Skip to content
Latchkey

Deploy Content to CDN workflow (andrewyng/context-hub)

The Deploy Content to CDN workflow from andrewyng/context-hub, explained and optimized by Latchkey.

D

CI health: D - needs work

Point runs-on at Latchkey and get caching, run de-duplication, job timeouts, self-healing for flaky steps, and up to 58% lower cost, applied automatically.

Grade your own workflow free or run it on Latchkey →
Source: andrewyng/context-hub.github/workflows/deploy-content.ymlLicense MITView source

What it does

This is the Deploy Content to CDN workflow from the andrewyng/context-hub repository, a real project running GitHub Actions. It is shown here with attribution under its MIT license.

Below, Latchkey shows a faster, safer version produced by its optimization engine.

The workflow

workflow (.yml)
name: Deploy Content to CDN

on:
  push:
    branches: [main]
    paths:
      - 'content/**'
      - 'package.json'
      - 'cli/package.json'
      - 'cli/src/lib/help.js'
      - 'scripts/prepare-cdn-build.mjs'

  # Allow manual trigger
  workflow_dispatch:

jobs:
  deploy:
    runs-on: ubuntu-latest
    permissions:
      contents: read

    steps:
      - uses: actions/checkout@v4

      - uses: actions/setup-node@v4
        with:
          node-version: 22

      - run: rm -f package-lock.json && npm install

      # Validate content first
      - name: Validate content
        run: node cli/bin/chub build content/ --validate-only

      # Build registry + search index + exact-version help tree
      - name: Build CDN bundle
        run: npm run prepare:cdn

      # Sync registry/content tree while preserving historical help versions.
      - name: Deploy registry and content to S3
        run: aws s3 sync dist/ s3://${{ secrets.CDN_BUCKET_NAME }}/v1/ --delete --exclude "help/*"
        env:
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          AWS_REGION: ${{ secrets.AWS_REGION }}

      - name: Deploy versioned help to S3
        run: aws s3 sync dist/help/ s3://${{ secrets.CDN_BUCKET_NAME }}/v1/help/
        env:
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          AWS_REGION: ${{ secrets.AWS_REGION }}

      # Invalidate CloudFront cache
      - name: Invalidate CloudFront cache
        run: |
          aws cloudfront create-invalidation \
            --distribution-id ${{ secrets.CLOUDFRONT_DISTRIBUTION_ID }} \
            --paths "/v1/*"
        env:
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          AWS_REGION: ${{ secrets.AWS_REGION }}

The same workflow, on Latchkey

Estimated ~20% faster on cache hits, plus fewer wasted runs and a safer supply chain. Added and changed lines are highlighted.

name: Deploy Content to CDN
 
on:
  push:
    branches: [main]
    paths:
      - 'content/**'
      - 'package.json'
      - 'cli/package.json'
      - 'cli/src/lib/help.js'
      - 'scripts/prepare-cdn-build.mjs'
 
  # Allow manual trigger
  workflow_dispatch:
 
concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 
jobs:
  deploy:
    timeout-minutes: 30
    runs-on: latchkey-small
    permissions:
      contents: read
 
    steps:
      - uses: actions/checkout@v4
 
      - uses: actions/setup-node@v4
        with:
          cache: 'npm'
          node-version: 22
 
      - run: rm -f package-lock.json && npm install
 
      # Validate content first
      - name: Validate content
        run: node cli/bin/chub build content/ --validate-only
 
      # Build registry + search index + exact-version help tree
      - name: Build CDN bundle
        run: npm run prepare:cdn
 
      # Sync registry/content tree while preserving historical help versions.
      - name: Deploy registry and content to S3
        run: aws s3 sync dist/ s3://${{ secrets.CDN_BUCKET_NAME }}/v1/ --delete --exclude "help/*"
        env:
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          AWS_REGION: ${{ secrets.AWS_REGION }}
 
      - name: Deploy versioned help to S3
        run: aws s3 sync dist/help/ s3://${{ secrets.CDN_BUCKET_NAME }}/v1/help/
        env:
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          AWS_REGION: ${{ secrets.AWS_REGION }}
 
      # Invalidate CloudFront cache
      - name: Invalidate CloudFront cache
        run: |
          aws cloudfront create-invalidation \
            --distribution-id ${{ secrets.CLOUDFRONT_DISTRIBUTION_ID }} \
            --paths "/v1/*"
        env:
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          AWS_REGION: ${{ secrets.AWS_REGION }}
 

What changed

What Latchkey heals here

This workflow has steps that commonly fail on transient issues (network, registries, flaky browsers). On Latchkey managed runners they are detected, retried, and self-healed instead of failing your build:

This workflow runs 1 job per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.

Actions used in this workflow