docker.github.io/.github/workflows/deploy.yml at master · PMohanJ/docker.github.io · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
name: deploy

on:
  workflow_dispatch:
  push:
    branches:
      - lab
      - master
      - published

# these permissions are needed to interact with GitHub's OIDC Token endpoint.
permissions:
  id-token: write
  contents: read

jobs:
  publish:
    runs-on: ubuntu-20.04
    steps:
      -
        name: Prepare
        run: |
          JEKYLL_ENV=development
          DOCS_AWS_REGION=us-east-1
          if [ "${{ github.ref }}" = "refs/heads/master" ]; then
            DOCS_URL="https://docs-stage.docker.com"
            DOCS_AWS_IAM_ROLE="arn:aws:iam::710015040892:role/stage-docs-docs.docker.com-20220818202135984800000001"
            DOCS_S3_BUCKET="stage-docs-docs.docker.com"
            DOCS_S3_CONFIG="s3-config.json"
            DOCS_CLOUDFRONT_ID="E1R7CSW3F0X4H8"
            DOCS_LAMBDA_FUNCTION_REDIRECTS="DockerDocsRedirectFunction-stage"
            DOCS_SLACK_MSG="Successfully deployed docs-stage from master branch. $DOCS_URL"
          elif [ "${{ github.ref }}" = "refs/heads/published" ]; then
            JEKYLL_ENV=production
            DOCS_URL="https://docs.docker.com"
            DOCS_AWS_IAM_ROLE="arn:aws:iam::710015040892:role/prod-docs-docs.docker.com-20220818202218674300000001"
            DOCS_S3_BUCKET="prod-docs-docs.docker.com"
            DOCS_S3_CONFIG="s3-config.json"
            DOCS_CLOUDFRONT_ID="E228TTN20HNU8F"
            DOCS_LAMBDA_FUNCTION_REDIRECTS="DockerDocsRedirectFunction-prod"
            DOCS_SLACK_MSG="Successfully deployed docs from published branch. $DOCS_URL"
          elif [ "${{ github.ref }}" = "refs/heads/lab" ]; then
            DOCS_URL="https://docs-labs.docker.com"
            DOCS_AWS_IAM_ROLE="arn:aws:iam::710015040892:role/labs-docs-docs.docker.com-20220818202218402500000001"
            DOCS_S3_BUCKET="labs-docs-docs.docker.com"
            DOCS_S3_CONFIG="s3-config.json"
            DOCS_CLOUDFRONT_ID="E1MYDYF65FW3HG"
            DOCS_LAMBDA_FUNCTION_REDIRECTS="DockerDocsRedirectFunction-labs"
          else
            echo >&2 "ERROR: unknown branch ${{ github.ref }}"
            exit 1
          fi
          SEND_SLACK_MSG="true"
          if [ -z "$DOCS_AWS_IAM_ROLE" ] || [ -z "$DOCS_S3_BUCKET" ] || [ -z "$DOCS_CLOUDFRONT_ID" ] || [ -z "$DOCS_SLACK_MSG" ]; then
            SEND_SLACK_MSG="false"
          fi
          echo "BRANCH_NAME=${GITHUB_REF#refs/heads/}" >> $GITHUB_ENV
          echo "JEKYLL_ENV=$JEKYLL_ENV" >> $GITHUB_ENV
          echo "DOCS_URL=$DOCS_URL" >> $GITHUB_ENV
          echo "DOCS_AWS_REGION=$DOCS_AWS_REGION" >> $GITHUB_ENV
          echo "DOCS_AWS_IAM_ROLE=$DOCS_AWS_IAM_ROLE" >> $GITHUB_ENV
          echo "DOCS_S3_BUCKET=$DOCS_S3_BUCKET" >> $GITHUB_ENV
          echo "DOCS_S3_CONFIG=$DOCS_S3_CONFIG" >> $GITHUB_ENV
          echo "DOCS_CLOUDFRONT_ID=$DOCS_CLOUDFRONT_ID" >> $GITHUB_ENV
          echo "DOCS_LAMBDA_FUNCTION_REDIRECTS=$DOCS_LAMBDA_FUNCTION_REDIRECTS" >> $GITHUB_ENV
          echo "DOCS_SLACK_MSG=$DOCS_SLACK_MSG" >> $GITHUB_ENV
          echo "SEND_SLACK_MSG=$SEND_SLACK_MSG" >> $GITHUB_ENV
      -
        name: Checkout
        uses: actions/checkout@v3
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2
      -
        name: Build website
        uses: docker/bake-action@v2
        with:
          targets: release
          set: |
            *.cache-from=type=gha,scope=deploy-${{ env.BRANCH_NAME }}
            *.cache-to=type=gha,scope=deploy-${{ env.BRANCH_NAME }},mode=max
      -
        name: Configure AWS Credentials
        if: ${{ env.DOCS_AWS_IAM_ROLE != '' }}
        uses: aws-actions/configure-aws-credentials@v1
        with:
          role-to-assume: ${{ env.DOCS_AWS_IAM_ROLE }}
          aws-region: ${{ env.DOCS_AWS_REGION }}
      -
        name: Upload files to S3 bucket
        if: ${{ env.DOCS_S3_BUCKET != '' }}
        run: |
          aws --region ${{ env.DOCS_AWS_REGION }} s3 sync --acl public-read _site s3://${{ env.DOCS_S3_BUCKET }}/ --delete
      -
        name: Update S3 config
        if: ${{ env.DOCS_S3_BUCKET != '' && env.DOCS_S3_CONFIG != '' }}
        uses: docker/bake-action@v2
        with:
          targets: aws-s3-update-config
          set: |
            *.cache-from=type=gha,scope=releaser
        env:
          AWS_REGION: ${{ env.DOCS_AWS_REGION }}
          AWS_S3_BUCKET: ${{ env.DOCS_S3_BUCKET }}
          AWS_S3_CONFIG: ${{ env.DOCS_S3_CONFIG }}
      -
        name: Update Cloudfront config
        if: ${{ env.DOCS_CLOUDFRONT_ID != '' }}
        uses: docker/bake-action@v2
        with:
          targets: aws-cloudfront-update
        env:
          AWS_REGION: us-east-1 # cloudfront and lambda edge functions are only available in us-east-1 region
          AWS_CLOUDFRONT_ID: ${{ env.DOCS_CLOUDFRONT_ID }}
          AWS_LAMBDA_FUNCTION: ${{ env.DOCS_LAMBDA_FUNCTION_REDIRECTS }}
      -
        name: Invalidate Cloudfront cache
        if: ${{ env.DOCS_CLOUDFRONT_ID != '' }}
        run: |
          aws cloudfront create-invalidation --distribution-id ${{ env.DOCS_CLOUDFRONT_ID }} --paths "/*"
        env:
          AWS_REGION: us-east-1 # cloudfront is only available in us-east-1 region
          AWS_MAX_ATTEMPTS: 5
      -
        name: Send Slack notification
        if: ${{ env.SEND_SLACK_MSG == 'true' }}
        run: |
          curl -X POST -H 'Content-type: application/json' --data '{"text":"${{ env.DOCS_SLACK_MSG }}"}' ${{ secrets.SLACK_WEBHOOK }}