Fix cicd (#35)

* bump actions * fix cloudformation template for new s3 reqs * bump cicd infra module * remove public-read acl use * turn on prev/next links theme feature
ntno · Jul 22, 2023 · a6d798d · a6d798d
1 parent 4b90abf
commit a6d798d
Show file tree

Hide file tree

Showing 10 changed files with 23 additions and 15 deletions.
diff --git a/.github/ci/s3-website.yml b/.github/ci/s3-website.yml
@@ -8,8 +8,15 @@ Resources:
   S3Bucket:
     Type: AWS::S3::Bucket
     Properties:
+      OwnershipControls:
+        Rules:
+          - ObjectOwnership: BucketOwnerEnforced
+      PublicAccessBlockConfiguration:
+        BlockPublicAcls: false
+        BlockPublicPolicy: false
+        IgnorePublicAcls: false
+        RestrictPublicBuckets: false
       BucketName: !Ref BucketName
-      AccessControl: PublicRead
       WebsiteConfiguration:
         IndexDocument: index.html
         ErrorDocument: 404.html

diff --git a/.github/workflows/close-pr.yml b/.github/workflows/close-pr.yml
@@ -25,7 +25,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v1
+        uses: aws-actions/configure-aws-credentials@v2.2.0
         with:
           aws-region: us-east-1
           role-to-assume: ${{ secrets.INTEGRATION_IAM_ROLE_ARN }}

diff --git a/.github/workflows/dev-deploy.yml b/.github/workflows/dev-deploy.yml
@@ -74,7 +74,7 @@ jobs:
       - name: Install Buildenv
         uses: ntno/setup-buildenv@v1     
       - name: Build MkDocs
-        uses: ntno/build-mkdocs-composite-action@v4
+        uses: ntno/build-mkdocs-composite-action@v5
         with:
           archive-enabled: true
           version: ${{ inputs.tag }}/${{ inputs.env-vars }}
@@ -117,7 +117,7 @@ jobs:
           echo "deploy-flags=${DRY_RUN} ${SIZE_ONLY_RUN} ${QUIET_RUN}" >> $GITHUB_OUTPUT
       - name: Deploy MkDocs
         id: deploy-mkdocs
-        uses: ntno/deploy-mkdocs-composite-action@v2
+        uses: ntno/deploy-mkdocs-composite-action@v3
         with:         
           version: ${{ inputs.tag }}/${{ inputs.env-vars }}
           env-name: ${{ inputs.env-vars }}

diff --git a/.github/workflows/open-pr.yml b/.github/workflows/open-pr.yml
@@ -28,7 +28,7 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v3
       - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v1
+        uses: aws-actions/configure-aws-credentials@v2.2.0
         with:
           aws-region: us-east-1
           role-to-assume: ${{ secrets.INTEGRATION_IAM_ROLE_ARN }}
@@ -51,8 +51,8 @@ jobs:
                     --on-failure DELETE \
                     --capabilities CAPABILITY_NAMED_IAM
           aws cloudformation wait stack-create-complete --stack-name "${{ env.stack-name }}"
-          aws s3 cp --sse AES256 --acl public-read index.html "s3://${{ env.bucket-name }}/"
-          aws s3 cp --sse AES256 --acl public-read 404.html "s3://${{ env.bucket-name }}/"
+          aws s3 cp --sse AES256 index.html "s3://${{ env.bucket-name }}/"
+          aws s3 cp --sse AES256 404.html "s3://${{ env.bucket-name }}/"
       - name: Comment on PR with Environment URL
         env:
             GH_TOKEN: ${{ github.token }}

diff --git a/.github/workflows/pages-deploy.yml b/.github/workflows/pages-deploy.yml
@@ -58,7 +58,7 @@ jobs:
       - name: Install Buildenv
         uses: ntno/setup-buildenv@v1     
       - name: Build MkDocs
-        uses: ntno/build-mkdocs-composite-action@v4
+        uses: ntno/build-mkdocs-composite-action@v5
         with:
           archive-enabled: true
           version: ${{ inputs.tag }}/${{ inputs.env-vars }}
@@ -83,7 +83,7 @@ jobs:
       - name: Install Buildenv      
         uses: ntno/setup-buildenv@v1
       - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v1
+        uses: aws-actions/configure-aws-credentials@v2.2.0
         with:
           aws-region: us-east-2
           role-to-assume: ${{ secrets.DEVELOPMENT_IAM_ROLE_ARN }}

diff --git a/.github/workflows/pr-deploy.yml b/.github/workflows/pr-deploy.yml
@@ -32,7 +32,7 @@ jobs:
       - name: Install Buildenv
         uses: ntno/setup-buildenv@v1        
       - name: Build PR
-        uses: ntno/build-mkdocs-composite-action@v4
+        uses: ntno/build-mkdocs-composite-action@v5
         with:
           archive-enabled: true
           version: ${{ needs.call-metadata-workflow.outputs.build-tag }}
@@ -55,7 +55,7 @@ jobs:
         uses: ntno/setup-buildenv@v1   
       - name: Deploy PR
         id: deploy-mkdocs
-        uses: ntno/deploy-mkdocs-composite-action@v2
+        uses: ntno/deploy-mkdocs-composite-action@v3
         with:         
           version: ${{ needs.call-metadata-workflow.outputs.build-tag }}
           env-name: dev

diff --git a/.github/workflows/prod-deploy.yml b/.github/workflows/prod-deploy.yml
@@ -74,7 +74,7 @@ jobs:
       - name: Install Buildenv
         uses: ntno/setup-buildenv@v1     
       - name: Build MkDocs
-        uses: ntno/build-mkdocs-composite-action@v4
+        uses: ntno/build-mkdocs-composite-action@v5
         with:
           archive-enabled: true
           version: ${{ inputs.tag }}/${{ inputs.env-vars }}
@@ -117,7 +117,7 @@ jobs:
           echo "deploy-flags=${DRY_RUN} ${SIZE_ONLY_RUN} ${QUIET_RUN}" >> $GITHUB_OUTPUT 
       - name: Deploy MkDocs
         id: deploy-mkdocs
-        uses: ntno/deploy-mkdocs-composite-action@v2
+        uses: ntno/deploy-mkdocs-composite-action@v3
         with:         
           version: ${{ inputs.tag }}/${{ inputs.env-vars }}
           env-name: ${{ inputs.env-vars }}

diff --git a/Makefile b/Makefile
@@ -65,7 +65,7 @@ get-mkdocs-archive: check-env check-region check-version clean check-download-di
 		-xf $(download-directory)docs-site.tar 
 
 deploy-mkdocs: check-env check-region check-bucket-name 
-	aws s3 sync $(DRY_RUN_FLAG) $(QUIET_FLAG) $(SIZE_ONLY_FLAG) --no-progress --sse AES256 --acl public-read ./site/ s3://$(bucket-name)/
+	aws s3 sync $(DRY_RUN_FLAG) $(QUIET_FLAG) $(SIZE_ONLY_FLAG) --no-progress --sse AES256 ./site/ s3://$(bucket-name)/
 
 serve-mkdocs: check-env check-region clean install-requirements
 	eval "$$(buildenv -e $(env) -d $(region))" && \

diff --git a/infra/main.tf b/infra/main.tf
@@ -47,7 +47,7 @@ locals {
 }
 
 module "demo_site_cicd" {
-  source = "git::https://github.com/ntno/tf-module-static-site-cicd?ref=1.1.0"
+  source = "git::https://github.com/ntno/tf-module-static-site-cicd?ref=1.2.0"
 
   artifact_bucket_name = local.artifact_bucket_name
   github_repo          = var.github_repo

diff --git a/mkdocs.yml b/mkdocs.yml
@@ -45,6 +45,7 @@ markdown_extensions:
 theme:
   name: terminal
   features:
+    - footer.prev_next
     - navigation.side.indexes
     - revision.date
     - revision.history