From 3ca5fce8f386737a25a1f860aced08ca26fbc75a Mon Sep 17 00:00:00 2001 From: William Horn Date: Thu, 20 Jun 2024 08:13:29 -0800 Subject: [PATCH 01/28] feat: add github actions for test deployment --- .github/workflows/deploy-prod.yml | 21 +++++++ .github/workflows/deploy-test.yml | 25 ++++++++ .../workflows/search-ui-composite/action.yml | 60 +++++++++++++++++++ buildspec.yml | 2 +- 4 files changed, 107 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/deploy-prod.yml create mode 100644 .github/workflows/deploy-test.yml create mode 100644 .github/workflows/search-ui-composite/action.yml diff --git a/.github/workflows/deploy-prod.yml b/.github/workflows/deploy-prod.yml new file mode 100644 index 000000000..5e6d779a0 --- /dev/null +++ b/.github/workflows/deploy-prod.yml @@ -0,0 +1,21 @@ +name: Update BulkDownload Stack (prod) + +on: + push: + branches: + - prod + +jobs: + deploy: + runs-on: ubuntu-latest + environment: test + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: build + uses: ./.github/workflows/bulk-download-deploy-composite + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} diff --git a/.github/workflows/deploy-test.yml b/.github/workflows/deploy-test.yml new file mode 100644 index 000000000..ce9caab4c --- /dev/null +++ b/.github/workflows/deploy-test.yml @@ -0,0 +1,25 @@ +name: Update BulkDownload Stack (test) + +on: + push: + branches: + - actions + +jobs: + deploy: + runs-on: ubuntu-latest + environment: test + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: build + uses: ./.github/workflows/bulk-download-deploy-composite + with: + maturity: test + application: ${{ vars.APPLICATION }} + cdn-id: ${{ vars.CDN_ID }} + s3-bucket: ${{ vars.S3_BUCKET }} + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} diff --git a/.github/workflows/search-ui-composite/action.yml b/.github/workflows/search-ui-composite/action.yml new file mode 100644 index 000000000..990ba8c75 --- /dev/null +++ b/.github/workflows/search-ui-composite/action.yml @@ -0,0 +1,60 @@ +name: Composite search-ui deploy action + +inputs: + maturity: + required: true + type: string + application: + required: true + type: string + cdn-id: + required: true + type: string + s3-bucket: + required: true + type: string + aws-access-key-id: + required: true + type: string + aws-secret-access-key: + required: true + type: string + +runs: + using: "composite" + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Use Node.js + uses: actions/setup-node@v3 + with: + node-version: 18 + + - name: Install dependencies + shell: bash + run: | + cp src/app/services/envs/env-${{ inputs.maturity }}.ts src/app/services/env.ts + echo "{\"hash\":\"${{ github.sha }}\"}" > src/assets/commit-hash.json + npm install -g @angular/cli@17.2.7 + npm install + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ inputs.aws-access-key-id }} + aws-secret-access-key: ${{ inputs.aws-secret-access-key }} + aws-region: "us-east-1" + + - name: Angular Build + run: | + ng build --configuration production + + - name: Deploy to AWS + shell: bash + run: | + cd dist/${{ inputs.application }} + aws s3 sync . "s3://${{ inputs.s3-bucket }}" + aws cloudfront create-invalidation \ + --distribution-id ${{ inputs.cdn-id }} \ + --paths /index.html /manifest.json /ngsw.json /favicon.ico /assets/i18n/* /assets/* /docs/* diff --git a/buildspec.yml b/buildspec.yml index b3973eafd..17d627cd3 100644 --- a/buildspec.yml +++ b/buildspec.yml @@ -7,7 +7,7 @@ phases: commands: - n 18 - npm set progress=false - - npm install -g @angular/cli@15.2.7 + - npm install -g @angular/cli@17.2.7 pre_build: commands: - cp src/app/services/envs/env-${MATURITY}.ts src/app/services/env.ts From 482c43b03c9ba1219ccc56830bd75c7c3d868636 Mon Sep 17 00:00:00 2001 From: William Horn Date: Thu, 20 Jun 2024 08:16:58 -0800 Subject: [PATCH 02/28] fix: rename composite to search-ui-deploy --- .github/workflows/deploy-test.yml | 2 +- .../action.yml | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename .github/workflows/{search-ui-composite => search-ui-deploy-composite}/action.yml (100%) diff --git a/.github/workflows/deploy-test.yml b/.github/workflows/deploy-test.yml index ce9caab4c..2f872d28c 100644 --- a/.github/workflows/deploy-test.yml +++ b/.github/workflows/deploy-test.yml @@ -15,7 +15,7 @@ jobs: uses: actions/checkout@v4 - name: build - uses: ./.github/workflows/bulk-download-deploy-composite + uses: ./.github/workflows/search-ui-deploy-composite with: maturity: test application: ${{ vars.APPLICATION }} diff --git a/.github/workflows/search-ui-composite/action.yml b/.github/workflows/search-ui-deploy-composite/action.yml similarity index 100% rename from .github/workflows/search-ui-composite/action.yml rename to .github/workflows/search-ui-deploy-composite/action.yml From fe1c5e0b1a506512c7d8d01d9c80cc7cd8f6611e Mon Sep 17 00:00:00 2001 From: William Horn Date: Thu, 20 Jun 2024 08:21:00 -0800 Subject: [PATCH 03/28] fix: remove shell from action --- .github/workflows/search-ui-deploy-composite/action.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/search-ui-deploy-composite/action.yml b/.github/workflows/search-ui-deploy-composite/action.yml index 990ba8c75..9c23c08da 100644 --- a/.github/workflows/search-ui-deploy-composite/action.yml +++ b/.github/workflows/search-ui-deploy-composite/action.yml @@ -32,7 +32,6 @@ runs: node-version: 18 - name: Install dependencies - shell: bash run: | cp src/app/services/envs/env-${{ inputs.maturity }}.ts src/app/services/env.ts echo "{\"hash\":\"${{ github.sha }}\"}" > src/assets/commit-hash.json From 7c8a9d00a89a8b4a94acb6f02b207494b09ec376 Mon Sep 17 00:00:00 2001 From: William Horn Date: Thu, 20 Jun 2024 08:23:27 -0800 Subject: [PATCH 04/28] fix: add shell --- .github/workflows/search-ui-deploy-composite/action.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/search-ui-deploy-composite/action.yml b/.github/workflows/search-ui-deploy-composite/action.yml index 9c23c08da..0075b3030 100644 --- a/.github/workflows/search-ui-deploy-composite/action.yml +++ b/.github/workflows/search-ui-deploy-composite/action.yml @@ -32,6 +32,7 @@ runs: node-version: 18 - name: Install dependencies + shell: bash run: | cp src/app/services/envs/env-${{ inputs.maturity }}.ts src/app/services/env.ts echo "{\"hash\":\"${{ github.sha }}\"}" > src/assets/commit-hash.json @@ -46,6 +47,7 @@ runs: aws-region: "us-east-1" - name: Angular Build + shell: bash run: | ng build --configuration production From 23789022084c0d44c1e95746cde06d21f27f77ca Mon Sep 17 00:00:00 2001 From: William Horn Date: Thu, 20 Jun 2024 08:25:11 -0800 Subject: [PATCH 05/28] fix: remove angular cli global install --- .github/workflows/search-ui-deploy-composite/action.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/search-ui-deploy-composite/action.yml b/.github/workflows/search-ui-deploy-composite/action.yml index 0075b3030..ccc02b197 100644 --- a/.github/workflows/search-ui-deploy-composite/action.yml +++ b/.github/workflows/search-ui-deploy-composite/action.yml @@ -36,7 +36,6 @@ runs: run: | cp src/app/services/envs/env-${{ inputs.maturity }}.ts src/app/services/env.ts echo "{\"hash\":\"${{ github.sha }}\"}" > src/assets/commit-hash.json - npm install -g @angular/cli@17.2.7 npm install - name: Configure AWS credentials From f23543edc7621f5632fc11d18995c0c646247f21 Mon Sep 17 00:00:00 2001 From: William Horn Date: Thu, 20 Jun 2024 08:28:01 -0800 Subject: [PATCH 06/28] chore: change name of test deploy action --- .github/workflows/{deploy-test.yml => deploy-will.yml} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename .github/workflows/{deploy-test.yml => deploy-will.yml} (96%) diff --git a/.github/workflows/deploy-test.yml b/.github/workflows/deploy-will.yml similarity index 96% rename from .github/workflows/deploy-test.yml rename to .github/workflows/deploy-will.yml index 2f872d28c..f44f89821 100644 --- a/.github/workflows/deploy-test.yml +++ b/.github/workflows/deploy-will.yml @@ -8,7 +8,7 @@ on: jobs: deploy: runs-on: ubuntu-latest - environment: test + environment: will steps: - name: Checkout From ce0ab1c20f0e42a42fe8a3705e478c4618b79bac Mon Sep 17 00:00:00 2001 From: William Horn Date: Thu, 20 Jun 2024 08:29:19 -0800 Subject: [PATCH 07/28] chore: change actions name --- .github/workflows/deploy-will.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-will.yml b/.github/workflows/deploy-will.yml index f44f89821..5b13376e1 100644 --- a/.github/workflows/deploy-will.yml +++ b/.github/workflows/deploy-will.yml @@ -1,4 +1,4 @@ -name: Update BulkDownload Stack (test) +name: Update SearchUI (will) on: push: From 0d3cb84ac238df13114b3d0818449c8718c3929f Mon Sep 17 00:00:00 2001 From: William Horn Date: Thu, 20 Jun 2024 08:31:37 -0800 Subject: [PATCH 08/28] fix: use npm to run build --- .github/workflows/search-ui-deploy-composite/action.yml | 2 +- package.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/search-ui-deploy-composite/action.yml b/.github/workflows/search-ui-deploy-composite/action.yml index ccc02b197..dba95687e 100644 --- a/.github/workflows/search-ui-deploy-composite/action.yml +++ b/.github/workflows/search-ui-deploy-composite/action.yml @@ -48,7 +48,7 @@ runs: - name: Angular Build shell: bash run: | - ng build --configuration production + npm run build - name: Deploy to AWS shell: bash diff --git a/package.json b/package.json index 0c0b60bf6..ce3252e04 100644 --- a/package.json +++ b/package.json @@ -4,7 +4,7 @@ "scripts": { "ng": "ng", "start": "ng serve", - "build": "ng build", + "build": "ng build --configuration production", "test": "ng test", "lint": "eslint -c .eslintrc.js --ext .ts src", "e2e": "ng e2e" From 3fff580a08cfb11c3da75e87720f903f0741866b Mon Sep 17 00:00:00 2001 From: William Horn Date: Fri, 28 Jun 2024 14:14:14 -0800 Subject: [PATCH 09/28] feat: use oicd to authenticate github actions build --- .github/workflows/deploy-will.yml | 3 +- .../search-ui-deploy-composite/action.yml | 21 +++--- build/github-actions-oidc.yml | 67 +++++++++++++++++++ 3 files changed, 78 insertions(+), 13 deletions(-) create mode 100644 build/github-actions-oidc.yml diff --git a/.github/workflows/deploy-will.yml b/.github/workflows/deploy-will.yml index 5b13376e1..44596de13 100644 --- a/.github/workflows/deploy-will.yml +++ b/.github/workflows/deploy-will.yml @@ -21,5 +21,4 @@ jobs: application: ${{ vars.APPLICATION }} cdn-id: ${{ vars.CDN_ID }} s3-bucket: ${{ vars.S3_BUCKET }} - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-account-id: ${{ secrets.AWS_ACCOUNT_ID }} diff --git a/.github/workflows/search-ui-deploy-composite/action.yml b/.github/workflows/search-ui-deploy-composite/action.yml index dba95687e..c9b5bb05f 100644 --- a/.github/workflows/search-ui-deploy-composite/action.yml +++ b/.github/workflows/search-ui-deploy-composite/action.yml @@ -13,10 +13,7 @@ inputs: s3-bucket: required: true type: string - aws-access-key-id: - required: true - type: string - aws-secret-access-key: + aws-account-id: required: true type: string @@ -31,6 +28,15 @@ runs: with: node-version: 18 + - name: Configure AWS credentials from Test account + uses: aws-actions/configure-aws-credentials@v3 + with: + role-to-assume: arn:aws:iam::${{ inputs.account-id }}:role/GitHub_Actions_Role + aws-region: us-east-1 + - name: Fetch the caller identity + run: | + aws sts get-caller-identity + - name: Install dependencies shell: bash run: | @@ -38,13 +44,6 @@ runs: echo "{\"hash\":\"${{ github.sha }}\"}" > src/assets/commit-hash.json npm install - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ inputs.aws-access-key-id }} - aws-secret-access-key: ${{ inputs.aws-secret-access-key }} - aws-region: "us-east-1" - - name: Angular Build shell: bash run: | diff --git a/build/github-actions-oidc.yml b/build/github-actions-oidc.yml new file mode 100644 index 000000000..b13803744 --- /dev/null +++ b/build/github-actions-oidc.yml @@ -0,0 +1,67 @@ +AWSTemplateFormatVersion: 2010-09-09 +Description: GitHub OIDC for when GitHub wants to communicate with AWS. +Resources: + + # This is the bare-bones role. + GitHubActionsRole: + Type: AWS::IAM::Role + Properties: + RoleName: GitHub_Actions_Role + AssumeRolePolicyDocument: + Version: 2012-10-17 + Statement: + - Effect: Allow + Principal: + Federated: !Sub arn:aws:iam::${AWS::AccountId}:oidc-provider/token.actions.githubusercontent.com + Action: sts:AssumeRoleWithWebIdentity + Condition: + StringLike: + ## THESE ARE CASE SENSITIVE! + 'token.actions.githubusercontent.com:sub': ['repo:asfadmin/Discovery-SearchUI'] + StringEqualsIgnoreCase: + 'token.actions.githubusercontent.com:aud': sts.amazonaws.com + Policies: + - PolicyName: OidcSafetyPolicy + PolicyDocument: + Version: '2012-10-17' + Statement: + - Sid: OidcSafeties + Effect: Deny + Action: + - sts:AssumeRole + Resource: "*" + - PolicyName: GitHubActionsDeployPolicy + PolicyDocument: + Version: '2012-10-17' + Statement: + - Sid: AllowS3SyncActions + Effect: Allow + Action: + - s3:DeleteObject + - s3:GetBucketLocation + - s3:GetObject + - s3:ListBucket + - s3:PutObject + Resource: + - arn:aws:s3:::search-ui-custom-deployments + - arn:aws:s3:::search-ui-custom-deployments/* + - PolicyName: CloudfrontInvalidation + PolicyDocument: + Version: '2012-10-17' + Statement: + - Sid: AllowInvalidations + Effect: Allow + Action: + - cloudfront:CreateInvalidation + Resource: "*" + + + # This is the OIDC provider hookup itself. This tells AWS to delegate authN GitHub + GitHubActionsOidcProvider: + Type: AWS::IAM::OIDCProvider + Properties: + ClientIdList: + - sts.amazonaws.com + ThumbprintList: + - 6938fd4d98bab03faadb97b34396831e3780aea1 + Url: https://token.actions.githubusercontent.com From 1c286dbefc8120cf3bf6f4e8ce97be433754653f Mon Sep 17 00:00:00 2001 From: William Horn Date: Fri, 28 Jun 2024 14:15:56 -0800 Subject: [PATCH 10/28] fix: use correct variable name in action --- .github/workflows/search-ui-deploy-composite/action.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/search-ui-deploy-composite/action.yml b/.github/workflows/search-ui-deploy-composite/action.yml index c9b5bb05f..2fd8b5a0e 100644 --- a/.github/workflows/search-ui-deploy-composite/action.yml +++ b/.github/workflows/search-ui-deploy-composite/action.yml @@ -31,8 +31,9 @@ runs: - name: Configure AWS credentials from Test account uses: aws-actions/configure-aws-credentials@v3 with: - role-to-assume: arn:aws:iam::${{ inputs.account-id }}:role/GitHub_Actions_Role + role-to-assume: arn:aws:iam::${{ inputs.aws-account-id }}:role/GitHub_Actions_Role aws-region: us-east-1 + - name: Fetch the caller identity run: | aws sts get-caller-identity From 614fb33be984c6d6a6d8fb4a0dfce3d80e09e638 Mon Sep 17 00:00:00 2001 From: William Horn Date: Fri, 28 Jun 2024 14:17:10 -0800 Subject: [PATCH 11/28] fix: add missing property 'shell' --- .github/workflows/search-ui-deploy-composite/action.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/search-ui-deploy-composite/action.yml b/.github/workflows/search-ui-deploy-composite/action.yml index 2fd8b5a0e..a0a88ee15 100644 --- a/.github/workflows/search-ui-deploy-composite/action.yml +++ b/.github/workflows/search-ui-deploy-composite/action.yml @@ -35,6 +35,7 @@ runs: aws-region: us-east-1 - name: Fetch the caller identity + shell: bash run: | aws sts get-caller-identity From c0c82f04287eb0723ff231b0a5516b0df11ee86a Mon Sep 17 00:00:00 2001 From: William Horn Date: Fri, 28 Jun 2024 14:19:22 -0800 Subject: [PATCH 12/28] fix: add permissions to root workflow --- .github/workflows/deploy-will.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/deploy-will.yml b/.github/workflows/deploy-will.yml index 44596de13..8ab5934f7 100644 --- a/.github/workflows/deploy-will.yml +++ b/.github/workflows/deploy-will.yml @@ -9,6 +9,9 @@ jobs: deploy: runs-on: ubuntu-latest environment: will + permissions: + id-token: write + contents: read steps: - name: Checkout From 60488568850503fc10aace2ed575dd15fb282bb3 Mon Sep 17 00:00:00 2001 From: William Horn Date: Fri, 28 Jun 2024 14:27:08 -0800 Subject: [PATCH 13/28] fix: add wildcard to SearchUI repo --- build/github-actions-oidc.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/build/github-actions-oidc.yml b/build/github-actions-oidc.yml index b13803744..25566871e 100644 --- a/build/github-actions-oidc.yml +++ b/build/github-actions-oidc.yml @@ -16,8 +16,7 @@ Resources: Action: sts:AssumeRoleWithWebIdentity Condition: StringLike: - ## THESE ARE CASE SENSITIVE! - 'token.actions.githubusercontent.com:sub': ['repo:asfadmin/Discovery-SearchUI'] + 'token.actions.githubusercontent.com:sub': ['repo:asfadmin/Discovery-SearchUI:*'] StringEqualsIgnoreCase: 'token.actions.githubusercontent.com:aud': sts.amazonaws.com Policies: From 6b877117fb774b0da73b9b04305ad640bba42711 Mon Sep 17 00:00:00 2001 From: William Horn Date: Fri, 28 Jun 2024 14:43:39 -0800 Subject: [PATCH 14/28] try authentication outside of composite action --- .github/workflows/deploy-will.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/deploy-will.yml b/.github/workflows/deploy-will.yml index 8ab5934f7..7c21b1729 100644 --- a/.github/workflows/deploy-will.yml +++ b/.github/workflows/deploy-will.yml @@ -17,6 +17,12 @@ jobs: - name: Checkout uses: actions/checkout@v4 + - name: Configure AWS credentials from Test account + uses: aws-actions/configure-aws-credentials@v3 + with: + role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/GitHub_Actions_Role + aws-region: us-east-1 + - name: build uses: ./.github/workflows/search-ui-deploy-composite with: From ec5f7fff44670ee9416a42563fb3d213cb3cf045 Mon Sep 17 00:00:00 2001 From: William Horn Date: Sat, 29 Jun 2024 19:34:55 -0800 Subject: [PATCH 15/28] test action --- .github/workflows/deploy-will.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/deploy-will.yml b/.github/workflows/deploy-will.yml index 7c21b1729..bab2ed413 100644 --- a/.github/workflows/deploy-will.yml +++ b/.github/workflows/deploy-will.yml @@ -23,6 +23,11 @@ jobs: role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/GitHub_Actions_Role aws-region: us-east-1 + - name: Fetch the caller identity + shell: bash + run: | + aws sts get-caller-identity + - name: build uses: ./.github/workflows/search-ui-deploy-composite with: From df778b1a254d0067dea6ecd3166bb0c90e937bcb Mon Sep 17 00:00:00 2001 From: William Horn Date: Mon, 1 Jul 2024 08:53:38 -0800 Subject: [PATCH 16/28] fix: remove extra login from action --- .github/workflows/deploy-will.yml | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/.github/workflows/deploy-will.yml b/.github/workflows/deploy-will.yml index bab2ed413..8ab5934f7 100644 --- a/.github/workflows/deploy-will.yml +++ b/.github/workflows/deploy-will.yml @@ -17,17 +17,6 @@ jobs: - name: Checkout uses: actions/checkout@v4 - - name: Configure AWS credentials from Test account - uses: aws-actions/configure-aws-credentials@v3 - with: - role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/GitHub_Actions_Role - aws-region: us-east-1 - - - name: Fetch the caller identity - shell: bash - run: | - aws sts get-caller-identity - - name: build uses: ./.github/workflows/search-ui-deploy-composite with: From 6bcf13bf77e32135485b34f3c54ad959517eb924 Mon Sep 17 00:00:00 2001 From: William Horn Date: Mon, 1 Jul 2024 09:30:18 -0800 Subject: [PATCH 17/28] change dev deployments to run on all dev/* branches --- .github/workflows/deploy-will.yml | 13 +++++++++---- .../workflows/search-ui-deploy-composite/action.yml | 13 ++++++++++--- 2 files changed, 19 insertions(+), 7 deletions(-) diff --git a/.github/workflows/deploy-will.yml b/.github/workflows/deploy-will.yml index 8ab5934f7..1f68b365b 100644 --- a/.github/workflows/deploy-will.yml +++ b/.github/workflows/deploy-will.yml @@ -3,12 +3,12 @@ name: Update SearchUI (will) on: push: branches: - - actions + - dev/* jobs: deploy: runs-on: ubuntu-latest - environment: will + environment: dev-deployments permissions: id-token: write contents: read @@ -17,11 +17,16 @@ jobs: - name: Checkout uses: actions/checkout@v4 + - name: Extract branch name + shell: bash + run: echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_OUTPUT + id: extract_branch + - name: build uses: ./.github/workflows/search-ui-deploy-composite with: - maturity: test - application: ${{ vars.APPLICATION }} + maturity: ${{ vars.MATURITY }} + application: ${{ steps.extract_branch.outputs.branch }} cdn-id: ${{ vars.CDN_ID }} s3-bucket: ${{ vars.S3_BUCKET }} aws-account-id: ${{ secrets.AWS_ACCOUNT_ID }} diff --git a/.github/workflows/search-ui-deploy-composite/action.yml b/.github/workflows/search-ui-deploy-composite/action.yml index a0a88ee15..a934162c6 100644 --- a/.github/workflows/search-ui-deploy-composite/action.yml +++ b/.github/workflows/search-ui-deploy-composite/action.yml @@ -54,8 +54,15 @@ runs: - name: Deploy to AWS shell: bash run: | - cd dist/${{ inputs.application }} - aws s3 sync . "s3://${{ inputs.s3-bucket }}" + cd dist/search-ui + aws s3 sync . "s3://${{ inputs.s3-bucket }}/${{ inputs.application }}" aws cloudfront create-invalidation \ --distribution-id ${{ inputs.cdn-id }} \ - --paths /index.html /manifest.json /ngsw.json /favicon.ico /assets/i18n/* /assets/* /docs/* + --paths \ + ${{ inputs.application }}/index.html \ + ${{ inputs.application }}/manifest.json \ + ${{ inputs.application }}/ngsw.json \ + ${{ inputs.application }}/favicon.ico \ + ${{ inputs.application }}/assets/i18n/* \ + ${{ inputs.application }}/assets/* \ + ${{ inputs.application }}/docs/* From 781345620d2603e481a1bb1e3c4cf9c3921cd097 Mon Sep 17 00:00:00 2001 From: William Horn Date: Mon, 1 Jul 2024 09:33:23 -0800 Subject: [PATCH 18/28] chore: rename workflow to deploy-dev --- .github/workflows/{deploy-will.yml => deploy-dev.yml} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename .github/workflows/{deploy-will.yml => deploy-dev.yml} (96%) diff --git a/.github/workflows/deploy-will.yml b/.github/workflows/deploy-dev.yml similarity index 96% rename from .github/workflows/deploy-will.yml rename to .github/workflows/deploy-dev.yml index 1f68b365b..69dd8152f 100644 --- a/.github/workflows/deploy-will.yml +++ b/.github/workflows/deploy-dev.yml @@ -1,4 +1,4 @@ -name: Update SearchUI (will) +name: Deploy dev SearchUI on: push: From 726c3b823a1766d8ff09a150a42fa3763b5832e2 Mon Sep 17 00:00:00 2001 From: William Horn Date: Mon, 8 Jul 2024 18:05:22 -0800 Subject: [PATCH 19/28] get deployment from branch name --- .github/workflows/deploy-dev.yml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml index 69dd8152f..f24219386 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-dev.yml @@ -3,7 +3,12 @@ name: Deploy dev SearchUI on: push: branches: - - dev/* + - will/* + - greg/* + - tyler/* + - kim/* + - andy/* + - andy2/* jobs: deploy: @@ -19,7 +24,7 @@ jobs: - name: Extract branch name shell: bash - run: echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_OUTPUT + run: echo "branch=${dirname ${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}}" >> $GITHUB_OUTPUT id: extract_branch - name: build From cf0699a5aa6a77c7abf17e3e017489f966817cab Mon Sep 17 00:00:00 2001 From: William Horn Date: Mon, 8 Jul 2024 18:11:24 -0800 Subject: [PATCH 20/28] tweak method for getting branch name --- .github/workflows/deploy-dev.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml index f24219386..a5dd6899b 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-dev.yml @@ -24,7 +24,7 @@ jobs: - name: Extract branch name shell: bash - run: echo "branch=${dirname ${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}}" >> $GITHUB_OUTPUT + run: echo "branch=${dirname ${GITHUB_REF_NAME}}" >> $GITHUB_OUTPUT id: extract_branch - name: build From 419993966bdc8d914f28e225b5dbe663230bb66b Mon Sep 17 00:00:00 2001 From: William Horn Date: Mon, 8 Jul 2024 18:14:45 -0800 Subject: [PATCH 21/28] fix getting deployment name --- .github/workflows/deploy-dev.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml index a5dd6899b..f2c6fde2c 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-dev.yml @@ -24,7 +24,7 @@ jobs: - name: Extract branch name shell: bash - run: echo "branch=${dirname ${GITHUB_REF_NAME}}" >> $GITHUB_OUTPUT + run: echo "branch=$(dirname ${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}})" >> $GITHUB_OUTPUT id: extract_branch - name: build From 2a6ab45e7c904b6bf4d65da60b0283991f767b5c Mon Sep 17 00:00:00 2001 From: William Horn Date: Mon, 8 Jul 2024 18:56:25 -0800 Subject: [PATCH 22/28] use seperate actions files for each personal deployment --- .github/workflows/deploy-andy.yml | 26 +++++++++++++++++++ .../{deploy-dev.yml => deploy-andy2.yml} | 13 +--------- .github/workflows/deploy-greg.yml | 26 +++++++++++++++++++ .github/workflows/deploy-kim.yml | 26 +++++++++++++++++++ .github/workflows/deploy-tyler.yml | 26 +++++++++++++++++++ .github/workflows/deploy-will.yml | 26 +++++++++++++++++++ .../search-ui-deploy-composite/action.yml | 19 ++++++-------- 7 files changed, 139 insertions(+), 23 deletions(-) create mode 100644 .github/workflows/deploy-andy.yml rename .github/workflows/{deploy-dev.yml => deploy-andy2.yml} (58%) create mode 100644 .github/workflows/deploy-greg.yml create mode 100644 .github/workflows/deploy-kim.yml create mode 100644 .github/workflows/deploy-tyler.yml create mode 100644 .github/workflows/deploy-will.yml diff --git a/.github/workflows/deploy-andy.yml b/.github/workflows/deploy-andy.yml new file mode 100644 index 000000000..00b74ea92 --- /dev/null +++ b/.github/workflows/deploy-andy.yml @@ -0,0 +1,26 @@ +name: Deploy dev SearchUI + +on: + push: + branches: + - andy/* + +jobs: + deploy: + runs-on: ubuntu-latest + environment: dev-andy + permissions: + id-token: write + contents: read + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: build + uses: ./.github/workflows/search-ui-deploy-composite + with: + maturity: ${{ vars.MATURITY }} + cdn-id: ${{ vars.CDN_ID }} + s3-bucket: ${{ vars.S3_BUCKET }} + aws-account-id: ${{ secrets.AWS_ACCOUNT_ID }} diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-andy2.yml similarity index 58% rename from .github/workflows/deploy-dev.yml rename to .github/workflows/deploy-andy2.yml index f2c6fde2c..6c71389c9 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-andy2.yml @@ -3,17 +3,12 @@ name: Deploy dev SearchUI on: push: branches: - - will/* - - greg/* - - tyler/* - - kim/* - - andy/* - andy2/* jobs: deploy: runs-on: ubuntu-latest - environment: dev-deployments + environment: dev-andy2 permissions: id-token: write contents: read @@ -22,16 +17,10 @@ jobs: - name: Checkout uses: actions/checkout@v4 - - name: Extract branch name - shell: bash - run: echo "branch=$(dirname ${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}})" >> $GITHUB_OUTPUT - id: extract_branch - - name: build uses: ./.github/workflows/search-ui-deploy-composite with: maturity: ${{ vars.MATURITY }} - application: ${{ steps.extract_branch.outputs.branch }} cdn-id: ${{ vars.CDN_ID }} s3-bucket: ${{ vars.S3_BUCKET }} aws-account-id: ${{ secrets.AWS_ACCOUNT_ID }} diff --git a/.github/workflows/deploy-greg.yml b/.github/workflows/deploy-greg.yml new file mode 100644 index 000000000..23d645138 --- /dev/null +++ b/.github/workflows/deploy-greg.yml @@ -0,0 +1,26 @@ +name: Deploy dev SearchUI + +on: + push: + branches: + - greg/* + +jobs: + deploy: + runs-on: ubuntu-latest + environment: dev-greg + permissions: + id-token: write + contents: read + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: build + uses: ./.github/workflows/search-ui-deploy-composite + with: + maturity: ${{ vars.MATURITY }} + cdn-id: ${{ vars.CDN_ID }} + s3-bucket: ${{ vars.S3_BUCKET }} + aws-account-id: ${{ secrets.AWS_ACCOUNT_ID }} diff --git a/.github/workflows/deploy-kim.yml b/.github/workflows/deploy-kim.yml new file mode 100644 index 000000000..65d350778 --- /dev/null +++ b/.github/workflows/deploy-kim.yml @@ -0,0 +1,26 @@ +name: Deploy kim SearchUI + +on: + push: + branches: + - kim/* + +jobs: + deploy: + runs-on: ubuntu-latest + environment: dev-kim + permissions: + id-token: write + contents: read + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: build + uses: ./.github/workflows/search-ui-deploy-composite + with: + maturity: ${{ vars.MATURITY }} + cdn-id: ${{ vars.CDN_ID }} + s3-bucket: ${{ vars.S3_BUCKET }} + aws-account-id: ${{ secrets.AWS_ACCOUNT_ID }} diff --git a/.github/workflows/deploy-tyler.yml b/.github/workflows/deploy-tyler.yml new file mode 100644 index 000000000..dedccd82f --- /dev/null +++ b/.github/workflows/deploy-tyler.yml @@ -0,0 +1,26 @@ +name: Deploy dev SearchUI + +on: + push: + branches: + - tyler/* + +jobs: + deploy: + runs-on: ubuntu-latest + environment: dev-tyler + permissions: + id-token: write + contents: read + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: build + uses: ./.github/workflows/search-ui-deploy-composite + with: + maturity: ${{ vars.MATURITY }} + cdn-id: ${{ vars.CDN_ID }} + s3-bucket: ${{ vars.S3_BUCKET }} + aws-account-id: ${{ secrets.AWS_ACCOUNT_ID }} diff --git a/.github/workflows/deploy-will.yml b/.github/workflows/deploy-will.yml new file mode 100644 index 000000000..9ab6ea96f --- /dev/null +++ b/.github/workflows/deploy-will.yml @@ -0,0 +1,26 @@ +name: Deploy dev SearchUI + +on: + push: + branches: + - will/* + +jobs: + deploy: + runs-on: ubuntu-latest + environment: dev-will + permissions: + id-token: write + contents: read + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: build + uses: ./.github/workflows/search-ui-deploy-composite + with: + maturity: ${{ vars.MATURITY }} + cdn-id: ${{ vars.CDN_ID }} + s3-bucket: ${{ vars.S3_BUCKET }} + aws-account-id: ${{ secrets.AWS_ACCOUNT_ID }} diff --git a/.github/workflows/search-ui-deploy-composite/action.yml b/.github/workflows/search-ui-deploy-composite/action.yml index a934162c6..e80f65c35 100644 --- a/.github/workflows/search-ui-deploy-composite/action.yml +++ b/.github/workflows/search-ui-deploy-composite/action.yml @@ -4,9 +4,6 @@ inputs: maturity: required: true type: string - application: - required: true - type: string cdn-id: required: true type: string @@ -55,14 +52,14 @@ runs: shell: bash run: | cd dist/search-ui - aws s3 sync . "s3://${{ inputs.s3-bucket }}/${{ inputs.application }}" + aws s3 sync . "s3://${{ inputs.s3-bucket }}" aws cloudfront create-invalidation \ --distribution-id ${{ inputs.cdn-id }} \ --paths \ - ${{ inputs.application }}/index.html \ - ${{ inputs.application }}/manifest.json \ - ${{ inputs.application }}/ngsw.json \ - ${{ inputs.application }}/favicon.ico \ - ${{ inputs.application }}/assets/i18n/* \ - ${{ inputs.application }}/assets/* \ - ${{ inputs.application }}/docs/* + /index.html \ + /manifest.json \ + /ngsw.json \ + /favicon.ico \ + /assets/i18n/* \ + /assets/* \ + /docs/* From 8c2e4ed7b7959157e69c333384091a0710106e50 Mon Sep 17 00:00:00 2001 From: William Horn Date: Tue, 9 Jul 2024 08:34:02 -0800 Subject: [PATCH 23/28] setup actions for each private deployment --- .github/workflows/deploy-andy.yml | 2 +- .github/workflows/deploy-greg.yml | 2 +- .github/workflows/deploy-tyler.yml | 2 +- .github/workflows/deploy-will.yml | 2 +- build/github-actions-oidc.yml | 10 ++++++++++ 5 files changed, 14 insertions(+), 4 deletions(-) diff --git a/.github/workflows/deploy-andy.yml b/.github/workflows/deploy-andy.yml index 00b74ea92..8328b7f5c 100644 --- a/.github/workflows/deploy-andy.yml +++ b/.github/workflows/deploy-andy.yml @@ -1,4 +1,4 @@ -name: Deploy dev SearchUI +name: Deploy andy SearchUI on: push: diff --git a/.github/workflows/deploy-greg.yml b/.github/workflows/deploy-greg.yml index 23d645138..c71807213 100644 --- a/.github/workflows/deploy-greg.yml +++ b/.github/workflows/deploy-greg.yml @@ -1,4 +1,4 @@ -name: Deploy dev SearchUI +name: Deploy greg SearchUI on: push: diff --git a/.github/workflows/deploy-tyler.yml b/.github/workflows/deploy-tyler.yml index dedccd82f..2d1fb9146 100644 --- a/.github/workflows/deploy-tyler.yml +++ b/.github/workflows/deploy-tyler.yml @@ -1,4 +1,4 @@ -name: Deploy dev SearchUI +name: Deploy tyler SearchUI on: push: diff --git a/.github/workflows/deploy-will.yml b/.github/workflows/deploy-will.yml index 9ab6ea96f..720250b1f 100644 --- a/.github/workflows/deploy-will.yml +++ b/.github/workflows/deploy-will.yml @@ -1,4 +1,4 @@ -name: Deploy dev SearchUI +name: Deploy will SearchUI on: push: diff --git a/build/github-actions-oidc.yml b/build/github-actions-oidc.yml index 25566871e..99316b466 100644 --- a/build/github-actions-oidc.yml +++ b/build/github-actions-oidc.yml @@ -44,6 +44,16 @@ Resources: Resource: - arn:aws:s3:::search-ui-custom-deployments - arn:aws:s3:::search-ui-custom-deployments/* + - arn:aws:s3:::asf-search-ui-4 + - arn:aws:s3:::asf-search-ui-4/* + - arn:aws:s3:::asf-search-ui-3 + - arn:aws:s3:::asf-search-ui-3/* + - arn:aws:s3:::asf-search-ui-2 + - arn:aws:s3:::asf-search-ui-2/* + - arn:aws:s3:::asf-search-ui-1 + - arn:aws:s3:::asf-search-ui-1/* + - arn:aws:s3:::asf-search-ui-andy-2 + - arn:aws:s3:::asf-search-ui-andy-2/* - PolicyName: CloudfrontInvalidation PolicyDocument: Version: '2012-10-17' From 0806c9941daa9f562178e408db094cf0478d206b Mon Sep 17 00:00:00 2001 From: William Horn Date: Tue, 9 Jul 2024 10:04:05 -0800 Subject: [PATCH 24/28] add test deployment action --- .github/workflows/deploy-test.yml | 26 ++++++++++++++++++++++++++ build/github-actions-oidc.yml | 2 ++ 2 files changed, 28 insertions(+) create mode 100644 .github/workflows/deploy-test.yml diff --git a/.github/workflows/deploy-test.yml b/.github/workflows/deploy-test.yml new file mode 100644 index 000000000..32e5f28d0 --- /dev/null +++ b/.github/workflows/deploy-test.yml @@ -0,0 +1,26 @@ +name: Deploy will SearchUI + +on: + push: + branches: + - test + +jobs: + deploy: + runs-on: ubuntu-latest + environment: test + permissions: + id-token: write + contents: read + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: build + uses: ./.github/workflows/search-ui-deploy-composite + with: + maturity: ${{ vars.MATURITY }} + cdn-id: ${{ vars.CDN_ID }} + s3-bucket: ${{ vars.S3_BUCKET }} + aws-account-id: ${{ secrets.AWS_ACCOUNT_ID }} diff --git a/build/github-actions-oidc.yml b/build/github-actions-oidc.yml index 99316b466..089a429d9 100644 --- a/build/github-actions-oidc.yml +++ b/build/github-actions-oidc.yml @@ -42,6 +42,8 @@ Resources: - s3:ListBucket - s3:PutObject Resource: + - arn:aws:s3:::asf-search-ui-test + - arn:aws:s3:::asf-search-ui-test/* - arn:aws:s3:::search-ui-custom-deployments - arn:aws:s3:::search-ui-custom-deployments/* - arn:aws:s3:::asf-search-ui-4 From 88c319fba173ddba70462f4e2d514d51fa2f183e Mon Sep 17 00:00:00 2001 From: William Horn Date: Tue, 9 Jul 2024 10:29:27 -0800 Subject: [PATCH 25/28] setup role for test deployment as well --- .github/workflows/search-ui-deploy-composite/action.yml | 2 +- build/github-actions-oidc.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/search-ui-deploy-composite/action.yml b/.github/workflows/search-ui-deploy-composite/action.yml index e80f65c35..6ed4da3a0 100644 --- a/.github/workflows/search-ui-deploy-composite/action.yml +++ b/.github/workflows/search-ui-deploy-composite/action.yml @@ -28,7 +28,7 @@ runs: - name: Configure AWS credentials from Test account uses: aws-actions/configure-aws-credentials@v3 with: - role-to-assume: arn:aws:iam::${{ inputs.aws-account-id }}:role/GitHub_Actions_Role + role-to-assume: arn:aws:iam::${{ inputs.aws-account-id }}:role/GitHub_Actions_Role_SearchUI_${{ inputs.maturity }} aws-region: us-east-1 - name: Fetch the caller identity diff --git a/build/github-actions-oidc.yml b/build/github-actions-oidc.yml index 089a429d9..efcd297d3 100644 --- a/build/github-actions-oidc.yml +++ b/build/github-actions-oidc.yml @@ -6,7 +6,7 @@ Resources: GitHubActionsRole: Type: AWS::IAM::Role Properties: - RoleName: GitHub_Actions_Role + RoleName: GitHub_Actions_Role_SearchUI_test AssumeRolePolicyDocument: Version: 2012-10-17 Statement: From e06ed765fc4e92418d34f18ffaa1c31f88e92b5b Mon Sep 17 00:00:00 2001 From: William Horn Date: Tue, 9 Jul 2024 10:32:08 -0800 Subject: [PATCH 26/28] change name of test deployment action --- .github/workflows/deploy-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-test.yml b/.github/workflows/deploy-test.yml index 32e5f28d0..b985af511 100644 --- a/.github/workflows/deploy-test.yml +++ b/.github/workflows/deploy-test.yml @@ -1,4 +1,4 @@ -name: Deploy will SearchUI +name: Deploy test SearchUI on: push: From 58a95a3c0e3acf138ab25417a2cdb518508c6c3d Mon Sep 17 00:00:00 2001 From: William Horn Date: Tue, 9 Jul 2024 10:35:48 -0800 Subject: [PATCH 27/28] remove unused deploy prod action --- .github/workflows/deploy-prod.yml | 21 --------------------- 1 file changed, 21 deletions(-) delete mode 100644 .github/workflows/deploy-prod.yml diff --git a/.github/workflows/deploy-prod.yml b/.github/workflows/deploy-prod.yml deleted file mode 100644 index 5e6d779a0..000000000 --- a/.github/workflows/deploy-prod.yml +++ /dev/null @@ -1,21 +0,0 @@ -name: Update BulkDownload Stack (prod) - -on: - push: - branches: - - prod - -jobs: - deploy: - runs-on: ubuntu-latest - environment: test - - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: build - uses: ./.github/workflows/bulk-download-deploy-composite - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} From 127383b2028af469f0bb228dee48b69ecaad19f6 Mon Sep 17 00:00:00 2001 From: William Horn Date: Tue, 9 Jul 2024 11:10:58 -0800 Subject: [PATCH 28/28] add deployment action for yoreley --- .github/workflows/deploy-yoreley.yml | 26 ++++++++++++++++++++++++++ build/github-actions-oidc.yml | 2 ++ 2 files changed, 28 insertions(+) create mode 100644 .github/workflows/deploy-yoreley.yml diff --git a/.github/workflows/deploy-yoreley.yml b/.github/workflows/deploy-yoreley.yml new file mode 100644 index 000000000..8b4e325c6 --- /dev/null +++ b/.github/workflows/deploy-yoreley.yml @@ -0,0 +1,26 @@ +name: Deploy yoreley SearchUI + +on: + push: + branches: + - yoreley/* + +jobs: + deploy: + runs-on: ubuntu-latest + environment: dev-yoreley + permissions: + id-token: write + contents: read + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: build + uses: ./.github/workflows/search-ui-deploy-composite + with: + maturity: ${{ vars.MATURITY }} + cdn-id: ${{ vars.CDN_ID }} + s3-bucket: ${{ vars.S3_BUCKET }} + aws-account-id: ${{ secrets.AWS_ACCOUNT_ID }} diff --git a/build/github-actions-oidc.yml b/build/github-actions-oidc.yml index efcd297d3..3723cbfc2 100644 --- a/build/github-actions-oidc.yml +++ b/build/github-actions-oidc.yml @@ -42,6 +42,8 @@ Resources: - s3:ListBucket - s3:PutObject Resource: + - arn:aws:s3:::asf-search-ui-dev + - arn:aws:s3:::asf-search-ui-dev/* - arn:aws:s3:::asf-search-ui-test - arn:aws:s3:::asf-search-ui-test/* - arn:aws:s3:::search-ui-custom-deployments