-
Notifications
You must be signed in to change notification settings - Fork 1
98 lines (80 loc) · 3.62 KB
/
aws-deployment.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
---
name: AWS Deployment
on:
workflow_dispatch:
inputs:
environment:
description: "Environment to deploy to"
default: "staging"
options:
- staging
- production
required: true
type: choice
env:
AWS_ACCOUNT_ID: ${{ vars.AWS_PUBLIC_DATA_RELEASES_ACCOUNT_ID }}
AWS_REGION: ${{ vars.AWS_DEFAULT_REGION }}
STAGING_CLOUDFRONT_DISTRIBUTION_ID: ${{ secrets.STAGING_CLOUDFRONT_DISTRIBUTION_ID }}
STAGING_S3_BUCKET: s3://staging.biofile-finder.allencell.org
PRODUCTION_CLOUDFRONT_DISTRIBUTION_ID: ${{ secrets.PRODUCTION_CLOUDFRONT_DISTRIBUTION_ID }}
PRODUCTION_S3_BUCKET: s3://biofile-finder.allencell.org
permissions:
id-token: write # Required for requesting the JWT and OIDC
contents: write # Required for actions/checkout and OIDC tokens
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
- uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8
with:
node-version: "16"
- name: Install Dependencies
run: npm ci
- name: Build
run: npm run --prefix packages/web build
- name: Upload build files
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3
with:
name: aws-deploy-files
path: ./packages/web/dist
deploy:
needs: build
runs-on: ubuntu-latest
# Dynamically set the environment variable based on the input above:
environment: ${{ github.event.inputs.environment }}
steps:
# Compute a short sha for use in the OIDC session name, which has a 64 character limit
- name: Add SHORT_SHA env property with commit short sha
run: echo "SHORT_SHA=`echo ${{ github.sha }} | cut -c1-8`" >> $GITHUB_ENV
- name: Configure AWS credentials with OIDC
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502
with:
role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT_ID }}:role/github_biofile_finder
role-session-name: github_biofile_finder-${{ env.SHORT_SHA }}
aws-region: ${{ env.AWS_REGION }}
# Setup variables based on the staging or production environment
- name: Set ECS variables based on environment
run: |
if [ "${{ github.event.inputs.environment }}" == "production" ]; then
echo "S3_BUCKET=${{ env.PRODUCTION_S3_BUCKET }}" >> $GITHUB_ENV
echo "CLOUDFRONT_DISTRIBUTION_ID=${{ env.PRODUCTION_CLOUDFRONT_DISTRIBUTION_ID }}" >> $GITHUB_ENV
elif [ "${{ github.event.inputs.environment }}" == "staging" ]; then
echo "S3_BUCKET=${{ env.STAGING_S3_BUCKET }}" >> $GITHUB_ENV
echo "CLOUDFRONT_DISTRIBUTION_ID=${{ env.STAGING_CLOUDFRONT_DISTRIBUTION_ID }}" >> $GITHUB_ENV
else
echo "Invalid environment specified"
exit 1
fi
- name: Download build artifacts
uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427
with:
name: aws-deploy-files
path: ./packages/web/dist
# Note that the command below will copy the files to the root of the S3 bucket e.g., s3://biofile-finder.allencell.org/
# If you want to copy files to a S3 prefix / subdirectory, you would want something like ${{ env.S3_BUCKET }}/your_prefix below
- name: Copy build files to S3 root
run: aws s3 sync ./packages/web/dist ${{ env.S3_BUCKET }}
- name: Invalidate CloudFront cache
run: aws cloudfront create-invalidation --distribution-id ${{ env.CLOUDFRONT_DISTRIBUTION_ID }} --paths "/*"