feat: upload whole public dir to files.cow.fi

[kernelwhisperer]

This PR is part of https://linear.app/cowswap/issue/COW-136/token-lists-cdn

Moving away from our reliance on github CDN.

Testing

Simplest way to test is to merge, trigger the s3 upload workflow and see if the lists are available on https://files.cow.fi/token-lists

Summary by CodeRabbit

• Chores
  • Improved deployment automation to run dependent workflows after updates, ensuring more reliable and timely content updates.
  • Expanded public asset synchronization so additional site resources are deployed alongside token data.
  • Broadened cache invalidation to cover the new token-list paths for fresher content delivery.
  • Minor non-functional comment added to a scheduled workflow (no change in behavior).

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[github-actions]

All contributors have signed the CLA ✍️ ✅
_{Posted by the CLA Assistant Lite bot.}

[kernelwhisperer]

I have read the CLA Document and I hereby sign the CLA

[coderabbitai]

Walkthrough

Two GitHub Actions workflows were changed: cowFi-tokens.yml received an inline cron comment only; s3Deploy.yml now triggers after the "Update Permit Info" workflow, syncs src/public to the S3 token-lists path, and expands CloudFront invalidation paths to include /token-lists/*.

Changes

Cohort / File(s)	Change Summary
Workflow Configuration .github/workflows/cowFi-tokens.yml	Added inline comment " # Every 3 hours" to cron schedule; no behavioral change.
Deployment & CDN .github/workflows/s3Deploy.yml	Added workflow_run trigger for "Update Permit Info"; in upload step, added aws s3 sync src/public s3://files.cow.fi/token-lists; expanded CloudFront invalidation paths from /tokens/* to include /token-lists/*.

Sequence Diagram(s)

sequenceDiagram
  participant GH as GitHub Actions
  participant Update as "Update Permit Info" workflow
  participant Deploy as "s3Deploy" workflow
  participant S3 as Amazon S3 (s3://files.cow.fi/token-lists)
  participant CF as CloudFront Distribution

  Note over Update,Deploy: Existing workflow runs
  Update->>GH: completes
  GH->>Deploy: workflow_run trigger (on completed)
  Deploy->>S3: aws s3 sync src/public -> s3://files.cow.fi/token-lists
  Deploy->>S3: (existing) upload tokens to /tokens
  Deploy->>CF: create invalidation for /tokens/* and /token-lists/*
  CF-->>Deploy: invalidation acknowledged
  Deploy-->>GH: job completed

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

• Focus review on the new workflow_run trigger syntax and correct workflow name.
• Verify S3 sync path and bucket/ACL settings, and CloudFront invalidation paths.

Suggested labels

github_actions

Suggested reviewers

• alfetopito

Poem

A rabbit hops through YAML bright, 🐇
Adds a trigger, syncs by night,
Tokens and lists now find their place,
CloudFront clears with gentle grace,
Pipelines hum — deployment's delight!

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: uploading the whole public directory to files.cow.fi, which is the primary objective of the PR.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feat/move-from-gh-cdn-to-aws

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between aa6f6f4 and 82dac53.

📒 Files selected for processing (1)

• .github/workflows/s3Deploy.yml (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• .github/workflows/s3Deploy.yml

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[alfetopito]

Approved with one nitpick comment.

Will ask devops to take a look as well

[naanselmo]

At the moment this won't work as that bucket is private. Ideally we'd create a separate, public, bucket, just to keep everything fully separate.

Ignore this comment as I forgot we have cloudfront in front of it 🤦

[naanselmo]

After testing to make sure it works as expected, if files need to be removed, then the --delete flag could be set. Should probably do a dry-run first.

[naanselmo]

Should work, CloudFront appears to be configured to make all files in the bucket public without any limitations

[alfetopito]

Merged and manually triggered a run to try it out https://github.com/cowprotocol/token-lists/actions/runs/19769577954

[alfetopito]

Failed

cc @naanselmo

[naanselmo]

Fixed permissions and reran! Worked now!