From 7793c74d69d60be39074a2218bbe70daea57c48f Mon Sep 17 00:00:00 2001 From: McNaBry Date: Wed, 30 Oct 2024 00:34:19 +0800 Subject: [PATCH] Create github workflow to deploy frontend and backend to AWS --- .github/workflows/backend.yml | 81 ++++++++++++++++++++++++++++++++++ .github/workflows/frontend.yml | 45 +++++++++++++++++++ 2 files changed, 126 insertions(+) create mode 100644 .github/workflows/backend.yml create mode 100644 .github/workflows/frontend.yml diff --git a/.github/workflows/backend.yml b/.github/workflows/backend.yml new file mode 100644 index 0000000000..79170c4c21 --- /dev/null +++ b/.github/workflows/backend.yml @@ -0,0 +1,81 @@ +name: Deploy Backend Services + +on: + push: + branches: [ 'main' ] + paths: [ 'services/match/**', 'services/question/**', 'services/user/**' ] + pull_request: + branches: [ 'main' ] + types: [ 'opened', 'reopened', 'synchronize'] + + # Allows you to run this workflow manually from the Actions tab + workflow_dispatch: + +permissions: + id-token: write # This is required for requesting the JWT + contents: read # This is required for actions/checkout + +env: + AWS_REGION: ap-southeast-1 + ECS_CLUSTER: backend-cluster + +jobs: + deploy: + name: Deploy Backend Service + runs-on: ubuntu-latest + environment: production + + strategy: + matrix: + service: [ 'match', 'question', 'user' ] + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Check for changes in ${{ matrix.service }} directory + uses: dorny/paths-filter@v3 + id: changes + with: + filters: | + service: + - '.services/${{ matrix.service }}/**' + + - name: Exit if no changes found + if: steps.changes.output.service == 'false' + run: exit 0 + + - name: Configure AWS credentials + id: aws-configure + uses: aws-actions/configure-aws-credentials@v4.0.2 + with: + role-to-assume: ${{ secrets.AWS_BACKEND_ROLE }} + role-session-name: GitHub_to_AWS_via_FederatedOIDC + aws-region: ${{ env.AWS_REGION }} + + - name: Login to AWS ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v2.0.1 + + - name: Build and push ${{ matrix.service }} image to Amazon ECR + id: build-image + env: + ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} + ECR_REPOSITORY: ${{ matrix.service }} + IMAGE_TAG: latest + run: | + echo "Building $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" + docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG ./services/${{ matrix.service }} + docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG + + - name: Update AWS Service (${{ matrix.service }}) # Trigger re-deployment with latest image + id: update-service + env: + ECS_SERVICE: ${{ matrix.service }}-service + run: | + echo "Updating $ECS_SERVICE for $ECS_CLUSTER" + aws ecs update-service \ + --cluster $ECS_CLUSTER \ + --service $ECS_SERVICE \ + --force-new-deployment \ + --region $AWS_REGION diff --git a/.github/workflows/frontend.yml b/.github/workflows/frontend.yml new file mode 100644 index 0000000000..255e69ee7c --- /dev/null +++ b/.github/workflows/frontend.yml @@ -0,0 +1,45 @@ +name: Deploy Frontend + +on: + push: + branches: [ 'main' ] + paths: + # - 'frontend/**' # Only trigger if changes are made in the frontend directory + pull_request: + branches: [ 'main' ] + types: [ 'opened', 'reopened', 'synchronize'] + + workflow_dispatch: + +permissions: + id-token: write # This is required for requesting the JWT + contents: read # This is required for actions/checkout + +env: + AWS_REGION: ap-southeast-1 + S3_BUCKET_NAME: app.peerprep.org + +jobs: + deploy: + name: Deploy Frontend + runs-on: ubuntu-latest + environment: production + + steps: + - uses: actions/checkout@v4 + + - name: Configure AWS credentials + id: aws-configure + uses: aws-actions/configure-aws-credentials@v4.0.2 + with: + role-to-assume: ${{ secrets.AWS_FRONTEND_ROLE }} + role-session-name: GitHub_to_AWS_via_FederatedOIDC + aws-region: ${{ env.AWS_REGION }} + + - name: Build frontend distribution + working-directory: frontend + run: npm ci && npm run build + + - name: Sync distribution to S3 + run: | + aws s3 sync ./frontend/dist/frontend/browser/ s3://$S3_BUCKET_NAME --delete