Skip to content

guardian/actions-static-site

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

92 Commits

.github/workflows

.github/workflows

 
 

cdk.out

cdk.out

 
 

cdk

cdk

 
 

lambda

lambda

 
 

service

service

 
 

.editorconfig

.editorconfig

 
 

.gitignore

.gitignore

 
 

.nvmrc

.nvmrc

 
 

README.md

README.md

 
 

action.yaml

action.yaml

 
 

cdk.json

cdk.json

 
 

index.js

index.js

 
 

index.ts

index.ts

 
 

jest.config.js

jest.config.js

 
 

jest.setup.js

jest.setup.js

 
 

package-lock.json

package-lock.json

 
 

package.json

package.json

 
 

role.yaml

role.yaml

 
 

tsconfig.json

tsconfig.json

 
 

Repository files navigation

@guardian/actions-static-site V2

Action to provision and serve a static site with Google Auth and a custom domain.

Behind the scenes the action outputs Cloudformation and RiffRaff configuration for your project. The marginal cost of a site is minimal - just the storage of your files in S3 and data transfer costs - as the core infrastructure is shared.

Note: your domain must be registered with the Google project for the Google auth callback to work - ping it on the DevX Stream channel and we can quickly add this for you.

Any paths ending in /_prout will skip authentication, so feel free to add the git hash as a file called _prout and then wire it up to PRout - for example guardian/galaxies#102.

name: example
on:
  pull_request:
  workflow_dispatch:
  push:
    branches:
      - main
jobs:
  example:
    runs-on: ubuntu-latest

    # Required for Riffraff upload (which writes to AWS)
    permissions:
      id-token: write
      contents: read

    steps:
      # ... (Buiild your static site.)

      # Then upload it as an artifact
      - uses: actions/upload-artifact@v3
        with:
          path: my-site

      # Then invoke this action (replacing app and domain)
      - uses: guardian/actions-static-site@v2
        with:
          app: example
          domain: example.gutools.co.uk
          guActionsRiffRaffRoleArn: ${{ secrets.GU_RIFF_RAFF_ROLE_ARN }}

Inputs

app string (required):

The app name. Used for the Riffraff deployment name and also to tag AWS resources. Typically this would be the first part of your domain name - e.g. 'example' for 'example.gutools.co.uk'.

domain string (required):

The domain should be a Guardian-owned domain. For internal tools, [app].gutools.co.uk is recommended but check it is free first!

artifact string (optional - default='artifact')

Name of the artifact containing the static resources. Should be uploaded in an earlier workflow step.

Architecture

flowchart LR
    A[Shared ALB] -->B(EC2) -->C(S3)

A shared ALB is used for all static site instances. The action uploads your files to the shared S3 bucket with your domain as the key prefix on files, and also creates a CNAME record and cert, and connects those to the ALB.

The EC2 instance checks the auth token and serves files for the site by reading the HOST header and amending the path in S3 as appropriate.

E.g.

GET devx.gutools.co.uk/css/main.css
-> S3:[bucket-name]/devx.gutools.co.uk/css/main.css

About

Github Action for a Guardian static site

Topics

production

Resources

Readme

Code of conduct

Code of conduct
Activity
Custom properties

Stars

1 star

Watchers

29 watching

Forks

0 forks
Report repository

Releases 4

v2 Latest
Nov 25, 2022
+ 3 releases

Packages

No packages published

Contributors 6

Languages