Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add a gh action for aws deployment #111

Merged
merged 8 commits into from
May 23, 2024
Merged
95 changes: 95 additions & 0 deletions .github/workflows/aws-deployment.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,95 @@
---
name: AWS Deployment
gmoynihan88 marked this conversation as resolved.
Show resolved Hide resolved

on:
workflow_dispatch:
inputs:
environment:
description: "Environment to deploy to"
default: "staging"
options:
- staging
- production
required: true
type: choice

env:
AWS_ACCOUNT_ID: ${{ vars.AWS_PUBLIC_DATA_RELEASES_ACCOUNT_ID }}
gmoynihan88 marked this conversation as resolved.
Show resolved Hide resolved
AWS_REGION: ${{ vars.AWS_DEFAULT_REGION }}
STAGING_CLOUDFRONT_DISTRIBUTION_ID: ${{ secrets.STAGING_CLOUDFRONT_DISTRIBUTION_ID }}
STAGING_S3_BUCKET: s3://staging.timelapse.allencell.org
gmoynihan88 marked this conversation as resolved.
Show resolved Hide resolved
PRODUCTION_CLOUDFRONT_DISTRIBUTION_ID: ${{ secrets.PRODUCTION_CLOUDFRONT_DISTRIBUTION_ID }}
PRODUCTION_S3_BUCKET: s3://timelapse.allencell.org
gmoynihan88 marked this conversation as resolved.
Show resolved Hide resolved

permissions:
id-token: write # Required for requesting the JWT and OIDC
contents: write # Required for actions/checkout and OIDC tokens

jobs:
build:
runs-on: ubuntu-latest

steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744

- uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@SeanLeRoy These build steps will presumably need adjusting for your workflow.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah yeah this seems a bit different, I'll likely need to workshop this a bit. Does it just need to produce some build artifact at ./dist?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes - the deploy step picks them up from there (we could also change paths, if need be).

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How should I go about testing this - if there is nothing in the ./dist will the build fail (as in, could I safely run this workflow to see if I am placing the files in the correct way and place)?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

with:
node-version: "18"

- name: Install and Build
run: npm ci && npx vite build

- name: Upload build files
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3
with:
name: aws-deploy-files
path: ./dist

deploy:
needs: build
runs-on: ubuntu-latest

# Dynamically set the environment variable based on the input above:
environment: ${{ github.event.inputs.environment }}

steps:

# Compute a short sha for use in the OIDC session name, which has a 64 character limit
- name: Add SHORT_SHA env property with commit short sha
run: echo "SHORT_SHA=`echo ${{ github.sha }} | cut -c1-8`" >> $GITHUB_ENV

- name: Configure AWS credentials with OIDC
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502
with:
role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT_ID }}:role/github_biofile_finder
role-session-name: github_biofile_finder-${{ env.SHORT_SHA }}
aws-region: ${{ env.AWS_REGION }}

# Setup variables based on the staging or production environment
- name: Set ECS variables based on environment
run: |
if [ "${{ github.event.inputs.environment }}" == "production" ]; then
echo "S3_BUCKET=${{ env.PRODUCTION_S3_BUCKET }}" >> $GITHUB_ENV
echo "CLOUDFRONT_DISTRIBUTION_ID=${{ env.PRODUCTION_CLOUDFRONT_DISTRIBUTION_ID }}" >> $GITHUB_ENV
elif [ "${{ github.event.inputs.environment }}" == "staging" ]; then
echo "S3_BUCKET=${{ env.STAGING_S3_BUCKET }}" >> $GITHUB_ENV
echo "CLOUDFRONT_DISTRIBUTION_ID=${{ env.STAGING_CLOUDFRONT_DISTRIBUTION_ID }}" >> $GITHUB_ENV
else
echo "Invalid environment specified"
exit 1
fi

- name: Download build artifacts
uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427
with:
name: aws-deploy-files
path: ./dist

# Note that the command below will copy the files to the root of the S3 bucket e.g., s3://timelapse.allencell.org/
# If you want to copy files to a S3 prefix / subdirectory, you would want something like ${{ env.S3_BUCKET }}/your_prefix below
- name: Copy build files to S3 root
run: aws s3 sync ./dist ${{ env.S3_BUCKET }}

- name: Invalidate CloudFront cache
run: aws cloudfront create-invalidation --distribution-id ${{ env.CLOUDFRONT_DISTRIBUTION_ID }} --paths "/*"
Loading