diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml new file mode 100644 index 0000000..ba7d8a6 --- /dev/null +++ b/.github/workflows/deploy.yml @@ -0,0 +1,99 @@ +name: Deploy + +on: + workflow_dispatch: + inputs: + env: + description: Deploy to environment + required: true + type: choice + default: dev + options: + - dev + - prod + service: + description: Deploy app service + required: true + type: choice + options: + - frontend + - lambdas + version: + description: Deploy release version + required: true + +concurrency: + group: "deploy" + cancel-in-progress: false + +jobs: + + deploy: + runs-on: ubuntu-latest + if: ${{ inputs.service == 'frontend' }} + env: + DEPLOY_ENV: ${{ inputs.env }} + DEPLOY_SERVICE: ${{ inputs.service }} + DEPLOY_VERSION: ${{ inputs.version }} + steps: + - name: AWS Configure + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: ${{ secrets.AWS_REGION }} + - name: curl frontend.zip + run: | + RELEASE_URL="https://api.github.com/repos/eighty4/install.sh/releases/tags/$DEPLOY_VERSION" + ASSET_URL=$(curl -s "$RELEASE_URL" | jq -r '.assets[] | select(.name == "frontend.zip") | .url') + curl -H "Accept: application/octet-stream" -Ls $ASSET_URL > "frontend.zip" + - run: unzip frontend.zip -d frontend + - name: S3 sync + run: | + BUCKET="$AWS_S3_BUCKET_PREFIX-$DEPLOY_ENV-$DEPLOY_SERVICE-$DEPLOY_VERSION" + aws s3api create-bucket --bucket ${BUCKET} + aws s3 sync . ${BUCKET} + working-directory: frontend + env: + AWS_S3_BUCKET_PREFIX: ${{ secrets.AWS_S3_BUCKET_PREFIX }} + - name: lambda invoke-async + run: | + PAYLOAD="{\"env\":\"$DEPLOY_ENV\",\"service\":\"$DEPLOY_SERVICE\",\"version\":\"$DEPLOY_VERSION\"}" + aws lambda invoke-async --function-name $AWS_LAMBDA_FUNCTION_NAME --invoke-args $PAYLOAD + env: + AWS_LAMBDA_FUNCTION_NAME: ${{ secrets.AWS_LAMBDA_FUNCTION_NAME }} + + deploy-lambdas: + runs-on: ubuntu-latest + if: ${{ inputs.service == 'lambdas' }} + env: + DEPLOY_ENV: ${{ inputs.env }} + DEPLOY_SERVICE: ${{ inputs.service }} + DEPLOY_VERSION: ${{ inputs.version }} + steps: + - name: AWS Configure + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: ${{ secrets.AWS_REGION }} + - name: curl lambdas.zip + run: | + RELEASE_URL="https://api.github.com/repos/eighty4/install.sh/releases/tags/$DEPLOY_VERSION" + ASSET_URL=$(curl -s "$RELEASE_URL" | jq -r '.assets[] | select(.name == "lambdas.zip") | .url') + curl -H "Accept: application/octet-stream" -Ls $ASSET_URL > "lambdas.zip" + - run: unzip lambdas.zip -d lambdas + - name: S3 sync + run: | + BUCKET="$AWS_S3_BUCKET_PREFIX-$DEPLOY_ENV-$DEPLOY_SERVICE-$DEPLOY_VERSION" + aws s3api create-bucket --bucket ${BUCKET} + aws s3 sync . ${BUCKET} + working-directory: lambdas + env: + AWS_S3_BUCKET_PREFIX: ${{ secrets.AWS_S3_BUCKET_PREFIX }} + - name: lambda invoke-async + run: | + PAYLOAD="{\"env\":\"$DEPLOY_ENV\",\"service\":\"$DEPLOY_SERVICE\",\"version\":\"$DEPLOY_VERSION\"}" + aws lambda invoke-async --function-name $AWS_LAMBDA_FUNCTION_NAME --invoke-args $PAYLOAD + env: + AWS_LAMBDA_FUNCTION_NAME: ${{ secrets.AWS_LAMBDA_FUNCTION_NAME }} diff --git a/.github/workflows/publish_frontend.yml b/.github/workflows/publish_frontend.yml new file mode 100644 index 0000000..c7818d3 --- /dev/null +++ b/.github/workflows/publish_frontend.yml @@ -0,0 +1,50 @@ +name: "Publish: frontend" + +on: + workflow_call: + inputs: + release_id: + required: true + type: string + tag_name: + required: true + type: string + upload_hostname: + required: true + type: string + +jobs: + + publish-frontend: + runs-on: ubuntu-latest + defaults: + run: + working-directory: frontend + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + ref: ${{ inputs.tag_name }} + - uses: pnpm/action-setup@v4 + - uses: actions/setup-node@v4 + with: + node-version: 22 + cache: pnpm + - run: pnpm i + - run: pnpm build + env: + VITE_GITHUB_CLIENT_ID: ${{ secrets.GH_OAUTH_CLIENT_ID }} + - name: upload + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + RELEASE_ID: ${{ inputs.release_id }} + UPLOAD_HOSTNAME: ${{ inputs.upload_hostname }} + run: | + FILENAME=dist.zip + curl --fail --silent -L -X POST \ + -H "Accept: application/vnd.github+json" \ + -H "Authorization: Bearer $GH_TOKEN"\ + -H "X-GitHub-Api-Version: 2022-11-28" \ + -H "Content-Type: $(file dist.zip -b --mime-type)" \ + https://$UPLOAD_HOSTNAME/repos/eighty4/install.sh/releases/$RELEASE_ID/assets?name=frontend.zip \ + --data-binary "@dist.zip" diff --git a/.github/workflows/publish_lambdas.yml b/.github/workflows/publish_lambdas.yml new file mode 100644 index 0000000..0e9846d --- /dev/null +++ b/.github/workflows/publish_lambdas.yml @@ -0,0 +1,55 @@ +name: "Publish: lambdas" + +on: + workflow_call: + inputs: + release_id: + required: true + type: string + tag_name: + required: true + type: string + upload_hostname: + required: true + type: string + +jobs: + + publish-lambdas: + runs-on: ubuntu-24.04 + defaults: + run: + working-directory: lambdas + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + ref: ${{ inputs.tag_name }} + - name: Install l3 + run: | + mkdir -p $HOME/.local/bin + echo "$HOME/.local/bin" >> "$GITHUB_PATH" + RELEASE_URL="https://api.github.com/repos/eighty4/l3/releases/latest" + ASSET_URL=$(curl -s "$RELEASE_URL" | jq -r '.assets[] | select(.name == "l3-linux-x86_64") | .url') + curl -H "Accept: application/octet-stream" -Ls $ASSET_URL > "$HOME/.local/bin/l3" + chmod +x "$HOME/.local/bin/l3" + l3 -h + - name: l3 build + run: l3 build --all --release + - name: zip lambdas.zip + run: zip lambdas.zip l3_build.json *.zip + working-directory: lambdas/.l3/build/release + - name: upload + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + RELEASE_ID: ${{ inputs.release_id }} + UPLOAD_HOSTNAME: ${{ inputs.upload_hostname }} + run: | + FILE=.l3/build/release/lambdas.zip + curl --fail --silent -L -X POST \ + -H "Accept: application/vnd.github+json" \ + -H "Authorization: Bearer $GH_TOKEN"\ + -H "X-GitHub-Api-Version: 2022-11-28" \ + -H "Content-Type: $(file $FILE -b --mime-type)" \ + https://$UPLOAD_HOSTNAME/repos/eighty4/install.sh/releases/$RELEASE_ID/assets?name=lambdas.zip \ + --data-binary "@$FILE" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..b619203 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,99 @@ +name: Release + +on: + workflow_dispatch: + inputs: + service: + description: Deploy app service + required: true + type: choice + options: + - frontend + - lambdas + +concurrency: + group: "release-${{ inputs.service }}" + cancel-in-progress: false + +jobs: + +# verified: +# uses: ./.github/workflows/verify.yml + + create-git-tag: + runs-on: ubuntu-latest +# needs: [ verified ] + steps: + - if: github.ref != 'refs/heads/main' + run: exit 1 + - uses: actions/checkout@v4 + - uses: actions/setup-node@v4 + with: + node-version: 22 + - name: tag + id: tag + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SERVICE: ${{ inputs.service }} + run: | + DATE="$(git show -s --format=%ci $HASH | cut -c1-10)" + HASH="$(git rev-parse --short HEAD)" + VERSION="$DATE.$HASH" + echo "version=$VERSION" >> "$GITHUB_OUTPUT" + git config --global user.name "Adam McKee" + git config --global user.email "adam.be.g84d@gmail.com" + TAG_NAME="$SERVICE-v$VERSION" + git tag $TAG_NAME + git push --atomic origin main $TAG_NAME + echo "tag_name=$TAG_NAME" >> "$GITHUB_OUTPUT" + outputs: + tag_name: ${{ steps.tag.outputs.tag_name }} + version: ${{ steps.tag.outputs.version }} + + create-gh-release: + runs-on: ubuntu-latest + needs: [ create-git-tag ] + steps: + - name: create github release + id: create + env: + TAG_NAME: ${{ needs.create-git-tag.outputs.tag_name }} + VERSION: ${{ needs.create-git-tag.outputs.version }} + GH_TOKEN: ${{ github.token }} + run: | + CREATED_RELEASE=$(gh api \ + --method POST \ + -H "Accept: application/vnd.github+json" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + /repos/eighty4/install.sh/releases \ + -f tag_name="$TAG_NAME" \ + -f name="${{ inputs.service }} $VERSION" \ + -F draft=false \ + -F prerelease=false \ + -F generate_release_notes=false) + echo "release_id=$(echo $CREATED_RELEASE | jq '.id')" >> "$GITHUB_OUTPUT" + echo "upload_hostname=$(echo $CREATED_RELEASE | jq '.upload_url' | cut -d'/' -f3)" >> "$GITHUB_OUTPUT" + outputs: + tag_name: ${{ needs.create-git-tag.outputs.tag_name }} + release_id: ${{ steps.create.outputs.release_id }} + upload_hostname: ${{ steps.create.outputs.upload_hostname }} + + publish-frontend: + if: inputs.service == 'frontend' + needs: create-gh-release + uses: ./.github/workflows/publish_frontend.yml + with: + release_id: ${{ needs.create-gh-release.outputs.release_id }} + tag_name: ${{ needs.create-gh-release.outputs.tag_name }} + upload_hostname: ${{ needs.create-gh-release.outputs.upload_hostname }} + secrets: inherit + + publish-lambdas: + if: inputs.service == 'lambdas' + needs: create-gh-release + uses: ./.github/workflows/publish_lambdas.yml + with: + release_id: ${{ needs.create-gh-release.outputs.release_id }} + tag_name: ${{ needs.create-gh-release.outputs.tag_name }} + upload_hostname: ${{ needs.create-gh-release.outputs.upload_hostname }} + secrets: inherit diff --git a/.github/workflows/verify.yml b/.github/workflows/verify.yml index 9ac88da..fea83fb 100644 --- a/.github/workflows/verify.yml +++ b/.github/workflows/verify.yml @@ -5,8 +5,7 @@ on: branches: [ main ] pull_request: branches: [ main ] - -concurrency: verify-ci + workflow_call: jobs: diff --git a/.github/workflows/www.yml b/.github/workflows/www.yml deleted file mode 100644 index e5452ff..0000000 --- a/.github/workflows/www.yml +++ /dev/null @@ -1,52 +0,0 @@ -name: Deploy frontend - -on: - workflow_dispatch: - -concurrency: - group: "deploy-frontend" - cancel-in-progress: false - -jobs: - deploy: - runs-on: ubuntu-latest - if: github.ref == 'refs/heads/main' - steps: - - name: Check env vars - run: | - if [ -z "$GH_OAUTH_CLIENT_ID" ]; then exit 1; fi - env: - GH_OAUTH_CLIENT_ID: ${{secrets.GH_OAUTH_CLIENT_ID}} - - name: Checkout - uses: actions/checkout@v4 - - uses: pnpm/action-setup@v4 - - uses: actions/setup-node@v4 - with: - node-version: 22 - cache: pnpm - - name: Build - run: | - pnpm i - pnpm build - env: - VITE_INSTALL_API_BASE_URL: ${{secrets.EIGHTY4_INSTALL_API_BASE_URL}} - VITE_GITHUB_CLIENT_ID: ${{secrets.GH_OAUTH_CLIENT_ID}} - working-directory: frontend - - name: AWS Configure - uses: aws-actions/configure-aws-credentials@v1 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: us-east-2 - - name: S3 Upload - run: aws s3 cp dist.zip ${AWS_AMPLIFY_S3_SOURCE} - env: - AWS_AMPLIFY_S3_SOURCE: ${{ secrets.AWS_AMPLIFY_S3_SOURCE }} - working-directory: frontend - - name: Amplify Deploy - run: aws amplify start-deployment --app-id ${AWS_AMPLIFY_APP_ID} --branch-name ${AWS_AMPLIFY_BRANCH_NAME} --source-url ${AWS_AMPLIFY_S3_SOURCE} - env: - AWS_AMPLIFY_BRANCH_NAME: ${{ secrets.AWS_AMPLIFY_BRANCH_NAME }} - AWS_AMPLIFY_APP_ID: ${{ secrets.AWS_AMPLIFY_APP_ID }} - AWS_AMPLIFY_S3_SOURCE: ${{ secrets.AWS_AMPLIFY_S3_SOURCE }} - working-directory: frontend