Skip to content

AWS Deployment

AWS Deployment #96

---
name: AWS Deployment
on:
workflow_dispatch:
inputs:
environment:
description: "Environment to deploy to"
default: "staging"
options:
- staging
- production
required: true
type: choice
env:
AWS_ACCOUNT_ID: ${{ vars.AWS_PUBLIC_DATA_RELEASES_ACCOUNT_ID }}
AWS_REGION: ${{ vars.AWS_DEFAULT_REGION }}
STAGING_CLOUDFRONT_DISTRIBUTION_ID: ${{ secrets.STAGING_CLOUDFRONT_DISTRIBUTION_ID }}
STAGING_S3_BUCKET: s3://staging.bff.allencell.org
STAGING_BFF_CLOUDFRONT_DISTRIBUTION_ID: ${{ secrets.STAGING_BFF_CLOUDFRONT_DISTRIBUTION_ID }}
PRODUCTION_CLOUDFRONT_DISTRIBUTION_ID: ${{ secrets.PRODUCTION_CLOUDFRONT_DISTRIBUTION_ID }}
PRODUCTION_S3_BUCKET: s3://bff.allencell.org
PRODUCTION_BFF_CLOUDFRONT_DISTRIBUTION_ID: ${{ secrets.PRODUCTION_BFF_CLOUDFRONT_DISTRIBUTION_ID }}
permissions:
id-token: write # Required for requesting the JWT and OIDC
contents: write # Required for actions/checkout and OIDC tokens
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
- uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8
with:
node-version: 16
- name: Install Dependencies
run: npm ci
- name: Build
run: npm run --prefix packages/web build
- name: Upload build files
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3
with:
name: aws-deploy-files
path: ./packages/web/dist
deploy:
needs: build
runs-on: ubuntu-latest
# Dynamically set the environment variable based on the input above:
environment: ${{ github.event.inputs.environment }}
steps:
# Compute a short sha for use in the OIDC session name, which has a 64 character limit
- name: Add SHORT_SHA env property with commit short sha
run: echo "SHORT_SHA=`echo ${{ github.sha }} | cut -c1-8`" >> $GITHUB_ENV
- name: Configure AWS credentials with OIDC
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502
with:
role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT_ID }}:role/github_biofile_finder
role-session-name: github_biofile_finder-${{ env.SHORT_SHA }}
aws-region: ${{ env.AWS_REGION }}
# Setup variables based on the staging or production environment
- name: Set ECS variables based on environment
run: |
if [ "${{ github.event.inputs.environment }}" == "production" ]; then
echo "S3_BUCKET=${{ env.PRODUCTION_S3_BUCKET }}" >> $GITHUB_ENV
echo "CLOUDFRONT_DISTRIBUTION_ID=${{ env.PRODUCTION_CLOUDFRONT_DISTRIBUTION_ID }}" >> $GITHUB_ENV
echo "BFF_CLOUDFRONT_DISTRIBUTION_ID=${{ env.PRODUCTION_BFF_CLOUDFRONT_DISTRIBUTION_ID }}" >> $GITHUB_ENV
elif [ "${{ github.event.inputs.environment }}" == "staging" ]; then
echo "S3_BUCKET=${{ env.STAGING_S3_BUCKET }}" >> $GITHUB_ENV
echo "CLOUDFRONT_DISTRIBUTION_ID=${{ env.STAGING_CLOUDFRONT_DISTRIBUTION_ID }}" >> $GITHUB_ENV
echo "BFF_CLOUDFRONT_DISTRIBUTION_ID=${{ env.STAGING_BFF_CLOUDFRONT_DISTRIBUTION_ID }}" >> $GITHUB_ENV
else
echo "Invalid environment specified"
exit 1
fi
- name: Download build artifacts
uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427
with:
name: aws-deploy-files
path: ./packages/web/dist
# Note that the command below will copy the files to the root of the S3 bucket e.g., s3://bff.allencell.org/
# If you want to copy files to a S3 prefix / subdirectory, you would want something like ${{ env.BFF_S3_BUCKET }}/your_prefix below
- name: Copy build files to BFF S3
run: aws s3 sync ./packages/web/dist ${{ env.S3_BUCKET }}
# This isn't strictly necessary since this distribution only handles redirects and doesn't serve any content directly
- name: Invalidate CloudFront biofile-finder cache
run: aws cloudfront create-invalidation --distribution-id ${{ env.CLOUDFRONT_DISTRIBUTION_ID }} --paths "/*"
- name: Invalidate CloudFront BFF cache
run: aws cloudfront create-invalidation --distribution-id ${{ env.BFF_CLOUDFRONT_DISTRIBUTION_ID }} --paths "/*"