lambda-ssr-react-app/.github/workflows/deploy.yml at main · chrispsheehan/lambda-ssr-react-app · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
name: Deploy

on:
  workflow_dispatch:

permissions:
  id-token: write
  contents: read

env:
  TF_VAR_region: ${{ vars.AWS_REGION }}
  TF_VAR_environment: dev
  TF_VAR_base_reference: chrispsheehan-lambda-ssr-react
  TF_VAR_base_path: "/"
  TF_VAR_public_path: "/public"

jobs:
  deploy:
    runs-on: ubuntu-latest
    outputs:
      web_url: ${{ steps.set_vars.outputs.WEB_URL }}
    steps:
      - uses: actions/checkout@v4
      - uses: extractions/setup-just@v2
      - uses: hashicorp/setup-terraform@v3
      - uses: aws-actions/configure-aws-credentials@v4
        with:
            aws-region: ${{ vars.AWS_REGION }}
            role-to-assume: arn:aws:iam::${{ vars.AWS_ACCOUNT_ID }}:role/${{ vars.AWS_ROLE }}
            role-session-name: GitHubActions
      - name: build app
        id: build_app
        shell: bash
        env:
          PUBLIC_PATH: ${{ env.TF_VAR_public_path }}
          BASE_PATH: ${{ env.TF_VAR_base_path }}
          SHORT_SHA: $(echo $GITHUB_SHA | cut -c 1-6)
          MODE: production
        run: |
          LAMBDA_BUILD_FILE_PATH=${GITHUB_WORKSPACE}/${{ env.SHORT_SHA }}-ssr.zip
          AUTH_BUILD_FILE_PATH=${GITHUB_WORKSPACE}/${{ env.SHORT_SHA }}-auth.zip
          just build $LAMBDA_BUILD_FILE_PATH $AUTH_BUILD_FILE_PATH
          echo "LAMBDA_BUILD_FILE_PATH=$LAMBDA_BUILD_FILE_PATH" >> $GITHUB_OUTPUT
          echo "AUTH_BUILD_FILE_PATH=$AUTH_BUILD_FILE_PATH" >> $GITHUB_OUTPUT
      - name: init
        shell: bash
        run: |
          cd tf
          terraform init
      - name: deploy
        shell: bash
        env:
          TF_VAR_lambda_zip_path: ${{ steps.build_app.outputs.LAMBDA_BUILD_FILE_PATH }}
          TF_VAR_auth_lambda_zip_path: ${{ steps.build_app.outputs.AUTH_BUILD_FILE_PATH }}
        run: |
          cd tf
          terraform apply -auto-approve
      - name: set vars
        id: set_vars
        shell: bash
        run: |
          cd tf
          WEB_URL=$(terraform output -raw web_url)
          STATIC_FILES_BUCKET=$(terraform output -raw static_files_bucket)
          CLOUDFRONT_ID=$(terraform output -raw cloudfront_id)
          echo "WEB_URL=$WEB_URL" >> $GITHUB_OUTPUT
          echo "STATIC_FILES_BUCKET=$STATIC_FILES_BUCKET" >> $GITHUB_OUTPUT
          echo "CLOUDFRONT_ID=$CLOUDFRONT_ID" >> $GITHUB_OUTPUT
      - name: sync static files
        shell: bash
        run: just static-sync ${{ steps.set_vars.outputs.STATIC_FILES_BUCKET }} ${{ steps.set_vars.outputs.CLOUDFRONT_ID }}

  test:
    needs:
      - deploy
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: install
        shell: bash
        run: |
          npm install @playwright/test playwright-chromium
          npx playwright install --with-deps chromium
      - name: sleep
        shell: bash
        run: sleep 300
      - name: test
        shell: bash
        env:
          BASE_PATH: ${{ env.TF_VAR_base_path }}
          BASE_URL: ${{ needs.deploy.outputs.web_url }}
        run: npx playwright test