search

Reggionick / s3-deploy

Easily deploy a static website to AWS S3 and invalidate CloudFront distribution
MIT License
242 stars 83 forks source link

readme

AWS S3 Deploy GitHub Action

Easily deploy a static website to AWS S3 and invalidate CloudFront distribution

This action is based on the work done by import-io on s3-deploy.

Usage

You can use this action by referencing the v4 branch

uses: reggionick/s3-deploy@v4
with:
  folder: build
  bucket: ${{ secrets.S3_BUCKET }}
  bucket-region: us-east-1

Arguments

S3 Deploy's Action supports inputs from the user listed in the table below:

Input Type Required Default Description
folder string Yes The folder to upload
bucket string Yes The destination bucket
bucket-region string Yes The destination bucket region
dist-id string No undefined The CloudFront Distribution ID to invalidate
invalidation string No '/' The CloudFront Distribution path(s) to invalidate
delete-removed boolean / string No false Removes files in S3, that are not available in the local copy of the directory
noCache boolean No false Use this parameter to specify Cache-Control: no-cache, no-store, must-revalidate header
private boolean No false Upload files with private ACL, needed for S3 static website hosting
cache string No Sets the Cache-Control: max-age=X header
immutable boolean No false Sets the Cache-Control header to 'immutable'
cache-control string No Sets the Cache-Control: X header
files-to-include string No "**" Allows for a comma delineated glob pattern that matches files to include in the deployment

Example workflow.yml with S3 Deploy Action

name: Example workflow for S3 Deploy
on: [push]
jobs:
  run:
    runs-on: ubuntu-latest
    env:
      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
    steps:
      - uses: actions/checkout@v3

      - name: Install dependencies
        run: yarn

      - name: Build
        run: yarn build

      - name: Deploy
        uses: reggionick/s3-deploy@v4
        with:
          folder: build
          bucket: ${{ secrets.S3_BUCKET }}
          bucket-region: ${{ secrets.S3_BUCKET_REGION }}
          dist-id: ${{ secrets.CLOUDFRONT_DISTRIBUTION_ID }}
          invalidation: /
          delete-removed: true
          no-cache: true
          private: true
          files-to-include: '{.*/**,**}'

Minimum IAM Policy

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowS3BucketManipulation",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:DeleteObject",
                "s3:ListMultipartUploadParts",
                "s3:AbortMultipartUpload",
                "s3:ListBucket"
            ],
            "Resource": "arn:aws:s3:::<bucket name>/*"
        },
        {
            "Sid": "AllowS3BucketListing",
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket"
            ],
            "Resource": "arn:aws:s3:::<bucket name>"
        },
        {
            "Sid": "CFInvalidation",
            "Effect": "Allow",
            "Action": "cloudfront:CreateInvalidation",
            "Resource": "arn:aws:cloudfront::<AWS account ID>:distribution/<CF distribution ID>"
        }
    ]
}

License

The code in this project is released under the MIT License.