diff --git a/.github/workflows/deploy_trackjs.yml b/.github/workflows/deploy_trackjs.yml new file mode 100644 index 0000000..1326061 --- /dev/null +++ b/.github/workflows/deploy_trackjs.yml @@ -0,0 +1,167 @@ +name: Deploy TrackJS Script + +on: + schedule: + # Run weekly on Mondays at 2 AM UTC to check for updates + - cron: "0 2 * * 1" + workflow_dispatch: + # Allow manual triggering + +jobs: + download-trackjs: + runs-on: ubuntu-latest + outputs: + changed: ${{ steps.check_changes.outputs.changed }} + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Download TrackJS script + run: | + echo "Downloading TrackJS script from CDN..." + curl -o trackjs.js https://cdn.trackjs.com/agent/v3/latest/t.js + + # Verify the download was successful + if [ ! -f trackjs.js ]; then + echo "Failed to download TrackJS script" + exit 1 + fi + + echo "TrackJS script downloaded successfully" + ls -la trackjs.js + + - name: Check if script has changed + id: check_changes + run: | + echo "Checking if TrackJS script has changed..." + + # Download current script from assets.deriv.com to compare + curl -s -o current_trackjs.js https://assets.deriv.com/tracking/trackjs.js || echo "No existing script found" + + # Compare files if current script exists + if [ -f current_trackjs.js ]; then + if cmp -s trackjs.js current_trackjs.js; then + echo "TrackJS script has not changed. Skipping deployment." + echo "changed=false" >> $GITHUB_OUTPUT + else + echo "TrackJS script has changed. Proceeding with deployment." + echo "changed=true" >> $GITHUB_OUTPUT + fi + else + echo "No existing script found. Proceeding with initial deployment." + echo "changed=true" >> $GITHUB_OUTPUT + fi + + - name: Prepare upload directory structure + run: | + mkdir -p content/deriv.com/tracking + mkdir -p content/deriv.ae/tracking + cp trackjs.js content/deriv.com/tracking/trackjs.js + cp trackjs.js content/deriv.ae/tracking/trackjs.js + echo "Prepared trackjs.js for upload to both domains" + + - name: Upload artifacts + if: steps.check_changes.outputs.changed == 'true' + uses: actions/upload-artifact@v4 + with: + name: trackjs-files + path: content/ + + deploy-deriv-com: + needs: download-trackjs + if: needs.download-trackjs.outputs.changed == 'true' + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + name: trackjs-files + path: content/ + + - name: Upload to R2 - deriv.com + uses: ./.github/actions/upload_to_r2 + with: + r2_account_id: ${{ secrets.R2_ACCOUNT_ID }} + r2_access_key_id: ${{ secrets.R2_ACCESS_KEY_ID }} + r2_secret_access_key: ${{ secrets.R2_SECRET_ACCESS_KEY }} + r2_bucket_name: ${{ secrets.R2_BUCKET_NAME }} + + - name: Verify upload - deriv.com + run: | + echo "Verifying upload for deriv.com..." + sleep 10 + EXPECTED_URL="https://assets.deriv.com/tracking/trackjs.js" + echo "Testing URL: ${EXPECTED_URL}" + HTTP_STATUS=$(curl -s -o /dev/null -w "%{http_code}" "${EXPECTED_URL}") + if [ "${HTTP_STATUS}" = "200" ]; then + echo "✅ TrackJS script is successfully accessible at ${EXPECTED_URL}" + else + echo "❌ Failed to access TrackJS script at ${EXPECTED_URL} (HTTP ${HTTP_STATUS})" + echo "This might be due to CDN propagation delay. Manual verification recommended." + fi + + deploy-deriv-ae: + needs: download-trackjs + if: needs.download-trackjs.outputs.changed == 'true' + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + name: trackjs-files + path: content/ + + - name: Prepare deriv.ae content + run: | + # Move deriv.ae content to the expected location for upload action + rm -rf content/deriv.com + mv content/deriv.ae content/deriv.com + echo "Prepared deriv.ae content for upload" + + - name: Upload to R2 - deriv.ae + uses: ./.github/actions/upload_to_r2 + with: + r2_account_id: ${{ secrets.R2_ACCOUNT_ID }} + r2_access_key_id: ${{ secrets.R2_ACCESS_KEY_ID }} + r2_secret_access_key: ${{ secrets.R2_SECRET_ACCESS_KEY }} + r2_bucket_name: ${{ secrets.R2_BUCKET_NAME_AE }} + + - name: Verify upload - deriv.ae + run: | + echo "Verifying upload for deriv.ae..." + sleep 10 + EXPECTED_URL="https://assets.deriv.ae/tracking/trackjs.js" + echo "Testing URL: ${EXPECTED_URL}" + HTTP_STATUS=$(curl -s -o /dev/null -w "%{http_code}" "${EXPECTED_URL}") + if [ "${HTTP_STATUS}" = "200" ]; then + echo "✅ TrackJS script is successfully accessible at ${EXPECTED_URL}" + else + echo "❌ Failed to access TrackJS script at ${EXPECTED_URL} (HTTP ${HTTP_STATUS})" + echo "This might be due to CDN propagation delay. Manual verification recommended." + fi + + notify-completion: + needs: [deploy-deriv-com, deploy-deriv-ae] + runs-on: ubuntu-latest + if: always() + + steps: + - name: Notify deployment status + run: | + if [ "${{ needs.deploy-deriv-com.result }}" = "success" ] && [ "${{ needs.deploy-deriv-ae.result }}" = "success" ]; then + echo "🎉 TrackJS script deployment completed successfully!" + echo "The script is now available at:" + echo "- https://assets.deriv.com/tracking/trackjs.js" + echo "- https://assets.deriv.ae/tracking/trackjs.js" + else + echo "❌ TrackJS script deployment failed. Please check the logs above." + echo "deriv.com deployment: ${{ needs.deploy-deriv-com.result }}" + echo "deriv.ae deployment: ${{ needs.deploy-deriv-ae.result }}" + exit 1 + fi diff --git a/docs/trackjs-deployment-setup.md b/docs/trackjs-deployment-setup.md new file mode 100644 index 0000000..df47d82 --- /dev/null +++ b/docs/trackjs-deployment-setup.md @@ -0,0 +1,202 @@ +# TrackJS Script Deployment Setup + +This document explains how to set up the GitHub workflow for automatically deploying the TrackJS script to Cloudflare R2 buckets. + +## Overview + +The workflow `.github/workflows/deploy_trackjs.yml` automatically: + +1. Downloads the latest TrackJS script from `https://cdn.trackjs.com/agent/v3/latest/t.js` +2. Uploads it to Cloudflare R2 buckets for multiple domains +3. Makes it accessible at: + - `https://assets.deriv.com/tracking/trackjs.js` + - `https://assets.deriv.ae/tracking/trackjs.js` + +## Prerequisites + +### Cloudflare R2 Custom Domain Configuration + +Before the workflow can make files accessible via `https://assets.deriv.com/tracking/trackjs.js`, you need to configure custom domains for your R2 buckets: + +#### For deriv.com: + +1. In Cloudflare Dashboard, go to **R2 Object Storage** +2. Select your bucket for deriv.com assets +3. Go to **Settings** → **Custom Domains** +4. Click **Connect Domain** +5. Enter `assets.deriv.com` as the custom domain +6. Follow the DNS configuration steps to point `assets.deriv.com` to your R2 bucket + +#### For deriv.ae: + +1. Repeat the same process for your deriv.ae R2 bucket +2. Connect `assets.deriv.ae` as the custom domain +3. Configure DNS for `assets.deriv.ae` + +**Important**: Without custom domain configuration, files will only be accessible via the default R2 URLs (e.g., `https://pub-xxxxx.r2.dev/tracking/trackjs.js`), not the branded URLs like `https://assets.deriv.com/tracking/trackjs.js`. + +## Required GitHub Secrets + +You need to configure the following secrets in your GitHub repository settings (these are the same secrets used by the existing sitemap workflow): + +### Cloudflare R2 Authentication + +- `R2_ACCOUNT_ID` - Your Cloudflare R2 account ID +- `R2_ACCESS_KEY_ID` - Your Cloudflare R2 access key ID +- `R2_SECRET_ACCESS_KEY` - Your Cloudflare R2 secret access key + +### Domain-specific Configuration + +#### For deriv.com + +- `R2_BUCKET_NAME` - R2 bucket name for deriv.com assets (must have `assets.deriv.com` custom domain configured) + +#### For deriv.ae + +- `R2_BUCKET_NAME_AE` - R2 bucket name for deriv.ae assets (must have `assets.deriv.ae` custom domain configured) + +## How to Set Up Secrets + +1. Go to your GitHub repository +2. Navigate to **Settings** → **Secrets and variables** → **Actions** +3. Click **New repository secret** +4. Add each secret with the exact name and corresponding value + +## Workflow Triggers + +The workflow runs: + +- **Weekly on Mondays at 2 AM UTC** - Automatically checks for updates to the TrackJS script +- **Manual trigger** - You can manually run the workflow from the Actions tab + +## Cost Optimization + +To minimize GitHub Actions usage and associated costs, the workflow includes several optimizations: + +- **Weekly Schedule**: Runs weekly instead of daily to reduce frequency +- **Change Detection**: Compares the downloaded script with the currently deployed version +- **Conditional Deployment**: Only uploads and deploys if the script has actually changed +- **Early Exit**: Skips deployment jobs entirely if no changes are detected + +This means the workflow will only consume significant resources when TrackJS actually releases updates, rather than running full deployments every time. + +## Workflow Features + +### Multi-Job Architecture + +The workflow uses a multi-job architecture: + +1. **Download Job**: Downloads the TrackJS script once and prepares it for both domains +2. **Deploy Jobs**: Separate parallel jobs for each domain (deriv.com and deriv.ae) +3. **Notification Job**: Reports the final status of all deployments + +### Verification + +After upload, the workflow verifies that the script is accessible at the expected URLs and reports the status. + +### Error Handling + +- Validates successful download of the TrackJS script +- Checks for proper upload to R2 buckets +- Provides clear error messages for troubleshooting +- Reports individual job status in the final notification + +### Reuses Existing Infrastructure + +The workflow leverages the existing `.github/actions/upload_to_r2` action used by the sitemap workflow, ensuring consistency with existing deployment processes. + +## Adding New Domains + +To add support for additional domains: + +1. Create a new deploy job in `.github/workflows/deploy_trackjs.yml`: + + ```yaml + deploy-your-new-domain: + needs: download-trackjs + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + name: trackjs-files + path: content/ + + - name: Prepare your-new-domain content + run: | + rm -rf content/deriv.com + mv content/your-new-domain content/deriv.com + echo "Prepared your-new-domain content for upload" + + - name: Upload to R2 - your-new-domain + uses: ./.github/actions/upload_to_r2 + with: + r2_account_id: ${{ secrets.R2_ACCOUNT_ID }} + r2_access_key_id: ${{ secrets.R2_ACCESS_KEY_ID }} + r2_secret_access_key: ${{ secrets.R2_SECRET_ACCESS_KEY }} + r2_bucket_name: ${{ secrets.R2_BUCKET_NAME_YOUR_NEW_DOMAIN }} + ``` + +2. Update the download job to prepare content for the new domain: + + ```bash + mkdir -p content/your-new-domain/tracking + cp trackjs.js content/your-new-domain/tracking/trackjs.js + ``` + +3. Update the notify-completion job to include the new deploy job: + + ```yaml + needs: [deploy-deriv-com, deploy-deriv-ae, deploy-your-new-domain] + ``` + +4. Add the corresponding R2 bucket secret to GitHub repository settings + +## Troubleshooting + +### Common Issues + +1. **403 Forbidden Error**: Check that your R2 access keys have the correct permissions +2. **404 Not Found**: Verify that the bucket names are correct +3. **Script Not Accessible via Custom Domain**: + - Ensure custom domains (`assets.deriv.com`, `assets.deriv.ae`) are properly configured in Cloudflare R2 + - Check DNS records are pointing to the correct R2 bucket endpoints + - Verify SSL certificates are active for the custom domains +4. **Files Accessible via R2 URL but not Custom Domain**: + - Check if custom domain DNS propagation is complete (can take up to 24 hours) + - Verify the custom domain is connected to the correct R2 bucket +5. **Upload Action Fails**: Ensure the existing `.github/actions/upload_to_r2` action is properly configured +6. **CDN Propagation Delay**: Custom domain changes may take a few minutes to propagate + +### Manual Verification + +You can manually verify the deployment by checking: + +- `https://assets.deriv.com/tracking/trackjs.js` +- `https://assets.deriv.ae/tracking/trackjs.js` + +Both should return the TrackJS script content with appropriate headers. + +## Security Considerations + +- All sensitive information is stored as GitHub secrets +- The workflow uses the principle of least privilege +- R2 access keys should only have permissions for the specific buckets used +- Consider rotating access keys periodically + +## Monitoring + +The workflow provides detailed logging and status updates. Check the Actions tab in your GitHub repository to monitor deployment status and troubleshoot any issues. + +## Workflow Architecture + +The workflow consists of three main phases: + +1. **Download Phase**: Downloads the TrackJS script from the CDN and prepares it for deployment +2. **Deploy Phase**: Parallel deployment to both deriv.com and deriv.ae R2 buckets +3. **Notification Phase**: Reports the overall success or failure of the deployment + +This architecture ensures efficient resource usage while maintaining reliability and clear error reporting.