mirror of
https://github.com/ghndrx/cdn-gregh-dev.git
synced 2026-02-10 06:44:57 +00:00
Add GitHub Actions workflow and IAM policies
This commit is contained in:
greg
33
.github/workflows/deploy.yaml
vendored
Normal file
33
.github/workflows/deploy.yaml
vendored
Normal file
@@ -0,0 +1,33 @@
|
|||||||
|
name: "☁️ CDN › Deploy"
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches: [ main ]
|
||||||
|
paths:
|
||||||
|
- 'content/**'
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
id-token: write
|
||||||
|
contents: read
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
deploy:
|
||||||
|
name: "📦 Sync to S3"
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- name: "Checkout"
|
||||||
|
uses: actions/checkout@v4
|
||||||
|
|
||||||
|
- name: "Configure AWS Credentials"
|
||||||
|
uses: aws-actions/configure-aws-credentials@v4
|
||||||
|
with:
|
||||||
|
role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
|
||||||
|
aws-region: us-east-1
|
||||||
|
|
||||||
|
- name: "Sync to S3"
|
||||||
|
run: |
|
||||||
|
aws s3 sync content/ s3://${{ secrets.S3_BUCKET_NAME }}/ --delete --cache-control "public, max-age=31536000"
|
||||||
|
|
||||||
|
- name: "Invalidate CloudFront"
|
||||||
|
run: |
|
||||||
|
aws cloudfront create-invalidation --distribution-id ${{ secrets.CLOUDFRONT_DISTRIBUTION_ID }} --paths "/*"
|
||||||
27
terraform/github-role-policy.json
Normal file
27
terraform/github-role-policy.json
Normal file
@@ -0,0 +1,27 @@
|
|||||||
|
{
|
||||||
|
"Version": "2012-10-17",
|
||||||
|
"Statement": [
|
||||||
|
{
|
||||||
|
"Effect": "Allow",
|
||||||
|
"Action": [
|
||||||
|
"s3:PutObject",
|
||||||
|
"s3:GetObject",
|
||||||
|
"s3:DeleteObject",
|
||||||
|
"s3:ListBucket"
|
||||||
|
],
|
||||||
|
"Resource": [
|
||||||
|
"arn:aws:s3:::cdn.cloud.gregh.dev",
|
||||||
|
"arn:aws:s3:::cdn.cloud.gregh.dev/*"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"Effect": "Allow",
|
||||||
|
"Action": [
|
||||||
|
"cloudfront:CreateInvalidation",
|
||||||
|
"cloudfront:GetInvalidation",
|
||||||
|
"cloudfront:ListInvalidations"
|
||||||
|
],
|
||||||
|
"Resource": "arn:aws:cloudfront::471112517070:distribution/E31WM23A8TGWZM"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
20
terraform/github-role-trust-policy.json
Normal file
20
terraform/github-role-trust-policy.json
Normal file
@@ -0,0 +1,20 @@
|
|||||||
|
{
|
||||||
|
"Version": "2012-10-17",
|
||||||
|
"Statement": [
|
||||||
|
{
|
||||||
|
"Effect": "Allow",
|
||||||
|
"Principal": {
|
||||||
|
"Federated": "arn:aws:iam::471112517070:oidc-provider/token.actions.githubusercontent.com"
|
||||||
|
},
|
||||||
|
"Action": "sts:AssumeRoleWithWebIdentity",
|
||||||
|
"Condition": {
|
||||||
|
"StringEquals": {
|
||||||
|
"token.actions.githubusercontent.com:aud": "sts.amazonaws.com"
|
||||||
|
},
|
||||||
|
"StringLike": {
|
||||||
|
"token.actions.githubusercontent.com:sub": "repo:ghndrx/cdn-gregh-dev:*"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user