Add a gh action for aws deployment

.github/workflows/aws-deployment.yml

@@ -0,0 +1,98 @@
+---
+name: AWS Deployment
+
+on:
+  workflow_dispatch:
+    inputs:
+      environment:
+        description: "Environment to deploy to"
+        default: "staging"
+        options:
+          - staging
+          - production
+        required: true
+        type: choice
+
+env:
+  AWS_ACCOUNT_ID: ${{ vars.AWS_PUBLIC_DATA_RELEASES_ACCOUNT_ID }}
+  AWS_REGION: ${{ vars.AWS_DEFAULT_REGION }}
+  STAGING_CLOUDFRONT_DISTRIBUTION_ID: ${{ secrets.STAGING_CLOUDFRONT_DISTRIBUTION_ID }}
+  STAGING_S3_BUCKET: s3://staging.biofile-finder.allencell.org
+  PRODUCTION_CLOUDFRONT_DISTRIBUTION_ID: ${{ secrets.PRODUCTION_CLOUDFRONT_DISTRIBUTION_ID }}
+  PRODUCTION_S3_BUCKET: s3://biofile-finder.allencell.org
+
+permissions:
+  id-token: write  # Required for requesting the JWT and OIDC
+  contents: write  # Required for actions/checkout and OIDC tokens
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
+
+      - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8
+        with:
+          node-version: "16"
+
+      - name: Install Dependencies
+        run: npm ci
+
+      - name: Build
+        run: npm run --prefix packages/web build
+
+      - name: Upload build files
+        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3
+        with:
+          name: aws-deploy-files
+          path: ./packages/web/dist
+
+    deploy:
+      needs: build
+      runs-on: ubuntu-latest
+
+      # Dynamically set the environment variable based on the input above:
+      environment: ${{ github.event.inputs.environment }}
+
+      steps:
+
+        # Compute a short sha for use in the OIDC session name, which has a 64 character limit
+        - name: Add SHORT_SHA env property with commit short sha
+          run: echo "SHORT_SHA=`echo ${{ github.sha }} | cut -c1-8`" >> $GITHUB_ENV
+
+        - name: Configure AWS credentials with OIDC
+          uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502
+          with:
+            role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT_ID }}:role/github_biofile_finder
+            role-session-name: github_biofile_finder-${{ env.SHORT_SHA }}
+            aws-region: ${{ env.AWS_REGION }}
+
+        # Setup variables based on the staging or production environment
+        - name: Set ECS variables based on environment
+          run: |
+            if [ "${{ github.event.inputs.environment }}" == "production" ]; then
+              echo "S3_BUCKET=${{ env.PRODUCTION_S3_BUCKET }}" >> $GITHUB_ENV
+              echo "CLOUDFRONT_DISTRIBUTION_ID=${{ env.PRODUCTION_CLOUDFRONT_DISTRIBUTION_ID }}" >> $GITHUB_ENV
+            elif [ "${{ github.event.inputs.environment }}" == "staging" ]; then
+              echo "S3_BUCKET=${{ env.STAGING_S3_BUCKET }}" >> $GITHUB_ENV
+              echo "CLOUDFRONT_DISTRIBUTION_ID=${{ env.STAGING_CLOUDFRONT_DISTRIBUTION_ID }}" >> $GITHUB_ENV
+            else
+              echo "Invalid environment specified"
+              exit 1
+            fi
+
+        - name: Download build artifacts
+          uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427
+          with:
+            name: aws-deploy-files
+            path: ./packages/web/dist
+
+        # Note that the command below will copy the files to the root of the S3 bucket e.g., s3://biofile-finder.allencell.org/
+        # If you want to copy files to a S3 prefix / subdirectory, you would want something like ${{ env.S3_BUCKET }}/your_prefix below
+        - name: Copy build files to S3 root
+          run: aws s3 sync ./packages/web/dist ${{ env.S3_BUCKET }}
+
+        - name: Invalidate CloudFront cache
+          run: aws cloudfront create-invalidation --distribution-id ${{ env.CLOUDFRONT_DISTRIBUTION_ID }} --paths "/*"