(BPD-1443) Implement GitHub action workflows integrated with Pulumi (#3)

* task: Add .secrets to .gitignore

* task: Add the two workflows and requirements file

* task: Specify develop branch for preview workflow

* task: Remove unnecessary workflow files

* task: Secrets manager retrieval for preview workflow

* task: Remove AWS CLI installation from GH Actions

* task: Remove AWS CLI installation from deploy WF

.github/workflows/deploy-dev.yml

@@ -0,0 +1,49 @@
+name: Pulumi Deploy
+on:
+  push:
+    branches:
+      - develop
+jobs:
+  preview:
+    name: Preview
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Setup Python 3.11
+        uses: actions/setup-python@v4
+        with:
+          python-version: 3.11
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-region: ${{ secrets.AWS_REGION }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+
+      # Retrieve and set environment variables from AWS Secrets Manager
+      - name: Retrieve secrets from AWS Secrets Manager
+        run: |
+          aws secretsmanager get-secret-value --secret-id opengpts-env-variables --query 'SecretString' --output text | jq -r 'to_entries|map("\(.key)=\(.value|tostring)")|.[]' > .env
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_REGION: ${{ secrets.AWS_REGION }}
+
+      # Create and activate the virtual environment
+      - name: Set up Python virtual environment
+        run: |
+          python -m venv .venv
+          source .venv/bin/activate
+          python -m pip install --upgrade pip
+          pip install -r requirements.txt
+
+      # Update the Pulumi stack
+      - uses: pulumi/actions@v5
+        with:
+          command: up
+          stack-name: brighthive/bb-assistants-dev
+        env:
+          PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}

.github/workflows/preview-dev.yml

@@ -0,0 +1,49 @@
+name: Pulumi Preview
+on:
+  pull_request:
+    branches:
+      - develop
+
+jobs:
+  preview:
+    name: Preview
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Setup Python 3.11
+        uses: actions/setup-python@v4
+        with:
+          python-version: 3.11
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-region: ${{ secrets.AWS_REGION }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+
+      # Retrieve and set environment variables from AWS Secrets Manager
+      - name: Retrieve secrets from AWS Secrets Manager
+        run: |
+          aws secretsmanager get-secret-value --secret-id opengpts-env-variables --query 'SecretString' --output text | jq -r 'to_entries|map("\(.key)=\(.value|tostring)")|.[]' > .env
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_REGION: ${{ secrets.AWS_REGION }}
+
+      # Create and activate the virtual environment
+      - name: Set up Python virtual environment
+        run: |
+          python -m venv .venv
+          source .venv/bin/activate
+          python -m pip install --upgrade pip
+          pip install -r requirements.txt
+
+      - uses: pulumi/actions@v5
+        with:
+          command: preview
+          stack-name: brighthive/bb-assistants-dev
+        env:
+          PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}

.gitignore

@@ -66,3 +66,6 @@ pnpm-debug.log*
 # Temp Lambda files:
 backend/lambda_*
 lambda_*/
+
+# Secrets files
+.secrets

requirements.txt

@@ -0,0 +1,5 @@
+pulumi>=3.0.0,<4.0.0
+pulumi-random>=4.0.0,<5.0.0
+pulumi-aws
+pulumi-docker
+python-dotenv