From 0a870837242dd7b22f38ccaaa38d9e46ef280d58 Mon Sep 17 00:00:00 2001 From: James Johnson Date: Wed, 10 Dec 2025 16:57:09 +1000 Subject: [PATCH 01/12] TCLOUD-4860: Create a workflow for releasing docs --- .github/workflows/deploy_docs_v2.yml | 85 ++++++++++++++++++++++++++++ 1 file changed, 85 insertions(+) create mode 100644 .github/workflows/deploy_docs_v2.yml diff --git a/.github/workflows/deploy_docs_v2.yml b/.github/workflows/deploy_docs_v2.yml new file mode 100644 index 0000000000..3f643611b0 --- /dev/null +++ b/.github/workflows/deploy_docs_v2.yml @@ -0,0 +1,85 @@ +name: Deploy Tiny Docs v2 + +on: + workflow_dispatch: + inputs: + environment: + description: 'Deployment Environment' + required: true + default: 'staging' + type: choice + options: + - 'staging' + - 'production' + +env: + ACCT: ${{ inputs.environment == 'production' && '990880627107' || '327995277200' }} + BUCKET: ${{ inputs.environment == 'production' && 'tiny-cloud-antora-docs-release' || 'tiny-cloud-antora-docs-preview' }} + RUN: run-${{ github.run_number }}-${{ github.run_attempt }} + +jobs: + build: + name: Build Docs and Deploy + + if: github.repository == 'tinymce/tinymce-docs' && github.repository_owner == 'tinymce' + + runs-on: ubuntu-latest + + defaults: + run: + shell: bash + + steps: + - name: Checkout branch + uses: actions/checkout@v5 + + - name: Setup Node.js + uses: actions/setup-node@v5 + with: + cache: 'yarn' + node-version: 24 + + - name: Install dependencies + run: yarn install + + - name: Build Website + run: yarn antora ./antora-playbook.yml + + - name: Rename site folder to docs + run: | + mv ./build/site ./build/docs + + - name: Rename sitemap.xml to antora-sitemap.xml + run: | + mv ./build/docs/sitemap.xml ./build/docs/antora-sitemap.xml + + - name: configure aws credentials + uses: aws-actions/configure-aws-credentials@v5.0.0 + with: + role-to-assume: 'arn:aws:iam::${{ env.ACCT }}:role/${{ inputs.environment }}-tinymce-docs-update' + role-session-name: tinymce-docs-${{ inputs.environment }}-release + aws-region: us-east-1 + + - name: Upload website preview to S3 + run: | + aws s3 sync ./build s3://${BUCKET}/main/${RUN} + + - name: Create redirects on S3 + uses: tinymce/tinymce-docs-generate-redirects-action@v1.0 + with: + build: ./build/ + redirects: ./redirects.json + bucket: ${{ env.BUCKET }} + prefix: main/${{ env.RUN }} + parallel: 10 + + - name: Update pointer to current run output + run: | + aws s3api put-object --bucket ${BUCKET} --key main/index.html --body .github/workflows/resources/empty.html --content-type text/html --metadata pointer=${RUN} + + - name: Tag old versions for cleanup + uses: tinymce/tinymce-docs-cleanup-action@v0.1 + with: + bucket: ${{ env.BUCKET }} + folder: main + parallel: 20 \ No newline at end of file From 4181303b876bd4df9375d2efac927789dec68a3d Mon Sep 17 00:00:00 2001 From: James Johnson Date: Fri, 12 Dec 2025 14:05:08 +1000 Subject: [PATCH 02/12] TCLOUD-4860: Trigger action first time so it can be triggered manually --- .github/workflows/deploy_docs_v2.yml | 61 ++++++++++++++-------------- 1 file changed, 31 insertions(+), 30 deletions(-) diff --git a/.github/workflows/deploy_docs_v2.yml b/.github/workflows/deploy_docs_v2.yml index 3f643611b0..c0d9c3ef8d 100644 --- a/.github/workflows/deploy_docs_v2.yml +++ b/.github/workflows/deploy_docs_v2.yml @@ -11,6 +11,7 @@ on: options: - 'staging' - 'production' + push: env: ACCT: ${{ inputs.environment == 'production' && '990880627107' || '327995277200' }} @@ -53,33 +54,33 @@ jobs: run: | mv ./build/docs/sitemap.xml ./build/docs/antora-sitemap.xml - - name: configure aws credentials - uses: aws-actions/configure-aws-credentials@v5.0.0 - with: - role-to-assume: 'arn:aws:iam::${{ env.ACCT }}:role/${{ inputs.environment }}-tinymce-docs-update' - role-session-name: tinymce-docs-${{ inputs.environment }}-release - aws-region: us-east-1 - - - name: Upload website preview to S3 - run: | - aws s3 sync ./build s3://${BUCKET}/main/${RUN} - - - name: Create redirects on S3 - uses: tinymce/tinymce-docs-generate-redirects-action@v1.0 - with: - build: ./build/ - redirects: ./redirects.json - bucket: ${{ env.BUCKET }} - prefix: main/${{ env.RUN }} - parallel: 10 - - - name: Update pointer to current run output - run: | - aws s3api put-object --bucket ${BUCKET} --key main/index.html --body .github/workflows/resources/empty.html --content-type text/html --metadata pointer=${RUN} - - - name: Tag old versions for cleanup - uses: tinymce/tinymce-docs-cleanup-action@v0.1 - with: - bucket: ${{ env.BUCKET }} - folder: main - parallel: 20 \ No newline at end of file + # - name: configure aws credentials + # uses: aws-actions/configure-aws-credentials@v5.0.0 + # with: + # role-to-assume: 'arn:aws:iam::${{ env.ACCT }}:role/${{ inputs.environment }}-tinymce-docs-update' + # role-session-name: tinymce-docs-${{ inputs.environment }}-release + # aws-region: us-east-1 + + # - name: Upload website preview to S3 + # run: | + # aws s3 sync ./build s3://${BUCKET}/main/${RUN} + + # - name: Create redirects on S3 + # uses: tinymce/tinymce-docs-generate-redirects-action@v1.0 + # with: + # build: ./build/ + # redirects: ./redirects.json + # bucket: ${{ env.BUCKET }} + # prefix: main/${{ env.RUN }} + # parallel: 10 + + # - name: Update pointer to current run output + # run: | + # aws s3api put-object --bucket ${BUCKET} --key main/index.html --body .github/workflows/resources/empty.html --content-type text/html --metadata pointer=${RUN} + + # - name: Tag old versions for cleanup + # uses: tinymce/tinymce-docs-cleanup-action@v0.1 + # with: + # bucket: ${{ env.BUCKET }} + # folder: main + # parallel: 20 \ No newline at end of file From 4924765b1a024299c9df804c9ec13df3562cc664 Mon Sep 17 00:00:00 2001 From: James Johnson Date: Fri, 12 Dec 2025 14:18:10 +1000 Subject: [PATCH 03/12] TCLOUD-4860: Re-enable upload features; leave push trigger for now --- .github/workflows/deploy_docs_v2.yml | 60 ++++++++++++++-------------- 1 file changed, 30 insertions(+), 30 deletions(-) diff --git a/.github/workflows/deploy_docs_v2.yml b/.github/workflows/deploy_docs_v2.yml index c0d9c3ef8d..6069a68af6 100644 --- a/.github/workflows/deploy_docs_v2.yml +++ b/.github/workflows/deploy_docs_v2.yml @@ -54,33 +54,33 @@ jobs: run: | mv ./build/docs/sitemap.xml ./build/docs/antora-sitemap.xml - # - name: configure aws credentials - # uses: aws-actions/configure-aws-credentials@v5.0.0 - # with: - # role-to-assume: 'arn:aws:iam::${{ env.ACCT }}:role/${{ inputs.environment }}-tinymce-docs-update' - # role-session-name: tinymce-docs-${{ inputs.environment }}-release - # aws-region: us-east-1 - - # - name: Upload website preview to S3 - # run: | - # aws s3 sync ./build s3://${BUCKET}/main/${RUN} - - # - name: Create redirects on S3 - # uses: tinymce/tinymce-docs-generate-redirects-action@v1.0 - # with: - # build: ./build/ - # redirects: ./redirects.json - # bucket: ${{ env.BUCKET }} - # prefix: main/${{ env.RUN }} - # parallel: 10 - - # - name: Update pointer to current run output - # run: | - # aws s3api put-object --bucket ${BUCKET} --key main/index.html --body .github/workflows/resources/empty.html --content-type text/html --metadata pointer=${RUN} - - # - name: Tag old versions for cleanup - # uses: tinymce/tinymce-docs-cleanup-action@v0.1 - # with: - # bucket: ${{ env.BUCKET }} - # folder: main - # parallel: 20 \ No newline at end of file + - name: configure aws credentials + uses: aws-actions/configure-aws-credentials@v5.0.0 + with: + role-to-assume: 'arn:aws:iam::${{ env.ACCT }}:role/${{ inputs.environment }}-tinymce-docs-update' + role-session-name: tinymce-docs-${{ inputs.environment }}-release + aws-region: us-east-1 + + - name: Upload website preview to S3 + run: | + aws s3 sync ./build s3://${BUCKET}/main/${RUN} + + - name: Create redirects on S3 + uses: tinymce/tinymce-docs-generate-redirects-action@v1.0 + with: + build: ./build/ + redirects: ./redirects.json + bucket: ${{ env.BUCKET }} + prefix: main/${{ env.RUN }} + parallel: 10 + + - name: Update pointer to current run output + run: | + aws s3api put-object --bucket ${BUCKET} --key main/index.html --body .github/workflows/resources/empty.html --content-type text/html --metadata pointer=${RUN} + + - name: Tag old versions for cleanup + uses: tinymce/tinymce-docs-cleanup-action@v0.1 + with: + bucket: ${{ env.BUCKET }} + folder: main + parallel: 20 \ No newline at end of file From 975e707718b4efa439bc4444add64169a4af539f Mon Sep 17 00:00:00 2001 From: James Johnson Date: Fri, 12 Dec 2025 14:24:06 +1000 Subject: [PATCH 04/12] TCLOUD-4860: Add id-token write permission for OIDC --- .github/workflows/deploy_docs_v2.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/deploy_docs_v2.yml b/.github/workflows/deploy_docs_v2.yml index 6069a68af6..b944656d65 100644 --- a/.github/workflows/deploy_docs_v2.yml +++ b/.github/workflows/deploy_docs_v2.yml @@ -13,6 +13,10 @@ on: - 'production' push: +# Need ID token write permission to use OIDC +permissions: + id-token: write + env: ACCT: ${{ inputs.environment == 'production' && '990880627107' || '327995277200' }} BUCKET: ${{ inputs.environment == 'production' && 'tiny-cloud-antora-docs-release' || 'tiny-cloud-antora-docs-preview' }} From 8af3706f0301e5470db9c12f02a5c5c51719dfec Mon Sep 17 00:00:00 2001 From: James Johnson Date: Fri, 12 Dec 2025 15:13:27 +1000 Subject: [PATCH 05/12] TCLOUD-4860: Try a tweak to read the environment input --- .github/workflows/deploy_docs_v2.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy_docs_v2.yml b/.github/workflows/deploy_docs_v2.yml index b944656d65..16d23410b7 100644 --- a/.github/workflows/deploy_docs_v2.yml +++ b/.github/workflows/deploy_docs_v2.yml @@ -18,6 +18,7 @@ permissions: id-token: write env: + ENVNAME: ${{ inputs.environment }} ACCT: ${{ inputs.environment == 'production' && '990880627107' || '327995277200' }} BUCKET: ${{ inputs.environment == 'production' && 'tiny-cloud-antora-docs-release' || 'tiny-cloud-antora-docs-preview' }} RUN: run-${{ github.run_number }}-${{ github.run_attempt }} @@ -61,8 +62,8 @@ jobs: - name: configure aws credentials uses: aws-actions/configure-aws-credentials@v5.0.0 with: - role-to-assume: 'arn:aws:iam::${{ env.ACCT }}:role/${{ inputs.environment }}-tinymce-docs-update' - role-session-name: tinymce-docs-${{ inputs.environment }}-release + role-to-assume: 'arn:aws:iam::${{ env.ACCT }}:role/${{ env.ENVNAME }}-tinymce-docs-update' + role-session-name: tinymce-docs-${{ env.ENVNAME }}-release aws-region: us-east-1 - name: Upload website preview to S3 From 97e962048537055afe4e6a123041af609d0111bf Mon Sep 17 00:00:00 2001 From: James Johnson Date: Fri, 12 Dec 2025 15:29:01 +1000 Subject: [PATCH 06/12] TCLOUD-4860: Work around inputs limitation The inputs are only available for a dispatch event. --- .github/workflows/deploy_docs_v2.yml | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/.github/workflows/deploy_docs_v2.yml b/.github/workflows/deploy_docs_v2.yml index 16d23410b7..adae4e1674 100644 --- a/.github/workflows/deploy_docs_v2.yml +++ b/.github/workflows/deploy_docs_v2.yml @@ -18,10 +18,8 @@ permissions: id-token: write env: - ENVNAME: ${{ inputs.environment }} - ACCT: ${{ inputs.environment == 'production' && '990880627107' || '327995277200' }} - BUCKET: ${{ inputs.environment == 'production' && 'tiny-cloud-antora-docs-release' || 'tiny-cloud-antora-docs-preview' }} - RUN: run-${{ github.run_number }}-${{ github.run_attempt }} + # inputs are only defined on a dispatch event, so to test we provide a default... + TARGET: ${{ inputs.environment || 'staging' }} jobs: build: @@ -31,6 +29,11 @@ jobs: runs-on: ubuntu-latest + env: + ACCT: ${{ env.TARGET == 'production' && '990880627107' || '327995277200' }} + BUCKET: ${{ env.TARGET == 'production' && 'tiny-cloud-antora-docs-release' || 'tiny-cloud-antora-docs-preview' }} + RUN: run-${{ github.run_number }}-${{ github.run_attempt }} + defaults: run: shell: bash @@ -62,8 +65,8 @@ jobs: - name: configure aws credentials uses: aws-actions/configure-aws-credentials@v5.0.0 with: - role-to-assume: 'arn:aws:iam::${{ env.ACCT }}:role/${{ env.ENVNAME }}-tinymce-docs-update' - role-session-name: tinymce-docs-${{ env.ENVNAME }}-release + role-to-assume: 'arn:aws:iam::${{ env.ACCT }}:role/${{ env.TARGET }}-tinymce-docs-update' + role-session-name: tinymce-docs-${{ env.TARGET }}-release aws-region: us-east-1 - name: Upload website preview to S3 From 31939e36589f2dc557ac987c68f5174c6acd2a4a Mon Sep 17 00:00:00 2001 From: James Johnson Date: Fri, 12 Dec 2025 15:37:48 +1000 Subject: [PATCH 07/12] TCLOUD-4860: Another attempt to get a default input value --- .github/workflows/deploy_docs_v2.yml | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/.github/workflows/deploy_docs_v2.yml b/.github/workflows/deploy_docs_v2.yml index adae4e1674..3084b7eb05 100644 --- a/.github/workflows/deploy_docs_v2.yml +++ b/.github/workflows/deploy_docs_v2.yml @@ -18,8 +18,10 @@ permissions: id-token: write env: - # inputs are only defined on a dispatch event, so to test we provide a default... TARGET: ${{ inputs.environment || 'staging' }} + ACCT: ${{ inputs.environment == 'production' && '990880627107' || '327995277200' }} + BUCKET: ${{ inputs.environment == 'production' && 'tiny-cloud-antora-docs-release' || 'tiny-cloud-antora-docs-preview' }} + RUN: run-${{ github.run_number }}-${{ github.run_attempt }} jobs: build: @@ -27,12 +29,9 @@ jobs: if: github.repository == 'tinymce/tinymce-docs' && github.repository_owner == 'tinymce' - runs-on: ubuntu-latest - env: - ACCT: ${{ env.TARGET == 'production' && '990880627107' || '327995277200' }} - BUCKET: ${{ env.TARGET == 'production' && 'tiny-cloud-antora-docs-release' || 'tiny-cloud-antora-docs-preview' }} - RUN: run-${{ github.run_number }}-${{ github.run_attempt }} + + runs-on: ubuntu-latest defaults: run: From 736a331a23f14ef9c1f93c8815b7ba5b073a2703 Mon Sep 17 00:00:00 2001 From: James Johnson Date: Fri, 12 Dec 2025 15:38:59 +1000 Subject: [PATCH 08/12] TCLOUD-4860: Fixed typo --- .github/workflows/deploy_docs_v2.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/deploy_docs_v2.yml b/.github/workflows/deploy_docs_v2.yml index 3084b7eb05..9d0529a903 100644 --- a/.github/workflows/deploy_docs_v2.yml +++ b/.github/workflows/deploy_docs_v2.yml @@ -29,8 +29,6 @@ jobs: if: github.repository == 'tinymce/tinymce-docs' && github.repository_owner == 'tinymce' - env: - runs-on: ubuntu-latest defaults: From 6c3721d2cfb92e5e8a79cbdfce9ee87707d5552f Mon Sep 17 00:00:00 2001 From: James Johnson Date: Fri, 12 Dec 2025 16:04:50 +1000 Subject: [PATCH 09/12] TCLOUD-4860: Add cloudfront invalidation step --- .github/workflows/deploy_docs_v2.yml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/.github/workflows/deploy_docs_v2.yml b/.github/workflows/deploy_docs_v2.yml index 9d0529a903..eda031fc7a 100644 --- a/.github/workflows/deploy_docs_v2.yml +++ b/.github/workflows/deploy_docs_v2.yml @@ -21,6 +21,7 @@ env: TARGET: ${{ inputs.environment || 'staging' }} ACCT: ${{ inputs.environment == 'production' && '990880627107' || '327995277200' }} BUCKET: ${{ inputs.environment == 'production' && 'tiny-cloud-antora-docs-release' || 'tiny-cloud-antora-docs-preview' }} + DISTRIBUTION: ${{ inputs.environment == 'production' && 'E3LFU502SQ5UR' || 'E7DUUPEI08HNW'}} RUN: run-${{ github.run_number }}-${{ github.run_attempt }} jobs: @@ -88,4 +89,12 @@ jobs: with: bucket: ${{ env.BUCKET }} folder: main - parallel: 20 \ No newline at end of file + parallel: 20 + + - name: Invalidate Cloudfront Cache + # sleep to wait for envoy's version pointer caching to expire + run: | + sleep 30s + aws cloudfront create-invalidation --distribution-id ${{ env.DISTRIBUTION }} --paths "/docs/*" + env: + AWS_EC2_METADATA_DISABLED: true \ No newline at end of file From 26820607b0db476cce92561b6655b3090b57a804 Mon Sep 17 00:00:00 2001 From: James Johnson Date: Fri, 12 Dec 2025 16:30:05 +1000 Subject: [PATCH 10/12] TCLOUD-4860: Remove unneeded env var --- .github/workflows/deploy_docs_v2.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/deploy_docs_v2.yml b/.github/workflows/deploy_docs_v2.yml index eda031fc7a..f245429375 100644 --- a/.github/workflows/deploy_docs_v2.yml +++ b/.github/workflows/deploy_docs_v2.yml @@ -95,6 +95,4 @@ jobs: # sleep to wait for envoy's version pointer caching to expire run: | sleep 30s - aws cloudfront create-invalidation --distribution-id ${{ env.DISTRIBUTION }} --paths "/docs/*" - env: - AWS_EC2_METADATA_DISABLED: true \ No newline at end of file + aws cloudfront create-invalidation --distribution-id ${{ env.DISTRIBUTION }} --paths "/docs/*" \ No newline at end of file From ec9dc74cfa0819b30c1b7893fd606e236f8b3b05 Mon Sep 17 00:00:00 2001 From: James Johnson Date: Fri, 12 Dec 2025 16:37:01 +1000 Subject: [PATCH 11/12] TCLOUD-4860: Remove push trigger --- .github/workflows/deploy_docs_v2.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/deploy_docs_v2.yml b/.github/workflows/deploy_docs_v2.yml index f245429375..d31ab2e55b 100644 --- a/.github/workflows/deploy_docs_v2.yml +++ b/.github/workflows/deploy_docs_v2.yml @@ -11,7 +11,6 @@ on: options: - 'staging' - 'production' - push: # Need ID token write permission to use OIDC permissions: From e71a700d43bc183447a555c9e6ef31bcc42762e4 Mon Sep 17 00:00:00 2001 From: James Johnson Date: Fri, 12 Dec 2025 17:06:14 +1000 Subject: [PATCH 12/12] TCLOUD-4860: Update version of cleanup action --- .github/workflows/deploy_docs_v2.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy_docs_v2.yml b/.github/workflows/deploy_docs_v2.yml index d31ab2e55b..0ec6fe038b 100644 --- a/.github/workflows/deploy_docs_v2.yml +++ b/.github/workflows/deploy_docs_v2.yml @@ -84,7 +84,7 @@ jobs: aws s3api put-object --bucket ${BUCKET} --key main/index.html --body .github/workflows/resources/empty.html --content-type text/html --metadata pointer=${RUN} - name: Tag old versions for cleanup - uses: tinymce/tinymce-docs-cleanup-action@v0.1 + uses: tinymce/tinymce-docs-cleanup-action@v1.0 with: bucket: ${{ env.BUCKET }} folder: main