SD-10: Add stage deployment

bartoszjedrzejewski · bartoszjedrzejewski · commit f110c9513bae · 2025-03-25T16:35:17.000+01:00
diff --git a/.github/actions/build-and-push/action.yml b/.github/actions/build-and-push/action.yml
@@ -0,0 +1,122 @@
+name: Build and push app to Amplify
+description: This action builds frontend and deploys it onto Amplify
+
+inputs:
+  aws-access-key-id:
+    type: string
+    required: true
+    description: Access key ID to AWS account
+  aws-secret-access-key:
+    type: string
+    required: true
+    description: Access secret key to AWS account
+  s3-bucket-name:
+    type: string
+    required: true
+    description: Name of S3 bucket to store ZIP package
+  aws-default-region:
+    type: string
+    description: AWS Amplify region
+    default: "eu-central-1"
+  amplify-app-id:
+    type: string
+    required: true
+    description: APP ID of AWS Amplify app
+  environment:
+    type: choice
+    options:
+      - stage
+      - prod
+    required: true
+    description: Environment name
+  node-version:
+    type: string
+    description: Version of Node
+    default: "20"
+
+
+runs:
+  using: composite
+  steps:
+    - name: Call action get-ref-properties
+      id: get-ref-properties
+      uses: Cardinal-Cryptography/github-actions/get-ref-properties@v6
+
+    - name: Setup package name
+      id: get-package-name
+      shell: bash
+      run: |
+        date=$(date '+%Y-%m-%d-%H:%M')
+
+        if [ ! -z ${{ steps.get-ref-properties.outputs.tag }} ]; then
+          version=$(echo ${{ steps.get-ref-properties.outputs.tag }})
+        elif [ ! -z ${{ steps.get-ref-properties.outputs.sha }} ]; then
+          version=$(echo ${{ steps.get-ref-properties.outputs.sha }})
+        else
+          echo "ERROR - nor commit SHA nor tag is set"
+        fi
+
+        package_name=$(echo "release-${{ inputs.environment }}-${version}-${date}.zip")
+        echo "package_name=${package_name}" >> $GITHUB_OUTPUT
+
+    - name: Setup node
+      uses: actions/setup-node@v4
+      with:
+        node-version: ${{ inputs.node-version }}
+
+    - name: Clean install
+      shell: bash
+      run: npm ci
+
+    - name: Build an app
+      shell: bash
+      run: printenv | grep -i public_var && npm run build
+
+    - name: Compress app to ZIP file
+      shell: bash
+      run:
+        cd dist/ && zip -r ../${{ steps.get-package-name.outputs.package_name }} .
+
+    - name: Upload ZIP file to S3
+      uses: Cardinal-Cryptography/github-actions/copy-file-to-s3@v6
+      env:
+        AWS_ACCESS_KEY_ID: ${{ inputs.aws-access-key-id }}
+        AWS_SECRET_ACCESS_KEY: ${{ inputs.aws-secret-access-key }}
+        AWS_DEFAULT_REGION: ${{ inputs.aws-default-region }}
+      with:
+        compression: false
+        source-filename: "${{ steps.get-package-name.outputs.package_name }}"
+        source-path: "${{ steps.get-package-name.outputs.package_name }}"
+        s3-bucket-path: zips
+        s3-bucket-filename: "${{ steps.get-package-name.outputs.package_name }}"
+        s3-bucket-name: "${{ inputs.s3-bucket-name }}"
+        if-exist: fallback
+
+    - name: Deploy app to Amplify
+      shell: bash
+      env:
+        AWS_ACCESS_KEY_ID: ${{ inputs.aws-access-key-id }}
+        AWS_SECRET_ACCESS_KEY: ${{ inputs.aws-secret-access-key }}
+        AWS_DEFAULT_REGION: ${{ inputs.aws-default-region }}
+        APP_ID: ${{ inputs.amplify-app-id }}
+        BRANCH_NAME: ${{ inputs.environment }}
+        S3_BUCKET: ${{ inputs.s3-bucket-name }}
+      run: |
+        #!/bin/bash
+        job_id=$(aws amplify start-deployment --region ${{ env.AWS_DEFAULT_REGION }} --app-id ${{ env.APP_ID }} --branch-name ${{ env.BRANCH_NAME }} --source-url s3://${{ env.S3_BUCKET }}/zips/${{ steps.get-package-name.outputs.package_name }} --output text --query "jobSummary.jobId")
+
+        i=1
+        while [ $i -le 6 ]
+        do
+          if aws amplify list-jobs --region ${{ env.AWS_DEFAULT_REGION }} --app-id ${{ env.APP_ID }} --branch-name ${{ env.BRANCH_NAME }} --output text --query "jobSummaries[?jobId == '${job_id}'].status" | grep -i "succeed"; then
+            echo "Done"
+            exit 0
+          else
+            echo "Waiting... Status:"
+            aws amplify list-jobs --region ${{ env.AWS_DEFAULT_REGION }} --app-id ${{ env.APP_ID }} --branch-name ${{ env.BRANCH_NAME }} --output text --query "jobSummaries[?jobId == '${job_id}']"
+            i=$((i+1))
+            sleep 10
+          fi
+        done
+        echo "TIMEOUT - plase check the application manually in AWS Amplify console, exiting..."
+        exit 1
diff --git a/.github/workflows/build-and-push-stage.yml b/.github/workflows/build-and-push-stage.yml
@@ -0,0 +1,32 @@
+---
+name: (STAGE) Build and deploy frontend
+
+on:
+  workflow_dispatch:
+
+jobs:
+  build-and-push:
+    name: Build and push
+    runs-on: ubuntu-20.04
+    environment:
+      name: stage
+    steps:
+      - name: GIT | Checkout
+        uses: actions/checkout@v4
+
+      - name: Export variables
+        env:
+          VARS_CONTEXT: ${{ toJson(vars) }}
+        run: |
+          EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64)
+          to_envs() { jq -r "to_entries[] | select(.key|startswith(\"PUBLIC_VAR\")) | \"\(.key)<<$EOF\n\(.value)\n$EOF\n\""; }
+          echo "$VARS_CONTEXT" | to_envs >> $GITHUB_ENV
+
+      - name: Build and deploy - STAGE
+        uses: ./.github/actions/build-and-push
+        with:
+          environment: stage
+          aws-access-key-id: ${{ secrets.AWS_S3_STAGE_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_S3_STAGE_SECRET_ACCESS_KEY }}
+          s3-bucket-name: ${{ secrets.AWS_S3_STAGE_BUCKET_NAME }}
+          amplify-app-id: ${{ secrets.AWS_AMPLIFY_STAGE_APP_ID }}
