feat: add build deploy workflow

nevinsm · nevinsm · commit b002af03f0c5 · 2025-08-11T14:48:20.000-04:00
diff --git a/.github/workflows/build_deploy.yaml b/.github/workflows/build_deploy.yaml
@@ -0,0 +1,163 @@
+name: build_and_deploy
+
+on:
+  push:
+    branches:
+      - main
+      - production
+
+  workflow_dispatch:
+    inputs:
+      env:
+        description: 'integration | production'
+        required: true
+        default: integration
+
+jobs:
+  set_env:
+    runs-on: ubuntu-latest
+    outputs:
+      deploy_env: ${{ steps.set.outputs.deploy_env }}
+    steps:
+      - id: set
+        run: |
+          if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
+            echo "deploy_env=${{ inputs.env }}" >> "$GITHUB_OUTPUT"
+          else
+            case "${{ github.ref_name }}" in
+              main)
+                echo "deploy_env=staging" >> "$GITHUB_OUTPUT"
+                ;;
+              production)
+                echo "deploy_env=production" >> "$GITHUB_OUTPUT"
+                ;;
+              *)
+                echo "Unknown branch: ${{ github.ref_name }}"
+                exit 1
+                ;;
+            esac
+          fi
+
+  build_api:
+    needs: set_env
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: ./api
+    permissions:
+      id-token: write
+      contents: read
+    env:
+      DEPLOY_ENV: ${{ needs.set_env.outputs.deploy_env }}
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4.2.1
+        with:
+          role-to-assume: ${{ vars.AWS_DEPLOY_ROLE_ARN }}
+          aws-region: ${{ vars.AWS_REGION }}
+
+      - name: Login to ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v2
+
+      - name: Docker Login to ECR
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ steps.login-ecr.outputs.registry }}
+
+      - name: Build, tag, and push image to Amazon ECR
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          platforms: linux/amd64
+          push: true
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          file: Dockerfile
+          tags: |
+            ${{ steps.login-ecr.outputs.registry }}/${{ vars.ECR_REPOSITORY }}/api:${{ github.sha }}
+            ${{ steps.login-ecr.outputs.registry }}/${{ vars.ECR_REPOSITORY }}/api:${{ env.DEPLOY_ENV }}
+            ${{ steps.login-ecr.outputs.registry }}/${{ vars.ECR_REPOSITORY }}/api:latest
+
+  build_ui:
+    needs: set_env
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: ./ui
+    permissions:
+      id-token: write
+      contents: read
+    env:
+      DEPLOY_ENV: ${{ needs.set_env.outputs.deploy_env }}
+      VITE_API_HOST: 'api.${{ needs.set_env.outputs.deploy_env }}.parakeet.vigetx.com'
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: pnpm/action-setup@v4
+        name: Install pnpm
+        with:
+          version: 10
+          run_install: false
+
+      - name: Install Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 22
+          cache: 'pnpm'
+
+      - name: Install dependencies
+        run: pnpm install
+
+      - name: Build UI
+        run: pnpm run build
+
+      - name: Upload dist folder
+        uses: actions/upload-artifact@v4
+        with:
+          name: ui
+          path: dist/
+
+  deploy:
+    needs:
+      - build_api
+      - build_ui
+      - set_env
+    runs-on: ubuntu-latest
+    env:
+      DEPLOY_ENV: ${{ needs.set_env.outputs.deploy_env }}
+    environment: ${{ needs.set_env.outputs.deploy_env }}
+    permissions:
+      id-token: write
+    steps:
+      - name: Setup SSH Keys and known_hosts
+        env:
+          SSH_AUTH_SOCK: /tmp/ssh_agent.sock
+        run: |
+          mkdir -p -m 700 ~/.ssh
+          ssh-agent -a $SSH_AUTH_SOCK > /dev/null
+          ssh-add - <<< "${{ secrets.DEPLOY_KEY }}"
+          ssh-keyscan ${{ vars.HOST }} >> ~/.ssh/known_hosts
+
+      - name: Deploy API
+        env:
+          SSH_AUTH_SOCK: /tmp/ssh_agent.sock
+        run: |
+          ssh deploy@${{ vars.HOST }} 'cd /var/www/parakeet/${{ env.DEPLOY_ENV }}; echo "APP_IMAGE_TAG=${{ github.sha }}" > .env; docker compose pull && docker compose up -d --remove-orphans'
+
+      - name: Download UI dist folder
+        uses: actions/download-artifact@v4
+        with:
+          name: ui
+          path: .
+
+      - name: Deploy UI
+        env:
+          SSH_AUTH_SOCK: /tmp/ssh_agent.sock
+        run: |
+          rsync -rzve ssh --del ./dist/ deploy@${{ vars.HOST }}:/var/www/parakeet/${{ env.DEPLOY_ENV }}/ui/
