From 18d551dc4c4032308bd59340bd34e3956815c4b0 Mon Sep 17 00:00:00 2001 From: Dev Singh Date: Tue, 22 Jul 2025 10:09:32 -0400 Subject: [PATCH 1/8] alarms to terraform --- cloudformation/alerting.yml | 113 -------------------------- cloudformation/logs.yml | 16 +--- cloudformation/main.yml | 26 ------ terraform/envs/prod/main.tf | 12 ++- terraform/envs/prod/variables.tf | 14 ++++ terraform/modules/alarms/main.tf | 107 ++++++++++++++++++++++++ terraform/modules/alarms/variables.tf | 19 +++++ 7 files changed, 149 insertions(+), 158 deletions(-) delete mode 100644 cloudformation/alerting.yml create mode 100644 terraform/modules/alarms/main.tf create mode 100644 terraform/modules/alarms/variables.tf diff --git a/cloudformation/alerting.yml b/cloudformation/alerting.yml deleted file mode 100644 index 8c580a4c..00000000 --- a/cloudformation/alerting.yml +++ /dev/null @@ -1,113 +0,0 @@ -AWSTemplateFormatVersion: "2010-09-09" -Description: Stack Alarms -Transform: AWS::Serverless-2016-10-31 - -Parameters: - AlertSNSArn: - Description: SNS Queue to send general alarm alerts to - Type: String - PriorityAlertSNSArn: - Description: SNS Queue to send priority alarm alerts to - Type: String - ApplicationPrefix: - Type: String - Description: Application prefix, no ending dash - AllowedPattern: ^[a-zA-Z0-9]+[a-zA-Z0-9-]+[a-zA-Z0-9]+$ - ApplicationFriendlyName: - Type: String - Description: Application friendly name that will be used in resource descriptions - MainCloudfrontDistributionId: - Type: String - Description: Cloudfront Distribution ID that serves main API endpoints. - - -Resources: - AppDLQMessagesAlarm: - Type: "AWS::CloudWatch::Alarm" - Properties: - AlarmName: !Sub ${ApplicationPrefix}-sqs-dlq-present - AlarmDescription: "Items are present in the application DLQ, meaning some messages failed to process." - Namespace: "AWS/SQS" - MetricName: "ApproximateNumberOfMessagesVisible" - Statistic: "Maximum" - Period: 60 - EvaluationPeriods: 1 - ComparisonOperator: "GreaterThanThreshold" - Threshold: 0 - Dimensions: - - Name: QueueName - Value: !Sub ${ApplicationPrefix}-sqs-dlq - AlarmActions: - - !Ref PriorityAlertSNSArn - - AppLatencyAlarm: - Type: "AWS::CloudWatch::Alarm" - Properties: - AlarmName: !Sub ${ApplicationPrefix}-latency-high - AlarmDescription: "Trailing Mean - 95% API gateway latency is > 1.25s for 2 times in 4 minutes." - Namespace: "AWS/Lambda" - MetricName: "UrlRequestLatency" - ExtendedStatistic: "tm95" - Period: "120" - EvaluationPeriods: "2" - ComparisonOperator: "GreaterThanThreshold" - Threshold: "1250" - AlarmActions: - - !Ref AlertSNSArn - Dimensions: - - Name: "FunctionName" - Value: !Sub ${ApplicationPrefix}-lambda - - AppNoRequestsAlarm: - Type: "AWS::CloudWatch::Alarm" - Properties: - AlarmName: !Sub ${ApplicationPrefix}-no-requests - AlarmDescription: "No requests have been received in the past 5 minutes." - Namespace: "AWS/Lambda" - MetricName: "UrlRequestCount" - Statistic: "Sum" - Period: "300" - EvaluationPeriods: "1" - ComparisonOperator: "LessThanThreshold" - Threshold: "1" - AlarmActions: - - !Ref PriorityAlertSNSArn - Dimensions: - - Name: "FunctionName" - Value: !Sub ${ApplicationPrefix}-lambda - - AppInvocationErrorAlarm: - Type: "AWS::CloudWatch::Alarm" - Properties: - AlarmName: !Sub ${ApplicationPrefix}-error-invocation - AlarmDescription: "Lambda threw an error, meaning the Fastify application itself has encountered an error" - Namespace: "AWS/Lambda" - MetricName: "Errors" - Statistic: "Sum" - Period: "300" - EvaluationPeriods: "1" - ComparisonOperator: "GreaterThanThreshold" - Threshold: "1" - AlarmActions: - - !Ref PriorityAlertSNSArn - Dimensions: - - Name: "FunctionName" - Value: !Sub ${ApplicationPrefix}-lambda - - App5xxErrorAlarm: - Type: "AWS::CloudWatch::Alarm" - Properties: - AlarmName: !Sub ${ApplicationPrefix}-cloudfront-5xx-error - AlarmDescription: "Main application responses are more than 1% 5xx errors (from Cloudfront)" - Namespace: "AWS/CloudFront" - MetricName: "5xxErrorRate" - Statistic: "Average" - Period: "300" - EvaluationPeriods: "1" - ComparisonOperator: "GreaterThanThreshold" - Threshold: "1" - AlarmActions: - - !Ref PriorityAlertSNSArn - Dimensions: - - Name: "DistributionId" - Value: !Ref MainCloudfrontDistributionId diff --git a/cloudformation/logs.yml b/cloudformation/logs.yml index 7e7ed8f6..3fc5ee5b 100644 --- a/cloudformation/logs.yml +++ b/cloudformation/logs.yml @@ -1,22 +1,8 @@ AWSTemplateFormatVersion: '2010-09-09' Description: Stack Log Groups Transform: AWS::Serverless-2016-10-31 -Parameters: - LambdaFunctionName: - Type: String - AllowedPattern: ^[a-zA-Z0-9]+[a-zA-Z0-9-]+[a-zA-Z0-9]+$ - LogRetentionDays: - Type: Number + Resources: - AppApiLambdaLogGroup: - Type: AWS::Logs::LogGroup - DeletionPolicy: Retain - UpdateReplacePolicy: Retain - Properties: - LogGroupName: - Fn::Sub: /aws/lambda/${LambdaFunctionName} - RetentionInDays: - Ref: LogRetentionDays AppAuditLog: Type: "AWS::DynamoDB::Table" DeletionPolicy: "Retain" diff --git a/cloudformation/main.yml b/cloudformation/main.yml index 882f5e19..8c424209 100644 --- a/cloudformation/main.yml +++ b/cloudformation/main.yml @@ -6,14 +6,6 @@ Parameters: RunEnvironment: Type: String AllowedValues: ["dev", "prod"] - AlertSNSArn: - Description: SNS Queue to send general alarm alerts to (prod only) - Type: String - Default: arn:aws:sns:us-east-1:298118738376:infra-monitor-alerts - PriorityAlertSNSArn: - Description: SNS Queue to send priority alarm alerts to (prod only) - Type: String - Default: arn:aws:sns:us-east-1:298118738376:infra-core-api-priority-alerts ApplicationPrefix: Type: String Description: Application prefix, no ending dash @@ -46,10 +38,8 @@ Conditions: Mappings: General: dev: - LogRetentionDays: 7 SesDomain: "aws.qa.acmuiuc.org" prod: - LogRetentionDays: 90 SesDomain: "acm.illinois.edu" ApiGwConfig: dev: @@ -103,10 +93,6 @@ Resources: Type: AWS::Serverless::Application Properties: Location: ./logs.yml - Parameters: - LambdaFunctionName: !Sub ${ApplicationPrefix}-lambda - LogRetentionDays: - !FindInMap [General, !Ref RunEnvironment, LogRetentionDays] AppSQSQueues: Type: AWS::Serverless::Application @@ -116,18 +102,6 @@ Resources: QueueName: !Sub ${ApplicationPrefix}-sqs MessageTimeout: !Ref SqsMessageTimeout - AppAlarms: - Condition: IsProd - Type: AWS::Serverless::Application - Properties: - Location: ./alerting.yml - Parameters: - AlertSNSArn: !Ref AlertSNSArn - PriorityAlertSNSArn: !Ref PriorityAlertSNSArn - ApplicationPrefix: !Ref ApplicationPrefix - ApplicationFriendlyName: !Ref ApplicationFriendlyName - MainCloudfrontDistributionId: !GetAtt AppFrontendCloudfrontDistribution.Id - LinkryRecordSetv4: Condition: IsDev Type: AWS::Route53::RecordSet diff --git a/terraform/envs/prod/main.tf b/terraform/envs/prod/main.tf index 72b2fddf..a4f703ac 100644 --- a/terraform/envs/prod/main.tf +++ b/terraform/envs/prod/main.tf @@ -18,11 +18,15 @@ provider "aws" { } } -import { - to = aws_cloudwatch_log_group.main_app_logs - id = "/aws/lambda/${var.ProjectId}-lambda" -} resource "aws_cloudwatch_log_group" "main_app_logs" { name = "/aws/lambda/${var.ProjectId}-lambda" retention_in_days = var.LogRetentionDays } + +module "app_alarms" { + source = "../../modules/alarms" + main_cloudfront_distribution_id = var.main_cloudfront_distribution_id + resource_prefix = var.ProjectId + priority_sns_arn = var.GeneralSNSAlertArn + standard_sns_arn = var.PrioritySNSAlertArn +} diff --git a/terraform/envs/prod/variables.tf b/terraform/envs/prod/variables.tf index 194e98a9..fdbb29b0 100644 --- a/terraform/envs/prod/variables.tf +++ b/terraform/envs/prod/variables.tf @@ -8,3 +8,17 @@ variable "ProjectId" { default = "infra-core-api" } +variable "main_cloudfront_distribution_id" { + type = string + description = "(temporary) ID for the cloudfront distribution that serves the main application" +} + +variable "GeneralSNSAlertArn" { + type = string + default = "arn:aws:sns:us-east-1:298118738376:infra-monitor-alerts" +} + +variable "PrioritySNSAlertArn" { + type = string + default = "arn:aws:sns:us-east-1:298118738376:infra-core-api-priority-alerts" +} diff --git a/terraform/modules/alarms/main.tf b/terraform/modules/alarms/main.tf new file mode 100644 index 00000000..73d5717d --- /dev/null +++ b/terraform/modules/alarms/main.tf @@ -0,0 +1,107 @@ +provider "aws" { +} + +resource "aws_cloudwatch_metric_alarm" "app_dlq_messages_alarm" { + alarm_name = "${var.resource_prefix}-sqs-dlq-present" + alarm_description = "Items are present in the application DLQ, meaning some messages failed to process." + namespace = "AWS/SQS" + metric_name = "ApproximateNumberOfMessagesVisible" + statistic = "Maximum" + period = 60 + evaluation_periods = 1 + comparison_operator = "GreaterThanThreshold" + threshold = 0 + dimensions = [ + { + Name = "QueueName" + Value = "${var.resource_prefix}-sqs-dlq" + } + ] + alarm_actions = [ + var.priority_sns_arn + ] +} + +resource "aws_cloudwatch_metric_alarm" "app_latency_alarm" { + alarm_name = "${var.resource_prefix}-latency-high" + alarm_description = "Trailing Mean - 95% API gateway latency is > 1.25s for 2 times in 4 minutes." + namespace = "AWS/Lambda" + metric_name = "UrlRequestLatency" + extended_statistic = "tm95" + period = "120" + evaluation_periods = "2" + comparison_operator = "GreaterThanThreshold" + threshold = "1250" + alarm_actions = [ + var.standard_sns_arn + ] + dimensions = [ + { + Name = "FunctionName" + Value = "${var.resource_prefix}-lambda" + } + ] +} + +resource "aws_cloudwatch_metric_alarm" "app_no_requests_alarm" { + alarm_name = "${var.resource_prefix}-no-requests" + alarm_description = "No requests have been received in the past 5 minutes." + namespace = "AWS/Lambda" + metric_name = "UrlRequestCount" + statistic = "Sum" + period = "300" + evaluation_periods = "1" + comparison_operator = "LessThanThreshold" + threshold = "1" + alarm_actions = [ + var.priority_sns_arn + ] + dimensions = [ + { + Name = "FunctionName" + Value = "${var.resource_prefix}-lambda" + } + ] +} + +resource "aws_cloudwatch_metric_alarm" "app_invocation_error_alarm" { + alarm_name = "${var.resource_prefix}-error-invocation" + alarm_description = "Lambda threw an error, meaning the init of the application itself has encountered an error" + namespace = "AWS/Lambda" + metric_name = "Errors" + statistic = "Sum" + period = "300" + evaluation_periods = "1" + comparison_operator = "GreaterThanThreshold" + threshold = "1" + alarm_actions = [ + var.priority_sns_arn + ] + dimensions = [ + { + Name = "FunctionName" + Value = "${var.resource_prefix}-lambda" + } + ] +} + +resource "aws_cloudwatch_metric_alarm" "app5xx_error_alarm" { + alarm_name = "${var.resource_prefix}-cloudfront-5xx-error" + alarm_description = "Main application responses are more than 1% 5xx errors (from Cloudfront)" + namespace = "AWS/CloudFront" + metric_name = "5xxErrorRate" + statistic = "Average" + period = "300" + evaluation_periods = "1" + comparison_operator = "GreaterThanThreshold" + threshold = "1" + alarm_actions = [ + var.priority_sns_arn + ] + dimensions = [ + { + Name = "DistributionId" + Value = var.main_cloudfront_distribution_id + } + ] +} diff --git a/terraform/modules/alarms/variables.tf b/terraform/modules/alarms/variables.tf new file mode 100644 index 00000000..028c926a --- /dev/null +++ b/terraform/modules/alarms/variables.tf @@ -0,0 +1,19 @@ +variable "resource_prefix" { + type = string + description = "Prefix before each resource" +} + +variable "priority_sns_arn" { + type = string + description = "Priority SNS alerts ARN" +} + +variable "standard_sns_arn" { + type = string + description = "Standard SNS alerts ARN" +} + +variable "main_cloudfront_distribution_id" { + type = string + description = "ID for the cloudfront distribution that serves the main application" +} From 6ede5aacc30d3f9240e2a8435dda3c6da51b4bd7 Mon Sep 17 00:00:00 2001 From: Dev Singh Date: Tue, 22 Jul 2025 10:23:59 -0400 Subject: [PATCH 2/8] update terraform --- terraform/modules/alarms/main.tf | 45 +++++++++++--------------------- 1 file changed, 15 insertions(+), 30 deletions(-) diff --git a/terraform/modules/alarms/main.tf b/terraform/modules/alarms/main.tf index 73d5717d..da7f97e8 100644 --- a/terraform/modules/alarms/main.tf +++ b/terraform/modules/alarms/main.tf @@ -11,12 +11,9 @@ resource "aws_cloudwatch_metric_alarm" "app_dlq_messages_alarm" { evaluation_periods = 1 comparison_operator = "GreaterThanThreshold" threshold = 0 - dimensions = [ - { - Name = "QueueName" - Value = "${var.resource_prefix}-sqs-dlq" - } - ] + dimensions = { + QueueName = "${var.resource_prefix}-sqs-dlq" + } alarm_actions = [ var.priority_sns_arn ] @@ -35,12 +32,9 @@ resource "aws_cloudwatch_metric_alarm" "app_latency_alarm" { alarm_actions = [ var.standard_sns_arn ] - dimensions = [ - { - Name = "FunctionName" - Value = "${var.resource_prefix}-lambda" - } - ] + dimensions = { + FunctionName = "${var.resource_prefix}-lambda" + } } resource "aws_cloudwatch_metric_alarm" "app_no_requests_alarm" { @@ -56,12 +50,9 @@ resource "aws_cloudwatch_metric_alarm" "app_no_requests_alarm" { alarm_actions = [ var.priority_sns_arn ] - dimensions = [ - { - Name = "FunctionName" - Value = "${var.resource_prefix}-lambda" - } - ] + dimensions = { + FunctionName = "${var.resource_prefix}-lambda" + } } resource "aws_cloudwatch_metric_alarm" "app_invocation_error_alarm" { @@ -77,12 +68,9 @@ resource "aws_cloudwatch_metric_alarm" "app_invocation_error_alarm" { alarm_actions = [ var.priority_sns_arn ] - dimensions = [ - { - Name = "FunctionName" - Value = "${var.resource_prefix}-lambda" - } - ] + dimensions = { + FunctionName = "${var.resource_prefix}-lambda" + } } resource "aws_cloudwatch_metric_alarm" "app5xx_error_alarm" { @@ -98,10 +86,7 @@ resource "aws_cloudwatch_metric_alarm" "app5xx_error_alarm" { alarm_actions = [ var.priority_sns_arn ] - dimensions = [ - { - Name = "DistributionId" - Value = var.main_cloudfront_distribution_id - } - ] + dimensions = { + DistributionId = var.main_cloudfront_distribution_id + } } From ac049b5f7173b126429e5eaca1cc13ad9d365a67 Mon Sep 17 00:00:00 2001 From: Dev Singh Date: Tue, 22 Jul 2025 10:26:38 -0400 Subject: [PATCH 3/8] update makefile --- Makefile | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index f6b99c7a..8850b949 100644 --- a/Makefile +++ b/Makefile @@ -90,17 +90,20 @@ postdeploy: deploy_prod: check_account_prod @echo "Deploying CloudFormation stack..." - terraform -chdir=terraform/envs/prod init - terraform -chdir=terraform/envs/prod apply -auto-approve sam deploy $(common_params) --parameter-overrides $(run_env)=prod $(set_application_prefix)=$(application_key) $(set_application_name)="$(application_name)" S3BucketPrefix="$(s3_bucket_prefix)" + @echo "Deploying Terraform..." + $(eval MAIN_DISTRIBUTION_ID := $(shell aws cloudformation describe-stacks --stack-name $(application_key) --query "Stacks[0].Outputs[?OutputKey=='CloudfrontDistributionId'].OutputValue" --output text)) + terraform -chdir=terraform/envs/prod init + terraform -chdir=terraform/envs/prod apply -auto-approve -var main_cloudfront_distribution_id="$(MAIN_DISTRIBUTION_ID)" make postdeploy deploy_dev: check_account_dev @echo "Deploying CloudFormation stack..." sam deploy $(common_params) --parameter-overrides $(run_env)=dev $(set_application_prefix)=$(application_key) $(set_application_name)="$(application_name)" S3BucketPrefix="$(s3_bucket_prefix)" @echo "Deploying Terraform..." + $(eval MAIN_DISTRIBUTION_ID := $(shell aws cloudformation describe-stacks --stack-name $(application_key) --query "Stacks[0].Outputs[?OutputKey=='CloudfrontDistributionId'].OutputValue" --output text)) terraform -chdir=terraform/envs/qa init - terraform -chdir=terraform/envs/qa apply -auto-approve + terraform -chdir=terraform/envs/qa apply -auto-approve -var main_cloudfront_distribution_id="$(MAIN_DISTRIBUTION_ID)" make postdeploy invalidate_cloudfront: From 5b836330cd1325e2e94356ff9f9805f2b09f0f39 Mon Sep 17 00:00:00 2001 From: Dev Singh Date: Tue, 22 Jul 2025 10:28:46 -0400 Subject: [PATCH 4/8] set required provider --- terraform/modules/alarms/main.tf | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/terraform/modules/alarms/main.tf b/terraform/modules/alarms/main.tf index da7f97e8..0f411896 100644 --- a/terraform/modules/alarms/main.tf +++ b/terraform/modules/alarms/main.tf @@ -1,4 +1,9 @@ -provider "aws" { +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + } + } } resource "aws_cloudwatch_metric_alarm" "app_dlq_messages_alarm" { From aaf4eb9cbfb74cf7e5337d55c5941c1d0b33ffb3 Mon Sep 17 00:00:00 2001 From: Dev Singh Date: Tue, 22 Jul 2025 10:30:13 -0400 Subject: [PATCH 5/8] update pre-commit hook --- .husky/pre-commit | 1 + 1 file changed, 1 insertion(+) diff --git a/.husky/pre-commit b/.husky/pre-commit index de2afa02..ed58a402 100644 --- a/.husky/pre-commit +++ b/.husky/pre-commit @@ -6,6 +6,7 @@ if [ -n "$STAGED_FILES" ]; then # Run lint on all files (modifies files in the working directory) yarn lint --fix yarn prettier:write + terraform -chdir=terraform/ fmt --recursive echo "Re-adding originally staged files to the staging area..." # Re-add only the originally staged files From 573fcc87b031adac17ae3b51487dcd9ffe276e58 Mon Sep 17 00:00:00 2001 From: Dev Singh Date: Tue, 22 Jul 2025 10:34:01 -0400 Subject: [PATCH 6/8] set variable --- terraform/envs/qa/variables.tf | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/terraform/envs/qa/variables.tf b/terraform/envs/qa/variables.tf index 5d2d4f92..5960e372 100644 --- a/terraform/envs/qa/variables.tf +++ b/terraform/envs/qa/variables.tf @@ -7,3 +7,8 @@ variable "ProjectId" { type = string default = "infra-core-api" } + +variable "main_cloudfront_distribution_id" { + type = string + description = "(temporary) ID for the cloudfront distribution that serves the main application" +} From 3fbcb424f356be5793e79d8ee973888c6589f5af Mon Sep 17 00:00:00 2001 From: Dev Singh Date: Tue, 22 Jul 2025 10:36:21 -0400 Subject: [PATCH 7/8] remove import of log group in QA --- terraform/envs/qa/main.tf | 5 ----- 1 file changed, 5 deletions(-) diff --git a/terraform/envs/qa/main.tf b/terraform/envs/qa/main.tf index 72b2fddf..a8a6ed8f 100644 --- a/terraform/envs/qa/main.tf +++ b/terraform/envs/qa/main.tf @@ -17,11 +17,6 @@ provider "aws" { } } } - -import { - to = aws_cloudwatch_log_group.main_app_logs - id = "/aws/lambda/${var.ProjectId}-lambda" -} resource "aws_cloudwatch_log_group" "main_app_logs" { name = "/aws/lambda/${var.ProjectId}-lambda" retention_in_days = var.LogRetentionDays From bac761f894d2e10d641366e021ac6090d1ec06b8 Mon Sep 17 00:00:00 2001 From: Dev Singh Date: Tue, 22 Jul 2025 10:39:39 -0400 Subject: [PATCH 8/8] add a manual prod deployment script --- .github/workflows/manual-prod.yml | 130 ++++++++++++++++++++++++++++++ 1 file changed, 130 insertions(+) create mode 100644 .github/workflows/manual-prod.yml diff --git a/.github/workflows/manual-prod.yml b/.github/workflows/manual-prod.yml new file mode 100644 index 00000000..4f0bbb12 --- /dev/null +++ b/.github/workflows/manual-prod.yml @@ -0,0 +1,130 @@ +name: Deploy all resources to PROD (Manual) +run-name: Manual PROD deploy - @${{ github.actor }} + +on: + workflow_dispatch: + +jobs: + test: + runs-on: ubuntu-latest + timeout-minutes: 15 + name: Run Unit Tests + steps: + - uses: actions/checkout@v4 + env: + HUSKY: "0" + + - name: Set up Node + uses: actions/setup-node@v4 + with: + node-version: 22.x + cache: "yarn" + + - name: Setup Terraform + uses: hashicorp/setup-terraform@v2 + with: + terraform_version: 1.12.2 + + - name: Restore Yarn Cache + uses: actions/cache@v4 + with: + path: node_modules + key: yarn-modules-${{ runner.arch }}-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}-dev + restore-keys: | + yarn-modules-${{ runner.arch }}-${{ runner.os }}- + + - name: Run unit testing + run: make test_unit + + build: + runs-on: ubuntu-24.04-arm + timeout-minutes: 15 + name: Build Application + steps: + - uses: actions/checkout@v4 + env: + HUSKY: "0" + + - name: Set up Node + uses: actions/setup-node@v4 + with: + node-version: 22.x + cache: "yarn" + + - name: Restore Yarn Cache + uses: actions/cache@v4 + with: + path: node_modules + key: yarn-modules-${{ runner.arch }}-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}-prod + restore-keys: | + yarn-modules-${{ runner.arch }}-${{ runner.os }}- + + - name: Run build + run: make build + env: + HUSKY: "0" + VITE_RUN_ENVIRONMENT: prod + RunEnvironment: prod + VITE_BUILD_HASH: ${{ github.sha }} + + - name: Upload Build files + uses: actions/upload-artifact@v4 + with: + include-hidden-files: true + name: build-prod + path: | + .aws-sam/ + dist/ + dist_ui/ + + deploy-prod: + runs-on: ubuntu-latest + timeout-minutes: 30 + name: Deploy to Prod and Run Health Check + concurrency: + group: ${{ github.event.repository.name }}-prod + cancel-in-progress: false + permissions: + id-token: write + contents: read + needs: + - test + - build + environment: "AWS PROD" + steps: + - name: Set up Node for testing + uses: actions/setup-node@v4 + with: + node-version: 22.x + + - name: Setup Terraform + uses: hashicorp/setup-terraform@v2 + with: + terraform_version: 1.12.2 + + - uses: actions/checkout@v4 + env: + HUSKY: "0" + - uses: aws-actions/setup-sam@v2 + with: + use-installer: true + - name: Set up Python 3.11 + uses: actions/setup-python@v5 + with: + python-version: 3.11 + - name: Download Build files + uses: actions/download-artifact@v4 + with: + name: build-prod + - uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: arn:aws:iam::298118738376:role/GitHubActionsRole + role-session-name: Manual_Core_Prod_Deployment_${{ github.run_id }} + aws-region: us-east-1 + - name: Publish to AWS + run: make deploy_prod + env: + HUSKY: "0" + VITE_RUN_ENVIRONMENT: prod + - name: Call the health check script + run: make prod_health_check