Production #34
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Deploys to production, triggered manually | |
# Required secrets: | |
# CF_ACCOUNT_ID: Account ID for Cloudflare Workers | |
# CF_API_TOKEN: API token for Cloudflare (for the Workers CLI) | |
# CF_ZONE_ID: Zone ID for the Cloudflare domain | |
# AZURE_STORAGE_ACCOUNT: Name of the Azure Storage Account | |
# AZCOPY_SPA_APPLICATION_ID: Application ID (Client ID) for the Service Principal with access to the Azure Storage account | |
# AZCOPY_SPA_CLIENT_SECRET: Client Secret for the Service Principal | |
# AZCOPY_SPA_TENANT_ID: Tenant ID of the application (Service Principal) | |
name: 'Production' | |
on: | |
workflow_dispatch: | |
jobs: | |
build-and-deploy: | |
runs-on: 'ubuntu-22.04' | |
env: | |
# Version of Hugo to use | |
HUGO_VERSION: '0.110.0' | |
steps: | |
- name: 'Check out code' | |
uses: 'actions/checkout@v3' | |
- name: 'Install Node.js' | |
uses: 'actions/setup-node@v3' | |
with: | |
node-version: '18.x' | |
- name: 'Install Hugo' | |
run: | | |
cd /tmp | |
echo "Using Hugo ${HUGO_VERSION}" | |
curl -fsSL "https://github.com/gohugoio/hugo/releases/download/v${HUGO_VERSION}/hugo_extended_${HUGO_VERSION}_Linux-64bit.tar.gz" -o hugo.tar.gz | |
tar -zxf hugo.tar.gz | |
sudo mv hugo /usr/local/bin | |
- name: 'Build app' | |
run: | | |
make dist | |
- name: 'Install azcopy and authenticate' | |
run: | | |
cd /tmp | |
curl -Ls "https://aka.ms/downloadazcopy-v10-linux" -o azcopy.tar.gz | |
tar -xvzf azcopy.tar.gz --strip 1 | |
sudo mv azcopy /usr/local/bin | |
azcopy --version | |
azcopy login \ | |
--service-principal \ | |
--application-id $AZCOPY_SPA_APPLICATION_ID \ | |
--tenant-id $AZCOPY_SPA_TENANT_ID | |
env: | |
# Service Principal credentials | |
AZCOPY_SPA_APPLICATION_ID: ${{ secrets.AZCOPY_SPA_APPLICATION_ID }} | |
AZCOPY_SPA_CLIENT_SECRET: ${{ secrets.AZCOPY_SPA_CLIENT_SECRET }} | |
AZCOPY_SPA_TENANT_ID: ${{ secrets.AZCOPY_SPA_TENANT_ID }} | |
- name: 'Upload static assets to Azure Storage' | |
run: | | |
# Upload assets to Azure Storage | |
./sync-assets.sh | |
# Delete the assets from disk so they're not uploaded to Cloudflare or published as artifact | |
for asset in $ASSETS; do rm -rvf "$asset"; done | |
env: | |
# List of assets to upload | |
ASSETS: 'public/images public/fonts' | |
# Container in Azure Storage | |
CONTAINER: 'withblueink-prod' | |
# Use azcopy downloaded above | |
AZCOPYCMD: '/usr/local/bin/azcopy' | |
# Storage Account name | |
AZURE_STORAGE_ACCOUNT: ${{ secrets.AZURE_STORAGE_ACCOUNT }} | |
- name: 'Publish app as artifact' | |
uses: 'actions/upload-artifact@v3' | |
with: | |
name: 'app-prod' | |
path: 'public' | |
- name: 'Install dependencies from NPM' | |
working-directory: ./workers-site | |
run: npm ci | |
- name: 'Deploy to production environment' | |
uses: cloudflare/wrangler-action@2.0.0 | |
with: | |
apiToken: ${{ secrets.CF_API_TOKEN }} | |
accountId: ${{ secrets.CF_ACCOUNT_ID }} | |
environment: 'production' | |
command: publish --env production | |
env: | |
CF_ZONE_ID: ${{ secrets.CF_ZONE_ID }} | |
CLOUDFLARE_ZONE_ID: ${{ secrets.CF_ZONE_ID }} |