-
Notifications
You must be signed in to change notification settings - Fork 0
132 lines (114 loc) · 3.72 KB
/
main.yml
File metadata and controls
132 lines (114 loc) · 3.72 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
name: Build & Deploy
on:
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_VERSION: "20"
S3_BUCKET: "devflowcode.com"
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: npm
- name: Install dependencies
run: npm ci
env:
FONTAWESOME_KEY: ${{ secrets.FONTAWESOME_KEY }}
- name: Build
run: npm run build
- name: List build output
run: ls -la dist/
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: dist
path: dist/
retention-days: 7
deploy:
needs: build
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/main' && github.event_name == 'push'
steps:
- name: Download artifact
uses: actions/download-artifact@v4
with:
name: dist
path: dist/
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
# Static assets (fingerprinted by Vite) — immutable, 1 year
- name: Sync assets to S3
run: |
aws s3 sync dist/assets/ s3://${{ env.S3_BUCKET }}/assets/ \
--cache-control "public, max-age=31536000, immutable" \
--delete
# HTML files — short cache, always revalidate
- name: Sync HTML to S3
run: |
aws s3 sync dist/ s3://${{ env.S3_BUCKET }}/ \
--exclude "*" \
--include "*.html" \
--cache-control "public, max-age=300, must-revalidate"
# Config files — moderate cache
- name: Sync config files to S3
run: |
aws s3 sync dist/ s3://${{ env.S3_BUCKET }}/ \
--exclude "*" \
--include "*.json" \
--include "*.txt" \
--include "*.xml" \
--include "*.ico" \
--cache-control "public, max-age=3600"
# JS/CSS outside assets — immutable
- name: Sync JS/CSS to S3
run: |
aws s3 sync dist/ s3://${{ env.S3_BUCKET }}/ \
--exclude "assets/*" \
--exclude "*.html" \
--include "*.js" \
--include "*.css" \
--cache-control "public, max-age=31536000, immutable"
# Images — 30 day cache
- name: Sync images to S3
run: |
aws s3 sync dist/ s3://${{ env.S3_BUCKET }}/ \
--exclude "assets/*" \
--exclude "*.html" \
--include "*.png" \
--include "*.jpg" \
--include "*.jpeg" \
--include "*.gif" \
--include "*.svg" \
--include "*.webp" \
--include "*.avif" \
--cache-control "public, max-age=2592000"
# Fonts — immutable, 1 year
- name: Sync fonts to S3
run: |
aws s3 sync dist/ s3://${{ env.S3_BUCKET }}/ \
--exclude "assets/*" \
--exclude "*.html" \
--include "*.woff" \
--include "*.woff2" \
--include "*.ttf" \
--include "*.eot" \
--cache-control "public, max-age=31536000, immutable"
# Invalidate CloudFront cache
- name: Invalidate CloudFront
run: |
aws cloudfront create-invalidation \
--distribution-id ${{ secrets.CLOUDFRONT_DISTRIBUTION_ID }} \
--paths "/*" "/*.html" "/index.html"
- name: Deploy complete
run: echo "Deployed at $(date -u)"