1+ name : PR Preview to S3 Website (Vite)
2+
3+ on :
4+ pull_request :
5+ types : [opened, reopened, synchronize, closed]
6+
7+ permissions :
8+ contents : read
9+ pages : write
10+ id-token : write
11+ packages : read
12+ actions : read # <-- needed to read workflow runs/jobs
13+ checks : read # <-- needed to read check runs
14+ statuses : read # <-- needed to read commit statuses
15+ pull-requests : write
16+ issues : write
17+
18+ env :
19+ NODE_VERSION : ' 20'
20+
21+ jobs :
22+ build-and-deploy :
23+ if : github.event.action != 'closed'
24+ runs-on : ubuntu-latest
25+ steps :
26+ - uses : actions/checkout@v4
27+
28+ - uses : actions/setup-node@v4
29+ with :
30+ node-version : ${{ env.NODE_VERSION }}
31+ cache : npm
32+ registry-url : ' https://npm.pkg.github.com'
33+ scope : ' @nss-workshops'
34+ env :
35+ NODE_AUTH_TOKEN : ${{ secrets.GITHUB_TOKEN }}
36+ - name : Create env file
37+ run : |
38+ echo "VITE_OAUTH_CLIENT_ID=${{ secrets.OAUTH_CLIENT_ID }}" > .env
39+ echo "VITE_OAUTH_CLIENT_SECRET=${{ secrets.OAUTH_CLIENT_SECRET }}" >> .env
40+ echo "VITE_PROXY_DOMAIN=https://authproxy.nss.team" >> .env
41+ echo "VITE_LEARNING_PLATFORM_API=https://learningapi.nss.team" >> .env
42+ echo "BASE_URL=pr-${{ github.event.pull_request.number }}" >> .env
43+ name : Install dependencies
44+ run : npm ci
45+ env :
46+ NODE_AUTH_TOKEN : ${{ secrets.GITHUB_TOKEN }}
47+
48+ - name : Build Vite
49+ run : npm run build
50+
51+ - name : Configure AWS (OIDC)
52+ uses : aws-actions/configure-aws-credentials@v4
53+ with :
54+ role-to-assume : ${{ secrets.AWS_ROLE_TO_ASSUME }}
55+ aws-region : ${{ vars.AWS_REGION }}
56+
57+ - name : Upload to S3 (prefix = pr-<num>)
58+ run : |
59+ set -euo pipefail
60+ PR=${{ github.event.pull_request.number }}
61+ aws s3 sync ./dist "s3://${{ vars.S3_BUCKET }}/pr-${PR}/" --delete --only-show-errors
62+ echo "PREVIEW_URL=${{ vars.S3_WEBSITE_BASE }}/pr-${PR}/" >> "$GITHUB_ENV"
63+
64+ name : Comment PR with preview URL
65+ uses : actions/github-script@v7
66+ with :
67+ script : |
68+ const url = process.env.PREVIEW_URL;
69+ const curlCmd = `curl -I "${url}"`;
70+ const body = [
71+ "🚀 **Vite Preview Deployed (S3 Website)**",
72+ "",
73+ `**URL:** ${url}`,
74+ "",
75+ "Quick check:",
76+ "```bash",
77+ curlCmd,
78+ "```",
79+ "",
80+ "_Note: S3 website endpoints are HTTP-only. Add CloudFront later if you need HTTPS._"
81+ ].join("\n");
82+ await github.rest.issues.createComment({
83+ owner: context.repo.owner,
84+ repo: context.repo.repo,
85+ issue_number: context.issue.number,
86+ body
87+ });
88+
89+ cleanup :
90+ if : github.event.action == 'closed'
91+ runs-on : ubuntu-latest
92+ steps :
93+ - name : Configure AWS (OIDC)
94+ uses : aws-actions/configure-aws-credentials@v4
95+ with :
96+ role-to-assume : ${{ secrets.AWS_ROLE_TO_ASSUME }}
97+ aws-region : ${{ vars.AWS_REGION }}
98+
99+ - name : Delete S3 prefix
100+ run : |
101+ set -euo pipefail
102+ PR=${{ github.event.pull_request.number }}
103+ aws s3 rm "s3://${{ vars.S3_BUCKET }}/pr-${PR}/" --recursive --only-show-errors
104+ echo "PREVIEW_URL=${{ vars.S3_WEBSITE_BASE }}/pr-${PR}/" >> "$GITHUB_ENV"
105+
106+ name : Comment PR with cleanup confirmation
107+ uses : actions/github-script@v7
108+ with :
109+ script : |
110+ const url = process.env.PREVIEW_URL;
111+ const body = `🧹 **Preview deleted** for this PR.\n\n(removed content behind: ${url})`;
112+ await github.rest.issues.createComment({
113+ owner: context.repo.owner,
114+ repo: context.repo.repo,
115+ issue_number: context.issue.number,
116+ body
117+ });
0 commit comments