-
Notifications
You must be signed in to change notification settings - Fork 190
60 lines (57 loc) · 2.2 KB
/
publish-stage.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
name: publish-stage
on:
push:
branches:
- "main"
tags-ignore:
- "*"
permissions:
id-token: write
jobs:
publish:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-node@v1
with:
node-version: 22
- name: Install Dependencies
run: npm ci
- name: Cache Docusaurus
uses: ./.github/actions/docusaurus-cache
- name: Update redirects for environment
run: "sed -i 's!https://unsupported.docs.camunda.io!https://stage.unsupported.docs.camunda.io!g' ./static/.htaccess"
- name: Build
run: npm run build
env:
NODE_OPTIONS: --max_old_space_size=8192
DOCS_SITE_URL: https://stage.docs.camunda.io
DOCS_SITE_BASE_URL: /
- name: Get Github Actions IP
id: ip
uses: haythem/[email protected]
- name: Add Github Actions IP to Security group so we can publish
run: |
aws ec2 authorize-security-group-ingress --group-id ${{ secrets.AWS_SECURITY_GROUP_NAME }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
- name: Publish
uses: burnett01/[email protected]
with:
switches: -avzr --delete
path: build/
remote_path: ${{ secrets.AWS_STAGE_PUBLISH_PATH }}
remote_host: ${{ secrets.AWS_STAGE_PUBLISH_HOST }}
remote_user: ${{ secrets.AWS_STAGE_PUBLISH_USER }}
# vvvvv Intentionally missing the AWS_ prefix vvvvv
remote_key: ${{ secrets.PUBLISH_STAGE_KEY }}
- name: Remove Github Actions IP from security group
run: |
aws ec2 revoke-security-group-ingress --group-id ${{ secrets.AWS_SECURITY_GROUP_NAME }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
if: always()