Public Reference Architecture Release

.github/actions/build-website/action.yml

@@ -0,0 +1,108 @@
+name: Build Cloud Posse Docs
+inputs:
+  aws_region:
+    description: "AWS Region for credentials"
+    required: true
+  iam_role_arn:
+    description: "IAM Role ARN with access to S3 bucket origin"
+    required: true
+  iam_role_session_name:
+    description: "Session name to use to assume access to S3 bucket origin"
+    default: "cloudposse-docs-ci"
+  google_tag_manager:
+    description: "Google Tag Manager"
+    default: "GTM-ABCD123"
+  google_site_verification_id:
+    description: "Google Site verification ID"
+    default: "preview-github"
+  repo_access_token:
+    description: "GitHub Token used to access private repos"
+    required: true
+
+runs:
+  using: composite
+  steps:
+    # https://github.com/marketplace/actions/configure-aws-credentials-action-for-github-actions
+    - name: Configure AWS Credentials
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        aws-region: ${{ inputs.aws_region }}
+        role-to-assume: ${{ inputs.iam_role_arn }}
+        role-session-name: ${{ inputs.iam_role_session_name }}
+
+    - name: Checkout Repository
+      uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+
+    - name: Setup Node
+      uses: actions/setup-node@v4
+      with:
+        node-version-file: ".nvmrc"
+
+    - name: "Checkout 'terraform-aws-components' Repository"
+      uses: actions/checkout@v4
+      with:
+        fetch-depth: 1
+        repository: cloudposse/terraform-aws-components
+        ref: main
+        path: tmp/components/terraform-aws-components
+
+    - name: "Setup Python"
+      uses: actions/setup-python@v5
+      with:
+        python-version: '3.10'
+        cache: 'pip'
+
+    - name: Cache rendered content
+      if: ${{ !contains(github.event.*.labels.*.name, 'no-cache') }}
+      uses: actions/cache@v4
+      with:
+        path: |
+          .build-harness
+          .cache
+        key: "build-website-cache" # Set same key to restore cache in all jobs
+
+    - name: "Initialize Build Harness"
+      shell: bash
+      run: |
+        make init
+
+    - name: "Install Python Dependencies"
+      shell: bash
+      run: |
+        pip install -r scripts/docs-collator/requirements.txt
+
+    - name: "Install terraform-docs"
+      uses: jaxxstorm/[email protected]
+      with:
+        repo: terraform-docs/terraform-docs
+        tag: v0.18.0
+        cache: enable
+
+    - name: "Render Documentation for Terraform Components"
+      shell: bash
+      run: |
+        ./scripts/render-docs-for-components.sh
+
+    - name: "Render Documentation for Terraform Modules"
+      shell: bash
+      env:
+        PUBLIC_REPO_ACCESS_TOKEN: ${{ inputs.repo_access_token }}
+      run: |
+        ./scripts/render-docs-for-modules.sh
+
+    - name: "Render Documentation for GitHub Actions"
+      shell: bash
+      env:
+        PUBLIC_REPO_ACCESS_TOKEN: ${{ inputs.repo_access_token }}
+      run: |
+        ./scripts/render-docs-for-github-actions.sh
+
+    - name: Install Dependencies and Build Website
+      shell: bash
+      env:
+        GOOGLE_TAG_MANAGER: ${{ inputs.google_tag_manager }}
+        GOOGLE_SITE_VERIFICATION_ID: ${{ inputs.google_site_verification_id }}
+      run: |
+        make build-production

.github/workflows/website-deploy-preview.yml

@@ -1,13 +1,16 @@
-name: "Website Deploy Preview"
+name: "🚀 Docs Preview"
 
 on:
   workflow_dispatch:
 
-  pull_request:
+  pull_request_target:
     types:
       - opened
       - synchronize
       - reopened
+    branches:
+      - 'master'
+      - 'main'
 
 env:
   AWS_REGION: us-east-2
@@ -27,76 +30,26 @@ permissions:
   contents: read
 
 jobs:
-  website-deploy-preview:
-    # Do not deploy the website to the preview environment if the PR has the label 'website-no-deploy'
-    if: ${{ !contains(github.event.*.labels.*.name, 'website-no-deploy') }}
-
+  deploy:
     runs-on: ubuntu-latest
 
     environment:
       name: preview
       url: https://${{ env.DEPLOYMENT_HOST }}
 
     steps:
-      # https://github.com/marketplace/actions/configure-aws-credentials-action-for-github-actions
-      - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v1
-        with:
-          aws-region: ${{ env.AWS_REGION }}
-          role-to-assume: ${{ env.IAM_ROLE_ARN }}
-          role-session-name: ${{ env.IAM_ROLE_SESSION_NAME }}
-
       - name: Checkout Repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
-      - name: Setup Node
-        uses: actions/setup-node@v3
-        with:
-          node-version-file: ".nvmrc"
-
-      - name: "Checkout 'terraform-aws-components' Repository"
-        uses: actions/checkout@v3
+      - name: Build Website
+        uses: ./.github/actions/build-website
         with:
-          fetch-depth: 1
-          repository: cloudposse/terraform-aws-components
-          ref: main
-          path: tmp/components/terraform-aws-components
-
-      - name: "Setup Python"
-        uses: actions/setup-python@v4
-        with:
-          python-version: '3.10'
-
-      - name: "Install Python Dependencies"
-        run: |
-          make init
-          pip install -r scripts/docs-collator/requirements.txt
-
-      - name: "Render Documentation for Terraform Components"
-        run: |
-          ./scripts/render-docs-for-components.sh
-
-      - name: "Render Documentation for Terraform Modules"
-        env:
-          PUBLIC_REPO_ACCESS_TOKEN: ${{ secrets.REPO_ACCESS_TOKEN }}
-        run: |
-          ./scripts/render-docs-for-modules.sh
-
-      - name: "Render Documentation for GitHub Actions"
-        env:
-          PUBLIC_REPO_ACCESS_TOKEN: ${{ secrets.REPO_ACCESS_TOKEN }}
-        run: |
-          ./scripts/render-docs-for-github-actions.sh
-
-      - name: Install Dependencies and Build Website
-        env:
-          GOOGLE_TAG_MANAGER: ${{ env.GOOGLE_TAG_MANAGER }}
-          GOOGLE_SITE_VERIFICATION_ID: ${{ env.GOOGLE_SITE_VERIFICATION_ID }}
-        run: |
-          make init
-          make build-production
+          aws_region: ${{ env.AWS_REGION }}
+          iam_role_arn: ${{ env.IAM_ROLE_ARN }}
+          iam_role_session_name: ${{ env.IAM_ROLE_SESSION_NAME }}
+          repo_access_token: ${{ secrets.REPO_ACCESS_TOKEN }}
 
       - name: Copy Website to S3 Bucket PR Folder
         run: |

.github/workflows/website-deploy-release.yml

@@ -1,4 +1,4 @@
-name: "Website Deploy Release"
+name: "🚀 Docs Release"
 
 on:
   workflow_dispatch:
@@ -10,20 +10,49 @@ on:
     types:
       - published
 
+env:
+  AWS_REGION: us-east-2
+  IAM_ROLE_ARN: arn:aws:iam::557075604627:role/cplive-plat-ue2-prod-cloudposse-docs-gha
+  IAM_ROLE_SESSION_NAME: cloudposse-docs-ci-deploy-release
+  S3_BUCKET_NAME: cplive-plat-ue2-prod-cloudposse-docs-origin
+  DEPLOYMENT_HOST: docs.cloudposse.com
+  ALGOLIA_INDEX_NAME: docs.cloudposse.com
+  ALGOLIA_APP_ID: 32YOERUX83
+  GOOGLE_TAG_MANAGER: GTM-WQWH2XV
+  GOOGLE_SITE_VERIFICATION_ID: uY7FoBLCwsBfMMXefHxUz3lvHjZuWyURCIgpA-ia3_g
+
+# These permissions are needed to interact with the GitHub's OIDC Token endpoint
+permissions:
+  id-token: write
+  contents: read
+
 jobs:
-  trigger_documentation_deployment:
+  deploy:
     runs-on: ubuntu-latest
 
     environment:
-      name: production
-      url: https://docs.cloudposse.com
+      name: staging
+      url: https://${{ env.DEPLOYMENT_HOST }}
 
     steps:
-      - name: Trigger Documentation Deployment
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Build Website
+        uses: ./.github/actions/build-website
+        with:
+          aws_region: ${{ env.AWS_REGION }}
+          iam_role_arn: ${{ env.IAM_ROLE_ARN }}
+          iam_role_session_name: ${{ env.IAM_ROLE_SESSION_NAME }}
+          google_tag_manager: ${{ env.GOOGLE_TAG_MANAGER }}
+          google_site_verification_id: ${{ env.GOOGLE_SITE_VERIFICATION_ID }}
+          repo_access_token: ${{ secrets.REPO_ACCESS_TOKEN }}
+
+      - name: Copy Website to S3 Bucket
         run: |
-          curl \
-            -X POST \
-            -H "Authorization: Bearer ${{ secrets.TRIGGER_DOCS_REDEPLOY_WORKFLOW_REFARCH }}" \
-            -H "Accept: application/vnd.github.everest-preview+json" \
-            https://api.github.com/repos/cloudposse/refarch-scaffold/dispatches \
-            -d '{"event_type": "redeploy_documentation"}'
+          cd build
+          aws sts get-caller-identity
+          aws s3 sync . s3://${{ env.S3_BUCKET_NAME }} --delete --exclude "pr-*"
+          aws s3 ls s3://${{ env.S3_BUCKET_NAME }}/ --recursive --human-readable --summarize

.github/workflows/website-deploy-staging-preview.yml

@@ -0,0 +1,61 @@
+name: "🚧 Staging Preview"
+
+on:
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+    branches:
+      - 'staging'
+
+env:
+  AWS_REGION: us-east-2
+  IAM_ROLE_ARN: arn:aws:iam::675539733138:role/cplive-plat-ue2-staging-cloudposse-docs-gha
+  IAM_ROLE_SESSION_NAME: cloudposse-docs-ci-deploy-pr-${{ github.event.pull_request.number }}
+  S3_BUCKET_NAME: cplive-plat-ue2-staging-cloudposse-docs-origin
+  PR_NUMBER: ${{ github.event.pull_request.number }}
+  DEPLOYMENT_HOST: pr-${{ github.event.pull_request.number }}.cloudposse-docs.ue2.staging.plat.cloudposse.org
+  ALGOLIA_INDEX_NAME: docs-preview.cloudposse.com
+  ALGOLIA_APP_ID: 32YOERUX83
+
+# These permissions are needed to interact with the GitHub's OIDC Token endpoint
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+
+    environment:
+      name: preview
+      url: https://${{ env.DEPLOYMENT_HOST }}
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Build Website
+        uses: ./.github/actions/build-website
+        with:
+          aws_region: ${{ env.AWS_REGION }}
+          iam_role_arn: ${{ env.IAM_ROLE_ARN }}
+          iam_role_session_name: ${{ env.IAM_ROLE_SESSION_NAME }}
+          repo_access_token: ${{ secrets.REPO_ACCESS_TOKEN }}
+
+      - name: Copy Website to S3 Bucket PR Folder
+        run: |
+          cd build
+          aws sts get-caller-identity
+          aws s3 sync . s3://${{ env.S3_BUCKET_NAME }}/pr-${{ env.PR_NUMBER }}/ --delete
+          aws s3 ls s3://${{ env.S3_BUCKET_NAME }}/pr-${{ env.PR_NUMBER }}/ --recursive --human-readable --summarize
+
+      - name: ReIndex with Algolia
+        if: ${{ contains(github.event.*.labels.*.name, 'reindex') }}
+        env:
+          ALGOLIA_SCRAPER_API_KEY: ${{ secrets.ALGOLIA_SCRAPER_API_KEY }}
+        run: |
+          ./algolia/reindex.sh

.github/workflows/website-deploy-staging-release.yml

@@ -0,0 +1,55 @@
+name: "🚧 Staging Release"
+
+on:
+  workflow_dispatch:
+
+  push:
+    branches:
+      - "staging"
+
+env:
+  AWS_REGION: us-east-2
+  IAM_ROLE_ARN: arn:aws:iam::675539733138:role/cplive-plat-ue2-staging-cloudposse-docs-gha
+  IAM_ROLE_SESSION_NAME: cloudposse-docs-ci-deploy-staging
+  S3_BUCKET_NAME: cplive-plat-ue2-staging-cloudposse-docs-origin
+  DEPLOYMENT_HOST: cloudposse-docs.ue2.staging.plat.cloudposse.org
+  ALGOLIA_INDEX_NAME: cloudposse-docs.ue2.staging.plat.cloudposse.org
+  ALGOLIA_APP_ID: 32YOERUX83
+  GOOGLE_TAG_MANAGER: GTM-ABCD123
+  GOOGLE_SITE_VERIFICATION_ID: staging-github
+
+# These permissions are needed to interact with the GitHub's OIDC Token endpoint
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+
+    environment:
+      name: staging
+      url: https://${{ env.DEPLOYMENT_HOST }}
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Build Website
+        uses: ./.github/actions/build-website
+        with:
+          aws_region: ${{ env.AWS_REGION }}
+          iam_role_arn: ${{ env.IAM_ROLE_ARN }}
+          iam_role_session_name: ${{ env.IAM_ROLE_SESSION_NAME }}
+          google_tag_manager: ${{ env.GOOGLE_TAG_MANAGER }}
+          google_site_verification_id: ${{ env.GOOGLE_SITE_VERIFICATION_ID }}
+          repo_access_token: ${{ secrets.REPO_ACCESS_TOKEN }}
+
+      - name: Copy Website to S3 Bucket
+        run: |
+          cd build
+          aws sts get-caller-identity
+          aws s3 sync . s3://${{ env.S3_BUCKET_NAME }} --delete --exclude "pr-*"
+          aws s3 ls s3://${{ env.S3_BUCKET_NAME }}/ --recursive --human-readable --summarize