Only invalidate cloudfront once for restock ops

This commit is contained in:
Max Howell 2024-01-06 07:07:56 -05:00
parent e4872f02d1
commit ce5a5d4054
No known key found for this signature in database
GPG key ID: 741BB84EF5BB9EEC
3 changed files with 34 additions and 1 deletions

View file

@ -37,6 +37,9 @@ on:
complain:
type: boolean
default: false
invalidate-cloudfront:
type: boolean
default: true
secrets:
APPLE_CERTIFICATE_P12: { required: false }
APPLE_CERTIFICATE_P12_PASSWORD: { required: false }
@ -222,7 +225,7 @@ jobs:
--distribution-id ${{ secrets.AWS_CF_DISTRIBUTION_ID }}
--paths
/$DIRNAME/versions.txt
if: ${{ ! inputs.dry-run }}
if: ${{ ! inputs.dry-run && inputs.invalidate-cloudfront }}
complain:
needs: bottle

View file

@ -13,6 +13,9 @@ on:
complain:
type: boolean
default: false
invalidate-cloudfront:
type: boolean
default: true
jobs:
plan:
@ -50,4 +53,5 @@ jobs:
dry-run: ${{ inputs.dry-run }}
tinyname: ${{ matrix.platform.tinyname }}
complain: ${{ inputs.complain }}
invalidate-cloudfront: ${{ inputs.invalidate-cloudfront }}
secrets: inherit

View file

@ -31,4 +31,30 @@ jobs:
issues: write #FIXME we dont want this but I dont think we can alter the way permissions are inherited
with:
pkg: ${{inputs.project}}=${{ matrix.version }}
invalidate-cloudfront: false # we do it all at once below otherwise
secrets: inherit
invalidate-cloudfront:
needs: pkg
runs-on: ubuntu-latest
if: always()
# ^^ not ideal but often <5% builds fail because we have modified the build script
# in a non backward compatible way over time and we still want to invalidate cloudfront
# for most of the builds.
steps:
- uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
# FIXME ideally we would get the exact path list from the above matrix
# but GitHub Actions has no clean way to do that. This is more ideal as
# we dont want to invalidate paths that failed and certainly want to
# avoid invalidations if all failed
- name: invalidate cloudfront
run: aws cloudfront create-invalidation
--distribution-id ${{ secrets.AWS_CF_DISTRIBUTION_ID }}
--paths /${{inputs.project}}/*