diff --git a/.github/workflows/aws-deployment.yml b/.github/workflows/aws-deployment.yml new file mode 100644 index 000000000..7cd18df39 --- /dev/null +++ b/.github/workflows/aws-deployment.yml @@ -0,0 +1,98 @@ +--- +name: AWS Deployment + +on: + workflow_dispatch: + inputs: + environment: + description: "Environment to deploy to" + default: "staging" + options: + - staging + - production + required: true + type: choice + +env: + AWS_ACCOUNT_ID: ${{ vars.AWS_PUBLIC_DATA_RELEASES_ACCOUNT_ID }} + AWS_REGION: ${{ vars.AWS_DEFAULT_REGION }} + STAGING_CLOUDFRONT_DISTRIBUTION_ID: ${{ secrets.STAGING_CLOUDFRONT_DISTRIBUTION_ID }} + STAGING_S3_BUCKET: s3://staging.biofile-finder.allencell.org + PRODUCTION_CLOUDFRONT_DISTRIBUTION_ID: ${{ secrets.PRODUCTION_CLOUDFRONT_DISTRIBUTION_ID }} + PRODUCTION_S3_BUCKET: s3://biofile-finder.allencell.org + +permissions: + id-token: write # Required for requesting the JWT and OIDC + contents: write # Required for actions/checkout and OIDC tokens + +jobs: + build: + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 + + - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 + with: + node-version: "16" + + - name: Install Dependencies + run: npm ci + + - name: Build + run: npm run --prefix packages/web build + + - name: Upload build files + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 + with: + name: aws-deploy-files + path: ./packages/web/dist + + deploy: + needs: build + runs-on: ubuntu-latest + + # Dynamically set the environment variable based on the input above: + environment: ${{ github.event.inputs.environment }} + + steps: + + # Compute a short sha for use in the OIDC session name, which has a 64 character limit + - name: Add SHORT_SHA env property with commit short sha + run: echo "SHORT_SHA=`echo ${{ github.sha }} | cut -c1-8`" >> $GITHUB_ENV + + - name: Configure AWS credentials with OIDC + uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 + with: + role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT_ID }}:role/github_biofile_finder + role-session-name: github_biofile_finder-${{ env.SHORT_SHA }} + aws-region: ${{ env.AWS_REGION }} + + # Setup variables based on the staging or production environment + - name: Set ECS variables based on environment + run: | + if [ "${{ github.event.inputs.environment }}" == "production" ]; then + echo "S3_BUCKET=${{ env.PRODUCTION_S3_BUCKET }}" >> $GITHUB_ENV + echo "CLOUDFRONT_DISTRIBUTION_ID=${{ env.PRODUCTION_CLOUDFRONT_DISTRIBUTION_ID }}" >> $GITHUB_ENV + elif [ "${{ github.event.inputs.environment }}" == "staging" ]; then + echo "S3_BUCKET=${{ env.STAGING_S3_BUCKET }}" >> $GITHUB_ENV + echo "CLOUDFRONT_DISTRIBUTION_ID=${{ env.STAGING_CLOUDFRONT_DISTRIBUTION_ID }}" >> $GITHUB_ENV + else + echo "Invalid environment specified" + exit 1 + fi + + - name: Download build artifacts + uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 + with: + name: aws-deploy-files + path: ./packages/web/dist + + # Note that the command below will copy the files to the root of the S3 bucket e.g., s3://biofile-finder.allencell.org/ + # If you want to copy files to a S3 prefix / subdirectory, you would want something like ${{ env.S3_BUCKET }}/your_prefix below + - name: Copy build files to S3 root + run: aws s3 sync ./packages/web/dist ${{ env.S3_BUCKET }} + + - name: Invalidate CloudFront cache + run: aws cloudfront create-invalidation --distribution-id ${{ env.CLOUDFRONT_DISTRIBUTION_ID }} --paths "/*"