use type id #387
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: AWS Deployment | |
| on: [push] | |
| env: | |
| AWS_REGION: ${{ vars.AWS_DEFAULT_REGION }} | |
| # AWS resources are spread across different AWS accounts: aics-sw and public_data_releases | |
| # The CloudFront distributions is in the aics-sw account | |
| # The S3 buckets are in the public_data_releases account | |
| CLOUDFRONT_AWS_ACCOUNT_ID: ${{ vars.AWS_AICS_SW_ACCOUNT_ID }} | |
| S3_AWS_ACCOUNT_ID: ${{ vars.AWS_PUBLIC_DATA_RELEASES_ACCOUNT_ID }} | |
| STAGING_CLOUDFRONT_DISTRIBUTION_ID: ${{ secrets.STAGING_CLOUDFRONT_DISTRIBUTION_ID }} | |
| STAGING_S3_BUCKET: s3://staging-ipub-simularium | |
| PRODUCTION_CLOUDFRONT_DISTRIBUTION_ID: ${{ secrets.PRODUCTION_CLOUDFRONT_DISTRIBUTION_ID }} | |
| PRODUCTION_S3_BUCKET: s3://production-ipub-simularium | |
| permissions: | |
| id-token: write # Required for requesting the JWT and OIDC | |
| contents: write # Required for actions/checkout and OIDC tokens | |
| jobs: | |
| check-build: | |
| if: github.ref != 'refs/heads/main' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 | |
| # Compute a short sha for use in the OIDC session name, which has a 64 character limit | |
| - name: Add SHORT_SHA env property with commit short sha | |
| run: echo "SHORT_SHA=`echo ${{ github.sha }} | cut -c1-8`" >> $GITHUB_ENV | |
| - name: Setup Bun | |
| uses: oven-sh/setup-bun@8f24390df009a496891208e5e36b8a1de1f45135 | |
| - run: bun install | |
| - run: bun run build | |
| deploy-staging: | |
| if: github.ref == 'refs/heads/main' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 | |
| # Compute a short sha for use in the OIDC session name, which has a 64 character limit | |
| - name: Add SHORT_SHA env property with commit short sha | |
| run: echo "SHORT_SHA=`echo ${{ github.sha }} | cut -c1-8`" >> $GITHUB_ENV | |
| - name: Configure AWS credentials with OIDC for S3 copy | |
| uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 | |
| with: | |
| role-to-assume: arn:aws:iam::${{ env.S3_AWS_ACCOUNT_ID }}:role/github_simularium_ipub | |
| role-session-name: binding-sim-edu-${{ env.SHORT_SHA }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Setup Bun | |
| uses: oven-sh/setup-bun@8f24390df009a496891208e5e36b8a1de1f45135 | |
| - run: bun install | |
| - run: bun run build | |
| - name: Copy build files to staging S3 bucket | |
| run: aws s3 sync ./dist ${{ env.STAGING_S3_BUCKET }} | |
| - name: Configure AWS credentials with OIDC for CloudFront cache invalidation | |
| uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 | |
| with: | |
| role-to-assume: arn:aws:iam::${{ env.CLOUDFRONT_AWS_ACCOUNT_ID }}:role/github_simularium_ipub | |
| role-session-name: binding-sim-edu-${{ env.SHORT_SHA }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Invalidate CloudFront cache | |
| run: aws cloudfront create-invalidation --distribution-id ${{ env.STAGING_CLOUDFRONT_DISTRIBUTION_ID }} --paths "/*" | |
| deploy-production: | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 | |
| # Compute a short sha for use in the OIDC session name, which has a 64 character limit | |
| - name: Add SHORT_SHA env property with commit short sha | |
| run: echo "SHORT_SHA=`echo ${{ github.sha }} | cut -c1-8`" >> $GITHUB_ENV | |
| - name: Configure AWS credentials with OIDC for S3 copy | |
| uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 | |
| with: | |
| role-to-assume: arn:aws:iam::${{ env.S3_AWS_ACCOUNT_ID }}:role/github_simularium_ipub | |
| role-session-name: binding-sim-edu-${{ env.SHORT_SHA }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Setup Bun | |
| uses: oven-sh/setup-bun@8f24390df009a496891208e5e36b8a1de1f45135 | |
| - run: bun install | |
| - run: bun run build | |
| - name: Copy build files to S3 root | |
| run: aws s3 sync ./dist ${{ env.PRODUCTION_S3_BUCKET }} | |
| - name: Configure AWS credentials with OIDC for CloudFront cache invalidation | |
| uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 | |
| with: | |
| role-to-assume: arn:aws:iam::${{ env.CLOUDFRONT_AWS_ACCOUNT_ID }}:role/github_simularium_ipub | |
| role-session-name: binding-sim-edu-${{ env.SHORT_SHA }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Invalidate CloudFront cache | |
| run: aws cloudfront create-invalidation --distribution-id ${{ env.PRODUCTION_CLOUDFRONT_DISTRIBUTION_ID }} --paths "/*" |