Github Actions, Hugo Deploy and Amazon S3
This blog post is part of a series called How this blog is made.
In this post we will use Github Actions to automatically deploy all changes in our Github master branch to our S3 bucket.
To authorize Github to perform this action we have to create an AWS Access Key.
For security reasons this AWS Access Key will be linked to a AWS User with only the necessary permissions to perform this action.
We will be focusing on this part of the diagram:
AWS Identity and Access Management (IAM)#
- Go to your AWS Console and to IAM.
- On the left side to
Policiesand clickCreate policy:- Select
JSON. - Copy and paste:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "GithubActionsWebsite", "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:GetObject", "s3:PutObject", "s3:DeleteObject", "cloudfront:CreateInvalidation" ], "Resource": [ "arn:aws:s3:::<Your-Bucket-Name>", "arn:aws:s3:::<Your-Bucket-Name>/*", "<CF-Distribution-ARN>" ] } ] }- Click
Review policy. - Choose a name like
DeployWebsite. - Click
Create policy.
- Select
- On the left side to
Usersand clickAdd user:- Choose a name like
github-action-website. - Allow
Programmatic access. - Click
Next: Permissions. - Choose
Attach existing policies directlyand in the list chooseDeployWebsite. - Click
Next: Tags. - Tag your user. I go with
Key=projectandValue=a-h.io. - Click
Next: Review. - Click
Create user. - Save both the
<Access-key-ID>and the<Secret-access-key>for later.
- Choose a name like
Now we have created a User with an Access Key with the permissions to change our website on <Your-Bucket-Name> and can create an invalidation of files at <CF-Distribution-ARN>.
Hugo Deploy#
Hugo makes it easy to deploy your website to Amazon S3 and to access your Cloudfront distribution.
- Add this to your
config.toml:[deployment] [[deployment.targets]] name = "Website <Your-Domain>" URL = "s3://<Your-Bucket-Name>?region=<Your-Region>" cloudFrontDistributionID = "<CF-Distribution-ID>" [[deployment.matchers]] # Cache static assets for 20 years. pattern = "^.+\\.(js|css|svg|ttf|woff|woff2|eot|png|jpg|gif|svg|ttf)$" cacheControl = "max-age=630720000, no-transform, public" gzip = true [[deployment.matchers]] pattern = "^.+\\.(html|xml|json)$" gzip = true - Install the AWS CLI
- Configure the AWS CLI with your
<Access-key-ID>,<Secret-access-key>and<Your-Region> - Test your configuration with:
# delete the public folder rm -rf public # build the website hugo --minify # deploy the website to AWS and invalidate the Cloudfront cache hugo deploy --maxDeletes -1 --invalidateCDN
You should see Success.
Github Actions#
To automate this workflow we will use Github Actions.
- Create a new Github workflow config file:
mkdir -p .github/workflows/ touch .github/workflows/main.yml
Copy and paste to
main.yml:name: Deploy website to S3 bucket on: push: branches: - master jobs: deploy: runs-on: ubuntu-18.04 steps: - uses: actions/checkout@v2 with: submodules: true # Fetch Hugo themes fetch-depth: 0 # Fetch all history for .GitInfo and .Lastmod - name: Setup Hugo uses: peaceiris/actions-hugo@v2 with: hugo-version: 'latest' extended: true - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@v1 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-region: ~Your-Region~ - name: Build website run: hugo --minify - name: Hugo deploy static site to S3 bucket and invalidate Cloudfront cache run: hugo deploy --maxDeletes -1 --invalidateCDNDo not forget to fill in
<Your-Region>. Do not fill in your<Access-key-ID>or<Secret-access-key>. Secret keys likeAWS Credentialsshould not be in code, but in a secure section of your repository.Go to
<Your-Repository>on github.com, here toSettingsand toSecrets:- Click
New secret. Name=AWS_ACCESS_KEY_IDandValueis your<Access-key-ID>.- And another secret. Click
New secret. Name=AWS_SECRET_ACCESS_KEYandValueis your<Secret-access-key>.
- Click
Now every time you push changes to your master branch Github Actions will deploy those changes to your website.