Add missing permissions for main workflow #27
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Main | |
| on: | |
| push: | |
| branches: | |
| - master | |
| pull_request: | |
| branches: | |
| - master | |
| release: | |
| types: | |
| - published | |
| env: | |
| CI: false | |
| permissions: | |
| id-token: write | |
| contents: read | |
| jobs: | |
| lint: | |
| name: Lint | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 1 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 24 | |
| cache: 'yarn' | |
| - name: Install dependencies | |
| run: yarn install | |
| - name: Lint | |
| run: yarn run lint | |
| - name: build | |
| run: yarn run build | |
| deploy: | |
| name: Deploy to production | |
| if: github.event_name == 'release' | |
| runs-on: ubuntu-latest | |
| needs: lint | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 1 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 24 | |
| cache: 'yarn' | |
| - name: Install dependencies | |
| run: yarn | |
| - name: Build | |
| env: | |
| REACT_APP_GRAPHQL_URL: ${{ secrets.REACT_APP_GRAPHQL_URL }} | |
| REACT_APP_API_KEY: ${{ secrets.REACT_APP_API_KEY }} | |
| run: yarn build | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v5.0.0 | |
| with: | |
| role-to-assume: ${{ secrets.AWS_ROLE }} | |
| role-session-name: GitHub_to_AWS_via_FederatedOIDC | |
| aws-region: ${{ secrets.AWS_REGION }} | |
| audience: sts.amazonaws.com | |
| - name: Sync build folder with S3 | |
| run: aws s3 sync ./build s3://juffalow-my-projects/quotes-juffalow-com | |
| - name: Invalidate CloudFront cache | |
| run: aws cloudfront create-invalidation --distribution-id ${{ secrets.AWS_CLOUDFRONT_DISTRIBUTION_ID }} --paths "/*" |