111 lines
3.7 KiB
YAML
111 lines
3.7 KiB
YAML
name: Deploy
|
|
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
|
|
env:
|
|
AWS_REGION: eu-central-1
|
|
S3_BUCKET: filamenteka-frontend
|
|
INSTANCE_ID: i-03956ecf32292d7d9
|
|
NEXT_PUBLIC_API_URL: https://api.filamenteka.rs/api
|
|
NEXT_PUBLIC_MATOMO_URL: https://analytics.demirix.dev
|
|
NEXT_PUBLIC_MATOMO_SITE_ID: "7"
|
|
|
|
jobs:
|
|
deploy:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 2
|
|
|
|
- name: Detect changes
|
|
id: changes
|
|
run: |
|
|
FRONTEND_CHANGED=false
|
|
API_CHANGED=false
|
|
|
|
if git diff --name-only HEAD~1 HEAD | grep -qvE '^api/'; then
|
|
FRONTEND_CHANGED=true
|
|
fi
|
|
|
|
if git diff --name-only HEAD~1 HEAD | grep -qE '^api/'; then
|
|
API_CHANGED=true
|
|
fi
|
|
|
|
echo "frontend=$FRONTEND_CHANGED" >> $GITHUB_OUTPUT
|
|
echo "api=$API_CHANGED" >> $GITHUB_OUTPUT
|
|
echo "Frontend changed: $FRONTEND_CHANGED"
|
|
echo "API changed: $API_CHANGED"
|
|
|
|
# ── Frontend Deploy ──────────────────────────────────────────────
|
|
- name: Setup Node.js
|
|
if: steps.changes.outputs.frontend == 'true'
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: 18
|
|
|
|
- name: Install dependencies
|
|
if: steps.changes.outputs.frontend == 'true'
|
|
run: npm ci
|
|
|
|
- name: Security check & tests
|
|
if: steps.changes.outputs.frontend == 'true'
|
|
run: |
|
|
npm run security:check
|
|
npm test -- --passWithNoTests
|
|
|
|
- name: Build Next.js
|
|
if: steps.changes.outputs.frontend == 'true'
|
|
run: npm run build
|
|
|
|
- name: Setup AWS
|
|
if: steps.changes.outputs.frontend == 'true' || steps.changes.outputs.api == 'true'
|
|
run: |
|
|
pip3 install -q --break-system-packages awscli
|
|
aws configure set aws_access_key_id "${{ secrets.AWS_ACCESS_KEY_ID }}"
|
|
aws configure set aws_secret_access_key "${{ secrets.AWS_SECRET_ACCESS_KEY }}"
|
|
aws configure set region eu-central-1
|
|
|
|
- name: Deploy to S3 & invalidate CloudFront
|
|
if: steps.changes.outputs.frontend == 'true'
|
|
run: |
|
|
aws s3 sync out/ s3://$S3_BUCKET/ \
|
|
--delete \
|
|
--exclude "*" \
|
|
--include "*.html" \
|
|
--cache-control "public, max-age=0, must-revalidate" \
|
|
--content-type "text/html"
|
|
|
|
aws s3 sync out/_next/ s3://$S3_BUCKET/_next/ \
|
|
--cache-control "public, max-age=31536000, immutable"
|
|
|
|
aws s3 sync out/ s3://$S3_BUCKET/ \
|
|
--exclude "*.html" \
|
|
--exclude "_next/*" \
|
|
--cache-control "public, max-age=86400"
|
|
|
|
aws cloudfront create-invalidation \
|
|
--distribution-id ${{ secrets.CLOUDFRONT_DISTRIBUTION_ID }} \
|
|
--paths "/*"
|
|
|
|
# ── API Deploy ───────────────────────────────────────────────────
|
|
- name: Deploy API via SSM
|
|
if: steps.changes.outputs.api == 'true'
|
|
run: |
|
|
aws ssm send-command \
|
|
--region $AWS_REGION \
|
|
--instance-ids "$INSTANCE_ID" \
|
|
--document-name "AWS-RunShellScript" \
|
|
--parameters 'commands=[
|
|
"cd /home/ubuntu/filamenteka-api",
|
|
"cp server.js server.js.backup",
|
|
"curl -o server.js https://git.demirix.dev/dax/Filamenteka/raw/branch/main/api/server.js",
|
|
"sudo systemctl restart node-api",
|
|
"sudo systemctl status node-api"
|
|
]' \
|
|
--output json
|
|
echo "API deploy command sent via SSM"
|