EPMRPP-113065 || Testing ci/cd update#1072
Merged
maria-hambardzumian merged 3 commits intodevelopfrom Feb 25, 2026
Merged
Conversation
|
Caution Review failedThe pull request is closed. ℹ️ Recent review infoConfiguration used: Organization UI Review profile: CHILL Plan: Pro 📒 Files selected for processing (1)
WalkthroughAdds a new GitHub Actions workflow to deploy built docs to S3 under Changes
Sequence Diagram(s)sequenceDiagram
participant Dev as Developer
participant GH as GitHub Actions
participant OIDC as AWS OIDC / STS
participant S3 as AWS S3
participant CF as CloudFront
Dev->>GH: push to develop / manual dispatch
GH->>OIDC: request short-lived AWS credentials (OIDC)
OIDC-->>GH: temporary credentials
GH->>S3: check & delete existing `docs/` (clean-docs-folder)
GH->>GH: checkout code, setup Node v20, npm ci, create .env, npm run build
GH->>OIDC: re-authenticate (OIDC) for deploy
OIDC-->>GH: temporary credentials
GH->>S3: aws s3 sync build dir -> s3://$AWS_S3_BUCKET_NAME/docs/
GH->>CF: create invalidation for /docs/*
CF-->>GH: invalidation created
Estimated code review effort🎯 2 (Simple) | ⏱️ ~12 minutes Suggested reviewers
Poem
🚥 Pre-merge checks | ✅ 2 | ❌ 1❌ Failed checks (1 inconclusive)
✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
maria-hambardzumian
requested review from
AmsterGet and
pressayuliya
as code owners
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 5
🧹 Nitpick comments (2)
.github/workflows/deploy-dev-test.yml (2)
63-69: Enable npm dependency caching to speed up the workflow.
actions/setup-node@v4supports built-in caching viacache: 'npm', which avoids re-downloading all packages on every run.⚡ Proposed fix
- name: Set up Node.js uses: actions/setup-node@v4 with: node-version: 20 + cache: 'npm'🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/deploy-dev-test.yml around lines 63 - 69, Add npm caching to the GitHub Actions setup-node step: update the "Set up Node.js" step (uses: actions/setup-node@v4) to include with: node-version: 20 and cache: 'npm' so dependencies are cached between runs, leaving the "Install of node dependencies" step (run: npm ci) intact; ensure the cache key is set by setup-node (cache: 'npm') rather than adding a separate caching action.
41-41: Consider pinning actions to commit SHAs for supply-chain security.All three pinned major-version tags (
@v4) are confirmed current. However, floating tags like@v4can be silently updated to point to new commits. For supply-chain hardening, the recommended pattern is to pin to a full commit SHA and keep the tag as a comment, e.g.:- uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4This applies equally to
actions/setup-node@v4andaws-actions/configure-aws-credentials@v4.Also applies to: 61-61, 64-64, 80-80
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/deploy-dev-test.yml at line 41, Replace the floating action tags with their full commit SHAs to harden the supply chain: for each usage of actions/setup-node@v4 and aws-actions/configure-aws-credentials@v4 (and the other two `@v4` usages), find the corresponding commit SHA for the desired release and update the workflow to use e.g. actions/setup-node@<full-sha> and aws-actions/configure-aws-credentials@<full-sha>; keep the readable `@v4` tag as a commented reference above each action for clarity and document the chosen SHAs in a comment.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/workflows/deploy-dev-test.yml:
- Around line 16-17: Remove the inconsistent spaces before the colon in the
GitHub Actions env keys; update AWS_S3_BUCKET_NAME, AWS_REGION_NAME and
BUILD_DIR to use the same style as CLOUDFRONT_ID and DOCS_BASE_URL (e.g. change
"AWS_S3_BUCKET_NAME :" to "AWS_S3_BUCKET_NAME:"), ensuring all environment
variable keys in the workflow file are uniformly formatted.
- Around line 36-53: The current job clean-docs-folder removes the entire
s3://.../docs/ prefix before deployment, creating downtime; replace the two-step
clean-then-deploy flow with a single deploy job that uses aws s3 sync --delete
to upload the built docs and remove stale files atomically per-file.
Specifically, remove the clean-docs-folder job and merge its AWS
credentials/configure step into the deploy job (the job that currently performs
the upload/sync), then call aws s3 sync /path/to/generated/docs s3://${{
env.AWS_S3_BUCKET_NAME }}/docs/ --delete (preserving any existing
configure-aws-credentials@v4 step and env values) so the deploy job performs
both upload and stale-file cleanup without leaving the prefix empty. Ensure the
step name reflects syncing (e.g., "Sync docs to S3") and keep the same OIDC
credential usage.
- Around line 71-74: In the "create env file" GitHub Actions step, the echo that
writes DOCS_BASE_URL into .env is unquoted and can break if the value contains
spaces or shell-special characters; update the step so the written value is
properly quoted (wrap the right-hand side in quotes when echoing into .env) to
ensure the .env entry remains valid for any DOCS_BASE_URL value.
- Line 18: The workflow currently hardcodes the CloudFront distribution ID via
the CLOUDFRONT_ID variable; move that value to a GitHub Actions
repository/environment secret (e.g., CLOUDFRONT_DISTRIBUTION_ID) and update the
workflow to read it from secrets (similar to AWS_ROLE_ARN) instead of the
literal EILUB1IE9EON0 so the workflow references
secrets.CLOUDFRONT_DISTRIBUTION_ID where CLOUDFRONT_ID is defined/used.
- Line 41: Replace the action versions by updating the action references
aws-actions/configure-aws-credentials@v4, actions/checkout@v4, and
actions/setup-node@v4 to their `@v6` counterparts; locate each occurrence of the
strings "aws-actions/configure-aws-credentials@v4", "actions/checkout@v4" (both
occurrences), and "actions/setup-node@v4" in the workflow and change the tag to
"@v6". Ensure no other parts of the action lines are altered and commit the
updated workflow.
---
Nitpick comments:
In @.github/workflows/deploy-dev-test.yml:
- Around line 63-69: Add npm caching to the GitHub Actions setup-node step:
update the "Set up Node.js" step (uses: actions/setup-node@v4) to include with:
node-version: 20 and cache: 'npm' so dependencies are cached between runs,
leaving the "Install of node dependencies" step (run: npm ci) intact; ensure the
cache key is set by setup-node (cache: 'npm') rather than adding a separate
caching action.
- Line 41: Replace the floating action tags with their full commit SHAs to
harden the supply chain: for each usage of actions/setup-node@v4 and
aws-actions/configure-aws-credentials@v4 (and the other two `@v4` usages), find
the corresponding commit SHA for the desired release and update the workflow to
use e.g. actions/setup-node@<full-sha> and
aws-actions/configure-aws-credentials@<full-sha>; keep the readable `@v4` tag as a
commented reference above each action for clarity and document the chosen SHAs
in a comment.
Comment on lines
+16
to
+17
| AWS_S3_BUCKET_NAME : rpp-landing-test | ||
| AWS_REGION_NAME : eu-central-1 |
There was a problem hiding this comment.
Trailing spaces before colons in env var keys.
AWS_S3_BUCKET_NAME :, AWS_REGION_NAME :, and BUILD_DIR : have a space before the colon, which is inconsistent with CLOUDFRONT_ID: and DOCS_BASE_URL:. While valid YAML, this is a style inconsistency worth cleaning up.
✨ Proposed fix
- AWS_S3_BUCKET_NAME : rpp-landing-test
- AWS_REGION_NAME : eu-central-1
+ AWS_S3_BUCKET_NAME: rpp-landing-test
+ AWS_REGION_NAME: eu-central-1
CLOUDFRONT_ID: EILUB1IE9EON0
- BUILD_DIR : "build/"
+ BUILD_DIR: "build/"Also applies to: 19-19
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/workflows/deploy-dev-test.yml around lines 16 - 17, Remove the
inconsistent spaces before the colon in the GitHub Actions env keys; update
AWS_S3_BUCKET_NAME, AWS_REGION_NAME and BUILD_DIR to use the same style as
CLOUDFRONT_ID and DOCS_BASE_URL (e.g. change "AWS_S3_BUCKET_NAME :" to
"AWS_S3_BUCKET_NAME:"), ensuring all environment variable keys in the workflow
file are uniformly formatted.
| env: | ||
| AWS_S3_BUCKET_NAME : rpp-landing-test | ||
| AWS_REGION_NAME : eu-central-1 | ||
| CLOUDFRONT_ID: EILUB1IE9EON0 |
There was a problem hiding this comment.
Move CLOUDFRONT_ID to a repository/environment secret.
The CloudFront distribution ID (EILUB1IE9EON0) is committed in plain text. While it's not a credential, it's a stable infrastructure identifier that aids enumeration and targeted attacks on your CDN. Store it as a GitHub Actions secret (e.g., secrets.CLOUDFRONT_DISTRIBUTION_ID) alongside AWS_ROLE_ARN.
🔒 Proposed fix
- CLOUDFRONT_ID: EILUB1IE9EON0Reference it directly at the point of use:
- run: aws cloudfront create-invalidation --distribution-id ${{ env.CLOUDFRONT_ID }} --paths "/docs/*"
+ run: aws cloudfront create-invalidation --distribution-id ${{ secrets.CLOUDFRONT_DISTRIBUTION_ID }} --paths "/docs/*"🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/workflows/deploy-dev-test.yml at line 18, The workflow currently
hardcodes the CloudFront distribution ID via the CLOUDFRONT_ID variable; move
that value to a GitHub Actions repository/environment secret (e.g.,
CLOUDFRONT_DISTRIBUTION_ID) and update the workflow to read it from secrets
(similar to AWS_ROLE_ARN) instead of the literal EILUB1IE9EON0 so the workflow
references secrets.CLOUDFRONT_DISTRIBUTION_ID where CLOUDFRONT_ID is
defined/used.
Comment on lines
+36
to
+53
| clean-docs-folder: | ||
| runs-on: ubuntu-latest | ||
| environment: development | ||
| steps: | ||
| - name: Configure AWS credentials (OIDC) | ||
| uses: aws-actions/configure-aws-credentials@v4 | ||
| with: | ||
| role-to-assume: ${{ secrets.AWS_ROLE_ARN }} | ||
| aws-region: ${{ env.AWS_REGION_NAME }} | ||
|
|
||
| - name: Clear docs folder in S3 bucket | ||
| run: | | ||
| if aws s3 ls "s3://${{ env.AWS_S3_BUCKET_NAME }}/docs/" 2>/dev/null; then | ||
| echo "docs/ folder exists, removing it..." | ||
| aws s3 rm s3://${{ env.AWS_S3_BUCKET_NAME }}/docs/ --recursive | ||
| else | ||
| echo "docs/ folder does not exist, nothing to clean." | ||
| fi |
There was a problem hiding this comment.
The clean-then-deploy pattern creates a guaranteed downtime window.
Because clean-docs-folder fully removes /docs/ from S3 before deploy starts, there is a window—spanning the entire build + sync time—where all /docs/* paths return 404. Collapsing both into a single job using aws s3 sync --delete achieves the same stale-file cleanup atomically per-file, without ever leaving the prefix empty.
♻️ Proposed refactor — single deploy job with sync --delete
-jobs:
- clean-docs-folder:
- runs-on: ubuntu-latest
- environment: development
- steps:
- - name: Configure AWS credentials (OIDC)
- uses: aws-actions/configure-aws-credentials@v4
- with:
- role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
- aws-region: ${{ env.AWS_REGION_NAME }}
-
- - name: Clear docs folder in S3 bucket
- run: |
- if aws s3 ls "s3://${{ env.AWS_S3_BUCKET_NAME }}/docs/" 2>/dev/null; then
- echo "docs/ folder exists, removing it..."
- aws s3 rm s3://${{ env.AWS_S3_BUCKET_NAME }}/docs/ --recursive
- else
- echo "docs/ folder does not exist, nothing to clean."
- fi
-
- deploy:
+jobs:
+ deploy:
runs-on: ubuntu-latest
- needs: [clean-docs-folder]
environment: development
steps:
...
- - name: Deploy to AWS S3
- run: aws s3 sync ./${{ env.BUILD_DIR }} s3://${{ env.AWS_S3_BUCKET_NAME }}/docs/
+ - name: Deploy to AWS S3
+ run: aws s3 sync ./${{ env.BUILD_DIR }} s3://${{ env.AWS_S3_BUCKET_NAME }}/docs/ --deleteAlso applies to: 55-89
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/workflows/deploy-dev-test.yml around lines 36 - 53, The current job
clean-docs-folder removes the entire s3://.../docs/ prefix before deployment,
creating downtime; replace the two-step clean-then-deploy flow with a single
deploy job that uses aws s3 sync --delete to upload the built docs and remove
stale files atomically per-file. Specifically, remove the clean-docs-folder job
and merge its AWS credentials/configure step into the deploy job (the job that
currently performs the upload/sync), then call aws s3 sync
/path/to/generated/docs s3://${{ env.AWS_S3_BUCKET_NAME }}/docs/ --delete
(preserving any existing configure-aws-credentials@v4 step and env values) so
the deploy job performs both upload and stale-file cleanup without leaving the
prefix empty. Ensure the step name reflects syncing (e.g., "Sync docs to S3")
and keep the same OIDC credential usage.
| environment: development | ||
| steps: | ||
| - name: Configure AWS credentials (OIDC) | ||
| uses: aws-actions/configure-aws-credentials@v4 |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
# First, let's check the workflow file to confirm the versions mentioned
cat -n .github/workflows/deploy-dev-test.yml | head -100Repository: reportportal/docs
Length of output: 3335
🌐 Web query:
aws-actions/configure-aws-credentials latest version 2026
💡 Result:
Latest release of aws-actions/configure-aws-credentials (as of February 25, 2026) is v6.0.0, released 2026-02-04. It includes a breaking change: the action now uses Node.js 24 and requires GitHub Actions runner v2.327.1+. [1]
Recommended pins:
- Major pin:
uses: aws-actions/configure-aws-credentials@v6 - Exact pin:
uses: aws-actions/configure-aws-credentials@v6.0.0[1]
Sources
[1] GitHub Releases – aws-actions/configure-aws-credentials (shows v6.0.0 as Latest, dated 2026-02-04)
🌐 Web query:
actions/checkout latest major version 2026
💡 Result:
The latest major version of actions/checkout (as of February 25, 2026) is v6, so you should use:
- uses: actions/checkout@v6The latest published release in the v6 line is v6.0.2 (released January 9, 2026). [1][2]
🌐 Web query:
actions/setup-node latest major version 2026
💡 Result:
As of February 25, 2026, the latest major version of actions/setup-node is v6 (latest release shown: v6.2.0), so you should use:
- uses: actions/setup-node@v6[1] [2]
Update action versions from v4 to v6.
All three actions have newer major versions available as of February 2026:
aws-actions/configure-aws-credentials@v4→@v6(v6.0.0, released 2026-02-04; includes breaking change: requires Node.js 24 and GitHub Actions runner v2.327.1+)actions/checkout@v4→@v6(v6.0.2, released 2026-01-09)actions/setup-node@v4→@v6(v6.2.0)
Update all four usages in the workflow (lines 41, 61, 64, 80).
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/workflows/deploy-dev-test.yml at line 41, Replace the action
versions by updating the action references
aws-actions/configure-aws-credentials@v4, actions/checkout@v4, and
actions/setup-node@v4 to their `@v6` counterparts; locate each occurrence of the
strings "aws-actions/configure-aws-credentials@v4", "actions/checkout@v4" (both
occurrences), and "actions/setup-node@v4" in the workflow and change the tag to
"@v6". Ensure no other parts of the action lines are altered and commit the
updated workflow.
Comment on lines
+71
to
+74
| - name: create env file | ||
| run: | | ||
| touch .env | ||
| echo DOCS_BASE_URL=${{ env.DOCS_BASE_URL }} >> .env |
There was a problem hiding this comment.
Quote the value written to .env.
If DOCS_BASE_URL ever contains spaces or shell-special characters, the unquoted echo will produce a malformed .env entry. The current value /docs/ happens to be safe, but quoting is the defensive pattern.
🛡️ Proposed fix
- echo DOCS_BASE_URL=${{ env.DOCS_BASE_URL }} >> .env
+ echo "DOCS_BASE_URL=${{ env.DOCS_BASE_URL }}" >> .env🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/workflows/deploy-dev-test.yml around lines 71 - 74, In the "create
env file" GitHub Actions step, the echo that writes DOCS_BASE_URL into .env is
unquoted and can break if the value contains spaces or shell-special characters;
update the step so the written value is properly quoted (wrap the right-hand
side in quotes when echoing into .env) to ensure the .env entry remains valid
for any DOCS_BASE_URL value.
There was a problem hiding this comment.
♻️ Duplicate comments (4)
.github/workflows/deploy-dev-test.yml (4)
16-17:⚠️ Potential issue | 🟡 MinorNormalize env key formatting for consistency.
AWS_S3_BUCKET_NAME :,AWS_REGION_NAME :, andBUILD_DIR :use a different key style than the rest of the file. Keep one style across all env keys.Suggested cleanup
- AWS_S3_BUCKET_NAME : rpp-landing-testing - AWS_REGION_NAME : eu-central-1 + AWS_S3_BUCKET_NAME: rpp-landing-testing + AWS_REGION_NAME: eu-central-1 CLOUDFRONT_ID: EILUB1IE9EON0 - BUILD_DIR : "build/" + BUILD_DIR: "build/"Also applies to: 19-19
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/deploy-dev-test.yml around lines 16 - 17, The env key formatting is inconsistent: change the keys AWS_S3_BUCKET_NAME, AWS_REGION_NAME and BUILD_DIR to match the rest of the file’s style (remove the space before the colon or add spaces consistently) so all environment entries use the same key:value syntax; update the occurrences of AWS_S3_BUCKET_NAME, AWS_REGION_NAME and BUILD_DIR to the normalized format found elsewhere in the workflow.
71-74:⚠️ Potential issue | 🟡 MinorQuote
.envassignment to avoid shell parsing edge cases.Unquoted echo works for
/docs/today, but breaks more easily if value format changes. Quote the written entry.Suggested fix
- echo DOCS_BASE_URL=${{ env.DOCS_BASE_URL }} >> .env + echo "DOCS_BASE_URL=${{ env.DOCS_BASE_URL }}" >> .env🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/deploy-dev-test.yml around lines 71 - 74, In the "create env file" step update the echo that writes DOCS_BASE_URL so the value is quoted to avoid shell parsing issues; locate the line using echo DOCS_BASE_URL=${{ env.DOCS_BASE_URL }} and change it to emit DOCS_BASE_URL="<value>" (i.e., surround the interpolated ${{ env.DOCS_BASE_URL }} with quotes or use printf to safely write DOCS_BASE_URL="<value>" into .env) so values with slashes, spaces or special chars are preserved.
36-57:⚠️ Potential issue | 🟠 MajorCurrent clean-then-deploy flow creates avoidable docs downtime.
clean-docs-folderemptiesdocs/before build/upload, so/docs/*can return 404 during the whole deploy window. Use a single deploy job withaws s3 sync --deleteinstead.Suggested refactor (single deploy job)
-jobs: - clean-docs-folder: - runs-on: ubuntu-latest - environment: development - steps: - - name: Configure AWS credentials (OIDC) - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: ${{ secrets.AWS_ROLE_ARN }} - aws-region: ${{ env.AWS_REGION_NAME }} - - - name: Clear docs folder in S3 bucket - run: | - if aws s3 ls "s3://${{ env.AWS_S3_BUCKET_NAME }}/docs/" 2>/dev/null; then - echo "docs/ folder exists, removing it..." - aws s3 rm s3://${{ env.AWS_S3_BUCKET_NAME }}/docs/ --recursive - else - echo "docs/ folder does not exist, nothing to clean." - fi - - deploy: +jobs: + deploy: runs-on: ubuntu-latest - needs: [clean-docs-folder] environment: development steps: + - name: Configure AWS credentials (OIDC) + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.AWS_ROLE_ARN }} + aws-region: ${{ env.AWS_REGION_NAME }} ... - - name: Deploy to AWS S3 - run: aws s3 sync ./${{ env.BUILD_DIR }} s3://${{ env.AWS_S3_BUCKET_NAME }}/docs/ + - name: Sync docs to S3 + run: aws s3 sync ./${{ env.BUILD_DIR }} s3://${{ env.AWS_S3_BUCKET_NAME }}/docs/ --deleteAlso applies to: 85-86
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/deploy-dev-test.yml around lines 36 - 57, Remove the separate clean-docs-folder job and its aws s3 rm step and instead perform a single deploy job that configures AWS credentials (aws-actions/configure-aws-credentials@v4) and runs aws s3 sync --delete to atomically sync built docs to s3; update the "deploy" job to no longer need clean-docs-folder, move the Configure AWS credentials step into deploy, and replace any other rm-based cleanup (e.g., the similar block referenced at lines 85-86) with the same aws s3 sync --delete approach so docs are updated without a window of 404s.
18-18:⚠️ Potential issue | 🟠 MajorAvoid hardcoding CloudFront distribution ID in repo.
CLOUDFRONT_IDis an infrastructure identifier committed in plaintext. Move it to a secret and reference the secret directly in invalidation step.Suggested change
- CLOUDFRONT_ID: EILUB1IE9EON0 ... - run: aws cloudfront create-invalidation --distribution-id ${{ env.CLOUDFRONT_ID }} --paths "/docs/*" + run: aws cloudfront create-invalidation --distribution-id ${{ secrets.CLOUDFRONT_DISTRIBUTION_ID }} --paths "/docs/*"Also applies to: 88-89
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/deploy-dev-test.yml at line 18, The workflow currently hardcodes the CloudFront distribution ID via the CLOUDFRONT_ID variable; replace this with a secret reference by removing the plaintext value and referencing the secret (e.g., use secrets.CLOUDFRONT_ID) where the distribution ID is used (the CLOUDFRONT_ID entry and the invalidation step that consumes it), update the invalidation step to read the secret either via env: CLOUDFRONT_ID: ${{ secrets.CLOUDFRONT_ID }} or directly in the step input, and apply the same change to the other occurrences of the distribution ID noted in the file.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Duplicate comments:
In @.github/workflows/deploy-dev-test.yml:
- Around line 16-17: The env key formatting is inconsistent: change the keys
AWS_S3_BUCKET_NAME, AWS_REGION_NAME and BUILD_DIR to match the rest of the
file’s style (remove the space before the colon or add spaces consistently) so
all environment entries use the same key:value syntax; update the occurrences of
AWS_S3_BUCKET_NAME, AWS_REGION_NAME and BUILD_DIR to the normalized format found
elsewhere in the workflow.
- Around line 71-74: In the "create env file" step update the echo that writes
DOCS_BASE_URL so the value is quoted to avoid shell parsing issues; locate the
line using echo DOCS_BASE_URL=${{ env.DOCS_BASE_URL }} and change it to emit
DOCS_BASE_URL="<value>" (i.e., surround the interpolated ${{ env.DOCS_BASE_URL
}} with quotes or use printf to safely write DOCS_BASE_URL="<value>" into .env)
so values with slashes, spaces or special chars are preserved.
- Around line 36-57: Remove the separate clean-docs-folder job and its aws s3 rm
step and instead perform a single deploy job that configures AWS credentials
(aws-actions/configure-aws-credentials@v4) and runs aws s3 sync --delete to
atomically sync built docs to s3; update the "deploy" job to no longer need
clean-docs-folder, move the Configure AWS credentials step into deploy, and
replace any other rm-based cleanup (e.g., the similar block referenced at lines
85-86) with the same aws s3 sync --delete approach so docs are updated without a
window of 404s.
- Line 18: The workflow currently hardcodes the CloudFront distribution ID via
the CLOUDFRONT_ID variable; replace this with a secret reference by removing the
plaintext value and referencing the secret (e.g., use secrets.CLOUDFRONT_ID)
where the distribution ID is used (the CLOUDFRONT_ID entry and the invalidation
step that consumes it), update the invalidation step to read the secret either
via env: CLOUDFRONT_ID: ${{ secrets.CLOUDFRONT_ID }} or directly in the step
input, and apply the same change to the other occurrences of the distribution ID
noted in the file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary by CodeRabbit