diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 67e06543ea..50a3c33739 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -15,8 +15,30 @@ permissions: contents: read # to fetch code (actions/checkout) jobs: + releaser: + runs-on: ubuntu-24.04 + steps: + - + name: Checkout + uses: actions/checkout@v4 + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - + name: Build + uses: docker/bake-action@v5 + with: + files: | + docker-bake.hcl + targets: releaser-build + set: | + *.cache-from=type=gha,scope=releaser + *.cache-to=type=gha,scope=releaser,mode=max + build: runs-on: ubuntu-24.04 + needs: + - releaser steps: - name: Checkout @@ -34,6 +56,16 @@ jobs: set: | *.cache-from=type=gha,scope=build *.cache-to=type=gha,scope=build,mode=max + - + name: Check Cloudfront config + uses: docker/bake-action@v5 + with: + targets: aws-cloudfront-update + env: + DRY_RUN: true + AWS_REGION: us-east-1 + AWS_CLOUDFRONT_ID: 0123456789ABCD + AWS_LAMBDA_FUNCTION: DockerDocsRedirectFunction-dummy vale: if: ${{ github.event_name == 'pull_request' }} @@ -76,25 +108,3 @@ jobs: *.cache-to=type=gha,scope=validate-${{ matrix.target }},mode=max *.cache-from=type=gha,scope=validate-${{ matrix.target }} *.cache-from=type=gha,scope=build - - # build-releaser builds the _releaser used for AWS deployment in publish workflow. - # It's just to be sure it builds correctly. - build-releaser: - runs-on: ubuntu-24.04 - steps: - - - name: Checkout - uses: actions/checkout@v4 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Build - uses: docker/bake-action@v5 - with: - files: | - docker-bake.hcl - targets: releaser-build - set: | - *.cache-from=type=gha,scope=releaser - *.cache-to=type=gha,scope=releaser,mode=max diff --git a/_releaser/Dockerfile b/_releaser/Dockerfile index 5b945dd596..d8d54024cf 100644 --- a/_releaser/Dockerfile +++ b/_releaser/Dockerfile @@ -5,7 +5,7 @@ ARG GO_VERSION=1.19 FROM scratch AS sitedir FROM golang:${GO_VERSION}-alpine AS base -RUN apk add --no-cache jq openssl +RUN apk add --no-cache openssl ENV CGO_ENABLED=0 WORKDIR /src COPY go.mod go.sum ./ @@ -19,6 +19,7 @@ RUN --mount=type=bind,target=. \ go build -o /out/releaser . FROM base AS aws-s3-update-config +ARG DRY_RUN=false ARG AWS_REGION ARG AWS_S3_BUCKET ARG AWS_S3_CONFIG @@ -30,6 +31,7 @@ RUN --mount=type=bind,target=. \ releaser aws s3-update-config FROM base AS aws-lambda-invoke +ARG DRY_RUN=false ARG AWS_REGION ARG AWS_LAMBDA_FUNCTION RUN --mount=type=bind,from=releaser,source=/out/releaser,target=/usr/bin/releaser \ @@ -39,16 +41,17 @@ RUN --mount=type=bind,from=releaser,source=/out/releaser,target=/usr/bin/release releaser aws lambda-invoke FROM base AS aws-cloudfront-update +ARG DRY_RUN=false ARG AWS_REGION ARG AWS_LAMBDA_FUNCTION ARG AWS_CLOUDFRONT_ID +ARG AWS_LAMBDA_FUNCTION_FILE="cloudfront-lambda-redirects.js" +ARG REDIRECTS_FILE="/site/redirects.json" +ARG REDIRECTS_PREFIXES_FILE="redirects-prefixes.json" RUN --mount=type=bind,target=. \ --mount=type=bind,from=sitedir,target=/site \ --mount=type=bind,from=releaser,source=/out/releaser,target=/usr/bin/releaser \ --mount=type=secret,id=AWS_ACCESS_KEY_ID \ --mount=type=secret,id=AWS_SECRET_ACCESS_KEY \ --mount=type=secret,id=AWS_SESSION_TOKEN \ - AWS_LAMBDA_FUNCTION_FILE=cloudfront-lambda-redirects.js \ - REDIRECTS_JSON=$(jq -c '.' /site/redirects.json) \ - REDIRECTS_PREFIXES_JSON=$(jq -c '.' redirects-prefixes.json) \ releaser aws cloudfront-update diff --git a/_releaser/aws.go b/_releaser/aws.go index 3f79c2bd2e..b6c14e0c3c 100644 --- a/_releaser/aws.go +++ b/_releaser/aws.go @@ -30,9 +30,15 @@ type AwsS3UpdateConfigCmd struct { Region string `kong:"name='region',env='AWS_REGION'"` S3Bucket string `kong:"name='s3-bucket',env='AWS_S3_BUCKET'"` S3Config string `kong:"name='s3-website-config',env='AWS_S3_CONFIG'"` + DryRun bool `kong:"name='dry-run',env='DRY_RUN'"` } func (s *AwsS3UpdateConfigCmd) Run() error { + if s.DryRun { + log.Printf("INFO: Dry run mode enabled. Configuration:\nRegion: %s\nS3Bucket: %s\nS3Config: %s\n", s.Region, s.S3Bucket, s.S3Config) + return nil + } + file, err := os.ReadFile(s.S3Config) if err != nil { return fmt.Errorf("failed to read s3 config file %s: %w", s.S3Config, err) @@ -74,9 +80,15 @@ func (s *AwsS3UpdateConfigCmd) Run() error { type AwsLambdaInvokeCmd struct { Region string `kong:"name='region',env='AWS_REGION'"` LambdaFunction string `kong:"name='lambda-function',env='AWS_LAMBDA_FUNCTION'"` + DryRun bool `kong:"name='dry-run',env='DRY_RUN'"` } func (s *AwsLambdaInvokeCmd) Run() error { + if s.DryRun { + log.Printf("INFO: Dry run mode enabled. Configuration:\nRegion: %s\nLambdaFunction: %s\n", s.Region, s.LambdaFunction) + return nil + } + svc := lambda.New(session.Must(session.NewSessionWithOptions(session.Options{ SharedConfigState: session.SharedConfigEnable, })), &aws.Config{ @@ -100,19 +112,26 @@ type AwsCloudfrontUpdateCmd struct { Function string `kong:"name='lambda-function',env='AWS_LAMBDA_FUNCTION'"` FunctionFile string `kong:"name='lambda-function-file',env='AWS_LAMBDA_FUNCTION_FILE'"` CloudfrontID string `kong:"name='cloudfront-id',env='AWS_CLOUDFRONT_ID'"` - RedirectsJSON string `kong:"name='redirects-json',env='REDIRECTS_JSON'"` - RedirectsPrefixesJSON string `kong:"name='redirects-prefixes-json',env='REDIRECTS_PREFIXES_JSON'"` + RedirectsFile string `kong:"name='redirects-file',env='REDIRECTS_FILE'"` + RedirectsPrefixesFile string `kong:"name='redirects-prefixes-file',env='REDIRECTS_PREFIXES_FILE'"` + DryRun bool `kong:"name='dry-run',env='DRY_RUN'"` } func (s *AwsCloudfrontUpdateCmd) Run() error { var err error ver := time.Now().UTC().Format(time.RFC3339) - zipdt, err := getLambdaFunctionZip(s.FunctionFile, s.RedirectsJSON, s.RedirectsPrefixesJSON) + zipdt, err := getLambdaFunctionZip(s.FunctionFile, s.RedirectsFile, s.RedirectsPrefixesFile, s.DryRun) if err != nil { return fmt.Errorf("cannot create lambda function zip: %w", err) } + if s.DryRun { + log.Printf("INFO: Dry run mode enabled. Configuration:\nRegion: %s\nFunction: %s\nFunctionFile: %s\nCloudfrontID: %s\nRedirectsFile: %s\nRedirectsPrefixesFile: %s\n", + s.Region, s.Function, s.FunctionFile, s.CloudfrontID, s.RedirectsFile, s.RedirectsPrefixesFile) + return nil + } + svc := lambda.New(session.Must(session.NewSessionWithOptions(session.Options{ SharedConfigState: session.SharedConfigEnable, })), &aws.Config{ @@ -228,24 +247,39 @@ func (s *AwsCloudfrontUpdateCmd) Run() error { return nil } -func getLambdaFunctionZip(funcFilename string, redirectsJSON string, redirectsPrefixesJSON string) ([]byte, error) { +func getLambdaFunctionZip(funcFilename, redirectsFile, redirectsPrefixesFile string, dryrun bool) ([]byte, error) { funcdt, err := os.ReadFile(funcFilename) if err != nil { return nil, fmt.Errorf("failed to read lambda function file %q: %w", funcFilename, err) } + redirects, err := os.ReadFile(redirectsFile) + if err != nil { + return nil, fmt.Errorf("failed to read redirects file %q: %w", redirectsFile, err) + } + + redirectsPrefixes, err := os.ReadFile(redirectsPrefixesFile) + if err != nil { + return nil, fmt.Errorf("failed to read redirects prefixes file %q: %w", redirectsPrefixesFile, err) + } + var funcbuf bytes.Buffer functpl := template.Must(template.New("").Parse(string(funcdt))) if err = functpl.Execute(&funcbuf, struct { RedirectsJSON string RedirectsPrefixesJSON string }{ - redirectsJSON, - redirectsPrefixesJSON, + string(redirects), + string(redirectsPrefixes), }); err != nil { return nil, err } + if dryrun { + log.Printf("INFO: Dry run mode enabled. Lambda Function Definition:\n\n%s\n", funcbuf.String()) + return nil, nil + } + tmpdir, err := os.MkdirTemp("", "lambda-zip") if err != nil { return nil, err diff --git a/docker-bake.hcl b/docker-bake.hcl index 32f915ed24..1e2a252e4a 100644 --- a/docker-bake.hcl +++ b/docker-bake.hcl @@ -10,6 +10,10 @@ variable "DOCS_SITE_DIR" { default = "public" } +variable "DRY_RUN" { + default = null +} + group "default" { targets = ["release"] } @@ -98,6 +102,7 @@ variable "AWS_LAMBDA_FUNCTION" { target "_common-aws" { args = { + DRY_RUN = DRY_RUN AWS_REGION = AWS_REGION AWS_S3_BUCKET = AWS_S3_BUCKET AWS_S3_CONFIG = AWS_S3_CONFIG diff --git a/layouts/index.redirects.json b/layouts/index.redirects.json index 8136b17c13..5add507401 100644 --- a/layouts/index.redirects.json +++ b/layouts/index.redirects.json @@ -1,4 +1,4 @@ -{{ $redirects := newScratch }} +{{- $redirects := newScratch }} {{- range $i, $e := site.AllPages -}} {{- if .Params.aliases -}} {{- $target := .RelPermalink -}} @@ -12,4 +12,5 @@ {{- $redirects.SetInMap "paths" . $target -}} {{- end -}} {{- end -}} -{{ $redirects.Get "paths" | jsonify }} +{{- $opts := dict "noHTMLEscape" true }} +{{- $redirects.Get "paths" | jsonify $opts }}