Deploy Docs Preview #4
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy Docs Preview | |
| on: | |
| workflow_run: | |
| workflows: ["Build Docs Preview"] | |
| types: | |
| - completed | |
| jobs: | |
| authorization-check: | |
| if: github.event.workflow_run.conclusion == 'success' | |
| permissions: | |
| contents: read | |
| actions: read | |
| runs-on: ubuntu-latest | |
| outputs: | |
| approval-env: ${{ steps.auth.outputs.result }} | |
| pr_number: ${{ steps.get-pr.outputs.pr_number }} | |
| pr_sha: ${{ steps.get-pr.outputs.pr_sha }} | |
| steps: | |
| - name: Download PR metadata | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: pr-metadata-${{ github.event.workflow_run.pull_requests[0].number }} | |
| path: pr-metadata | |
| run-id: ${{ github.event.workflow_run.id }} | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Get PR info | |
| id: get-pr | |
| run: | | |
| echo "pr_number=$(cat pr-metadata/pr_number)" >> $GITHUB_OUTPUT | |
| echo "pr_sha=$(cat pr-metadata/pr_sha)" >> $GITHUB_OUTPUT | |
| - name: Get PR author | |
| id: get-author | |
| uses: actions/github-script@v8 | |
| with: | |
| result-encoding: string | |
| script: | | |
| const { data: pr } = await github.rest.pulls.get({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| pull_number: ${{ steps.get-pr.outputs.pr_number }}, | |
| }); | |
| return pr.user.login; | |
| - name: Check Authorization | |
| id: auth | |
| uses: strands-agents/devtools/authorization-check@main | |
| with: | |
| username: ${{ steps.get-author.outputs.result }} | |
| allowed-roles: 'write,maintain,admin' | |
| approval-gate: | |
| runs-on: ubuntu-latest | |
| needs: [authorization-check] | |
| if: always() && needs.authorization-check.result == 'success' | |
| environment: ${{ needs.authorization-check.outputs.approval-env }} | |
| steps: | |
| - run: echo "Deployment approved" | |
| deploy: | |
| runs-on: ubuntu-latest | |
| needs: [authorization-check, approval-gate] | |
| if: always() && needs.approval-gate.result == 'success' | |
| permissions: | |
| contents: read | |
| issues: write | |
| pull-requests: write | |
| id-token: write | |
| actions: read | |
| env: | |
| PR_NUMBER: ${{ needs.authorization-check.outputs.pr_number }} | |
| PR_HEAD_SHA: ${{ needs.authorization-check.outputs.pr_sha }} | |
| RUN_ID: ${{ github.run_id }} | |
| AWS_DEPLOY_ROLE: ${{ secrets.STRANDS_DOCS_DEPLOY_ROLE }} | |
| S3_BUCKET: ${{ secrets.STRANDS_DOCS_BUCKET }} | |
| CLOUDFRONT_DISTRIBUTION_ID: ${{ vars.CLOUDFRONT_DISTRIBUTION_ID }} | |
| CLOUDFRONT_DOMAIN: ${{ vars.CLOUDFRONT_DOMAIN }} | |
| steps: | |
| - name: Download build artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: docs-preview-${{ env.PR_NUMBER }} | |
| path: dist | |
| run-id: ${{ github.event.workflow_run.id }} | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v5 | |
| with: | |
| role-to-assume: ${{ env.AWS_DEPLOY_ROLE }} | |
| role-session-name: GitHubActions-Docs-${{ env.RUN_ID }} | |
| aws-region: us-east-1 | |
| mask-aws-account-id: true | |
| - name: Deploy to S3 | |
| run: | | |
| aws s3 sync dist/ s3://${{ env.S3_BUCKET }}/pr-local-cms-${{ env.PR_NUMBER }}/ \ | |
| --cache-control "public, max-age=3600" | |
| - name: Invalidate CloudFront cache for PR preview | |
| run: | | |
| aws cloudfront create-invalidation \ | |
| --distribution-id ${{ env.CLOUDFRONT_DISTRIBUTION_ID }} \ | |
| --invalidation-batch '{"Paths":{"Quantity":1,"Items":["/pr-local-cms-${{ env.PR_NUMBER }}/*"]},"CallerReference":"'$(date +%s)'"}' | |
| - name: Comment on PR (success) | |
| if: success() | |
| uses: actions/github-script@v8 | |
| env: | |
| PREVIEW_URL: https://${{ vars.CLOUDFRONT_DOMAIN }}/pr-local-cms-${{ needs.authorization-check.outputs.pr_number }}/ | |
| with: | |
| script: | | |
| const prNumber = ${{ env.PR_NUMBER }}; | |
| const previewUrl = process.env.PREVIEW_URL; | |
| const comments = await github.rest.issues.listComments({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| issue_number: prNumber, | |
| }); | |
| const botComment = comments.data.find(comment => | |
| comment.user.type === 'Bot' && | |
| comment.body.includes('Documentation Preview') | |
| ); | |
| const body = [ | |
| '## Documentation Preview Ready', | |
| '', | |
| 'Your documentation preview has been successfully deployed!', | |
| '', | |
| `**Preview URL**: ${previewUrl}`, | |
| '', | |
| `_Updated at: ${new Date().toISOString()}_` | |
| ].join('\n'); | |
| if (botComment) { | |
| await github.rest.issues.updateComment({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| comment_id: botComment.id, | |
| body: body | |
| }); | |
| } else { | |
| await github.rest.issues.createComment({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| issue_number: prNumber, | |
| body: body | |
| }); | |
| } | |
| - name: Comment on PR (failure) | |
| if: failure() | |
| uses: actions/github-script@v8 | |
| env: | |
| RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} | |
| with: | |
| script: | | |
| const prNumber = ${{ env.PR_NUMBER }}; | |
| const runUrl = process.env.RUN_URL; | |
| const body = [ | |
| '## Documentation Preview Failed', | |
| '', | |
| `The documentation deployment encountered an error. Please check the [deployment logs](${runUrl}) for more details.` | |
| ].join('\n'); | |
| await github.rest.issues.createComment({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| issue_number: prNumber, | |
| body: body | |
| }); |