# Copyright (c) 2024 Jonah Aragon # Permission is hereby granted, free of charge, to any person obtaining a copy # of this software and associated documentation files (the "Software"), to # deal in the Software without restriction, including without limitation the # rights to use, copy, modify, merge, publish, distribute, sublicense, and/or # sell copies of the Software, and to permit persons to whom the Software is # furnished to do so, subject to the following conditions: # The above copyright notice and this permission notice shall be included in # all copies or substantial portions of the Software. # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, # FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING # FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS # IN THE SOFTWARE. name: Deploy Website Build on: workflow_call: inputs: netlify_preview: type: boolean netlify_alias: type: string netlify_production: type: boolean github_pages: type: boolean bunnycdn_production: type: boolean minio_production: type: boolean outputs: netlify_preview_address: value: ${{ jobs.netlify_preview.outputs.address }} secrets: NETLIFY_TOKEN: PROD_BUNNYCDN_API_KEY: PROD_BUNNYCDN_PASSWORD: PROD_MINIO_KEY_ID: PROD_MINIO_SECRET_KEY: jobs: netlify_preview: if: inputs.netlify_preview runs-on: ubuntu-latest permissions: contents: read outputs: address: ${{ steps.address.outputs.address }} steps: - uses: actions/download-artifact@v4 with: pattern: site-build-* merge-multiple: true - run: | for file in *.tar.gz; do tar -zxf "$file"; done wget https://raw.githubusercontent.com/privacyguides/privacyguides.org/main/netlify.toml ls -la site/ - uses: actions/setup-node@v4 - run: | npm install netlify-cli -g - if: inputs.netlify_preview name: Limit length of Netlify alias to 12 run: echo "SHORT_ALIAS=`echo ${{ inputs.netlify_alias }} | cut -c1-12`" >> $GITHUB_ENV - if: inputs.netlify_preview id: deployment env: NETLIFY_SITE_ID: ${{ vars.NETLIFY_SITE }} NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_TOKEN }} run: | netlify deploy --dir=site --alias=${{ env.SHORT_ALIAS }} echo "DEPLOYED_ADDRESS=https://${{ env.SHORT_ALIAS }}--${{ vars.NETLIFY_SITE }}.netlify.app/" >> "$GITHUB_ENV" - id: address run: | echo "address=$DEPLOYED_ADDRESS" >> "$GITHUB_OUTPUT" netlify_production: if: inputs.netlify_production runs-on: ubuntu-latest permissions: contents: read environment: name: production url: https://illustrious-bavarois-56cf30.netlify.app/ steps: - uses: actions/download-artifact@v4 with: pattern: site-build-* merge-multiple: true - run: | for file in *.tar.gz; do tar -zxf "$file"; done wget https://raw.githubusercontent.com/privacyguides/privacyguides.org/main/netlify.toml ls -la site/ - uses: actions/setup-node@v4 - run: | npm install netlify-cli -g - id: prod_deployment env: NETLIFY_SITE_ID: ${{ vars.PROD_NETLIFY_SITE }} NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_TOKEN }} run: | netlify deploy --dir=site --prod-if-unlocked github_pages: if: inputs.github_pages runs-on: ubuntu-latest concurrency: group: "pages" environment: name: github-pages url: ${{ steps.deployment.outputs.page_url }} # Grant GITHUB_TOKEN the permissions required to make a Pages deployment permissions: contents: read pages: write # to deploy to Pages id-token: write # to verify the deployment originates from an appropriate source steps: - uses: actions/configure-pages@v5 - uses: actions/download-artifact@v4 with: pattern: site-build-* merge-multiple: true - run: | for file in *.tar.gz; do tar -zxf "$file"; done ls -la site/ - uses: 1arp/create-a-file-action@0.4.4 with: path: site file: index.html content: | Redirecting to English site... - uses: actions/upload-pages-artifact@v3 with: path: site - id: deployment uses: actions/deploy-pages@main bunnycdn_production: if: inputs.bunnycdn_production runs-on: ubuntu-latest permissions: contents: read environment: name: production url: https://privacyguides-org-production.b-cdn.net steps: - uses: actions/download-artifact@v4 with: pattern: site-build-* merge-multiple: true - run: | for file in *.tar.gz; do tar -zxf "$file"; done ls -la site/ - uses: own3d/bunny-action@bfaa5c6bc8b7a7ebd599ddd4912347d7c3847e78 env: BUNNY_API_ACCESS_KEY: ${{ secrets.PROD_BUNNYCDN_API_KEY }} BUNNY_STORAGE_HOSTNAME: storage.bunnycdn.com BUNNY_STORAGE_USERNAME: ${{ vars.PROD_BUNNYCDN_USER }} BUNNY_STORAGE_PASSWORD: ${{ secrets.PROD_BUNNYCDN_PASSWORD }} BUNNY_PULL_ZONE_ID: 2117106 with: args: deploy --dir=site minio_production: if: inputs.minio_production runs-on: ubuntu-latest permissions: contents: read environment: name: production url: https://privacyguides-org-production.stor1-minio.jonaharagon.net steps: - uses: actions/download-artifact@v4 with: pattern: site-build-* merge-multiple: true - run: | for file in *.tar.gz; do tar -zxf "$file"; done ls -la site/ - uses: jakejarvis/s3-sync-action@master with: args: --acl public-read --follow-symlinks --delete env: SOURCE_DIR: "site/" AWS_S3_BUCKET: ${{ vars.PROD_MINIO_BUCKET }} AWS_S3_ENDPOINT: ${{ vars.PROD_MINIO_HOSTNAME }} AWS_ACCESS_KEY_ID: ${{ secrets.PROD_MINIO_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.PROD_MINIO_SECRET_KEY }}