7cd2058613
All checks were successful
Deploy / deploy (push) Successful in 10m52s
Runner image doesn't include AWS CLI by default.
128 lines
4.3 KiB
YAML
128 lines
4.3 KiB
YAML
name: Deploy
|
|
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
|
|
env:
|
|
AWS_REGION: eu-central-1
|
|
S3_BUCKET: filamenteka-frontend
|
|
INSTANCE_ID: i-03956ecf32292d7d9
|
|
NEXT_PUBLIC_API_URL: https://api.filamenteka.rs/api
|
|
NEXT_PUBLIC_MATOMO_URL: https://analytics.demirix.dev
|
|
NEXT_PUBLIC_MATOMO_SITE_ID: "7"
|
|
|
|
jobs:
|
|
deploy:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 2
|
|
|
|
- name: Detect changes
|
|
id: changes
|
|
run: |
|
|
FRONTEND_CHANGED=false
|
|
API_CHANGED=false
|
|
|
|
if git diff --name-only HEAD~1 HEAD | grep -qvE '^api/'; then
|
|
FRONTEND_CHANGED=true
|
|
fi
|
|
|
|
if git diff --name-only HEAD~1 HEAD | grep -qE '^api/'; then
|
|
API_CHANGED=true
|
|
fi
|
|
|
|
echo "frontend=$FRONTEND_CHANGED" >> $GITHUB_OUTPUT
|
|
echo "api=$API_CHANGED" >> $GITHUB_OUTPUT
|
|
echo "Frontend changed: $FRONTEND_CHANGED"
|
|
echo "API changed: $API_CHANGED"
|
|
|
|
# ── Frontend Deploy ──────────────────────────────────────────────
|
|
- name: Setup Node.js
|
|
if: steps.changes.outputs.frontend == 'true'
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: 18
|
|
cache: npm
|
|
|
|
- name: Install dependencies
|
|
if: steps.changes.outputs.frontend == 'true'
|
|
run: npm ci
|
|
|
|
- name: Security check
|
|
if: steps.changes.outputs.frontend == 'true'
|
|
run: npm run security:check
|
|
|
|
- name: Run tests
|
|
if: steps.changes.outputs.frontend == 'true'
|
|
run: npm test -- --passWithNoTests
|
|
|
|
- name: Build Next.js
|
|
if: steps.changes.outputs.frontend == 'true'
|
|
run: npm run build
|
|
|
|
- name: Install AWS CLI
|
|
if: steps.changes.outputs.frontend == 'true' || steps.changes.outputs.api == 'true'
|
|
run: |
|
|
curl -s "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o /tmp/awscliv2.zip
|
|
unzip -q /tmp/awscliv2.zip -d /tmp
|
|
/tmp/aws/install
|
|
aws --version
|
|
|
|
- name: Configure AWS credentials
|
|
if: steps.changes.outputs.frontend == 'true' || steps.changes.outputs.api == 'true'
|
|
uses: aws-actions/configure-aws-credentials@v4
|
|
with:
|
|
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
|
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
|
aws-region: eu-central-1
|
|
|
|
- name: Deploy to S3
|
|
if: steps.changes.outputs.frontend == 'true'
|
|
run: |
|
|
# Upload HTML files with no-cache
|
|
aws s3 sync out/ s3://$S3_BUCKET/ \
|
|
--delete \
|
|
--exclude "*" \
|
|
--include "*.html" \
|
|
--cache-control "public, max-age=0, must-revalidate" \
|
|
--content-type "text/html"
|
|
|
|
# Upload _next static assets with immutable 1-year cache
|
|
aws s3 sync out/_next/ s3://$S3_BUCKET/_next/ \
|
|
--cache-control "public, max-age=31536000, immutable"
|
|
|
|
# Upload other assets with 1-day cache
|
|
aws s3 sync out/ s3://$S3_BUCKET/ \
|
|
--exclude "*.html" \
|
|
--exclude "_next/*" \
|
|
--cache-control "public, max-age=86400"
|
|
|
|
- name: Invalidate CloudFront
|
|
if: steps.changes.outputs.frontend == 'true'
|
|
run: |
|
|
aws cloudfront create-invalidation \
|
|
--distribution-id ${{ secrets.CLOUDFRONT_DISTRIBUTION_ID }} \
|
|
--paths "/*"
|
|
|
|
# ── API Deploy ───────────────────────────────────────────────────
|
|
- name: Deploy API via SSM
|
|
if: steps.changes.outputs.api == 'true'
|
|
run: |
|
|
aws ssm send-command \
|
|
--region $AWS_REGION \
|
|
--instance-ids "$INSTANCE_ID" \
|
|
--document-name "AWS-RunShellScript" \
|
|
--parameters 'commands=[
|
|
"cd /home/ubuntu/filamenteka-api",
|
|
"cp server.js server.js.backup",
|
|
"curl -o server.js https://git.demirix.dev/dax/Filamenteka/raw/branch/main/api/server.js",
|
|
"sudo systemctl restart node-api",
|
|
"sudo systemctl status node-api"
|
|
]' \
|
|
--output json
|
|
echo "API deploy command sent via SSM"
|