ivabus/pantry
1
0
Fork 0
mirror of https://github.com/ivabus/pantry synced 2024-11-22 08:25:07 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

Only invalidate cloudfront once for restock ops

Browse source
This commit is contained in:
Max Howell 2024-01-06 07:07:56 -05:00
parent e4872f02d1
commit ce5a5d4054
No known key found for this signature in database
GPG key ID: 741BB84EF5BB9EEC
3 changed files with 34 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
.github/workflows/pkg-platform.yml vendored
View file

@ -37,6 +37,9 @@ on:
complain: complain:
type: boolean type: boolean
default: false default: false
invalidate-cloudfront:
type: boolean
default: true
secrets: secrets:
APPLE_CERTIFICATE_P12: { required: false } APPLE_CERTIFICATE_P12: { required: false }
APPLE_CERTIFICATE_P12_PASSWORD: { required: false } APPLE_CERTIFICATE_P12_PASSWORD: { required: false }
@ -222,7 +225,7 @@ jobs:
--distribution-id ${{ secrets.AWS_CF_DISTRIBUTION_ID }} --distribution-id ${{ secrets.AWS_CF_DISTRIBUTION_ID }}
--paths --paths
/$DIRNAME/versions.txt /$DIRNAME/versions.txt
if: ${{ ! inputs.dry-run }} if: ${{ ! inputs.dry-run && inputs.invalidate-cloudfront }}
complain: complain:
needs: bottle needs: bottle

4
.github/workflows/pkg.yml vendored
View file

@ -13,6 +13,9 @@ on:
complain: complain:
type: boolean type: boolean
default: false default: false
invalidate-cloudfront:
type: boolean
default: true
jobs: jobs:
plan: plan:
@ -50,4 +53,5 @@ jobs:
dry-run: ${{ inputs.dry-run }} dry-run: ${{ inputs.dry-run }}
tinyname: ${{ matrix.platform.tinyname }} tinyname: ${{ matrix.platform.tinyname }}
complain: ${{ inputs.complain }} complain: ${{ inputs.complain }}
invalidate-cloudfront: ${{ inputs.invalidate-cloudfront }}
secrets: inherit secrets: inherit

26
.github/workflows/restock.yml vendored
View file

@ -31,4 +31,30 @@ jobs:
issues: write #FIXME we dont want this but I dont think we can alter the way permissions are inherited issues: write #FIXME we dont want this but I dont think we can alter the way permissions are inherited
with: with:
pkg: ${{inputs.project}}=${{ matrix.version }} pkg: ${{inputs.project}}=${{ matrix.version }}
invalidate-cloudfront: false # we do it all at once below otherwise
secrets: inherit secrets: inherit
invalidate-cloudfront:
needs: pkg
runs-on: ubuntu-latest
if: always()
# ^^ not ideal but often <5% builds fail because we have modified the build script
# in a non backward compatible way over time and we still want to invalidate cloudfront
# for most of the builds.
steps:
- uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
# FIXME ideally we would get the exact path list from the above matrix
# but GitHub Actions has no clean way to do that. This is more ideal as
# we dont want to invalidate paths that failed and certainly want to
# avoid invalidations if all failed
- name: invalidate cloudfront
run: aws cloudfront create-invalidation
--distribution-id ${{ secrets.AWS_CF_DISTRIBUTION_ID }}
--paths /${{inputs.project}}/*