.github/workflows/deploy.yml

name: Run deploy

on:
  workflow_dispatch:
  push:
    branches:
      - main
      - staging
      - dev

    paths:
      - 'client/**'
      - 'api/**'
      - '.github/workflows/*'
      - 'infrastructure/**'
      - 'package.json'


jobs:

  set_environment_name:
    runs-on: ubuntu-latest
    outputs:
      env_name: ${{ steps.set_env.outputs.env_name }}
    steps:
      - id: set_env
        run: echo "env_name=${{ github.ref_name == 'main' && 'production' || github.ref_name }}" >> $GITHUB_OUTPUT


  build_client:
    needs: [ set_environment_name ]
    environment:
      name: ${{ needs.set_environment_name.outputs.env_name }}
    runs-on: ubuntu-latest
    name: Build Client image and push to Amazon ECR
    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - uses: dorny/paths-filter@v3
        id: client-changes
        with:
          filters: |
            client:
              - 'client/**'
              - '.github/workflows/**'


      - name: Configure AWS credentials
        if: ${{ github.event_name == 'workflow_dispatch' || steps.client-changes.outputs.client == 'true' }}
        uses: aws-actions/configure-aws-credentials@v4
        with:
          aws-access-key-id: ${{ secrets.PIPELINE_USER_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.PIPELINE_USER_SECRET_ACCESS_KEY }}
          aws-region: ${{ secrets.AWS_REGION }}

      - name: Login to Amazon ECR
        if: ${{ github.event_name == 'workflow_dispatch' || steps.client-changes.outputs.client == 'true' }}
        id: login-ecr
        uses: aws-actions/amazon-ecr-login@v2
        with:
          mask-password: 'true'

      - name: Set up Docker Buildx
        if: ${{ github.event_name == 'workflow_dispatch' || steps.client-changes.outputs.client == 'true' }}
        uses: docker/setup-buildx-action@v3

      - name: Build, tag, and push Client image to Amazon ECR
        if: ${{ github.event_name == 'workflow_dispatch' || steps.client-changes.outputs.client == 'true' }}
        uses: docker/build-push-action@v5
        with:
          build-args: |
            NEXT_PUBLIC_API_URL=${{ vars.NEXT_PUBLIC_API_URL }}
            NEXTAUTH_URL=${{ vars.NEXTAUTH_URL }}
            NEXTAUTH_SECRET=${{ secrets.NEXTAUTH_SECRET }}
          context: .
          cache-from: type=gha
          cache-to: type=gha,mode=max
          file: ./client/Dockerfile
          push: true
          tags: |
            ${{ steps.login-ecr.outputs.registry }}/${{ secrets.CLIENT_REPOSITORY_NAME }}:${{ github.sha }}
            ${{ steps.login-ecr.outputs.registry }}/${{ secrets.CLIENT_REPOSITORY_NAME }}:${{ needs.set_environment_name.outputs.env_name }}

  build_api:
    needs: [ set_environment_name ]
    environment:
      name: ${{ needs.set_environment_name.outputs.env_name }}
    runs-on: ubuntu-latest
    name: Build API image and push to Amazon ECR
    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - uses: dorny/paths-filter@v3
        id: api-changes
        with:
          filters: |
            api:
              - 'api/**'
              - '.github/workflows/**'

      - name: Configure AWS credentials
        if: ${{ github.event_name == 'workflow_dispatch' || steps.api-changes.outputs.api == 'true' }}
        uses: aws-actions/configure-aws-credentials@v4
        with:
          aws-access-key-id: ${{ secrets.PIPELINE_USER_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.PIPELINE_USER_SECRET_ACCESS_KEY }}
          aws-region: ${{ secrets.AWS_REGION }}

      - name: Login to Amazon ECR
        if: ${{ github.event_name == 'workflow_dispatch' || steps.api-changes.outputs.api == 'true' }}
        id: login-ecr
        uses: aws-actions/amazon-ecr-login@v2
        with:
          mask-password: 'true'

      - name: Set up Docker Buildx
        if: ${{ github.event_name == 'workflow_dispatch' || steps.api-changes.outputs.api == 'true' }}
        uses: docker/setup-buildx-action@v3

      - name: Build, tag, and push API image to Amazon ECR
        if: ${{ github.event_name == 'workflow_dispatch' || steps.api-changes.outputs.api == 'true' }}
        uses: docker/build-push-action@v5
        with:
          build-args: |
            DB_HOST=${{ secrets.DB_HOST }}
            DB_PORT=${{ secrets.DB_PORT }}
            DB_NAME=${{ secrets.DB_NAME }}
            DB_USERNAME=${{ secrets.DB_USERNAME }}
            DB_PASSWORD=${{ secrets.DB_PASSWORD }}
            JWT_SECRET=${{ secrets.JWT_SECRET }}
            JWT_EXPIRES_IN=${{ vars.JWT_EXPIRES_IN }}
          context: .
          cache-from: type=gha
          cache-to: type=gha,mode=max
          file: ./api/Dockerfile
          push: true
          tags: |
            ${{ steps.login-ecr.outputs.registry }}/${{ secrets.API_REPOSITORY_NAME }}:${{ github.sha }}
            ${{ steps.login-ecr.outputs.registry }}/${{ secrets.API_REPOSITORY_NAME }}:${{ needs.set_environment_name.outputs.env_name }}
  

  deploy:
    name: Deploy Services to Amazon EBS
    needs: [ set_environment_name, build_client, build_api ]
    runs-on: ubuntu-latest
    environment:
      name: ${{ needs.set_environment_name.outputs.env_name }}

    steps:
      - name: Checkout code
        uses: actions/checkout@v3

      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v4
        with:
          aws-access-key-id: ${{ secrets.PIPELINE_USER_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.PIPELINE_USER_SECRET_ACCESS_KEY }}
          aws-region: ${{ secrets.AWS_REGION }}

      - name: Login to Amazon ECR
        id: login-ecr
        uses: aws-actions/amazon-ecr-login@v2

      - name: Generate docker compose file
        working-directory: infrastructure/source_bundle
        env:
          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
          ECR_REPOSITORY_CLIENT: ${{ secrets.CLIENT_REPOSITORY_NAME }}
          ECR_REPOSITORY_API: ${{ secrets.API_REPOSITORY_NAME }}
          IMAGE_TAG: ${{ needs.set_environment_name.outputs.env_name }}
        run: |
          cat <<EOF >> docker-compose.yml
          services:
            client:
              image: $ECR_REGISTRY/$ECR_REPOSITORY_CLIENT:$IMAGE_TAG
              restart: always
              ports:
                - 3000:3000
            api:
              image: $ECR_REGISTRY/$ECR_REPOSITORY_API:$IMAGE_TAG
              restart: always
              ports:
                - 4000:4000
            nginx:
              image: nginx
              restart: always
              volumes:
                - ./proxy/conf.d:/etc/nginx/conf.d
                - "\${EB_LOG_BASE_DIR}/nginx:/var/log/nginx"
              ports:
                - 80:80
              depends_on:
                - api
                - client
          EOF

      - name: Generate zip file
        working-directory: infrastructure/source_bundle
        run: |
          zip -r deploy.zip * .[^.]*

      - name: Upload Zip File as Artifact
        uses: actions/upload-artifact@v2
        with:
          name: deploy-zip
          path: infrastructure/source_bundle/deploy.zip

      - name: Deploy to Amazon EB
        uses: einaregilsson/beanstalk-deploy@v21
        with:
          aws_access_key: ${{ secrets.PIPELINE_USER_ACCESS_KEY_ID }}
          aws_secret_key: ${{ secrets.PIPELINE_USER_SECRET_ACCESS_KEY }}
          application_name: ${{ secrets.PROJECT_NAME}}-${{ needs.set_environment_name.outputs.env_name }}
          environment_name: ${{ secrets.PROJECT_NAME}}-${{ needs.set_environment_name.outputs.env_name }}-env
          region: ${{ secrets.AWS_REGION }}
          version_label: ${{ github.sha }}-${{ github.run_id }}-${{ github.run_attempt }}
          deployment_package: infrastructure/source_bundle/deploy.zip