp" \
public s3://${{ env.DOCS_S3_BUCKET }}/
-
name: Update Cloudfront config
if: ${{ env.DOCS_CLOUDFRONT_ID != '' }}
uses: docker/bake-action@v6
with:
source: .
files: |
docker-bake.hcl
targets: aws-cloudfront-update
env:
AWS_REGION: us-east-1 # cloudfront and lambda edge functions are only available in us-east-1 region
AWS_CLOUDFRONT_ID: ${{ env.DOCS_CLOUDFRONT_ID }}
AWS_LAMBDA_FUNCTION: ${{ env.DOCS_LAMBDA_FUNCTION_REDIRECTS }}
-
name: Invalidate Cloudfront cache
if: ${{ env.DOCS_CLOUDFRONT_ID != '' }}
run: |
aws cloudfront create-invalidation --distribution-id ${{ env.DOCS_CLOUDFRONT_ID }} --paths "/*"
env:
AWS_REGION: us-east-1 # cloudfront is only available in us-east-1 region
AWS_MAX_ATTEMPTS: 5
-
name: Send Slack notification
if: ${{ env.SEND_SLACK_MSG == 'true' }}
run: |
curl -X POST -H 'Content-type: application/json' --data '{"text":"${{ env.DOCS_SLACK_MSG }}"}' ${{ secrets.SLACK_WEBHOOK }}