Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Setup github actions for vertex deployments #1932

Merged
merged 29 commits into from
Jul 9, 2024
Merged

Setup github actions for vertex deployments #1932

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
29 commits
Select commit Hold shift + click to select a range
3ca5fce
feat: add github actions for test deployment
williamh890 Jun 20, 2024
482c43b
fix: rename composite to search-ui-deploy
williamh890 Jun 20, 2024
fe1c5e0
fix: remove shell from action
williamh890 Jun 20, 2024
7c8a9d0
fix: add shell
williamh890 Jun 20, 2024
2378902
fix: remove angular cli global install
williamh890 Jun 20, 2024
f23543e
chore: change name of test deploy action
williamh890 Jun 20, 2024
ce0ab1c
chore: change actions name
williamh890 Jun 20, 2024
0d3cb84
fix: use npm to run build
williamh890 Jun 20, 2024
0118dac
Merge branch 'test' into actions
williamh890 Jun 28, 2024
3fff580
feat: use oicd to authenticate github actions build
williamh890 Jun 28, 2024
1c286db
fix: use correct variable name in action
williamh890 Jun 28, 2024
614fb33
fix: add missing property 'shell'
williamh890 Jun 28, 2024
c0c82f0
fix: add permissions to root workflow
williamh890 Jun 28, 2024
6048856
fix: add wildcard to SearchUI repo
williamh890 Jun 28, 2024
6b87711
try authentication outside of composite action
williamh890 Jun 28, 2024
ec5f7ff
test action
williamh890 Jun 30, 2024
df778b1
fix: remove extra login from action
williamh890 Jul 1, 2024
6bcf13b
change dev deployments to run on all dev/* branches
williamh890 Jul 1, 2024
7813456
chore: rename workflow to deploy-dev
williamh890 Jul 1, 2024
726c3b8
get deployment from branch name
williamh890 Jul 9, 2024
cf0699a
tweak method for getting branch name
williamh890 Jul 9, 2024
4199939
fix getting deployment name
williamh890 Jul 9, 2024
2a6ab45
use seperate actions files for each personal deployment
williamh890 Jul 9, 2024
8c2e4ed
setup actions for each private deployment
williamh890 Jul 9, 2024
0806c99
add test deployment action
williamh890 Jul 9, 2024
88c319f
setup role for test deployment as well
williamh890 Jul 9, 2024
e06ed76
change name of test deployment action
williamh890 Jul 9, 2024
58a95a3
remove unused deploy prod action
williamh890 Jul 9, 2024
127383b
add deployment action for yoreley
williamh890 Jul 9, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 26 additions & 0 deletions .github/workflows/deploy-andy.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
name: Deploy andy SearchUI

on:
push:
branches:
- andy/*

jobs:
deploy:
runs-on: ubuntu-latest
environment: dev-andy
permissions:
id-token: write
contents: read

steps:
- name: Checkout
uses: actions/checkout@v4

- name: build
uses: ./.github/workflows/search-ui-deploy-composite
with:
maturity: ${{ vars.MATURITY }}
cdn-id: ${{ vars.CDN_ID }}
s3-bucket: ${{ vars.S3_BUCKET }}
aws-account-id: ${{ secrets.AWS_ACCOUNT_ID }}
26 changes: 26 additions & 0 deletions .github/workflows/deploy-andy2.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
name: Deploy dev SearchUI

on:
push:
branches:
- andy2/*

jobs:
deploy:
runs-on: ubuntu-latest
environment: dev-andy2
permissions:
id-token: write
contents: read

steps:
- name: Checkout
uses: actions/checkout@v4

- name: build
uses: ./.github/workflows/search-ui-deploy-composite
with:
maturity: ${{ vars.MATURITY }}
cdn-id: ${{ vars.CDN_ID }}
s3-bucket: ${{ vars.S3_BUCKET }}
aws-account-id: ${{ secrets.AWS_ACCOUNT_ID }}
26 changes: 26 additions & 0 deletions .github/workflows/deploy-greg.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
name: Deploy greg SearchUI

on:
push:
branches:
- greg/*

jobs:
deploy:
runs-on: ubuntu-latest
environment: dev-greg
permissions:
id-token: write
contents: read

steps:
- name: Checkout
uses: actions/checkout@v4

- name: build
uses: ./.github/workflows/search-ui-deploy-composite
with:
maturity: ${{ vars.MATURITY }}
cdn-id: ${{ vars.CDN_ID }}
s3-bucket: ${{ vars.S3_BUCKET }}
aws-account-id: ${{ secrets.AWS_ACCOUNT_ID }}
26 changes: 26 additions & 0 deletions .github/workflows/deploy-kim.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
name: Deploy kim SearchUI

on:
push:
branches:
- kim/*

jobs:
deploy:
runs-on: ubuntu-latest
environment: dev-kim
permissions:
id-token: write
contents: read

steps:
- name: Checkout
uses: actions/checkout@v4

- name: build
uses: ./.github/workflows/search-ui-deploy-composite
with:
maturity: ${{ vars.MATURITY }}
cdn-id: ${{ vars.CDN_ID }}
s3-bucket: ${{ vars.S3_BUCKET }}
aws-account-id: ${{ secrets.AWS_ACCOUNT_ID }}
26 changes: 26 additions & 0 deletions .github/workflows/deploy-test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
name: Deploy test SearchUI

on:
push:
branches:
- test

jobs:
deploy:
runs-on: ubuntu-latest
environment: test
permissions:
id-token: write
contents: read

steps:
- name: Checkout
uses: actions/checkout@v4

- name: build
uses: ./.github/workflows/search-ui-deploy-composite
with:
maturity: ${{ vars.MATURITY }}
cdn-id: ${{ vars.CDN_ID }}
s3-bucket: ${{ vars.S3_BUCKET }}
aws-account-id: ${{ secrets.AWS_ACCOUNT_ID }}
26 changes: 26 additions & 0 deletions .github/workflows/deploy-tyler.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
name: Deploy tyler SearchUI

on:
push:
branches:
- tyler/*

jobs:
deploy:
runs-on: ubuntu-latest
environment: dev-tyler
permissions:
id-token: write
contents: read

steps:
- name: Checkout
uses: actions/checkout@v4

- name: build
uses: ./.github/workflows/search-ui-deploy-composite
with:
maturity: ${{ vars.MATURITY }}
cdn-id: ${{ vars.CDN_ID }}
s3-bucket: ${{ vars.S3_BUCKET }}
aws-account-id: ${{ secrets.AWS_ACCOUNT_ID }}
26 changes: 26 additions & 0 deletions .github/workflows/deploy-will.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
name: Deploy will SearchUI

on:
push:
branches:
- will/*

jobs:
deploy:
runs-on: ubuntu-latest
environment: dev-will
permissions:
id-token: write
contents: read

steps:
- name: Checkout
uses: actions/checkout@v4

- name: build
uses: ./.github/workflows/search-ui-deploy-composite
with:
maturity: ${{ vars.MATURITY }}
cdn-id: ${{ vars.CDN_ID }}
s3-bucket: ${{ vars.S3_BUCKET }}
aws-account-id: ${{ secrets.AWS_ACCOUNT_ID }}
26 changes: 26 additions & 0 deletions .github/workflows/deploy-yoreley.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
name: Deploy yoreley SearchUI

on:
push:
branches:
- yoreley/*

jobs:
deploy:
runs-on: ubuntu-latest
environment: dev-yoreley
permissions:
id-token: write
contents: read

steps:
- name: Checkout
uses: actions/checkout@v4

- name: build
uses: ./.github/workflows/search-ui-deploy-composite
with:
maturity: ${{ vars.MATURITY }}
cdn-id: ${{ vars.CDN_ID }}
s3-bucket: ${{ vars.S3_BUCKET }}
aws-account-id: ${{ secrets.AWS_ACCOUNT_ID }}
65 changes: 65 additions & 0 deletions .github/workflows/search-ui-deploy-composite/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
name: Composite search-ui deploy action

inputs:
maturity:
required: true
type: string
cdn-id:
required: true
type: string
s3-bucket:
required: true
type: string
aws-account-id:
required: true
type: string

runs:
using: "composite"
steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Use Node.js
uses: actions/setup-node@v3
with:
node-version: 18

- name: Configure AWS credentials from Test account
uses: aws-actions/configure-aws-credentials@v3
with:
role-to-assume: arn:aws:iam::${{ inputs.aws-account-id }}:role/GitHub_Actions_Role_SearchUI_${{ inputs.maturity }}
aws-region: us-east-1

- name: Fetch the caller identity
shell: bash
run: |
aws sts get-caller-identity

- name: Install dependencies
shell: bash
run: |
cp src/app/services/envs/env-${{ inputs.maturity }}.ts src/app/services/env.ts
echo "{\"hash\":\"${{ github.sha }}\"}" > src/assets/commit-hash.json
npm install

- name: Angular Build
shell: bash
run: |
npm run build

- name: Deploy to AWS
shell: bash
run: |
cd dist/search-ui
aws s3 sync . "s3://${{ inputs.s3-bucket }}"
aws cloudfront create-invalidation \
--distribution-id ${{ inputs.cdn-id }} \
--paths \
/index.html \
/manifest.json \
/ngsw.json \
/favicon.ico \
/assets/i18n/* \
/assets/* \
/docs/*
80 changes: 80 additions & 0 deletions build/github-actions-oidc.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,80 @@
AWSTemplateFormatVersion: 2010-09-09
Description: GitHub OIDC for when GitHub wants to communicate with AWS.
Resources:

# This is the bare-bones role.
GitHubActionsRole:
Type: AWS::IAM::Role
Properties:
RoleName: GitHub_Actions_Role_SearchUI_test
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Federated: !Sub arn:aws:iam::${AWS::AccountId}:oidc-provider/token.actions.githubusercontent.com
Action: sts:AssumeRoleWithWebIdentity
Condition:
StringLike:
'token.actions.githubusercontent.com:sub': ['repo:asfadmin/Discovery-SearchUI:*']
StringEqualsIgnoreCase:
'token.actions.githubusercontent.com:aud': sts.amazonaws.com
Policies:
- PolicyName: OidcSafetyPolicy
PolicyDocument:
Version: '2012-10-17'
Statement:
- Sid: OidcSafeties
Effect: Deny
Action:
- sts:AssumeRole
Resource: "*"
- PolicyName: GitHubActionsDeployPolicy
PolicyDocument:
Version: '2012-10-17'
Statement:
- Sid: AllowS3SyncActions
Effect: Allow
Action:
- s3:DeleteObject
- s3:GetBucketLocation
- s3:GetObject
- s3:ListBucket
- s3:PutObject
Resource:
- arn:aws:s3:::asf-search-ui-dev
- arn:aws:s3:::asf-search-ui-dev/*
- arn:aws:s3:::asf-search-ui-test
- arn:aws:s3:::asf-search-ui-test/*
- arn:aws:s3:::search-ui-custom-deployments
- arn:aws:s3:::search-ui-custom-deployments/*
- arn:aws:s3:::asf-search-ui-4
- arn:aws:s3:::asf-search-ui-4/*
- arn:aws:s3:::asf-search-ui-3
- arn:aws:s3:::asf-search-ui-3/*
- arn:aws:s3:::asf-search-ui-2
- arn:aws:s3:::asf-search-ui-2/*
- arn:aws:s3:::asf-search-ui-1
- arn:aws:s3:::asf-search-ui-1/*
- arn:aws:s3:::asf-search-ui-andy-2
- arn:aws:s3:::asf-search-ui-andy-2/*
- PolicyName: CloudfrontInvalidation
PolicyDocument:
Version: '2012-10-17'
Statement:
- Sid: AllowInvalidations
Effect: Allow
Action:
- cloudfront:CreateInvalidation
Resource: "*"


# This is the OIDC provider hookup itself. This tells AWS to delegate authN GitHub
GitHubActionsOidcProvider:
Type: AWS::IAM::OIDCProvider
Properties:
ClientIdList:
- sts.amazonaws.com
ThumbprintList:
- 6938fd4d98bab03faadb97b34396831e3780aea1
Url: https://token.actions.githubusercontent.com
2 changes: 1 addition & 1 deletion buildspec.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ phases:
commands:
- n 18
- npm set progress=false
- npm install -g @angular/cli@15.2.7
- npm install -g @angular/cli@17.2.7
pre_build:
commands:
- cp src/app/services/envs/env-${MATURITY}.ts src/app/services/env.ts
Expand Down
2 changes: 1 addition & 1 deletion package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
"scripts": {
"ng": "ng",
"start": "ng serve",
"build": "ng build",
"build": "ng build --configuration production",
"test": "ng test",
"lint": "eslint -c .eslintrc.js --ext .ts src",
"e2e": "ng e2e"
Expand Down
Loading