forked from CS3219-AY2425S1/cs3219-ay2425s1-project-g03
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Create GitHub Actions for auto deployment to AWS (CS3219-AY2425S1#66)
* Create github workflow to deploy frontend and backend to AWS * Add conditional trigger for backend workflow * The build is triggered for a specific service only if its files have been changes * Update frontend workflow * Remove trigger on pull request * Add conditional trigger based on frontend directory * Add cloudfront cache invalidation to frontend workflow Co-authored-by: samuelim01 <[email protected]> * Include collab in backend workflow * Add workflow scripts that can only be triggered manually for frontend and backend * Rename frontend force workflow * Change frontend and backend workflows to trigger only on production branch --------- Co-authored-by: samuelim01 <[email protected]> Co-authored-by: Samuel Lim <[email protected]>
- Loading branch information
3 people
authored
Nov 3, 2024
1 parent
dea4987
commit ccd3d92
Showing
2 changed files
with
108 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,64 @@ | ||
| name: Deploy Backend Services | ||
|
|
||
| on: | ||
| push: | ||
| branches: [ 'production' ] | ||
|
|
||
| workflow_dispatch: | ||
|
|
||
| permissions: | ||
| id-token: write # This is required for requesting the JWT | ||
| contents: read # This is required for actions/checkout | ||
|
|
||
| env: | ||
| AWS_REGION: ap-southeast-1 | ||
| ECS_CLUSTER: backend-cluster | ||
|
|
||
| jobs: | ||
| deploy: | ||
| name: Deploy Backend Service | ||
| runs-on: ubuntu-latest | ||
| environment: production | ||
|
|
||
| strategy: | ||
| matrix: | ||
| service: [ 'question', 'user', 'match', 'collaboration' ] | ||
|
|
||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Configure AWS credentials | ||
| id: aws-configure | ||
| uses: aws-actions/[email protected] | ||
| with: | ||
| role-to-assume: ${{ secrets.AWS_BACKEND_ROLE }} | ||
| role-session-name: GitHub_to_AWS_via_FederatedOIDC | ||
| aws-region: ${{ env.AWS_REGION }} | ||
|
|
||
| - name: Login to AWS ECR | ||
| id: login-ecr | ||
| uses: aws-actions/[email protected] | ||
|
|
||
| - name: Build and push ${{ matrix.service }} image to AWS ECR | ||
| id: build-image | ||
| env: | ||
| ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | ||
| ECR_REPOSITORY: ${{ matrix.service }} | ||
| IMAGE_TAG: latest | ||
| run: | | ||
| echo "Building $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" | ||
| docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG ./services/${{ matrix.service }} | ||
| docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | ||
| - name: Update AWS Service (${{ matrix.service }}) # Trigger re-deployment with latest image | ||
| id: update-service | ||
| env: | ||
| ECS_SERVICE: ${{ matrix.service }}-service | ||
| run: | | ||
| echo "Updating $ECS_SERVICE for $ECS_CLUSTER" | ||
| aws ecs update-service \ | ||
| --cluster $ECS_CLUSTER \ | ||
| --service $ECS_SERVICE \ | ||
| --force-new-deployment \ | ||
| --region $AWS_REGION |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,44 @@ | ||
| name: Deploy Frontend | ||
|
|
||
| on: | ||
| push: | ||
| branches: [ 'production' ] | ||
|
|
||
| workflow_dispatch: | ||
|
|
||
| permissions: | ||
| id-token: write # This is required for requesting the JWT | ||
| contents: read # This is required for actions/checkout | ||
|
|
||
| env: | ||
| AWS_REGION: ap-southeast-1 | ||
| S3_BUCKET_NAME: app.peerprep.org | ||
|
|
||
| jobs: | ||
| deploy: | ||
| name: Deploy Frontend | ||
| runs-on: ubuntu-latest | ||
| environment: production | ||
|
|
||
| steps: | ||
| - uses: actions/checkout@v4 | ||
|
|
||
| - name: Configure AWS credentials | ||
| id: aws-configure | ||
| uses: aws-actions/[email protected] | ||
| with: | ||
| role-to-assume: ${{ secrets.AWS_FRONTEND_ROLE }} | ||
| role-session-name: GitHub_to_AWS_via_FederatedOIDC | ||
| aws-region: ${{ env.AWS_REGION }} | ||
|
|
||
| - name: Build frontend distribution | ||
| working-directory: frontend | ||
| run: npm ci && npm run build | ||
|
|
||
| - name: Sync distribution to S3 | ||
| run: | | ||
| aws s3 sync ./frontend/dist/frontend/browser/ s3://$S3_BUCKET_NAME --delete | ||
| - name: Invalidate Cloudfront Cache | ||
| run: | | ||
| aws cloudfront create-invalidation --distribution-id ${{ secrets.AWS_CLOUDFRONT_ID }} --paths "/*" |