Add preview workflow (#279)

* Create action to authenticate with AWS using the generated role name

* Create preview reusable workflow

* Trigger reusable workflow in PR workflow

* Add cleanup workflow

* Upload binary instead of built documentation

* Remove empty newline

* fix

Author: reakaleek

.github/actions/aws-auth/action.yml

@@ -0,0 +1,43 @@
+name: AWS Auth
+
+description: |
+  This is an opinionated action to authenticate with AWS.
+  It will generate a role ARN based on the repository name and the AWS account ID.
+
+inputs:
+  aws_account_id:
+    description: 'The AWS account ID to generate the role ARN for'
+    required: true
+    default: '197730964718' # elastic-web
+  aws_region:
+    description: 'The AWS region to use'
+    required: false
+    default: 'us-east-1'
+  aws_role_name_prefix:
+    description: 'The prefix for the role name'
+    required: false
+    default: 'elastic-docs-v3-preview-'
+
+runs:
+  using: composite
+  steps:
+    - name: Generate AWS Role ARN
+      id: role_arn
+      shell: python
+      env:
+        AWS_ACCOUNT_ID: ${{ inputs.aws_account_id }}
+        ROLE_NAME_PREFIX: ${{ inputs.aws_role_name_prefix }}
+      run: |
+          import hashlib
+          import os
+          prefix = os.environ["ROLE_NAME_PREFIX"]
+          m = hashlib.sha256()
+          m.update(os.environ["GITHUB_REPOSITORY"].encode('utf-8'))
+          hash = m.hexdigest()[:64-len(prefix)]
+          with open(os.environ["GITHUB_OUTPUT"], "a") as f:
+            f.write(f"result=arn:aws:iam::{os.environ["AWS_ACCOUNT_ID"]}:role/{prefix}{hash}")
+    - name: Configure AWS Credentials
+      uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
+      with:
+        role-to-assume: ${{ steps.role_arn.outputs.result }}
+        aws-region: ${{ inputs.aws_region }}

.github/workflows/pr.yml

@@ -6,6 +6,9 @@ on:
 permissions:
   contents: read
   packages: read
+  id-token: write
+  pull-requests: write
+  deployments: write
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
@@ -32,8 +35,14 @@ jobs:
 
       - name: Publish AOT
         run: ./build.sh publishbinaries
-
-      # we run our artifact directly please use the prebuild
-      # elastic/docs-builder@main GitHub Action for all other repositories!
-      - name: Build documentation
-        run: .artifacts/publish/docs-builder/release/docs-builder --strict
+        
+      - uses: actions/upload-artifact@v4
+        with:
+          name: docs-builder-binary
+          path: .artifacts/publish/docs-builder/release/docs-builder
+          if-no-files-found: error
+          retention-days: 1
+
+  preview:
+    needs: build
+    uses: ./.github/workflows/preview.yml

.github/workflows/preview-cleanup.yml

@@ -0,0 +1,55 @@
+name: preview-cleanup
+
+on:
+  pull_request_target:
+    types: [closed]
+
+permissions:
+  deployments: write
+  id-token: write
+
+jobs:
+  cleanup:
+    runs-on: ubuntu-latest
+    environment: preview-${{ github.event.pull_request.number }}
+    steps:
+      - uses: ./.github/actions/aws-auth
+      - name: Delete s3 objects
+        env:
+          PR_NUMBER: ${{ github.event.pull_request.number }}
+        run: |
+            aws s3 rm "s3://elastic-docs-v3-website-preview/${GITHUB_REPOSITORY}/pull/${PR_NUMBER}" --recursive
+
+      - name: Delete GitHub environment
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const { owner, repo } = context.repo;
+            const deployments = await github.rest.repos.listDeployments({
+              owner,
+              repo,
+              environment: `preview-${context.issue.number}`
+            });
+            for (const deployment of deployments.data) {
+              await github.rest.repos.createDeploymentStatus({
+                owner,
+                repo,
+                deployment_id: deployment.id,
+                state: 'inactive',
+                description: 'Marking deployment as inactive'
+              });
+              await github.rest.repos.deleteDeployment({
+                owner,
+                repo,
+                deployment_id: deployment.id
+              });
+            }
+
+            octokit.rest.repos.deleteAnEnvironment({
+              owner,
+              repo,
+              environment_name: `preview-${context.issue.number}`,
+            });
+
+    
+            

.github/workflows/preview.yml

@@ -0,0 +1,93 @@
+name: preview
+
+on:
+  workflow_call: ~
+
+permissions:
+  id-token: write
+  pull-requests: write
+  deployments: write
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Create Deployment
+        uses: actions/github-script@v7
+        id: deployment
+        with:
+          result-encoding: string
+          script: |
+            const { owner, repo } = context.repo;
+            const deployment = await github.rest.repos.createDeployment({
+                issue_number: context.issue.number,
+                owner,
+                repo,
+                ref: context.payload.pull_request.head.ref,
+                environment: `preview-${context.issue.number}`,
+                description: `Preview deployment for PR ${context.issue.number}`,
+                auto_merge: false,
+                required_contexts: [],
+            })
+            await github.rest.repos.createDeploymentStatus({
+                deployment_id: deployment.data.id,
+                owner,
+                repo,
+                state: "in_progress",
+                description: "Deployment created",
+                log_url: `https://github.com/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId}?pr=${context.issue.number}`,
+            })
+            return deployment.data.id
+
+      - uses: actions/checkout@v4
+        
+      - uses: actions/download-artifact@v4
+        with:
+          name: docs-builder-binary
+
+      # we run our artifact directly please use the prebuild
+      # elastic/docs-builder@main GitHub Action for all other repositories!
+      - name: Build documentation
+        env:
+          PR_NUMBER: ${{ github.event.pull_request.number }}
+        run: |
+          chmod +x ./docs-builder
+          ./docs-builder --strict --path-prefix "/${GITHUB_REPOSITORY}/pull/${PR_NUMBER}"
+
+      - uses: ./.github/actions/aws-auth
+
+      - name: Upload to S3
+        env:
+          PR_NUMBER: ${{ github.event.pull_request.number }}
+        run: |
+          aws s3 sync .artifacts/docs/html "s3://elastic-docs-v3-website-preview/${GITHUB_REPOSITORY}/pull/${PR_NUMBER}" --delete
+          aws cloudfront create-invalidation --distribution-id EKT7LT5PM8RKS --paths "/${GITHUB_REPOSITORY}/pull/${PR_NUMBER}/*"
+      
+      - name: Update deployment status
+        uses: actions/github-script@v7
+        if: steps.deployment.outputs.result
+        with:
+          script: |
+            await github.rest.repos.createDeploymentStatus({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              deployment_id: ${{ steps.deployment.outputs.result }},
+              state: "success",
+              description: "Deployment completed",
+              environment_url: `https://docs-v3-preview.elastic.dev/${context.repo.owner}/${context.repo.repo}/pull/${context.issue.number}`,
+              log_url: `https://github.com/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId}?pr=${context.issue.number}`,
+            })
+
+      - name: Update Deployment Status on Failure
+        if: failure() && steps.deployment.outputs.result
+        uses: actions/github-script@v7
+        with:
+          script: |
+            await github.rest.repos.createDeploymentStatus({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              deployment_id: ${{ steps.deployment.outputs.result }},
+              state: "failure",
+              description: "Deployment failed",
+              log_url: `https://github.com/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId}?pr=${context.issue.number}`,
+            })