2 files changed, 57 insertions, 49 deletions

diff --git a/.github/workflows/cla-check.yml b/.github/workflows/cla-check.yml
new file mode 100644
index 0000000..3c1aeee
--- /dev/null
+++ b/.github/workflows/cla-check.yml
@@ -0,0 +1,19 @@
+name: "CLA Check"
+
+permissions:
+  actions: write
+  contents: read
+  pull-requests: write
+  statuses: write
+
+on:
+  pull_request:
+    types: [opened, synchronize, closed]
+  issue_comment:
+    types: [created]
+
+jobs:
+  call-cla-assistant:
+    uses: vyos/vyos-cla-signatures/.github/workflows/cla-reusable.yml@current
+    secrets:
+      CLA_PAT: ${{ secrets.CLA_PAT }}
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 3aeb133..5dc020e 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -9,6 +9,7 @@ on:
     branches:
       - main
       - production
+      - amplify
   schedule:
     - cron: "0 3 * * *"
   workflow_dispatch:
@@ -17,16 +18,22 @@ on:
       branch:
         required: true
         type: string
+      aws_amplify_region:
+        required: true
+        type: string
+      aws_amplify_app_id:
+        required: true
+        type: string
     secrets:
-      NETLIFY_TOKEN:
+      AWS_AMPLIFY_ACCESS_KEY_ID:
         required: true
-      GH_ACCESS_TOKEN:
+      AWS_AMPLIFY_SECRET_ACCESS_KEY:
         required: true
 
 # A workflow run is made up of one or more jobs that can run sequentially or in parallel
 jobs:
   # This workflow contains a single job called "build"
-  build:
+  deploy:
     environment:
       name: ${{ github.ref_name }}
 
@@ -35,55 +42,37 @@ jobs:
 
     # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
-    # If the workflow is called from this repo, check out the branch it's called from
-    - uses: actions/checkout@v4
-      if: ${{ inputs.branch == '' }}
-      with:
-        repository: vyos/community.vyos.net
-        ref: ${{ github.ref_name }}
-
-    # If the workflow is called externally, check out the branch from its inputs
-    - uses: actions/checkout@v4
-      if: ${{ inputs.branch != '' }}
-      with:
-        repository: vyos/community.vyos.net
-        ref: ${{ inputs.branch }}
-
-    - name: Install build dependencies from the repos
+    - name: Set env variables if they were NOT specified as inputs
+      if: ${{ inputs.aws_amplify_region == '' || inputs.aws_amplify_app_id == '' }}
       run: |
-        echo Installing build dependencies
-        sudo apt-get update
-        sudo apt-get -y install cmark make npm
-        sudo npm install -g sass@1.32.8
-        # PyGitHub changes its API recently, distros use older versions,
-        # so we install it from PyPI for now
-        python -m venv .
-        source ./bin/activate
-        pip install pygithub jinja2
+        echo "AWS_AMPLIFY_REGION=${{ vars.AWS_AMPLIFY_REGION }}" >> $GITHUB_ENV
+        echo "AWS_AMPLIFY_APP_ID=${{ vars.AWS_AMPLIFY_APP_ID }}" >> $GITHUB_ENV
+        echo "BRANCH=${{ github.ref_name }}" >> $GITHUB_ENV
 
-    - name: Install soupault
-      env:
-        SOUPAULT_VERSION: 4.10.0
+    - name: Set env variables if they were specified as inputs
+      if: ${{ inputs.aws_amplify_region != '' && inputs.aws_amplify_app_id != '' }}
       run: |
-        echo Downloading and unpacking soupault
-        wget https://github.com/PataphysicalSociety/soupault/releases/download/$SOUPAULT_VERSION/soupault-$SOUPAULT_VERSION-linux-x86_64.tar.gz
-        tar xvf soupault-$SOUPAULT_VERSION-linux-x86_64.tar.gz
-        sudo mv -v ./soupault-$SOUPAULT_VERSION-linux-x86_64/soupault /usr/bin/
-
-    - name: Build the site
-      env:
-        GH_ACCESS_TOKEN: ${{ secrets.GH_ACCESS_TOKEN }}
-        # SOUPAULT_PROFILE is "staging" for the main branch,
-        # it enabled a preview version warning.
-        # The "live" profile simply enabled listing nightly builds
-        SOUPAULT_OPTS: "--profile ${{ vars.SOUPAULT_PROFILE }} --profile live"
+        echo "AWS_AMPLIFY_REGION=${{ inputs.aws_amplify_region }}" >> $GITHUB_ENV
+        echo "AWS_AMPLIFY_APP_ID=${{ inputs.aws_amplify_app_id }}" >> $GITHUB_ENV
+        echo "BRANCH=${{ inputs.branch }}" >> $GITHUB_ENV
+    
+    - name: Deploy to Amplify
       run: |
-        source ./bin/activate
-        make all
+        curl --request POST \
+          --url https://amplify.${{ env.AWS_AMPLIFY_REGION }}.amazonaws.com/apps/${{ env.AWS_AMPLIFY_APP_ID }}/branches/${{ env.BRANCH }}/jobs \
+          --header 'Content-Type: application/json' \
+          --data '{"jobType": "RELEASE"}' \
+          --user "${{ secrets.AWS_AMPLIFY_ACCESS_KEY_ID }}:${{ secrets.AWS_AMPLIFY_SECRET_ACCESS_KEY }}" \
+          --aws-sigv4 "aws:amz:${{ env.AWS_AMPLIFY_REGION }}:amplify"
 
-    - name: Deploy to Netlify
+    - name: Check Amplify build status
+      uses: vyos/amplify-build-status@v2.2
+      with:
+        app-id: ${{ env.AWS_AMPLIFY_APP_ID }}
+        branch-name: ${{ env.BRANCH }}
+        commit-id: HEAD
+        wait: true
       env:
-        NETLIFY_TOKEN: ${{ secrets.NETLIFY_TOKEN }}
-      run: |
-        zip -r website.zip build/
-        curl --show-error --fail -H "Content-Type: application/zip" -H "Authorization: Bearer $NETLIFY_TOKEN" --data-binary "@website.zip" https://api.netlify.com/api/v1/sites/${{vars.NETLIFY_SITE_NAME}}/deploys
+        AWS_ACCESS_KEY_ID: ${{ secrets.AWS_AMPLIFY_ACCESS_KEY_ID }}
+        AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_AMPLIFY_SECRET_ACCESS_KEY }}
+        AWS_REGION: ${{ env.AWS_AMPLIFY_REGION }}