Skip to content

fix: auto-trigger S3 deploy after release, fix stale doc-asset caching, clean corrupted .gitignore#2086

Merged
pethers merged 2 commits into
mainfrom
copilot/fix-release-and-s3-deploy
Jul 3, 2026
Merged

fix: auto-trigger S3 deploy after release, fix stale doc-asset caching, clean corrupted .gitignore#2086
pethers merged 2 commits into
mainfrom
copilot/fix-release-and-s3-deploy

Conversation

Copilot AI commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

https://blacktrigram.com/docs/api/ was rendering without content/CSS. Root cause was a combination of a manual-only deploy trigger and an incorrect long-lived cache policy on non-hashed documentation assets, compounded by a corrupted .gitignore.

Findings

  • deploy-s3.yml was workflow_dispatch-only, so docs/reports committed to main by release.yml were never actually synced to the production S3 bucket unless someone manually ran "Deploy" โ€” production could silently go stale indefinitely.
  • The sync applied Cache-Control: immutable, max-age=1yr to all non-html/xml/json/txt files, including non-content-hashed assets (docs/api/assets/style.css, docs/coverage/*.css|js, docs/cypress/mochawesome/assets/*). These filenames never change across releases, so browsers/CDN would never refetch updated CSS/JS โ€” this is what produced the "broken/unstyled" docs/api page.
  • .gitignore had ~5700 lines of an accidentally-committed literal node_modules/dist/coverage file-path dump (from a recent merge), including an unanchored bare test-results.xml pattern that could silently exclude a regenerated report file from future commits.
  • typedoc.json was verified correct (out: docs/api, cleanOutputDir: true, githubPages: true) โ€” no changes needed there.

Changes

deploy-s3.yml

  • Added a workflow_run trigger firing after "Build, Attest and Release" completes (kept manual workflow_dispatch for on-demand runs), gated on conclusion == 'success'.
  • Checkout now explicitly pins ref: main so the deploy always picks up the docs/reports the release just committed, regardless of whether the triggering event was a branch push or a tag push.
  • Split the static-asset sync into two categories instead of one blanket "everything but html/xml/json/txt":
    • Content-hashed Vite output (assets/*, test-results/assets/*) โ†’ 1-year immutable cache.
    • Everything else static (TypeDoc, coverage, mochawesome, dependency/architecture diagrams) โ†’ 1-hour must-revalidate cache.
  • Applied symmetrically to both the root prefix and the legacy /docs/ prefix.
# before: one rule for all non-html/xml/json/txt files
aws s3 sync docs/. s3://$BUCKET/ --exclude "*.html" ... --cache-control "public, max-age=31536000, immutable"

# after: hashed vs. stable-named assets get different cache policies
aws s3 sync docs/. s3://$BUCKET/ --exclude "*" --include "assets/*" --include "test-results/assets/*" \
  --cache-control "public, max-age=31536000, immutable"

aws s3 sync docs/. s3://$BUCKET/ --exclude "assets/*" --exclude "test-results/assets/*" --exclude "*.html" ... \
  --cache-control "public, max-age=3600, must-revalidate"

.gitignore

  • Replaced the corrupted 5710-line file with a clean, properly anchored 25-line version.
  • Verified docs/** remains fully trackable and root-level node_modules/, dist/, build/, coverage/, lib/, cypress/results|videos|screenshots are still correctly ignored.

Notes / caveats

  • The AWS IAM role's OIDC trust policy (GithubWorkFlowRole) may need to permit the workflow_run event's subject claim if it was previously scoped only to workflow_dispatch โ€” this can't be verified from the repository alone and should be checked in AWS.

โ€ฆan .gitignore

Co-authored-by: pethers <1726836+pethers@users.noreply.github.com>
@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Dependency Review

โœ… No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

@github-actions github-actions Bot added the infrastructure CI/CD and build infrastructure label Jul 3, 2026
@pethers pethers requested a review from Copilot July 3, 2026 17:13
@pethers pethers marked this pull request as ready for review July 3, 2026 17:16
@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

๐Ÿ“ธ Automated UI Screenshots

๐Ÿ“‹ Screenshots Captured (8)

# Screenshot
1 01-splash-screen.png - 01 splash screen.png
2 02-intro-screen-menu.png - 02 intro screen menu.png
3 03-intro-screen-archetype-selector.png - 03 intro screen archetype selector.png
4 04-controls-screen.png - 04 controls screen.png
5 05-philosophy-screen.png - 05 philosophy screen.png
6 06-training-screen.png - 06 training screen.png
7 07-combat-screen-practice.png - 07 combat screen practice.png
8 08-combat-screen-versus.png - 08 combat screen versus.png

๐Ÿ“ฆ Download Screenshots

๐Ÿ“ฅ Download all screenshots from workflow artifacts

Screenshots are preserved as workflow artifacts for 30 days.


๐Ÿค– Generated by Playwright automation

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Fixes production documentation/site staleness by restoring an automatic S3 deploy after releases and correcting cache headers so stable-named documentation assets (e.g., TypeDoc/coverage/mochawesome) are revalidated instead of being cached as immutable.

Changes:

  • Added workflow_run auto-trigger so S3 deploy runs after โ€œBuild, Attest and Releaseโ€ completes successfully, while keeping workflow_dispatch for manual runs.
  • Split S3 sync caching behavior into โ€œimmutable for hashed build outputโ€ vs โ€œmust-revalidate for stable-named docs/report assetsโ€, applied to both / and /docs/ prefixes.
  • Replaced a corrupted, overly-broad .gitignore with a minimal, anchored version.

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated 4 comments.

File Description
.github/workflows/deploy-s3.yml Adds release-to-S3 auto-deploy trigger and refactors S3 sync cache-control policies.
.gitignore Replaces corrupted ignore rules with a concise, anchored ignore set.

Comment thread .github/workflows/deploy-s3.yml Outdated
Comment on lines +10 to +19
# Automatically sync docs/api, generated reports and the game build to S3
# once "Build, Attest and Release" finishes committing them to main.
# Without this, the deploy was only ever triggered manually and blacktrigram.com
# could silently go stale after a release.
# NOTE: no `branches:` filter here โ€” release.yml's primary trigger is a
# `v*` tag push, so `head_branch` on that workflow_run is the tag, not
# `main`. The job always checks out `ref: main` explicitly below.
workflow_run:
workflows: ["Build, Attest and Release"]
types: [completed]
Comment on lines 62 to 75
- name: Deploy to S3 with minimal API calls
run: |
# Optimized deployment: 6 sync operations instead of 16
# - Hashed/static assets use --size-only (content-addressed, safe to skip by size)
# Optimized deployment: 8 sync operations instead of 16+
# - Content-hashed assets (Vite build output) use --size-only + a 1-year
# immutable cache, since their filenames change whenever content changes.
# - Non-hashed static assets (TypeDoc/coverage/mochawesome CSS+JS, which
# keep the SAME filename across releases, e.g. docs/api/assets/style.css)
# must NOT be marked immutable, otherwise browsers/CDNs never refetch
# updated CSS/JS and the docs pages render as broken/unstyled.
# - HTML and metadata use default sync (size+mtime) to catch same-size content changes
# - Does NOT use --delete to preserve legacy URLs on S3

if [ "${{ github.event.inputs.force_metadata_update }}" = "true" ]; then
# Force mode: use --exact-timestamps to force re-evaluation + metadata replace
Comment on lines +88 to +111
# 1. Sync content-hashed Vite build assets (game bundle + test-results app) with immutable cache
echo "โšก [root] Syncing content-hashed assets with immutable cache..."
aws s3 sync docs/. s3://${{ env.S3_BUCKET_NAME }}/ \
--exclude "*" \
--include "assets/*" \
--include "test-results/assets/*" \
--cache-control "public, max-age=31536000, immutable" \
$HASHED_SYNC_FLAGS

# 2. Sync all other static assets (TypeDoc api docs, coverage, cypress
# mochawesome, dependency/architecture diagrams, images, etc.) with a
# short revalidating cache, since these filenames are stable across
# releases and must be refetched whenever content changes.
echo "๐Ÿ“ฆ [root] Syncing non-hashed static assets with revalidation cache..."
aws s3 sync docs/. s3://${{ env.S3_BUCKET_NAME }}/ \
--exclude ".git/*" \
--exclude "assets/*" \
--exclude "test-results/assets/*" \
--exclude "*.html" \
--exclude "*.xml" \
--exclude "*.json" \
--exclude "*.txt" \
--cache-control "public, max-age=31536000, immutable" \
$HASHED_SYNC_FLAGS
--cache-control "public, max-age=3600, must-revalidate" \
$DOCUMENT_SYNC_FLAGS
Comment on lines +134 to +154
# 5. Sync content-hashed assets to /docs/ with immutable cache
echo "โšก [/docs/] Syncing content-hashed assets with immutable cache..."
aws s3 sync docs/. s3://${{ env.S3_BUCKET_NAME }}/docs/ \
--exclude "*" \
--include "assets/*" \
--include "test-results/assets/*" \
--cache-control "public, max-age=31536000, immutable" \
$HASHED_SYNC_FLAGS

# 6. Sync all other static assets to /docs/ with revalidation cache
echo "๐Ÿ“ฆ [/docs/] Syncing non-hashed static assets with revalidation cache..."
aws s3 sync docs/. s3://${{ env.S3_BUCKET_NAME }}/docs/ \
--exclude ".git/*" \
--exclude "assets/*" \
--exclude "test-results/assets/*" \
--exclude "*.html" \
--exclude "*.xml" \
--exclude "*.json" \
--exclude "*.txt" \
--cache-control "public, max-age=31536000, immutable" \
$HASHED_SYNC_FLAGS
--cache-control "public, max-age=3600, must-revalidate" \
$DOCUMENT_SYNC_FLAGS
Co-authored-by: pethers <1726836+pethers@users.noreply.github.com>
Copilot AI requested a review from pethers July 3, 2026 17:31
@pethers pethers merged commit a846605 into main Jul 3, 2026
11 of 12 checks passed
@pethers pethers deleted the copilot/fix-release-and-s3-deploy branch July 3, 2026 17:37
@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

๐Ÿ“ธ Automated UI Screenshots

๐Ÿ“‹ Screenshots Captured (8)

# Screenshot
1 01-splash-screen.png - 01 splash screen.png
2 02-intro-screen-menu.png - 02 intro screen menu.png
3 03-intro-screen-archetype-selector.png - 03 intro screen archetype selector.png
4 04-controls-screen.png - 04 controls screen.png
5 05-philosophy-screen.png - 05 philosophy screen.png
6 06-training-screen.png - 06 training screen.png
7 07-combat-screen-practice.png - 07 combat screen practice.png
8 08-combat-screen-versus.png - 08 combat screen versus.png

๐Ÿ“ฆ Download Screenshots

๐Ÿ“ฅ Download all screenshots from workflow artifacts

Screenshots are preserved as workflow artifacts for 30 days.


๐Ÿค– Generated by Playwright automation

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

infrastructure CI/CD and build infrastructure

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants