Skip to content

AWS Deployment

AWS Deployment #4

Workflow file for this run

---
name: AWS Deploy Example
on:
workflow_dispatch:
inputs:
environment:
description: "Environment to deploy to"
default: "staging"
options:
- staging
- production
required: true
type: choice
env:
AWS_ACCOUNT_ID: ${{ vars.AWS_PUBLIC_DATA_RELEASES_ACCOUNT_ID }}
AWS_REGION: ${{ vars.AWS_DEFAULT_REGION }}
STAGING_CLOUDFRONT_DISTRIBUTION_ID: ${{ secrets.STAGING_CLOUDFRONT_DISTRIBUTION_ID }}
STAGING_S3_BUCKET: s3://staging.timelapse.allencell.org
PRODUCTION_CLOUDFRONT_DISTRIBUTION_ID: ${{ secrets.PRODUCTION_CLOUDFRONT_DISTRIBUTION_ID }}
PRODUCTION_S3_BUCKET: s3://timelapse.allencell.org
permissions:
id-token: write # Required for requesting the JWT and OIDC
contents: write # Required for actions/checkout and OIDC tokens
jobs:
deploy:
runs-on: ubuntu-latest
# Dynamically set the environment variable based on the input above:
environment: ${{ github.event.inputs.environment }}
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
# Compute a short sha for use in the OIDC session name, which has a 64 character limit
- name: Add SHORT_SHA env property with commit short sha
run: echo "SHORT_SHA=`echo ${{ github.sha }} | cut -c1-8`" >> $GITHUB_ENV
- name: Configure AWS credentials with OIDC
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502
with:
role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT_ID }}:role/github_nucmorph_colorizer
role-session-name: nucmorph_colorizer-${{ env.SHORT_SHA }}
aws-region: ${{ env.AWS_REGION }}
# Setup variables based on the staging or production environment
- name: Set ECS variables based on environment
run: |
if [ "${{ github.event.inputs.environment }}" == "production" ]; then
echo "S3_BUCKET=${{ env.PRODUCTION_S3_BUCKET }}" >> $GITHUB_ENV
echo "CLOUDFRONT_DISTRIBUTION_ID=${{ env.PRODUCTION_CLOUDFRONT_DISTRIBUTION_ID }}" >> $GITHUB_ENV
elif [ "${{ github.event.inputs.environment }}" == "staging" ]; then
echo "S3_BUCKET=${{ env.STAGING_S3_BUCKET }}" >> $GITHUB_ENV
echo "CLOUDFRONT_DISTRIBUTION_ID=${{ env.STAGING_CLOUDFRONT_DISTRIBUTION_ID }}" >> $GITHUB_ENV
else
echo "Invalid environment specified"
exit 1
fi
- name: DEBUG - pwd
run: pwd
- name: DEBUG - ls
run: ls -al
- name: Write an arbitrary file to S3 - just to demonstrate how.
run: aws s3 sync .index.html ${{ env.S3_BUCKET }}
- name: Invalidate CloudFront cache
run: aws cloudfront create-invalidation --distribution-id ${{ env.CLOUDFRONT_DISTRIBUTION_ID }} --paths "/*"