Skip to content

Add in envs

Add in envs #317

name: CI/CD Pipeline
on: # Trigger events for the workflow
push:
branches:
- main
- prod-ready
jobs:
# Determines the environment to deploy the backend to
setenv:
runs-on: ubuntu-latest
outputs:
env: ${{ steps.setenvstep.outputs.env }}
# Deploys to staging/prod environment depending on branch name
steps:
- name: determine env
id: setenvstep
run: |
if [[ "${{github.base_ref}}" == "main" || "${{github.ref}}" == "refs/heads/main" ]]; then
echo "env=staging" >> "$GITHUB_OUTPUT"
fi
if [[ "${{github.base_ref}}" == "prod-ready" || "${{github.ref}}" == "refs/heads/prod-ready" ]]; then
echo "env=prod" >> "$GITHUB_OUTPUT"
fi
# Change detection for filtering jobs
changes:
runs-on: ubuntu-latest
# Required permissions
permissions:
pull-requests: read
outputs:
backend: ${{ steps.filter.outputs.backend }}
frontend: ${{ steps.filter.outputs.frontend }}
steps:
- uses: actions/checkout@v4
# For pull requests it's not necessary to checkout the code
- uses: dorny/paths-filter@v3
id: filter
with:
filters: |
backend:
- 'backend/**'
frontend:
- 'frontend/**'
frontend:
defaults:
run:
working-directory: frontend
permissions:
id-token: write
contents: read
needs: changes
if: ${{ needs.changes.outputs.frontend == 'false' }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 18
- run: npm install
- run: |
if [[ "${{ needs.setenv.outputs.env }}" == "staging" ]]; then
echo "REACT_APP_COGNITO_DOMAIN=${{ secrets.REACT_APP_COGNITO_DOMAIN_STAGING }}" >> .env
echo "REACT_APP_COGNITO_POOL_ID=${{ secrets.REACT_APP_COGNITO_POOL_ID_STAGING }}" >> .env
echo "REACT_APP_COGNITO_CLIENT_ID=${{ secrets.REACT_APP_COGNITO_CLIENT_ID_STAGING }}" >> .env
elif [[ "${{ needs.setenv.outputs.env }}" == "prod" ]]; then
echo "REACT_APP_COGNITO_DOMAIN=${{ secrets.REACT_APP_COGNITO_DOMAIN_PROD }}" >> .env
echo "REACT_APP_COGNITO_POOL_ID=${{ secrets.REACT_APP_COGNITO_POOL_ID_PROD }}" >> .env
echo "REACT_APP_COGNITO_CLIENT_ID=${{ secrets.REACT_APP_COGNITO_CLIENT_ID_PROD }}" >> .env
fi
- run: npm run build
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::035306758865:role/gh-short-lived-creds
aws-region: us-east-1
- run: aws s3 sync build/ s3://flatini.formulathoughts.com
- run: aws cloudfront create-invalidation --distribution-id ${{ secrets.DISTRIBUTION_ID }} --paths "/*"
backend:
needs: [changes, setenv]
if: ${{ needs.changes.outputs.backend == 'true' }}
runs-on: ubuntu-latest
steps:
- name: checkout head
uses: actions/checkout@v4
- name: Set up Python 3.10
uses: actions/setup-python@v4
with:
python-version: "3.10"
- name: backend tests
run: |
cd backend
python -m pip install --upgrade pip
pip install -r requirements.txt
pip install -r requirements-test.txt
python -m unittest
- name: setup aws cli
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: eu-west-2
- name: build and deploy to aws
run: |
cd backend && sh clean_build.sh
sam deploy --no-fail-on-empty-changeset --no-confirm-changeset --stack-name flatini-api-${{needs.setenv.outputs.env}} --s3-bucket flatini-api-${{needs.setenv.outputs.env}}-s3 --s3-prefix flatini --region eu-west-2 --capabilities CAPABILITY_IAM --parameter-overrides ParameterKey=GoogleClientSecret,ParameterValue="${{ secrets.GOOGLE_CLIENT_SECRET }}" ParameterKey=GoogleClientId,ParameterValue="${{ secrets.GOOGLE_CLIENT_ID }}"