Add GitHub Actions workflows for build and deployment

- Add build.yml: builds Hugo site on all non-main branches and PRs - Add deploy.yml: builds and deploys to S3 + CloudFront on main branch pushes - Uses generic OIDC role for AWS authentication
2025-06-29 22:35:02 -04:00 · 2025-06-29 22:35:02 -04:00 · 21ce49b769
commit 21ce49b769
parent 95b37f1bef
2 changed files with 89 additions and 0 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -0,0 +1,36 @@
+name: Build Site
+
+on:
+  push:
+    branches-ignore:
+      - main
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          submodules: recursive
+          fetch-depth: 0
+      
+      - name: Setup Hugo
+        uses: peaceiris/actions-hugo@v3
+        with:
+          hugo-version: 'latest'
+          extended: true
+      
+      - name: Build Hugo site
+        run: hugo --minify
+      
+      - name: Upload build artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: hugo-build
+          path: public/
+          retention-days: 7
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@ -0,0 +1,53 @@
+name: Deploy to S3
+
+on:
+  push:
+    branches:
+      - main
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    environment: prod
+    
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          submodules: recursive
+          fetch-depth: 0
+      
+      - name: Setup Hugo
+        uses: peaceiris/actions-hugo@v3
+        with:
+          hugo-version: 'latest'
+          extended: true
+      
+      - name: Build Hugo site
+        run: hugo --minify
+      
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.CC_OIDC_ROLE }}
+          aws-region: us-east-1
+      
+      - name: Deploy to S3
+        run: |
+          aws s3 sync public/ s3://angrymichigander.com --delete --no-cli-pager
+      
+      - name: Invalidate CloudFront cache
+        run: |
+          # Get the CloudFront distribution ID for angrymichigander.com
+          DISTRIBUTION_ID=$(aws cloudfront list-distributions --no-cli-pager --query "DistributionList.Items[?contains(Aliases.Items, 'angrymichigander.com')].Id" --output text)
+          
+          if [ ! -z "$DISTRIBUTION_ID" ]; then
+            echo "Creating CloudFront invalidation for distribution: $DISTRIBUTION_ID"
+            aws cloudfront create-invalidation --no-cli-pager --distribution-id $DISTRIBUTION_ID --paths "/*"
+          else
+            echo "No CloudFront distribution found for angrymichigander.com"
+          fi