.github/workflows/publish-redirect-rules.yaml

---
name: publish-redirect-rules

env:
  AWS_REGION: us-east-1

on:
  push:
    branches:
      - master
    paths:
      - 'src/redirects.json'
  pull_request:
    branches:
      - master
    paths:
      - 'src/redirects.json'
  workflow_dispatch:

permissions:
  id-token: write
  contents: read

jobs:
  deploy:
    runs-on: fusionauth-standard
    container: 752443094709.dkr.ecr.us-west-2.amazonaws.com/gha-runner-ubuntu-22.04:latest
    steps:

      - name: checkout
        uses: actions/checkout@v4
        with:
          sparse-checkout: src/redirects.json

      - name: validate json
        run: cat src/redirects.json | jq empty

      - name: set aws credentials
        if: github.event_name == 'push'
        uses: aws-actions/configure-aws-credentials@v4
        with:
          role-chaining: true
          role-to-assume: ${{ secrets.ACTIONS_RUNNER_ROLE_PROD }}
          role-session-name: github-actions
          aws-region: ${{ env.AWS_REGION }}

      - name: upload file to s3
        if: github.event_name == 'push'
        run: aws s3 cp src/redirects.json s3://${{ secrets.S3_ARTIFACTS_PROD }}/lambda/site-origin-request-handler/redirects.json