Fixes/versioning

.github/workflows/workflow-deploy-to-s3.yml

@@ -3,6 +3,16 @@ name: Deploy Static Site to S3
 on:
   workflow_call:
     inputs:
+      target-branch:
+        description: "Branch to check out before syncing."
+        required: false
+        default: master
+        type: string
+      ref:
+        description: "Optional explicit git ref (commit SHA/tag/branch) to deploy; overrides target-branch when set."
+        required: false
+        default: ""
+        type: string
       bucket:
         description: "Destination S3 bucket name (without the s3:// prefix)."
         required: true
@@ -32,11 +42,6 @@ on:
         required: false
         default: true
         type: boolean
-      cloudflare-api-token:
-        description: "Optional Cloudflare API token with purge_cache permission."
-        required: false
-        default: ""
-        type: string
       email-subject:
         description: "Subject for the SES notification email (defaults to bucket name)."
         required: false
@@ -47,16 +52,6 @@ on:
         required: false
         default: ""
         type: string
-      email-from:
-        description: "Sender address for SES notifications."
-        required: false
-        default: ""
-        type: string
-      email-to:
-        description: "Recipient address for SES notifications."
-        required: false
-        default: ""
-        type: string
     secrets:
       aws_access_key_id:
         description: "AWS access key for S3/SES."
@@ -67,6 +62,15 @@ on:
       aws_session_token:
         description: "Optional session token for temporary credentials."
         required: false
+      cloudflare_api_token:
+        description: "Token with purge_cache permission."
+        required: false
+      email_from:
+        description: "Sender address for SES notifications."
+        required: false
+      email_to:
+        description: "Recipient address for SES notifications."
+        required: false
     outputs:
       deployed:
         description: "True when the sync step completed."
@@ -88,6 +92,9 @@ jobs:
     steps:
       - name: Check out repository
         uses: actions/checkout@v4
+        with:
+          ref: ${{ inputs.ref != '' && inputs.ref || inputs.target-branch }}
+          fetch-depth: 0
 
       - name: Configure AWS credentials
         uses: aws-actions/configure-aws-credentials@v4
@@ -117,10 +124,10 @@ jobs:
           echo "deployed=true" >> "$GITHUB_OUTPUT"
 
       - name: Purge Cloudflare cache
-        if: ${{ inputs.purge-cloudflare && inputs.cloudflare-zone-id != '' && inputs.cloudflare-api-token != '' }}
+        if: ${{ inputs.purge-cloudflare && inputs.cloudflare-zone-id != '' && env.CLOUDFLARE_API_TOKEN != '' }}
         env:
           CLOUDFLARE_ZONE_ID: ${{ inputs.cloudflare-zone-id }}
-          CLOUDFLARE_API_TOKEN: ${{ inputs.cloudflare-api-token }}
+          CLOUDFLARE_API_TOKEN: ${{ secrets.cloudflare_api_token }}
         run: |
           set -euo pipefail
           curl -X POST "https://api.cloudflare.com/client/v4/zones/${CLOUDFLARE_ZONE_ID}/purge_cache" \
@@ -129,10 +136,10 @@ jobs:
             --data '{"purge_everything":true}'
 
       - name: Send SES notification
-        if: ${{ inputs.email-from != '' && inputs.email-to != '' }}
+        if: ${{ env.EMAIL_FROM != '' && env.EMAIL_TO != '' }}
         env:
-          EMAIL_FROM: ${{ inputs.email-from }}
-          EMAIL_TO: ${{ inputs.email-to }}
+          EMAIL_FROM: ${{ secrets.email_from }}
+          EMAIL_TO: ${{ secrets.email_to }}
           CUSTOM_SUBJECT: ${{ inputs.email-subject }}
           CUSTOM_BODY: ${{ inputs.email-body }}
         run: |

README.md

@@ -141,18 +141,20 @@ Syncs a directory to an S3 bucket with optional Cloudflare cache purge and SES n
 - `source` (default `public`): local directory to sync.
 - `aws-region` (default `us-west-2`): region for S3/SES calls.
 - `delete-extra-files` (default `true`): remove objects not present locally.
+- `target-branch` (default `master`): branch to check out before syncing.
+- `ref` (optional): explicit git ref (commit SHA/tag/branch) to deploy; overrides `target-branch` when set.
 - `cloudflare-zone-id` (optional): zone to purge after deploy.
 - `purge-cloudflare` (default `true`): whether to purge the zone when credentials are provided.
-- `cloudflare-api-token` (optional): Cloudflare token (pass a secret from the caller).
 - `email-subject` (optional): SES email subject (defaults to the bucket name).
 - `email-body` (optional): SES email body (defaults to an auto-generated message).
-- `email-from` (optional): sender address for SES notifications (pass a secret from the caller).
-- `email-to` (optional): recipient address for SES notifications (pass a secret from the caller).
 
 **Secrets**
 - `aws_access_key_id` (required)
 - `aws_secret_access_key` (required)
 - `aws_session_token` (optional)
+- `cloudflare_api_token` (optional)
+- `email_from` (optional)
+- `email_to` (optional)
 
 **Outputs**
 - `deployed`: `true` when the S3 sync completes.
@@ -164,18 +166,19 @@ jobs:
     needs: tests
     uses: vinitu-net/github-workflows/.github/workflows/workflow-deploy-to-s3.yml@vX.Y.Z
     with:
+      ref: ${{ github.sha }}
       bucket: www.example.com
       source: public
       aws-region: us-west-2
       delete-extra-files: true
       cloudflare-zone-id: ${{ secrets.CLOUDFLARE_ZONE_ID }}
-      cloudflare-api-token: ${{ secrets.CLOUDFLARE_API_TOKEN }}
       email-subject: "Site deployed"
-      email-from: ${{ secrets.EMAIL_FROM }}
-      email-to: ${{ secrets.EMAIL_TO }}
     secrets:
       aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
       aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+      cloudflare_api_token: ${{ secrets.CLOUDFLARE_API_TOKEN }}
+      email_from: ${{ secrets.EMAIL_FROM }}
+      email_to: ${{ secrets.EMAIL_TO }}
 ```
 
 ### End-to-end usage in a caller repo