From 21ce49b769dbdc4daea54efe87d149525cd96090 Mon Sep 17 00:00:00 2001
From: Derek Slenk <derek.slenk@gmail.com>
Date: Sun, 29 Jun 2025 22:35:02 -0400
Subject: [PATCH] Add GitHub Actions workflows for build and deployment

- Add build.yml: builds Hugo site on all non-main branches and PRs
- Add deploy.yml: builds and deploys to S3 + CloudFront on main branch pushes
- Uses generic OIDC role for AWS authentication
---
 .github/workflows/build.yml  | 36 ++++++++++++++++++++++++
 .github/workflows/deploy.yml | 53 ++++++++++++++++++++++++++++++++++++
 2 files changed, 89 insertions(+)
 create mode 100644 .github/workflows/build.yml
 create mode 100644 .github/workflows/deploy.yml

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
new file mode 100644
index 0000000..feb4067
--- /dev/null
+++ b/.github/workflows/build.yml
@@ -0,0 +1,36 @@
+name: Build Site
+
+on:
+  push:
+    branches-ignore:
+      - main
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          submodules: recursive
+          fetch-depth: 0
+      
+      - name: Setup Hugo
+        uses: peaceiris/actions-hugo@v3
+        with:
+          hugo-version: 'latest'
+          extended: true
+      
+      - name: Build Hugo site
+        run: hugo --minify
+      
+      - name: Upload build artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: hugo-build
+          path: public/
+          retention-days: 7
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
new file mode 100644
index 0000000..852b13e
--- /dev/null
+++ b/.github/workflows/deploy.yml
@@ -0,0 +1,53 @@
+name: Deploy to S3
+
+on:
+  push:
+    branches:
+      - main
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    environment: prod
+    
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          submodules: recursive
+          fetch-depth: 0
+      
+      - name: Setup Hugo
+        uses: peaceiris/actions-hugo@v3
+        with:
+          hugo-version: 'latest'
+          extended: true
+      
+      - name: Build Hugo site
+        run: hugo --minify
+      
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.CC_OIDC_ROLE }}
+          aws-region: us-east-1
+      
+      - name: Deploy to S3
+        run: |
+          aws s3 sync public/ s3://angrymichigander.com --delete --no-cli-pager
+      
+      - name: Invalidate CloudFront cache
+        run: |
+          # Get the CloudFront distribution ID for angrymichigander.com
+          DISTRIBUTION_ID=$(aws cloudfront list-distributions --no-cli-pager --query "DistributionList.Items[?contains(Aliases.Items, 'angrymichigander.com')].Id" --output text)
+          
+          if [ ! -z "$DISTRIBUTION_ID" ]; then
+            echo "Creating CloudFront invalidation for distribution: $DISTRIBUTION_ID"
+            aws cloudfront create-invalidation --no-cli-pager --distribution-id $DISTRIBUTION_ID --paths "/*"
+          else
+            echo "No CloudFront distribution found for angrymichigander.com"
+          fi