Deploy Portfolio #7
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy Portfolio | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths-ignore: | |
| - "infrastructure/**" # Don't trigger on CDK changes | |
| - "**.md" | |
| workflow_dispatch: | |
| # Allow only one concurrent deployment | |
| concurrency: | |
| group: "deploy" | |
| cancel-in-progress: true | |
| env: | |
| AWS_REGION: us-east-1 # Changed to variable | |
| NEXT_PUBLIC_BASE_URL: https://bjornmelin.io | |
| NEXT_PUBLIC_API_URL: https://api.bjornmelin.io | |
| jobs: | |
| deploy: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: "20" | |
| cache: "yarn" | |
| cache-dependency-path: "**/yarn.lock" | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| # Install dependencies in the root directory | |
| - name: Install Root Dependencies | |
| run: yarn install --frozen-lockfile | |
| # Install dependencies in the infrastructure directory | |
| - name: Install Infrastructure Dependencies | |
| working-directory: ./infrastructure | |
| run: yarn install --frozen-lockfile | |
| # Build the Next.js app in the root directory | |
| - name: Build Next.js App | |
| env: | |
| NEXT_PUBLIC_BASE_URL: ${{ env.NEXT_PUBLIC_BASE_URL }} | |
| NEXT_PUBLIC_API_URL: ${{ env.NEXT_PUBLIC_API_URL }} | |
| run: yarn build | |
| # Get stack outputs | |
| - name: Get Stack Outputs | |
| id: stack-outputs | |
| run: | | |
| BUCKET_NAME=$(aws cloudformation describe-stacks \ | |
| --stack-name prod-portfolio-storage \ | |
| --query 'Stacks[0].Outputs[?OutputKey==`WebsiteBucketName`].OutputValue' \ | |
| --output text --region ${{ env.AWS_REGION }}) | |
| DIST_ID=$(aws cloudformation describe-stacks \ | |
| --stack-name prod-portfolio-storage \ | |
| --query 'Stacks[0].Outputs[?OutputKey==`DistributionId`].OutputValue' \ | |
| --output text --region ${{ env.AWS_REGION }}) | |
| echo "bucket=$BUCKET_NAME" >> $GITHUB_OUTPUT | |
| echo "distribution=$DIST_ID" >> $GITHUB_OUTPUT | |
| # Upload static assets | |
| - name: Upload Static Assets | |
| run: | | |
| aws s3 sync ./out s3://${{ steps.stack-outputs.outputs.bucket }} \ | |
| --delete \ | |
| --exclude "*.html" \ | |
| --exclude "*.json" \ | |
| --cache-control "public, max-age=31536000, immutable" | |
| aws s3 sync ./out s3://${{ steps.stack-outputs.outputs.bucket }} \ | |
| --delete \ | |
| --exclude "*" \ | |
| --include "*.html" \ | |
| --include "*.json" \ | |
| --cache-control "public, max-age=0, must-revalidate" | |
| # Invalidate CloudFront cache | |
| - name: Invalidate CloudFront | |
| run: | | |
| aws cloudfront create-invalidation \ | |
| --distribution-id ${{ steps.stack-outputs.outputs.distribution }} \ | |
| --paths "/*" | |
| # Verify deployment | |
| - name: Verify Deployment | |
| run: | | |
| # Wait for CloudFront invalidation | |
| sleep 30 | |
| # Check if website is accessible | |
| HTTP_CODE=$(curl -o /dev/null -s -w "%{http_code}" ${{ env.NEXT_PUBLIC_BASE_URL }}) | |
| if [ "$HTTP_CODE" != "200" ]; then | |
| echo "Website verification failed with HTTP code: $HTTP_CODE" | |
| exit 1 | |
| fi |