pantry/.github/workflows/restock.yml

61 lines
1.9 KiB
YAML
Raw Normal View History

2023-12-29 11:24:37 +03:00
name: restock pkg inventory
run-name: restocking ${{ inputs.project }}
on:
workflow_dispatch:
inputs:
project:
description: a single project, eg. `foo.com`
required: true
type: string
jobs:
ingest:
runs-on: ubuntu-latest
outputs:
2023-12-29 11:28:03 +03:00
versions: ${{ steps.inventory.outputs.versions }}
steps:
- uses: pkgxdev/setup@v2
- uses: actions/checkout@v4
2023-12-29 11:24:37 +03:00
- run: ./.github/scripts/inventory.ts ${{ inputs.project }}
2023-12-29 11:28:03 +03:00
id: inventory
pkg:
needs: ingest
strategy:
fail-fast: false
matrix:
version: ${{ fromJSON(needs.ingest.outputs.versions) }}
uses: ./.github/workflows/pkg.yml
permissions:
issues: write #FIXME we dont want this but I dont think we can alter the way permissions are inherited
with:
pkg: ${{inputs.project}}=${{ matrix.version }}
invalidate-cloudfront: false # we do it all at once below otherwise
secrets: inherit
invalidate-cloudfront:
needs: pkg
runs-on: ubuntu-latest
if: always()
# ^^ not ideal but often <5% builds fail because we have modified the build script
# in a non backward compatible way over time and we still want to invalidate cloudfront
# for most of the builds.
steps:
- uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
# FIXME ideally we would get the exact path list from the above matrix
# but GitHub Actions has no clean way to do that. This is more ideal as
# we dont want to invalidate paths that failed and certainly want to
# avoid invalidations if all failed
- name: invalidate cloudfront
run: aws cloudfront create-invalidation
--distribution-id ${{ secrets.AWS_CF_DISTRIBUTION_ID }}
--paths /${{inputs.project}}/*