From a6d798d532614f8f8b9607d4e91e20a8622a34bf Mon Sep 17 00:00:00 2001 From: ntno Date: Sat, 22 Jul 2023 13:05:53 -0400 Subject: [PATCH] Fix cicd (#35) * bump actions * fix cloudformation template for new s3 reqs * bump cicd infra module * remove public-read acl use * turn on prev/next links theme feature --- .github/ci/s3-website.yml | 9 ++++++++- .github/workflows/close-pr.yml | 2 +- .github/workflows/dev-deploy.yml | 4 ++-- .github/workflows/open-pr.yml | 6 +++--- .github/workflows/pages-deploy.yml | 4 ++-- .github/workflows/pr-deploy.yml | 4 ++-- .github/workflows/prod-deploy.yml | 4 ++-- Makefile | 2 +- infra/main.tf | 2 +- mkdocs.yml | 1 + 10 files changed, 23 insertions(+), 15 deletions(-) diff --git a/.github/ci/s3-website.yml b/.github/ci/s3-website.yml index 2e78b34..0f26686 100644 --- a/.github/ci/s3-website.yml +++ b/.github/ci/s3-website.yml @@ -8,8 +8,15 @@ Resources: S3Bucket: Type: AWS::S3::Bucket Properties: + OwnershipControls: + Rules: + - ObjectOwnership: BucketOwnerEnforced + PublicAccessBlockConfiguration: + BlockPublicAcls: false + BlockPublicPolicy: false + IgnorePublicAcls: false + RestrictPublicBuckets: false BucketName: !Ref BucketName - AccessControl: PublicRead WebsiteConfiguration: IndexDocument: index.html ErrorDocument: 404.html diff --git a/.github/workflows/close-pr.yml b/.github/workflows/close-pr.yml index a611bfa..1149953 100644 --- a/.github/workflows/close-pr.yml +++ b/.github/workflows/close-pr.yml @@ -25,7 +25,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1 + uses: aws-actions/configure-aws-credentials@v2.2.0 with: aws-region: us-east-1 role-to-assume: ${{ secrets.INTEGRATION_IAM_ROLE_ARN }} diff --git a/.github/workflows/dev-deploy.yml b/.github/workflows/dev-deploy.yml index ae3d6c3..672a02b 100644 --- a/.github/workflows/dev-deploy.yml +++ b/.github/workflows/dev-deploy.yml @@ -74,7 +74,7 @@ jobs: - name: Install Buildenv uses: ntno/setup-buildenv@v1 - name: Build MkDocs - uses: ntno/build-mkdocs-composite-action@v4 + uses: ntno/build-mkdocs-composite-action@v5 with: archive-enabled: true version: ${{ inputs.tag }}/${{ inputs.env-vars }} @@ -117,7 +117,7 @@ jobs: echo "deploy-flags=${DRY_RUN} ${SIZE_ONLY_RUN} ${QUIET_RUN}" >> $GITHUB_OUTPUT - name: Deploy MkDocs id: deploy-mkdocs - uses: ntno/deploy-mkdocs-composite-action@v2 + uses: ntno/deploy-mkdocs-composite-action@v3 with: version: ${{ inputs.tag }}/${{ inputs.env-vars }} env-name: ${{ inputs.env-vars }} diff --git a/.github/workflows/open-pr.yml b/.github/workflows/open-pr.yml index d40e247..92e5662 100644 --- a/.github/workflows/open-pr.yml +++ b/.github/workflows/open-pr.yml @@ -28,7 +28,7 @@ jobs: - name: Checkout uses: actions/checkout@v3 - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1 + uses: aws-actions/configure-aws-credentials@v2.2.0 with: aws-region: us-east-1 role-to-assume: ${{ secrets.INTEGRATION_IAM_ROLE_ARN }} @@ -51,8 +51,8 @@ jobs: --on-failure DELETE \ --capabilities CAPABILITY_NAMED_IAM aws cloudformation wait stack-create-complete --stack-name "${{ env.stack-name }}" - aws s3 cp --sse AES256 --acl public-read index.html "s3://${{ env.bucket-name }}/" - aws s3 cp --sse AES256 --acl public-read 404.html "s3://${{ env.bucket-name }}/" + aws s3 cp --sse AES256 index.html "s3://${{ env.bucket-name }}/" + aws s3 cp --sse AES256 404.html "s3://${{ env.bucket-name }}/" - name: Comment on PR with Environment URL env: GH_TOKEN: ${{ github.token }} diff --git a/.github/workflows/pages-deploy.yml b/.github/workflows/pages-deploy.yml index ae22db3..c135f7a 100644 --- a/.github/workflows/pages-deploy.yml +++ b/.github/workflows/pages-deploy.yml @@ -58,7 +58,7 @@ jobs: - name: Install Buildenv uses: ntno/setup-buildenv@v1 - name: Build MkDocs - uses: ntno/build-mkdocs-composite-action@v4 + uses: ntno/build-mkdocs-composite-action@v5 with: archive-enabled: true version: ${{ inputs.tag }}/${{ inputs.env-vars }} @@ -83,7 +83,7 @@ jobs: - name: Install Buildenv uses: ntno/setup-buildenv@v1 - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1 + uses: aws-actions/configure-aws-credentials@v2.2.0 with: aws-region: us-east-2 role-to-assume: ${{ secrets.DEVELOPMENT_IAM_ROLE_ARN }} diff --git a/.github/workflows/pr-deploy.yml b/.github/workflows/pr-deploy.yml index ca5aee5..801821b 100644 --- a/.github/workflows/pr-deploy.yml +++ b/.github/workflows/pr-deploy.yml @@ -32,7 +32,7 @@ jobs: - name: Install Buildenv uses: ntno/setup-buildenv@v1 - name: Build PR - uses: ntno/build-mkdocs-composite-action@v4 + uses: ntno/build-mkdocs-composite-action@v5 with: archive-enabled: true version: ${{ needs.call-metadata-workflow.outputs.build-tag }} @@ -55,7 +55,7 @@ jobs: uses: ntno/setup-buildenv@v1 - name: Deploy PR id: deploy-mkdocs - uses: ntno/deploy-mkdocs-composite-action@v2 + uses: ntno/deploy-mkdocs-composite-action@v3 with: version: ${{ needs.call-metadata-workflow.outputs.build-tag }} env-name: dev diff --git a/.github/workflows/prod-deploy.yml b/.github/workflows/prod-deploy.yml index cfb4b47..f787459 100644 --- a/.github/workflows/prod-deploy.yml +++ b/.github/workflows/prod-deploy.yml @@ -74,7 +74,7 @@ jobs: - name: Install Buildenv uses: ntno/setup-buildenv@v1 - name: Build MkDocs - uses: ntno/build-mkdocs-composite-action@v4 + uses: ntno/build-mkdocs-composite-action@v5 with: archive-enabled: true version: ${{ inputs.tag }}/${{ inputs.env-vars }} @@ -117,7 +117,7 @@ jobs: echo "deploy-flags=${DRY_RUN} ${SIZE_ONLY_RUN} ${QUIET_RUN}" >> $GITHUB_OUTPUT - name: Deploy MkDocs id: deploy-mkdocs - uses: ntno/deploy-mkdocs-composite-action@v2 + uses: ntno/deploy-mkdocs-composite-action@v3 with: version: ${{ inputs.tag }}/${{ inputs.env-vars }} env-name: ${{ inputs.env-vars }} diff --git a/Makefile b/Makefile index 1e502f1..7d1a24b 100644 --- a/Makefile +++ b/Makefile @@ -65,7 +65,7 @@ get-mkdocs-archive: check-env check-region check-version clean check-download-di -xf $(download-directory)docs-site.tar deploy-mkdocs: check-env check-region check-bucket-name - aws s3 sync $(DRY_RUN_FLAG) $(QUIET_FLAG) $(SIZE_ONLY_FLAG) --no-progress --sse AES256 --acl public-read ./site/ s3://$(bucket-name)/ + aws s3 sync $(DRY_RUN_FLAG) $(QUIET_FLAG) $(SIZE_ONLY_FLAG) --no-progress --sse AES256 ./site/ s3://$(bucket-name)/ serve-mkdocs: check-env check-region clean install-requirements eval "$$(buildenv -e $(env) -d $(region))" && \ diff --git a/infra/main.tf b/infra/main.tf index e66d8d2..c94d987 100644 --- a/infra/main.tf +++ b/infra/main.tf @@ -47,7 +47,7 @@ locals { } module "demo_site_cicd" { - source = "git::https://github.com/ntno/tf-module-static-site-cicd?ref=1.1.0" + source = "git::https://github.com/ntno/tf-module-static-site-cicd?ref=1.2.0" artifact_bucket_name = local.artifact_bucket_name github_repo = var.github_repo diff --git a/mkdocs.yml b/mkdocs.yml index c98cf02..adc6cde 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -45,6 +45,7 @@ markdown_extensions: theme: name: terminal features: + - footer.prev_next - navigation.side.indexes - revision.date - revision.history