Deploy stage - f98d858ba433196bb0bbe6c0896f7afc53abd1d5 #462
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy to Fargate | |
| run-name: "Deploy ${{ github.event.inputs.environment || github.event.action || 'stage' }} - ${{ github.event.client_payload.message || github.sha }}" | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| environment: | |
| description: 'Environment to deploy to' | |
| required: true | |
| type: choice | |
| options: | |
| - stage | |
| - prod | |
| repository_dispatch: | |
| types: [stage, prod] | |
| # Allow testing from feature branches | |
| # push: | |
| # branches: | |
| # - fargate | |
| permissions: | |
| id-token: write | |
| contents: read | |
| # Cancel in-progress deployments when a new one starts (per environment) | |
| concurrency: | |
| group: deploy-${{ github.event.inputs.environment || github.event.action || 'stage' }} | |
| cancel-in-progress: true | |
| env: | |
| AWS_REGION: us-west-2 | |
| jobs: | |
| deploy: | |
| runs-on: ubuntu-latest | |
| environment: ${{ github.event.inputs.environment || github.event.action || 'stage' }} | |
| env: | |
| DEPLOY_ENV: ${{ github.event.inputs.environment || github.event.action || 'stage' }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: arn:aws:iam::768512802988:role/thunderbird-website-deploy | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Login to ECR | |
| id: ecr-login | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| - name: Create placeholders for deployment build | |
| run: | | |
| mkdir -p dist/www.thunderbird.net dist/start.thunderbird.net dist/updates.thunderbird.net dist/tb.pro dist/roadmaps.thunderbird.net media | |
| touch dist/www.thunderbird.net/.gitkeep dist/start.thunderbird.net/.gitkeep | |
| touch dist/updates.thunderbird.net/.gitkeep dist/tb.pro/.gitkeep media/.gitkeep | |
| touch dist/roadmaps.thunderbird.net/.gitkeep | |
| - name: Build and push Docker image | |
| id: build-image | |
| env: | |
| ECR_REGISTRY: ${{ steps.ecr-login.outputs.registry }} | |
| IMAGE_TAG: ${{ github.sha }} | |
| BUILD_ENV: ${{ env.DEPLOY_ENV }} | |
| run: | | |
| IMAGE_URI="$ECR_REGISTRY/thunderbird-website-$BUILD_ENV:$IMAGE_TAG" | |
| if [ "$BUILD_ENV" = "prod" ]; then REPO_BRANCH="prod"; else REPO_BRANCH="master"; fi | |
| docker build \ | |
| -f docker/Dockerfile \ | |
| --build-arg BUILD_ENV=$BUILD_ENV \ | |
| --build-arg REPO_BRANCH=$REPO_BRANCH \ | |
| -t $IMAGE_URI \ | |
| -t $ECR_REGISTRY/thunderbird-website-$BUILD_ENV:latest \ | |
| . | |
| docker push $IMAGE_URI | |
| docker push $ECR_REGISTRY/thunderbird-website-$BUILD_ENV:latest | |
| echo "image_uri=$IMAGE_URI" >> $GITHUB_OUTPUT | |
| - name: Setup Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.11' | |
| - name: Install dependencies | |
| working-directory: ./pulumi | |
| run: pip install -r requirements.txt | |
| # Authenticate with Pulumi Cloud via OIDC (no token secret needed) | |
| - name: Authenticate with Pulumi Cloud | |
| uses: pulumi/auth-actions@v1 | |
| with: | |
| organization: thunderbird | |
| requested-token-type: urn:pulumi:token-type:access_token:organization | |
| - name: Deploy infrastructure | |
| uses: pulumi/actions@v6 | |
| with: | |
| command: up | |
| stack-name: thunderbird/thunderbird-website/${{ env.DEPLOY_ENV }} | |
| work-dir: ./pulumi | |
| refresh: true | |
| env: | |
| IMAGE_URI: ${{ steps.build-image.outputs.image_uri }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Update ECS service | |
| env: | |
| BUILD_ENV: ${{ env.DEPLOY_ENV }} | |
| run: | | |
| aws ecs update-service \ | |
| --cluster thunderbird-website-$BUILD_ENV \ | |
| --service thunderbird-website-$BUILD_ENV \ | |
| --force-new-deployment \ | |
| --region $AWS_REGION |