Skip to content

SST staging deployment workflow #500

SST staging deployment workflow

SST staging deployment workflow #500

name: SST staging deployment workflow
on:
push:
branches:
- develop
workflow_dispatch:
# Concurrency group name ensures concurrent workflow runs wait for any in-progress job to finish
concurrency:
group: merge-${{ github.ref }}
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
jobs:
DeployApp:
runs-on: ubuntu-latest
environment: staging
env:
ENV: ${{ vars.ENV }}
NEXT_PUBLIC_ENV: ${{ vars.NEXT_PUBLIC_ENV }}
NEXT_PUBLIC_URL: ${{ vars.NEXT_PUBLIC_URL }}
NEXT_PUBLIC_ASSET_BUCKET_NAME: ${{ vars.NEXT_PUBLIC_ASSET_BUCKET_NAME }}
NEXT_PUBLIC_IPFS_BUCKET_NAME: ${{ vars.NEXT_PUBLIC_IPFS_BUCKET_NAME }}
NEXT_PUBLIC_METADATA_BUCKET_NAME: ${{ vars.NEXT_PUBLIC_METADATA_BUCKET_NAME }}
NEXT_PUBLIC_UPLOAD_BUCKET_NAME: ${{ vars.NEXT_PUBLIC_UPLOAD_BUCKET_NAME }}
NEXTAUTH_URL: ${{ vars.NEXTAUTH_URL }}
NEXTAUTH_SECRET: ${{ secrets.NEXTAUTH_SECRET }}
RDS_DB_NAME: ${{ vars.RDS_DB_NAME }}
RDS_RESOURCE_ARN: ${{ vars.RDS_RESOURCE_ARN }}
OIDC_CLIENT_ID: ${{ vars.OIDC_CLIENT_ID }}
OIDC_CLIENT_SECRET: ${{ secrets.OIDC_CLIENT_SECRET }}
ISSUER_URL: ${{ vars.ISSUER_URL }}
AUTHORIZATION_URL: ${{ vars.AUTHORIZATION_URL }}
TOKEN_URL: ${{ vars.TOKEN_URL }}
JWKS_ENDPOINT: ${{ vars.JWKS_ENDPOINT }}
OIDC_SERVER_URL: ${{ vars.OIDC_SERVER_URL }}
TRUST_ANCHOR_DID: ${{ vars.TRUST_ANCHOR_DID }}
PINATA_SECRET: ${{ secrets.PINATA_SECRET }}
PINATA_JWT: ${{ vars.PINATA_JWT }}
PINATA_GATEWAY: ${{ vars.PINATA_GATEWAY }}
PINATA_GATEWAY_KEY: ${{ vars.PINATA_GATEWAY_KEY }}
ASSETS_CONTRACT: ${{ vars.ASSETS_CONTRACT }}
NEXT_PUBLIC_WEB3_RPC_URL: ${{ vars.NEXT_PUBLIC_WEB3_RPC_URL }}
steps:
- name: Git clone the repository
uses: actions/checkout@v3
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: arn:aws:iam::597778497612:role/GitHub-Actions
role-duration-seconds: 900
aws-region: eu-central-1
- name: Deploy app
run: |
npm ci --force && npx nx deploy:staging envited.ascs.digital
DeployOIDCClient:
runs-on: ubuntu-latest
environment: staging
if: contains(github.ref, 'oidc-client')
steps:
- name: Git clone the repository
uses: actions/checkout@v3
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: arn:aws:iam::597778497612:role/GitHub-Actions
role-duration-seconds: 900
aws-region: eu-central-1
- name: Deploy OIDC client
run: |
npm ci --force && npx nx deploy:staging oidc-client.ascs.digital