name: 'guardian/actions-static-site' description: 'Deploy a Guardian static site.' inputs: app: description: 'App name (pattern: [a-zA-Z-]+).' required: true domain: description: A Guardian-owned domain. [name].gutools.co.uk is recommended. required: true artifact: description: 'Name of artifact containing the static site. Should be uploaded in an earlier workflow step.' required: false default: 'artifact' roleArn: description: "Role to use for writing to Riffraff's AWS bucket (typically org secret of same name)." required: true githubToken: description: "A GitHub token scoped to allow pull request commenting" required: true dryRun: description: 'If set to true, will not upload Riffraff artifact.' default: false runs: # Note composite steps do not have direct access to secrets, or inputs (via # env) so need to be passed them explicitly :(. Sad times I know. using: 'composite' steps: - name: CDK synth shell: bash run: | cd ${{github.action_path}} ls -hal node index.js env: INPUT_APP: ${{ inputs.app }} INPUT_DOMAIN: ${{ inputs.domain }} INPUT_ARTIFACT: ${{ inputs.artifact }} INPUT_DRYRUN: ${{ inputs.dryRun}} INPUT_ACTIONS_RUNTIME_TOKEN: ${ github.token } - uses: actions/download-artifact@v4 with: name: ${{ inputs.artifact }} path: site - name: Display structure of downloaded files shell: bash run: ls -R working-directory: site - uses: guardian/actions-riff-raff@v4 with: app: ${{ inputs.app }} roleArn: ${{ inputs.roleArn }} githubToken: ${{ inputs.githubToken }} dryRun: ${{ inputs.dryRun }} contentDirectories: | cfn: [${{github.action_path}}/cfn.json] static-site-assets: [site] config: | stacks: - deploy regions: - eu-west-1 allowedStages: - PROD deployments: cfn: type: cloud-formation app: ${{ inputs.app }} parameters: templatePath: cfn.json static-site-assets: type: aws-s3 app: ${{ inputs.domain }} # A hack to prefix uploads with the domain. parameters: cacheControl: private publicReadAcl: false bucket: deploy-infra-actions-static-site-i-staticd8c87b36-jyufgyb0llkj # TODO replace with SSM param once possible. prefixApp: true # See comment on `app` above. prefixStack: false prefixStage: false dependencies: - cfn commentingStage: PROD