From 7035d6046d60bd1d57448d80b563c23b6f9f405a Mon Sep 17 00:00:00 2001
From: Paul Beaudoin <contact@paulbeaudoin.com>
Date: Thu, 8 Aug 2024 11:23:38 -0400
Subject: [PATCH 1/2] Update CI/CD for qa, qa2, and production ECS deployments

---
 .github/workflows/test-and-deploy.yml | 39 +++++++++++++++++++++++++--
 README.md                             |  7 +++++
 2 files changed, 44 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/test-and-deploy.yml b/.github/workflows/test-and-deploy.yml
index 90746116..a755389f 100644
--- a/.github/workflows/test-and-deploy.yml
+++ b/.github/workflows/test-and-deploy.yml
@@ -21,7 +21,7 @@ jobs:
       contents: read
     runs-on: ubuntu-latest
     needs: tests
-    if: github.ref == 'refs/heads/qa-node20'
+    if: github.ref == 'refs/heads/qa'
     steps:
       - name: Checkout repo
         uses: actions/checkout@v3
@@ -50,13 +50,48 @@ jobs:
       - name: Force ECS Update
         run: |
           aws ecs update-service --cluster discovery-api-qa --service discovery-api-qa --force-new-deployment
+  deploy-qa2:
+    permissions:
+      id-token: write
+      contents: read
+    runs-on: ubuntu-latest
+    needs: tests
+    if: github.ref == 'refs/heads/qa2'
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v3
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          role-to-assume: arn:aws:iam::946183545209:role/GithubActionsDeployerRole
+          aws-region: us-east-1
+
+      - name: Log in to ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v1
+
+      - name: Build, tag, and push image to Amazon ECR
+        env:
+          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+          ECR_REPOSITORY: discovery-api
+          IMAGE_TAG: ${{ github.sha }}
+        run: |
+          docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
+          docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
+          docker tag $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY:qa2-latest
+          docker push $ECR_REGISTRY/$ECR_REPOSITORY:qa2-latest
+
+      - name: Force ECS Update
+        run: |
+          aws ecs update-service --cluster discovery-api-qa2 --service discovery-api-qa2 --force-new-deployment
   deploy-production:
     permissions:
       id-token: write
       contents: read
     runs-on: ubuntu-latest
     needs: tests
-    if: github.ref == 'refs/heads/production-node20'
+    if: github.ref == 'refs/heads/production'
     steps:
       - name: Checkout repo
         uses: actions/checkout@v3
diff --git a/README.md b/README.md
index 275d3063..23dbcb45 100644
--- a/README.md
+++ b/README.md
@@ -58,6 +58,13 @@ This app uses a [PRs Target Main, Merge to Deployment Branches](https://github.c
 1. Confirm app deploys to QA and run appropriate testing
 1. Merge `main` > `production`
 
+### Deploying
+
+App deploys through [GH Actions](./.github/workflows/test-and-deploy.yml) to ECS when updates are made to deployment branches:
+ - `qa`: discovery-api-qa.nypl.org
+ - `qa2`: discovery-api-qa2.nypl.org
+ - `production`: discovery-api-production.nypl.org
+
 ## Testing
 
 Run all tests:

From c1ba363d9b0cfeea8308ca937e57e07ba74ece7e Mon Sep 17 00:00:00 2001
From: Paul Beaudoin <contact@paulbeaudoin.com>
Date: Thu, 8 Aug 2024 13:28:11 -0400
Subject: [PATCH 2/2] Update to latest NYPL-core

---
 config/production.env | 2 +-
 config/qa.env         | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/config/production.env b/config/production.env
index 5e68b96a..5ef68a24 100644
--- a/config/production.env
+++ b/config/production.env
@@ -10,7 +10,7 @@ NYPL_OAUTH_URL=https://isso.nypl.org/
 ENCRYPTED_NYPL_OAUTH_ID=AQECAHh7ea2tyZ6phZgT4B9BDKwguhlFtRC6hgt+7HbmeFsrsgAAAGswaQYJKoZIhvcNAQcGoFwwWgIBADBVBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDMLKVUQA58B6vprNcAIBEIAoaz0lI9EL2M9NyTuEwT8JDmPBt6aXfMiFs027DEuwsCN0wS0qWeFL1g==
 ENCRYPTED_NYPL_OAUTH_SECRET=AQECAHh7ea2tyZ6phZgT4B9BDKwguhlFtRC6hgt+7HbmeFsrsgAAAIcwgYQGCSqGSIb3DQEHBqB3MHUCAQAwcAYJKoZIhvcNAQcBMB4GCWCGSAFlAwQBLjARBAyWz91LOP2YP5fg0q0CARCAQ9inO9SV1M8R0Pkkx84r7UdwlU1FxfXvIjk/z6Qs81KBAVELhby2iD5LawQyDrR9tjhuMbotS6QnydwwMR/p8+qJXHI=
 
-NYPL_CORE_VERSION=v2.19
+NYPL_CORE_VERSION=v2.20
 
 LOG_LEVEL=info
 FEATURES=on-site-edd
diff --git a/config/qa.env b/config/qa.env
index cca09a9e..1c4723b2 100644
--- a/config/qa.env
+++ b/config/qa.env
@@ -10,7 +10,7 @@ NYPL_OAUTH_URL=https://isso.nypl.org/
 ENCRYPTED_NYPL_OAUTH_ID=AQECAHh7ea2tyZ6phZgT4B9BDKwguhlFtRC6hgt+7HbmeFsrsgAAAGswaQYJKoZIhvcNAQcGoFwwWgIBADBVBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDMLKVUQA58B6vprNcAIBEIAoaz0lI9EL2M9NyTuEwT8JDmPBt6aXfMiFs027DEuwsCN0wS0qWeFL1g==
 ENCRYPTED_NYPL_OAUTH_SECRET=AQECAHh7ea2tyZ6phZgT4B9BDKwguhlFtRC6hgt+7HbmeFsrsgAAAIcwgYQGCSqGSIb3DQEHBqB3MHUCAQAwcAYJKoZIhvcNAQcBMB4GCWCGSAFlAwQBLjARBAyWz91LOP2YP5fg0q0CARCAQ9inO9SV1M8R0Pkkx84r7UdwlU1FxfXvIjk/z6Qs81KBAVELhby2iD5LawQyDrR9tjhuMbotS6QnydwwMR/p8+qJXHI=
 
-NYPL_CORE_VERSION=v2.19
+NYPL_CORE_VERSION=v2.20
 
 LOG_LEVEL=debug
 FEATURES=on-site-edd