Merge pull request #98 from spacemeshos/tweak-deps-security #50
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release the APP at mainnet | |
# Notes: | |
# This pipeline will deploy the page on Cloudflare Pages ( direct upload ), Similar to a S3 bucket. | |
# You need to have the following secrets and variables defined in your repository: | |
# - PRODUCTION_ENV_NAME | |
# - PRODUCTION_ENV_URL | |
# - DEVELOPMENT_ENV_NAME | |
# - DEVELOPMENT_ENV_URL | |
# - CLOUDFLARE_API_TOKEN -> https://developers.cloudflare.com/workers/wrangler/ci-cd/#api-token | |
# - CLOUDFLARE_ACCOUNT_ID -> Request to devops team to get this value | |
on: | |
# Manual trigger | |
workflow_dispatch: | |
# Runs on pushes targeting the default branch | |
push: | |
branches: [main] | |
permissions: | |
pull-requests: write | |
actions: write | |
contents: read | |
jobs: | |
release: | |
environment: | |
name: ${{ vars.PRODUCTION_ENV_NAME }} | |
url: ${{ vars.PRODUCTION_ENV_URL }} | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/Checkout@v4 | |
- name: Set up Node | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 20 | |
cache: 'yarn' # You can choose npm|yarn|pnpm | |
- name: Install dependencies | |
run: yarn install # If you use npm, you would run: npm ci | |
- name: Build | |
run: yarn build | |
env: | |
NODE_ENV: production | |
# If we need, we can easily change this step to deploy to S3 bucket | |
- name: Deploy | |
uses: cloudflare/wrangler-action@v3 | |
with: | |
packageManager: yarn | |
apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }} | |
accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }} | |
environment: Production | |
preCommands: echo "Deploying to ${{ vars.PRODUCTION_ENV_NAME }}" | |
command: pages deploy ./dist --project-name ${{ vars.PRODUCTION_ENV_NAME }} --branch ${{ env.GITHUB_REF_NAME }} --commit-hash ${{ env.GITHUB_SHA }} | |