Skip to content

Merge pull request #21651 from dvdksn/seccomp-freshness #4088

Merge pull request #21651 from dvdksn/seccomp-freshness

Merge pull request #21651 from dvdksn/seccomp-freshness #4088

Workflow file for this run

name: deploy
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
on:
workflow_dispatch:
push:
branches:
- lab
- main
- published
env:
# Use edge release of buildx (latest RC, fallback to latest stable)
SETUP_BUILDX_VERSION: edge
SETUP_BUILDKIT_IMAGE: "moby/buildkit:latest"
# these permissions are needed to interact with GitHub's OIDC Token endpoint.
permissions:
id-token: write
contents: read
jobs:
publish:
runs-on: ubuntu-24.04
if: github.repository_owner == 'docker'
steps:
-
name: Prepare
run: |
HUGO_ENV=development
DOCS_AWS_REGION=us-east-1
if [ "${{ github.ref }}" = "refs/heads/main" ]; then
HUGO_ENV=staging
DOCS_URL="https://docs-stage.docker.com"
DOCS_AWS_IAM_ROLE="arn:aws:iam::710015040892:role/stage-docs-docs.docker.com-20220818202135984800000001"
DOCS_S3_BUCKET="stage-docs-docs.docker.com"
DOCS_S3_CONFIG="s3-config.json"
DOCS_CLOUDFRONT_ID="E1R7CSW3F0X4H8"
DOCS_LAMBDA_FUNCTION_REDIRECTS="DockerDocsRedirectFunction-stage"
DOCS_SLACK_MSG="Successfully deployed docs-stage from main branch. $DOCS_URL"
elif [ "${{ github.ref }}" = "refs/heads/published" ]; then
HUGO_ENV=production
DOCS_URL="https://docs.docker.com"
DOCS_AWS_IAM_ROLE="arn:aws:iam::710015040892:role/prod-docs-docs.docker.com-20220818202218674300000001"
DOCS_S3_BUCKET="prod-docs-docs.docker.com"
DOCS_S3_CONFIG="s3-config.json"
DOCS_CLOUDFRONT_ID="E228TTN20HNU8F"
DOCS_LAMBDA_FUNCTION_REDIRECTS="DockerDocsRedirectFunction-prod"
DOCS_SLACK_MSG="Successfully deployed docs from published branch. $DOCS_URL"
elif [ "${{ github.ref }}" = "refs/heads/lab" ]; then
HUGO_ENV=lab
DOCS_URL="https://docs-labs.docker.com"
DOCS_AWS_IAM_ROLE="arn:aws:iam::710015040892:role/labs-docs-docs.docker.com-20220818202218402500000001"
DOCS_S3_BUCKET="labs-docs-docs.docker.com"
DOCS_S3_CONFIG="s3-config.json"
DOCS_CLOUDFRONT_ID="E1MYDYF65FW3HG"
DOCS_LAMBDA_FUNCTION_REDIRECTS="DockerDocsRedirectFunction-labs"
else
echo >&2 "ERROR: unknown branch ${{ github.ref }}"
exit 1
fi
SEND_SLACK_MSG="true"
if [ -z "$DOCS_AWS_IAM_ROLE" ] || [ -z "$DOCS_S3_BUCKET" ] || [ -z "$DOCS_CLOUDFRONT_ID" ] || [ -z "$DOCS_SLACK_MSG" ]; then
SEND_SLACK_MSG="false"
fi
echo "BRANCH_NAME=${GITHUB_REF#refs/heads/}" >> $GITHUB_ENV
echo "HUGO_ENV=$HUGO_ENV" >> $GITHUB_ENV
echo "DOCS_URL=$DOCS_URL" >> $GITHUB_ENV
echo "DOCS_AWS_REGION=$DOCS_AWS_REGION" >> $GITHUB_ENV
echo "DOCS_AWS_IAM_ROLE=$DOCS_AWS_IAM_ROLE" >> $GITHUB_ENV
echo "DOCS_S3_BUCKET=$DOCS_S3_BUCKET" >> $GITHUB_ENV
echo "DOCS_S3_CONFIG=$DOCS_S3_CONFIG" >> $GITHUB_ENV
echo "DOCS_CLOUDFRONT_ID=$DOCS_CLOUDFRONT_ID" >> $GITHUB_ENV
echo "DOCS_LAMBDA_FUNCTION_REDIRECTS=$DOCS_LAMBDA_FUNCTION_REDIRECTS" >> $GITHUB_ENV
echo "DOCS_SLACK_MSG=$DOCS_SLACK_MSG" >> $GITHUB_ENV
echo "SEND_SLACK_MSG=$SEND_SLACK_MSG" >> $GITHUB_ENV
-
name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
version: ${{ env.SETUP_BUILDX_VERSION }}
driver-opts: image=${{ env.SETUP_BUILDKIT_IMAGE }}
-
name: Build website
uses: docker/bake-action@v5
with:
files: |
docker-bake.hcl
targets: release
set: |
*.cache-from=type=gha,scope=deploy-${{ env.BRANCH_NAME }}
*.cache-to=type=gha,scope=deploy-${{ env.BRANCH_NAME }},mode=max
provenance: false
-
name: Configure AWS Credentials
if: ${{ env.DOCS_AWS_IAM_ROLE != '' }}
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ env.DOCS_AWS_IAM_ROLE }}
aws-region: ${{ env.DOCS_AWS_REGION }}
-
name: Upload files to S3 bucket
if: ${{ env.DOCS_S3_BUCKET != '' }}
run: |
aws --region ${{ env.DOCS_AWS_REGION }} s3 sync \
--acl public-read \
--delete \
--exclude "*" \
--include "*.webp" \
--metadata-directive="REPLACE" \
--no-guess-mime-type \
--content-type="image/webp" \
public s3://${{ env.DOCS_S3_BUCKET }}/
aws --region ${{ env.DOCS_AWS_REGION }} s3 sync \
--acl public-read \
--delete \
--exclude "*.webp" \
public s3://${{ env.DOCS_S3_BUCKET }}/
-
name: Update S3 config
if: ${{ env.DOCS_S3_BUCKET != '' && env.DOCS_S3_CONFIG != '' }}
uses: docker/bake-action@v5
with:
files: |
docker-bake.hcl
targets: aws-s3-update-config
set: |
*.cache-from=type=gha,scope=releaser
env:
AWS_REGION: ${{ env.DOCS_AWS_REGION }}
AWS_S3_BUCKET: ${{ env.DOCS_S3_BUCKET }}
AWS_S3_CONFIG: ${{ env.DOCS_S3_CONFIG }}
-
name: Update Cloudfront config
if: ${{ env.DOCS_CLOUDFRONT_ID != '' }}
uses: docker/bake-action@v5
with:
files: |
docker-bake.hcl
targets: aws-cloudfront-update
env:
AWS_REGION: us-east-1 # cloudfront and lambda edge functions are only available in us-east-1 region
AWS_CLOUDFRONT_ID: ${{ env.DOCS_CLOUDFRONT_ID }}
AWS_LAMBDA_FUNCTION: ${{ env.DOCS_LAMBDA_FUNCTION_REDIRECTS }}
-
name: Invalidate Cloudfront cache
if: ${{ env.DOCS_CLOUDFRONT_ID != '' }}
run: |
aws cloudfront create-invalidation --distribution-id ${{ env.DOCS_CLOUDFRONT_ID }} --paths "/*"
env:
AWS_REGION: us-east-1 # cloudfront is only available in us-east-1 region
AWS_MAX_ATTEMPTS: 5
-
name: Send Slack notification
if: ${{ env.SEND_SLACK_MSG == 'true' }}
run: |
curl -X POST -H 'Content-type: application/json' --data '{"text":"${{ env.DOCS_SLACK_MSG }}"}' ${{ secrets.SLACK_WEBHOOK }}