Ah/spring2025 apps #253
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI/CD | |
# First runs linter and tests all affected projects | |
# Then, for each project that requires deployment, deploy-<project>-<service-type> is added | |
# Environment variables are labelled <project-name>_SHORT_DESCRIPTION | |
on: | |
push: | |
branches: ['main'] | |
pull_request: | |
branches: ['main'] | |
workflow_dispatch: | |
inputs: | |
manual-deploy: | |
description: 'App(s) to Deploy (dotcom, jpal-frontend)' | |
required: false | |
default: '' | |
concurrency: | |
# Never have two deployments happening at the same time (potential race condition) | |
group: '{{ github.head_ref || github.ref }}' | |
jobs: | |
pre-deploy: | |
runs-on: ubuntu-latest | |
outputs: | |
affected: ${{ steps.should-deploy.outputs.affected }} | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
# We need to fetch all branches and commits so that Nx affected has a base to compare against. | |
fetch-depth: 0 | |
- name: Use Node.js 16 | |
uses: actions/setup-node@v3 | |
with: | |
node-version: 16.x | |
cache: 'yarn' | |
- name: Install Dependencies | |
run: yarn install | |
# In any subsequent steps within this job (myjob) we can reference the resolved SHAs | |
# using either the step outputs or environment variables: | |
- name: Derive appropriate SHAs for base and head for `nx affected` commands | |
uses: nrwl/nx-set-shas@v3 | |
- run: | | |
echo "BASE: ${{ env.NX_BASE }}" | |
echo "HEAD: ${{ env.NX_HEAD }}" | |
- name: Nx Affected Lint | |
run: npx nx affected -t lint | |
# - name: Nx Affected Test | |
# run: npx nx affected -t test | |
- name: Nx Affected Build | |
run: npx nx affected -t build | |
- name: Determine who needs to be deployed | |
id: should-deploy | |
run: | | |
echo "The following projects have been affected: [$(npx nx print-affected -t build --select=tasks.target.project)]"; | |
echo "affected=$(npx nx print-affected -t build --select=tasks.target.project)" >> "$GITHUB_OUTPUT" | |
deploy-debug: | |
needs: pre-deploy | |
runs-on: ubuntu-latest | |
steps: | |
- name: Debug logs | |
run: | | |
echo "Manual Deploy: ${{github.event.inputs.manual-deploy}}"; | |
echo "Affected Names: ${{needs.pre-deploy.outputs.affected}}"; | |
echo "Event: ${{github.event_name}}"; | |
echo "Ref: ${{github.ref}}"; | |
echo "Will deploy?: ${{(github.event_name == 'push' || github.event_name == 'workflow_dispatch') && github.ref == 'refs/heads/main'}}"; | |
deploy-c4cneudotcom: | |
needs: pre-deploy | |
if: (contains(github.event.inputs.manual-deploy, 'dotcom') || contains(needs.pre-deploy.outputs.affected, 'dotcom')) && (github.event_name == 'push' || github.event_name == 'workflow_dispatch') && github.ref == 'refs/heads/main' | |
runs-on: ubuntu-latest | |
# For "simplicity", deployment settings are configured in the AWS Amplify Console | |
# This just posts to a webhook telling Amplify to redeploy the main branch | |
steps: | |
- name: Tell Amplify to rebuild | |
run: curl -X POST -d {} ${DOTCOM_WEBHOOK_DEPLOY} -H "Content-Type:application/json" | |
env: | |
DOTCOM_WEBHOOK_DEPLOY: ${{ secrets.DOTCOM_WEBHOOK_DEPLOY }} | |
deploy-monarch-frontend: | |
needs: pre-deploy | |
if: (contains(github.event.inputs.manual-deploy, 'monarch-frontend') || contains(needs.pre-deploy.outputs.affected, 'monarch-frontend')) && (github.event_name == 'push' || github.event_name == 'workflow_dispatch') && github.ref == 'refs/heads/main' | |
runs-on: ubuntu-latest | |
# For "simplicity", deployment settings are configured in the AWS Amplify Console | |
# This just posts to a webhook telling Amplify to redeploy the main branch | |
steps: | |
- name: Tell Amplify to rebuild | |
run: curl -X POST -d {} ${MONARCH_WEBHOOK_DEPLOY} -H "Content-Type:application/json" | |
env: | |
MONARCH_WEBHOOK_DEPLOY: ${{ secrets.MONARCH_WEBHOOK_DEPLOY }} | |
deploy-monarch-backend: | |
needs: pre-deploy | |
if: (contains(github.event.inputs.manual-deploy, 'monarch-backend') || contains(needs.pre-deploy.outputs.affected, 'monarch-backend')) && (github.event_name == 'push' || github.event_name == 'workflow_dispatch') && github.ref == 'refs/heads/main' | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Use Node.js 18 | |
uses: actions/setup-node@v3 | |
with: | |
node-version: 18.x | |
cache: 'yarn' | |
- name: Install Dependencies | |
run: yarn install | |
- run: npx nx build monarch-backend --configuration production | |
- name: default deploy | |
uses: appleboy/lambda-action@master | |
with: | |
aws_access_key_id: ${{ secrets.LLB_AWS_ACCESS_KEY_ID }} | |
aws_secret_access_key: ${{ secrets.LLB_AWS_SECRET_ACCESS_KEY }} | |
aws_region: ${{ secrets.AWS_REGION }} | |
function_name: monarch-backend-lambda | |
source: dist/apps/monarch/monarch-backend/main.js | |
environment: JOTFORM_AUTH_KEY=${{ secrets.MONARCH_JOTFORM_AUTH_KEY }} | |
deploy-green-infrastructure-frontend: | |
needs: pre-deploy | |
if: (contains(github.event.inputs.manual-deploy, 'green-infrastructure-frontend') || contains(needs.pre-deploy.outputs.affected, 'green-infrastructure-frontend')) && (github.event_name == 'push' || github.event_name == 'workflow_dispatch') && github.ref == 'refs/heads/main' | |
runs-on: ubuntu-latest | |
# For "simplicity", deployment settings are configured in the AWS Amplify Console | |
# This just posts to a webhook telling Amplify to redeploy the main branch | |
steps: | |
- name: Tell Amplify to rebuild | |
run: curl -X POST -d {} ${GREEN_INFRASTRUCTURE_WEBHOOK_DEPLOY} -H "Content-Type:application/json" | |
env: | |
GREEN_INFRASTRUCTURE_WEBHOOK_DEPLOY: ${{ secrets.GREEN_INFRASTRUCTURE_WEBHOOK_DEPLOY }} | |
# If deploying a new service via actions, use the following template: | |
# deploy-<!!!REPLACE-ME!!!>: | |
# needs: pre-deploy | |
# if: (contains(github.event.inputs.manual-deploy, '<!!!REPLACE-ME!!!>') || contains(needs.pre-deploy.outputs.affected_names, <!!!REPLACE-ME!!!>)) && (github.event_name == 'push' || github.event_name == 'workflow_dispatch') && github.ref == 'refs/heads/main' | |
# runs-on: ubuntu-latest | |
# steps: | |
# ... | |