Merge pull request #17109 from mozilla/pull-legal-docs #46
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Upload files in assets/product-icons & assets/legal to stage and prod S3 buckets for CDN distribution | |
# | |
# Requirements: | |
# 1. Github OIDC Provider in destination AWS account - https://github.com/aws-actions/configure-aws-credentials | |
# 2. IAM Role with write access to destination bucket paths, scoped to the repository running the action | |
name: "CDN Asset Upload" | |
on: | |
workflow_dispatch: | |
push: | |
branches: | |
- main | |
paths: | |
- 'assets/**/' | |
jobs: | |
Upload-assets-to-CDN: | |
runs-on: ubuntu-latest | |
permissions: | |
id-token: write | |
contents: read | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Configure Stage AWS credentials | |
uses: aws-actions/configure-aws-credentials@master | |
with: | |
aws-region: us-east-1 | |
role-to-assume: arn:aws:iam::142069644989:role/fxa-content-cdn-stage-asset-upload | |
role-session-name: CDNAssetUpload | |
- name: Asset upload to stage CDN S3 bucket | |
run: | | |
aws s3 sync --cache-control 'public,max-age=86400' --exclude "*" --include "*.svg" --include "*.png" assets/product-icons s3://fxa-content-cdn-stage-distbucket-bpquvfnty86g/product-icons | |
aws s3 sync --cache-control 'public,max-age=86400' --exclude "*" --include "*.svg" --include "*.png" assets/other s3://fxa-content-cdn-stage-distbucket-bpquvfnty86g/other | |
aws s3 sync --cache-control 'public,max-age=86400' --exclude "*" --include "*.pdf" --content-disposition attachment assets/legal s3://fxa-content-cdn-stage-distbucket-bpquvfnty86g/legal | |
- name: Configure Production AWS credentials | |
uses: aws-actions/configure-aws-credentials@master | |
with: | |
aws-region: us-west-2 | |
role-to-assume: arn:aws:iam::361527076523:role/fxa-content-cdn-prod-asset-upload | |
role-session-name: CDNAssetUpload | |
- name: Asset upload to production CDN S3 bucket | |
run: | | |
aws s3 sync --cache-control 'public,max-age=86400' --exclude "*" --include "*.svg" --include "*.png" assets/product-icons s3://fxa-content-cdn-prod-distbucket-gqg70i8xqycy/product-icons | |
aws s3 sync --cache-control 'public,max-age=86400' --exclude "*" --include "*.svg" --include "*.png" assets/other s3://fxa-content-cdn-prod-distbucket-gqg70i8xqycy/other | |
aws s3 sync --cache-control 'public,max-age=86400' --exclude "*" --include "*.pdf" --content-disposition attachment assets/legal s3://fxa-content-cdn-prod-distbucket-gqg70i8xqycy/legal | |
- name: Configure Stage GCP credentials | |
uses: google-github-actions/auth@v2 | |
with: | |
service_account: gke-cdn-upload-stage@${{ secrets.GCP_NONPROD_PROJECT_ID }}.iam.gserviceaccount.com | |
workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_POOL_PROJECT_NUMBER }} | |
- name: Asset upload to stage CDN GCS bucket | |
run: | | |
gcloud storage cp --cache-control='public,max-age=86400' -r assets/product-icons/* gs://fxa-content-cdn-stage-distbucket/product-icons/ | |
gcloud storage cp --cache-control='public,max-age=86400' -r assets/other/* gs://fxa-content-cdn-stage-distbucket/other/ | |
gcloud storage cp --cache-control='public,max-age=86400' --content-disposition=attachment -r assets/legal/* gs://fxa-content-cdn-stage-distbucket/legal/ | |
- name: Configure Prod GCP credentials | |
uses: google-github-actions/auth@v2 | |
with: | |
service_account: gke-cdn-upload-prod@${{ secrets.GCP_PROD_PROJECT_ID }}.iam.gserviceaccount.com | |
workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_POOL_PROJECT_NUMBER }} | |
- name: Asset upload to prod CDN GCS bucket | |
run: | | |
gcloud storage cp --cache-control='public,max-age=86400' -r assets/product-icons/* gs://fxa-content-cdn-prod-distbucket/product-icons/ | |
gcloud storage cp --cache-control='public,max-age=86400' -r assets/other/* gs://fxa-content-cdn-prod-distbucket/other/ | |
gcloud storage cp --cache-control='public,max-age=86400' --content-disposition=attachment -r assets/legal/* gs://fxa-content-cdn-prod-distbucket/legal/ | |
- name: "Post to fxa-team Slack channel" | |
uses: slackapi/[email protected] | |
with: | |
channel-id: 'CLV3KMZ8B' | |
slack-message: "New assets have been uploaded to CDN: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" | |
env: | |
SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} |