pantry/.github/workflows/restock.yml

60 lines
1.9 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

name: restock pkg inventory
run-name: restocking ${{ inputs.project }}
on:
workflow_dispatch:
inputs:
project:
description: a single project, eg. `foo.com`
required: true
type: string
jobs:
ingest:
runs-on: ubuntu-latest
outputs:
versions: ${{ steps.inventory.outputs.versions }}
steps:
- uses: pkgxdev/setup@v2
- uses: actions/checkout@v4
- run: ./.github/scripts/inventory.ts ${{ inputs.project }}
id: inventory
pkg:
needs: ingest
strategy:
fail-fast: false
matrix:
version: ${{ fromJSON(needs.ingest.outputs.versions) }}
uses: ./.github/workflows/pkg.yml
permissions:
issues: write #FIXME we dont want this but I dont think we can alter the way permissions are inherited
with:
pkg: ${{inputs.project}}=${{ matrix.version }}
invalidate-cloudfront: false # we do it all at once below otherwise
secrets: inherit
invalidate-cloudfront:
needs: pkg
runs-on: ubuntu-latest
if: always()
# ^^ not ideal but often <5% builds fail because we have modified the build script
# in a non backward compatible way over time and we still want to invalidate cloudfront
# for most of the builds.
steps:
- uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
# FIXME ideally we would get the exact path list from the above matrix
# but GitHub Actions has no clean way to do that. This is more ideal as
# we dont want to invalidate paths that failed and certainly want to
# avoid invalidations if all failed
- name: invalidate cloudfront
run: aws cloudfront create-invalidation
--distribution-id ${{ secrets.AWS_CF_DISTRIBUTION_ID }}
--paths /${{inputs.project}}/*