actions: add builder-frontend workflow

prestoncabe · prestoncabe · commit 2e815db8e441 · 2025-10-16T16:54:08.000-04:00
diff --git a/.github/workflows/devbox-deploy-builder-frontend.yml b/.github/workflows/devbox-deploy-builder-frontend.yml
@@ -0,0 +1,78 @@
+# This workflow uses devbox for dependency management and builds/deploys the builder frontend
+# to Firebase Hosting when a commit is pushed to the "main" branch.
+
+name: 'Build and Deploy Builder Frontend to Firebase Hosting'
+
+on:
+  push:
+    branches:
+      - 157-offline-dev
+    paths:
+      - 'builder-frontend/**'
+      - 'devbox.json'
+      - 'devbox.lock'
+
+env:
+  PROJECT_ID: 'benefit-decision-toolkit-play'
+  WORKLOAD_IDENTITY_PROVIDER: 'projects/1034049717668/locations/global/workloadIdentityPools/github-actions-google-cloud/providers/github'
+
+jobs:
+  build-and-deploy:
+    runs-on: ubuntu-latest
+
+    # Add these permissions for Workload Identity Federation
+    permissions:
+      contents: read
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+        # Devbox needs a .env file to exist, even if it's empty
+      - name: 'Create .env file'
+        run: touch .env
+
+      # Setup devbox which includes Node.js, Firebase CLI, and Google Cloud SDK
+      - name: 'Install devbox'
+        uses: 'jetify-com/devbox-install-action@v0.12.0'
+        with:
+          enable-cache: true
+
+      # Configure Workload Identity Federation and generate an access token
+      - id: 'auth'
+        name: 'Authenticate to Google Cloud'
+        uses: 'google-github-actions/auth@v2'
+        with:
+          workload_identity_provider: '${{ env.WORKLOAD_IDENTITY_PROVIDER }}'
+          service_account: cicd-build-deploy-api@benefit-decision-toolkit-play.iam.gserviceaccount.com
+          project_id: ${{ env.PROJECT_ID }}
+
+      - name: Cache node modules
+        uses: actions/cache@v4
+        with:
+          path: builder-frontend/node_modules
+          key: ${{ runner.os }}-node-${{ hashFiles('builder-frontend/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-node-
+
+      - name: Install dependencies
+        working-directory: builder-frontend
+        run: devbox run -- npm ci
+
+      - name: Build application
+        working-directory: builder-frontend
+        run: devbox run -- npm run build
+        env:
+          VITE_API_URL: ${{ secrets.VITE_API_URL}}
+          VITE_SCREENER_BASE_URL: ${{ secrets.VITE_SCREENER_BASE_URL}}
+          VITE_API_KEY: ${{ secrets.VITE_API_KEY}}
+          VITE_AUTH_DOMAIN: ${{ secrets.VITE_AUTH_DOMAIN}}
+          VITE_PROJECT_ID: ${{ secrets.VITE_PROJECT_ID}}
+          VITE_STORAGE_BUCKET: ${{ secrets.VITE_STORAGE_BUCKET}}
+          VITE_MESSAGING_SENDER_ID: ${{ secrets.VITE_MESSAGING_SENDER_ID}}
+          VITE_APP_ID: ${{ secrets.VITE_APP_ID}}
+          VITE_MEASUREMENT_ID: ${{ secrets.VITE_MEASUREMENT_ID}}
+
+      - name: Deploy to Firebase Hosting
+        run: devbox run -- firebase deploy --only hosting:builder-frontend
