-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
MAJOR refactor and initial CI/CD pipeline
- Loading branch information
1 parent
d486f0a
commit 912b79c
Showing
32 changed files
with
1,707 additions
and
1,383 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,186 @@ | ||
| name: deploy | ||
|
|
||
| on: | ||
| push: | ||
| branches: [ 'main', 'develop'] | ||
| env: | ||
| AWS_DEFAULT_REGION: us-east-1 | ||
| AWS_DEFAULT_OUTPUT: json | ||
|
|
||
| jobs: | ||
| code-quality: | ||
| name: Check coding standards | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v3 | ||
| - run: echo "Job triggered by ${{ github.event_name }} event." | ||
| - run: echo "Job running on a ${{ runner.os }} server hosted by GitHub." | ||
| - run: echo "Branch name is ${{ github.ref }} and repository is ${{ github.repository }}." | ||
| - name: Set up NodeJs | ||
| uses: actions/setup-node@v3 | ||
| with: | ||
| node-version: "20" | ||
| - run: | | ||
| npm ci | ||
| npm run prettier-check | ||
| npm run lint | ||
| build-nextjs: | ||
| name: Build NextJS Application | ||
| runs-on: ubuntu-latest | ||
| needs: code-quality | ||
| steps: | ||
| - uses: actions/checkout@v3 | ||
| - name: Set up NodeJs | ||
| uses: actions/setup-node@v3 | ||
| with: | ||
| node-version: "20" | ||
| - run: | | ||
| bash build | ||
| - name: Archive NextJS Output dir | ||
| uses: actions/upload-artifact@v3 | ||
| with: | ||
| name: nextjs-output-dir | ||
| path: src/out | ||
|
|
||
| cdk-synth-diff: | ||
| name: CDK Synth & Diff | ||
| runs-on: ubuntu-latest | ||
| needs: build-nextjs | ||
| permissions: | ||
| id-token: write # This is required for requesting the JWT | ||
| contents: read # This is required for actions/checkout | ||
| steps: | ||
| - uses: actions/checkout@v3 | ||
|
|
||
| - name: Set up NodeJs | ||
| uses: actions/setup-node@v3 | ||
| with: | ||
| node-version: "20" | ||
|
|
||
| - name: Install CDK | ||
| run: | | ||
| npm install -g aws-cdk | ||
| # Same task with different secrets depending on the branch ref (dev vs prod deployments) | ||
| # Note: there might be better alternatives, but this is a workaround to deploy to both envs | ||
| - name: Configure AWS Credentials (DEV) | ||
| if: github.ref != 'refs/heads/main' | ||
| uses: aws-actions/configure-aws-credentials@v4 | ||
| with: | ||
| aws-region: ${{ env.AWS_DEFAULT_REGION }} | ||
| role-to-assume: arn:aws:iam::${{ secrets.DEV_AWS_ACCOUNT_ID }}:role/${{ secrets.DEV_AWS_DEPLOY_ROLE }} | ||
| role-session-name: myGitHubActions | ||
| - name: Configure AWS Credentials (PROD) | ||
| if: github.ref != 'refs/heads/main' | ||
| uses: aws-actions/configure-aws-credentials@v4 | ||
| with: | ||
| aws-region: ${{ env.AWS_DEFAULT_REGION }} | ||
| role-to-assume: arn:aws:iam::${{ secrets.PROD_AWS_ACCOUNT_ID }}:role/${{ secrets.PROD_AWS_DEPLOY_ROLE }} | ||
| role-session-name: myGitHubActions | ||
|
|
||
| # Sample STS get caller identity for tests | ||
| - name: sts get-caller-identity | ||
| run: | | ||
| aws sts get-caller-identity | ||
| - name: CDK Synth | ||
| run: | | ||
| cd ./cdk | ||
| cdk synth | ||
| - name: CDK Diff | ||
| run: | | ||
| cd ./cdk | ||
| cdk diff | ||
| - name: Archive CDK Synth results (no assets) | ||
| uses: actions/upload-artifact@v3 | ||
| with: | ||
| name: cdk-synth-folder | ||
| path: | | ||
| ./cdk.out | ||
| !./cdk.out/asset.* | ||
| retention-days: 1 | ||
|
|
||
| iac-checkov: | ||
| name: IaC Checkov Validations | ||
| runs-on: ubuntu-latest | ||
| needs: cdk-synth-diff | ||
| steps: | ||
| - uses: actions/checkout@v3 | ||
|
|
||
| - name: Dowload CDK Synth results | ||
| uses: actions/download-artifact@v3 | ||
| with: | ||
| name: cdk-synth-folder | ||
| path: ./cdk-synth-output-folder | ||
|
|
||
| - name: Display files in the output folder | ||
| run: ls -lrta | ||
| working-directory: ./cdk-synth-output-folder | ||
|
|
||
| - name: Run Checkov action | ||
| id: checkov | ||
| uses: bridgecrewio/checkov-action@v12 | ||
| with: | ||
| directory: cdk-synth-output-folder/ | ||
| framework: cloudformation | ||
| soft_fail: true # optional: do not return an error code if there are failed checks | ||
| skip_check: CKV_AWS_2 # optional: skip a specific check_id. can be comma separated list | ||
| quiet: true # optional: display only failed checks | ||
|
|
||
| cdk-deploy: | ||
| name: Deploy CDK | ||
| runs-on: ubuntu-latest | ||
| needs: | ||
| - iac-checkov | ||
| permissions: | ||
| id-token: write # This is required for requesting the JWT | ||
| contents: read # This is required for actions/checkout | ||
| steps: | ||
| - uses: actions/checkout@v3 | ||
|
|
||
| - name: Set up NodeJs | ||
| uses: actions/setup-node@v3 | ||
| with: | ||
| node-version: "20" | ||
|
|
||
| - name: Install CDK | ||
| run: npm install -g aws-cdk | ||
|
|
||
| # Same task with different secrets depending on the branch ref (dev vs prod deployments) | ||
| # Note: there might be better alternatives, but this is a workaround to deploy to both envs | ||
| - name: Configure AWS Credentials (DEV) | ||
| if: github.ref != 'refs/heads/main' | ||
| uses: aws-actions/configure-aws-credentials@v4 | ||
| with: | ||
| aws-region: ${{ env.AWS_DEFAULT_REGION }} | ||
| role-to-assume: arn:aws:iam::${{ secrets.DEV_AWS_ACCOUNT_ID }}:role/${{ secrets.DEV_AWS_DEPLOY_ROLE }} | ||
| role-session-name: myGitHubActions | ||
| - name: Configure AWS Credentials (PROD) | ||
| if: github.ref == 'refs/heads/main' | ||
| uses: aws-actions/configure-aws-credentials@v4 | ||
| with: | ||
| aws-region: ${{ env.AWS_DEFAULT_REGION }} | ||
| role-to-assume: arn:aws:iam::${{ secrets.PROD_AWS_ACCOUNT_ID }}:role/${{ secrets.PROD_AWS_DEPLOY_ROLE }} | ||
| role-session-name: myGitHubActions | ||
|
|
||
| - name: Dowload NextJS output folder | ||
| uses: actions/download-artifact@v3 | ||
| with: | ||
| name: nextjs-output-dir | ||
| path: ./src/out | ||
|
|
||
| # NOTE: for now no manual approvals are required | ||
| - name: Deploy to AWS | ||
| run: | | ||
| # To update the deployment environment based on the git branch | ||
| if [[ $GITHUB_REF == 'refs/heads/main' ]]; then | ||
| echo "DEPLOYMENT_ENVIRONMENT=prod" >> "$GITHUB_ENV" | ||
| else | ||
| echo "DEPLOYMENT_ENVIRONMENT=dev" >> "$GITHUB_ENV" | ||
| fi | ||
| echo "Deployment environment is: $DEPLOYMENT_ENVIRONMENT" | ||
| # Main deployment scripts | ||
| bash deploy.sh $DEPLOYMENT_ENVIRONMENT |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,19 +1,19 @@ | ||
| import { | ||
| ChakraProvider, | ||
| cookieStorageManagerSSR, | ||
| localStorageManager | ||
| ChakraProvider, | ||
| cookieStorageManagerSSR, | ||
| localStorageManager | ||
| } from '@chakra-ui/react' | ||
| import theme from '../lib/theme' | ||
|
|
||
| export default function Chakra({ cookies, children }) { | ||
| const colorModeManager = | ||
| typeof cookies === 'string' | ||
| ? cookieStorageManagerSSR(cookies) | ||
| : localStorageManager | ||
| const colorModeManager = | ||
| typeof cookies === 'string' | ||
| ? cookieStorageManagerSSR(cookies) | ||
| : localStorageManager | ||
|
|
||
| return ( | ||
| <ChakraProvider theme={theme} colorModeManager={colorModeManager}> | ||
| {children} | ||
| </ChakraProvider> | ||
| ) | ||
| return ( | ||
| <ChakraProvider theme={theme} colorModeManager={colorModeManager}> | ||
| {children} | ||
| </ChakraProvider> | ||
| ) | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,6 @@ | ||
| const Fonts = () => ( | ||
| <style jsx global>{` | ||
| @import url('https://fonts.googleapis.com/css2?family=M+PLUS+Rounded+1c:wght@300;700&display=swap'); | ||
| `}</style> | ||
| <style jsx global>{` | ||
| @import url('https://fonts.googleapis.com/css2?family=M+PLUS+Rounded+1c:wght@300;700&display=swap'); | ||
| `}</style> | ||
| ) | ||
| export default Fonts | ||
| export default Fonts |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.