-
Notifications
You must be signed in to change notification settings - Fork 2
126 lines (112 loc) · 3.83 KB
/
deploy-dev.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
name: Deploy Reserve Rec Admin Dev
run-name: Deploying ${{ github.ref_name }} to dev
on:
push:
branches: [main]
workflow_dispatch:
permissions:
id-token: write
contents: read
jobs:
deploy:
runs-on: ubuntu-latest
environment: dev
strategy:
max-parallel: 1
matrix:
node-version: [20.x]
steps:
### Checkout GitHub Repo
- name: Checkout repo
uses: actions/checkout@v4
# - shell: bash
# env:
# WEBHOOK_URL: ${{ secrets.WEBHOOK_URL }}
# run: |
# curl -X POST -H 'Content-Type: application/json' $WEBHOOK_URL --data '{"text":"Reserve Rec - Deploy Admin Dev"}'
### Install if no cache exists ###
- name: Setup node
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
cache: "yarn"
cache-dependency-path: "yarn.lock"
- run: yarn install --silent --frozen-lockfile
### Build if no cache exists ###
- name: Cache Build
id: cache-build
uses: actions/cache@v4
with:
path: |
**dist
key: ${{ github.sha }}-dist
- name: Run yarn build
if: steps.cache-build.outputs.cache-hit != 'true'
env:
GH_HASH: ${{ github.sha }}
run: |
sed 's@localConfigEndpoint@'true'@g' src/env.js.template | sed 's@localGHHash@'"$GH_HASH"'@g' > src/env.js
yarn build
### Setup AWS SAM
- name: Setup AWS SAM
uses: aws-actions/setup-sam@v2
with:
use-installer: true
### Assume AWS IAM Role
- name: Get AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
role-session-name: GitHub_to_AWS_via_FederatedOIDC
aws-region: ${{ vars.AWS_REGION }}
### SAM Build
- name: Cache SAM Build
id: cache-sam-build
uses: actions/cache@v4
with:
path: |
**.aws-sam
key: ${{ github.sha }}-sam-cache
- name: Run sam build
if: steps.cache-sam-build.outputs.cache-hit != 'true'
run: |
sam build --cached
### Prevent prompts and failure when the stack is unchanged
- name: SAM deploy
env:
STACK_NAME: ${{ vars.STACK_NAME }}
DIST_ORIGIN_PATH: "latest"
API_GATEWAY_ID: ${{ vars.API_GATEWAY_ID }}
ENV: ${{ vars.ENVIRONMENT_STAGE }}
AWS_REGION: ${{ vars.AWS_REGION }}
API_STAGE: ${{ vars.API_STAGE }}
DOMAIN_NAME: ${{ vars.DOMAIN_NAME }}
AWS_CERTIFICATE_ARN: ${{ vars.AWS_CERTIFICATE_ARN }}
run: |
sam deploy --stack-name $STACK_NAME --no-confirm-changeset --no-fail-on-empty-changeset --parameter-overrides \
DistOriginPath=$DIST_ORIGIN_PATH \
ApiGatewayId=$API_GATEWAY_ID \
Env=$ENV \
AWSRegion=$AWS_REGION \
ApiStage=$API_STAGE \
EnvDomainName=$DOMAIN_NAME \
DomainCertificateArn=$AWS_CERTIFICATE_ARN \
### Upload dist to S3 ###
- name: Deploy to S3
env:
S3_BUCKET: ${{ vars.STACK_NAME }}-${{ vars.ENVIRONMENT_STAGE }}
DIR_NAME: ${{ github.sha }}
run: |
aws s3 sync dist s3://$S3_BUCKET/$DIR_NAME
aws s3 rm s3://$S3_BUCKET/ --recursive --exclude "*" --include "latest/*"
aws s3 sync dist s3://$S3_BUCKET/latest
- name: Invalidate CloudFront
uses: chetan/invalidate-cloudfront-action@v2
env:
DISTRIBUTION: ${{ secrets.DISTRIBUTION }}
PATHS: "/*"
# - shell: bash
# env:
# WEBHOOK_URL: ${{ secrets.WEBHOOK_URL }}
# run: |
# curl -X POST -H 'Content-Type: application/json' $WEBHOOK_URL --data '{"text":"Reserve Rec Deploy Admin Dev Complete"}'