Skip to content

Latest commit

 

History

History
144 lines (120 loc) · 5.31 KB

README.md

File metadata and controls

144 lines (120 loc) · 5.31 KB

Composite Actions deploying Hugo sites to Azure

Composite GitHub Actions for Hugo projects deploying to Azure

  1. generate-metadata
  2. build
  3. deploy

Example workflow invoking these Actions

I am utilizing release-please-action from Google to handle semantic versioning and cutting releases via PRs in repos where these hugo/azure pipelines are used. It's also used within this repo hugo-azure-actions to generate Releases that follow the traditional GitHub Actions semver format where you can specify @major, @major.minor or @major.minor.patch when invoking each of them. See available releases.

These Actions workflows and their CI/CD process are based on a simple GitHub PR-Ops flow:

  1. PR opened, or additional commits to an opened PR will build and deploy the Hugo site to dev.site-base-tld
  2. A Release-Please generated PR is opened that contains one or more Conventional Commits PRs (e.g.: feat, fix) will be built and deployed to stg.site-base-tld each time that release PR is opened or updated if more feature/fix PRs are merged into the branch it's monitoring.
  3. A Release-Please generated PR is merged into mainline, triggering a Release/tag event in GitHub, which will trigger a build/deploy to site-base-tld - typically, this would be your production environment.

The two central values to tweak here if you want to follow the above process are:

  • hugo-version
  • site-base-tld

If you'd like to utilize these workflows similarly, I've included a sample cd.yml workflow below to place within the GitHub repo hosting your Hugo site's code. This, in conjunction with a sample release-please.yml workflow in that same Hugo code repo will provide the Release Please PR/semantic versioning automation if you use Conventional Commits for PR titles.

# .github/workflows/cd.yml
name: cd

on:
  pull_request:
    types: [ synchronize, opened ]
  release:
    types:
      - released

defaults:
  run:
    shell: bash

concurrency: cd

jobs:
  gen-metadata:
    runs-on: ubuntu-latest
    outputs:
      build-id: ${{ steps.build-metadata.outputs.artifact-id }}
      build-domain: ${{ steps.build-metadata.outputs.composite-domain }}
      env-target: ${{ steps.build-metadata.outputs.env-target }}
      hugo-version: ${{ steps.build-metadata.outputs.hugo-version }}
    steps:
      - name: generate build metadata
        id: build-metadata
        uses: kevholmes/hugo-azure-actions/.github/actions/generate-metadata@v1
        with:
          hugo-version: 0.118.2
          site-base-tld: cloverstack.dev
  build:
    runs-on: ubuntu-latest
    needs: gen-metadata
    environment:
      name: ${{ needs.gen-metadata.outputs.env-target }}
      url: ${{ needs.gen-metadata.outputs.build-domain }}
    steps:
      - name: checkout source
        uses: actions/checkout@v3
        with:
          fetch-depth: 0
      - name: build hugo site
        uses: kevholmes/hugo-azure-actions/.github/actions/build@v1
        with:
          build-id: ${{ needs.gen-metadata.outputs.build-id }}
          build-domain: ${{ needs.gen-metadata.outputs.build-domain }}
          hugo-version: ${{ needs.gen-metadata.outputs.hugo-version }}
  deploy-azure:
    runs-on: ubuntu-latest
    needs: [gen-metadata, build]
    environment:
      name: ${{ needs.gen-metadata.outputs.env-target }}
      url: ${{ needs.gen-metadata.outputs.build-domain }}
    steps:
      - name: deploy hugo site to azure
        uses: kevholmes/hugo-azure-actions/.github/actions/deploy@v1
        with:
          build-id: ${{ needs.gen-metadata.outputs.build-id }}
          az-client-id: ${{ vars.CLIENT_ID }}
          az-client-secret: ${{ secrets.CLIENT_SECRET }}
          az-subscription-id: ${{ vars.SUBSCRIPTION_ID }}
          az-tenant-id: ${{ vars.TENANT_ID }}
          az-storage-acct: ${{ vars.AZ_STORAGE_ACCT }}
          az-cdn-profile-name: ${{ vars.AZ_CDN_PROFILE_NAME }}
          az-cdn-endpoint: ${{ vars.AZ_CDN_ENDPOINT }}
          az-resource-group: ${{ vars.AZ_RESOURCE_GROUP }}

In the Release Please workflow below, RELEASER_TOKEN is a privileged PAT associated with a user. GitHub Actions now prevents the Actions bot user from triggering downstream workflows due to CVE concerns. This would prevent the CD workflow above from executing in our scenario and building/deploying the staged release generated by Release-Please.

# .github/workflows/release-please.yml
name: release-please

on:
  push:
    branches:
      - main

permissions:
  contents: write
  pull-requests: write

jobs:
  release-please:
    runs-on: ubuntu-latest
    steps:
      - uses: google-github-actions/release-please-action@v3
        with:
          release-type: go
          token: ${{ secrets.RELEASER_TOKEN }}

Azure Infrastructure

This is leveraging Azure Storage's Static Web hosting feature. I also utilize HTTPS-only and the Classic Azure CDN with auto-TLS rotation for the development environments. Three environments (dev, stg, prod) in this setup cost me $2.40 to $5.00 (USD) a month, depending on CDN traffic load.

If you'd like to see how this Azure infrastructure is set up, the Pulumi code describing it all is located at kevholmes/elyclover.com-infra.