From 145c2d4781748952ad2cfc2c065141f93da9a83b Mon Sep 17 00:00:00 2001 From: DaX Date: Mon, 16 Feb 2026 02:04:38 +0100 Subject: [PATCH] Optimize CI/CD pipeline for faster deploys - Remove broken npm cache (was timing out ~5min per run) - Replace AWS CLI v2 installer with pip3 install (~50MB less) - Inline AWS credential config instead of separate action - Merge steps to reduce overhead --- .gitea/workflows/deploy.yml | 37 ++++++++++--------------------------- 1 file changed, 10 insertions(+), 27 deletions(-) diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml index c06c65f..7c9b207 100644 --- a/.gitea/workflows/deploy.yml +++ b/.gitea/workflows/deploy.yml @@ -46,44 +46,32 @@ jobs: uses: actions/setup-node@v4 with: node-version: 18 - cache: npm - name: Install dependencies if: steps.changes.outputs.frontend == 'true' run: npm ci - - name: Security check + - name: Security check & tests if: steps.changes.outputs.frontend == 'true' - run: npm run security:check - - - name: Run tests - if: steps.changes.outputs.frontend == 'true' - run: npm test -- --passWithNoTests + run: | + npm run security:check + npm test -- --passWithNoTests - name: Build Next.js if: steps.changes.outputs.frontend == 'true' run: npm run build - - name: Install AWS CLI + - name: Setup AWS if: steps.changes.outputs.frontend == 'true' || steps.changes.outputs.api == 'true' run: | - curl -s "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o /tmp/awscliv2.zip - unzip -q /tmp/awscliv2.zip -d /tmp - /tmp/aws/install - aws --version + pip3 install -q awscli + aws configure set aws_access_key_id "${{ secrets.AWS_ACCESS_KEY_ID }}" + aws configure set aws_secret_access_key "${{ secrets.AWS_SECRET_ACCESS_KEY }}" + aws configure set region eu-central-1 - - name: Configure AWS credentials - if: steps.changes.outputs.frontend == 'true' || steps.changes.outputs.api == 'true' - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: eu-central-1 - - - name: Deploy to S3 + - name: Deploy to S3 & invalidate CloudFront if: steps.changes.outputs.frontend == 'true' run: | - # Upload HTML files with no-cache aws s3 sync out/ s3://$S3_BUCKET/ \ --delete \ --exclude "*" \ @@ -91,19 +79,14 @@ jobs: --cache-control "public, max-age=0, must-revalidate" \ --content-type "text/html" - # Upload _next static assets with immutable 1-year cache aws s3 sync out/_next/ s3://$S3_BUCKET/_next/ \ --cache-control "public, max-age=31536000, immutable" - # Upload other assets with 1-day cache aws s3 sync out/ s3://$S3_BUCKET/ \ --exclude "*.html" \ --exclude "_next/*" \ --cache-control "public, max-age=86400" - - name: Invalidate CloudFront - if: steps.changes.outputs.frontend == 'true' - run: | aws cloudfront create-invalidation \ --distribution-id ${{ secrets.CLOUDFRONT_DISTRIBUTION_ID }} \ --paths "/*"