mirror of
https://github.com/fleetdm/fleet
synced 2026-04-21 21:47:20 +00:00
25e7d326e8
Updating actions/setup-go to v6.3.0 from a mix of different versions. This gets us faster CI runs, with improvements such as: - built in Go module cache AND Go build cache (separate cache no longer needed) - using go.mod resulting in fewer cache invalidations - faster Node 24 runtime - using go.dev download URL, which is more reliable
135 lines
6.2 KiB
YAML
135 lines
6.2 KiB
YAML
name: Deploy Fleet website
|
|
|
|
on:
|
|
push:
|
|
branches: [ main ]
|
|
paths:
|
|
- 'website/**'
|
|
- 'docs/**'
|
|
- 'handbook/**'
|
|
- 'articles/**'
|
|
- 'schema/**'
|
|
- "ee/maintained-apps/outputs/**"
|
|
|
|
# This allows a subsequently queued workflow run to interrupt previous runs
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id}}
|
|
cancel-in-progress: true
|
|
|
|
defaults:
|
|
run:
|
|
# fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
|
|
shell: bash
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
build:
|
|
if: ${{ github.repository == 'fleetdm/fleet' }}
|
|
|
|
runs-on: ubuntu-22.04
|
|
|
|
strategy:
|
|
matrix:
|
|
node-version: [20.x]
|
|
|
|
steps:
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
|
|
|
|
# Configure our access credentials for the Heroku CLI
|
|
- uses: akhileshns/heroku-deploy@e3eb99d45a8e2ec5dca08735e089607befa4bf28 # v3.14.15
|
|
with:
|
|
heroku_api_key: ${{secrets.HEROKU_API_TOKEN_FOR_BOT_USER}}
|
|
heroku_app_name: "" # this has to be blank or it doesn't work
|
|
heroku_email: ${{secrets.HEROKU_EMAIL_FOR_BOT_USER}}
|
|
justlogin: true
|
|
- run: heroku auth:whoami
|
|
|
|
# Install the heroku-repo plugin in the Heroku CLI
|
|
- run: heroku plugins:install heroku-repo
|
|
|
|
# Set the Node.js version
|
|
- name: Use Node.js ${{ matrix.node-version }}
|
|
uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1
|
|
with:
|
|
node-version: ${{ matrix.node-version }}
|
|
|
|
|
|
# Install the right version of Go for the Golang child process that we are currently using for CSR signing
|
|
- name: Set up Go
|
|
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
|
|
with:
|
|
go-version-file: 'go.mod'
|
|
|
|
# 2025-08-07: The Storybook steps in website workflows have been temporarily disabled until a compatibility issue with the @storybook/test-runner has been resolved. See https://github.com/fleetdm/fleet/issues/31720 for more information.
|
|
# # Download top-level dependencies and build Storybook in the website's assets/ folder
|
|
# - run: npm install --legacy-peer-deps && npm run build-storybook -- -o ./website/assets/storybook --loglevel verbose
|
|
|
|
# Now start building!
|
|
# > …but first, get a little crazy for a sec and delete the top-level package.json file
|
|
# > i.e. the one used by the Fleet server. This is because require() in node will go
|
|
# > hunting in ancestral directories for missing dependencies, and since some of the
|
|
# > bundled transpiler tasks sniff for package availability using require(), this trips
|
|
# > up when it encounters another Node universe in the parent directory.
|
|
- run: rm -rf package.json package-lock.json node_modules/
|
|
# > Turns out there's a similar issue with how eslint plugins are looked up, so we
|
|
# > delete the top level .eslintrc file too.
|
|
- run: rm -f .eslintrc.js
|
|
# > And, as a change to the top-level fleetdm/fleet .gitignore on May 2, 2022 revealed,
|
|
# > we also need to delete the top level .gitignore file too, so that its rules don't
|
|
# > interfere with the committing and force-pushing we're doing as part of our deploy
|
|
# > script here. For more info, see: https://github.com/fleetdm/fleet/pull/5549
|
|
- run: rm -f .gitignore
|
|
|
|
# Download dependencies (including dev deps)
|
|
- run: cd website/ && npm install
|
|
|
|
# Run sanity checks
|
|
- run: cd website/ && npm test
|
|
|
|
# Compile browser assets & markdown content into generated collateral
|
|
- run: cd website/ && BUILD_SCRIPT_ARGS="--githubAccessToken=${{ secrets.FLEET_GITHUB_TOKEN_FOR_WEBSITE_TEST }}" npm run build-for-prod
|
|
|
|
# Build the go binary we use to sign APNS certificates in the website/.tools/ folder.
|
|
- run: cd ee/tools/mdm/ && GOOS=linux GOARCH=amd64 go build -o ../../../website/.tools/mdm-gen-cert .
|
|
|
|
# Reset the Heroku app's git repo to prevent errors when pushing to the repo. (See https://github.com/fleetdm/fleet/issues/14162 for more details)
|
|
- run: heroku repo:reset -a production-fleetdm-website
|
|
|
|
# Commit newly-generated collateral locally so we can push them to Heroku below.
|
|
# (This commit will never be pushed to GitHub- only to Heroku.)
|
|
# > The local config flags make this work in GitHub's environment.
|
|
- run: git add website/.www
|
|
- run: git add website/.tools
|
|
# Remove the website/assets folder
|
|
- run: git rm -rf --cached website/assets
|
|
- run: git add -f website/views/partials/built-from-markdown > /dev/null 2>&1 || echo '* * * WARNING - Silently ignoring the fact that there are no HTML partials generated from markdown to include in automated commit...'
|
|
|
|
# Configure the Heroku app we'll be deploying to
|
|
- run: heroku git:remote -a production-fleetdm-website
|
|
- run: git remote -v
|
|
|
|
# Deploy to Heroku
|
|
- run: echo "Deploying branch '${GITHUB_REF##*/}' to Heroku…"
|
|
- name: Deploy to Heroku
|
|
run: |
|
|
set -euo pipefail
|
|
git add -A
|
|
# Create a git tree object that contains only the changes in the /website folder.
|
|
TREE=$(git write-tree)
|
|
# Create a parentless commit from the tree object.
|
|
COMMIT=$(git -c "user.name=Fleetwood" -c "user.email=github@example.com" \
|
|
commit-tree "$TREE" \
|
|
-m 'AUTOMATED COMMIT - Deployed the latest, including generated collateral such as compiled documentation, modified HTML layouts, and a .sailsrc file that references minified client-side code assets.')
|
|
# Push the parentless commit to Heroku
|
|
# Note: The commit pushed to Heroku will not contain the full git history.
|
|
# This lets up deploy the website from the Fleet monorepo while working around Heroku's pack size limits.
|
|
git push heroku "$COMMIT":refs/heads/master --force
|
|
- name: 🌐 https://fleetdm.com
|
|
run: echo '' && echo '--' && echo 'OK, done. It should be live momentarily.' && echo '(if you get impatient, check the Heroku dashboard for status)' && echo && echo ' 🌐–• https://fleetdm.com'
|