diff --git a/.github/actions/setup-pnpm/action.yml b/.github/actions/setup-pnpm/action.yml new file mode 100644 index 00000000..41137e7b --- /dev/null +++ b/.github/actions/setup-pnpm/action.yml @@ -0,0 +1,27 @@ +name: Setup pnpm +runs: + using: composite + steps: + - name: Install Node.js + uses: actions/setup-node@v4 + with: + node-version: 20 + + - uses: pnpm/action-setup@v3 + name: Install pnpm + with: + version: 9 + run_install: false + + - name: Get pnpm store directory + shell: bash + run: | + echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV + + - uses: actions/cache@v4 + name: Setup pnpm cache + with: + path: ${{ env.STORE_PATH }} + key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }} + restore-keys: | + ${{ runner.os }}-pnpm-store- diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml deleted file mode 100644 index b8a11908..00000000 --- a/.github/workflows/build-and-deploy.yml +++ /dev/null @@ -1,74 +0,0 @@ -name: Build and deploy - -on: - push: - branches: - - main - pull_request: - types: - - opened - - reopened - - synchronize - -# do not cancel in progress, SST will be stuck in a "locked" state if cancelled mid-deployment -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - -jobs: - build_and_deploy: - name: Build and deploy PeterPortal - runs-on: ubuntu-latest - if: (github.event_name != 'pull_request' || !contains(github.event.pull_request.labels.*.name, 'no deploy')) - environment: - name: ${{ (github.event_name == 'pull_request' && format('staging-{0}', github.event.pull_request.number)) || 'production' }} - url: https://${{ (github.event_name == 'pull_request' && format('staging-{0}.', github.event.pull_request.number)) || '' }}peterportal.org - - steps: - - name: Check Out Repo - uses: actions/checkout@v4 - - - name: Install Node.js - uses: actions/setup-node@v4 - with: - node-version: 20 - - - uses: pnpm/action-setup@v3 - name: Install pnpm - with: - version: 9 - run_install: false - - - name: Get pnpm store directory - shell: bash - run: | - echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV - - - uses: actions/cache@v4 - name: Setup pnpm cache - with: - path: ${{ env.STORE_PATH }} - key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }} - restore-keys: | - ${{ runner.os }}-pnpm-store- - - - name: Install Dependencies - run: pnpm install - env: - HUSKY: 0 - - - name: Build and deploy - run: pnpm sst deploy --stage ${{ (github.event_name == 'pull_request' && format('staging-{0}', github.event.pull_request.number)) || 'prod' }} - env: - CI: false - PUBLIC_API_URL: ${{secrets.PUBLIC_API_URL}} - DATABASE_URL: ${{ github.event_name == 'pull_request' && secrets.DEV_DATABASE_URL || secrets.PROD_DATABASE_URL }} - SESSION_SECRET: ${{secrets.SESSION_SECRET}} - GOOGLE_CLIENT: ${{secrets.GOOGLE_CLIENT}} - GOOGLE_SECRET: ${{secrets.GOOGLE_SECRET}} - GRECAPTCHA_SECRET: ${{secrets.GRECAPTCHA_SECRET}} - ADMIN_EMAILS: ${{secrets.ADMIN_EMAILS}} - PRODUCTION_DOMAIN: ${{secrets.PRODUCTION_DOMAIN}} - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - NODE_ENV: ${{ github.event_name == 'pull_request' && 'staging' || 'production' }} - ANTEATER_API_KEY: ${{ secrets.ANTEATER_API_KEY }} diff --git a/.github/workflows/clean-up-pr.yml b/.github/workflows/clean-up-pr.yml deleted file mode 100644 index d25d107d..00000000 --- a/.github/workflows/clean-up-pr.yml +++ /dev/null @@ -1,61 +0,0 @@ -name: Clean up PR - -on: - pull_request: - types: [closed] - -# use pr number for group instead of github.ref because ref will be main branch when the PR closes which is not a unique group for the PR -concurrency: - group: ${{ github.workflow }}-pr-${{ github.event.pull_request.number }} - cancel-in-progress: true - -jobs: - clean-up-pr: - runs-on: ubuntu-latest - - steps: - - name: Check Out Repo - uses: actions/checkout@v4 - - - name: Install Node.js - uses: actions/setup-node@v4 - with: - node-version: 20 - - - uses: pnpm/action-setup@v3 - name: Install pnpm - with: - version: 9 - run_install: false - - - name: Get pnpm store directory - shell: bash - run: | - echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV - - - uses: actions/cache@v4 - name: Setup pnpm cache - with: - path: ${{ env.STORE_PATH }} - key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }} - restore-keys: | - ${{ runner.os }}-pnpm-store- - - - name: Install Dependencies - run: pnpm install - env: - HUSKY: 0 - - - name: Remove staging stack - run: pnpm sst remove --stage staging-${{ github.event.pull_request.number }} - env: - CI: false - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - - - name: Deactivate deployment - uses: strumwolf/delete-deployment-environment@v3.0.0 - with: - environment: staging-${{ github.event.pull_request.number }} - token: ${{ secrets.GITHUB_TOKEN }} - onlyDeactivateDeployments: true diff --git a/.github/workflows/deploy-prod.yml b/.github/workflows/deploy-prod.yml new file mode 100644 index 00000000..a74d9617 --- /dev/null +++ b/.github/workflows/deploy-prod.yml @@ -0,0 +1,46 @@ +name: Deploy production + +on: + push: + branches: + - main + +# do not cancel in progress, SST will be stuck in a "locked" state if cancelled mid-deployment +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + +jobs: + build_and_deploy: + name: Build and deploy + runs-on: ubuntu-latest + environment: + name: production + url: https://peterportal.org + steps: + - name: Checkout repo + uses: actions/checkout@v4 + + - name: Setup pnpm + uses: ./.github/actions/setup-pnpm + + - name: Install dependencies + run: pnpm install + env: + HUSKY: 0 + + - name: Build and deploy + run: pnpm sst deploy --stage prod + env: + DATABASE_URL: ${{ secrets.PROD_DATABASE_URL }} + NODE_ENV: production + + PUBLIC_API_URL: ${{ secrets.PUBLIC_API_URL }} + SESSION_SECRET: ${{ secrets.SESSION_SECRET }} + GOOGLE_CLIENT: ${{ secrets.GOOGLE_CLIENT }} + GOOGLE_SECRET: ${{ secrets.GOOGLE_SECRET }} + GRECAPTCHA_SECRET: ${{ secrets.GRECAPTCHA_SECRET }} + ADMIN_EMAILS: ${{ secrets.ADMIN_EMAILS }} + PRODUCTION_DOMAIN: ${{ secrets.PRODUCTION_DOMAIN }} + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + ANTEATER_API_KEY: ${{ secrets.ANTEATER_API_KEY }} diff --git a/.github/workflows/deploy-staging.yml b/.github/workflows/deploy-staging.yml new file mode 100644 index 00000000..0edc4a30 --- /dev/null +++ b/.github/workflows/deploy-staging.yml @@ -0,0 +1,50 @@ +name: Deploy staging + +on: + pull_request: + types: + - opened + - reopened + - synchronize + +# do not cancel in progress, SST will be stuck in a "locked" state if cancelled mid-deployment +concurrency: + group: staging-${{ github.event.pull_request.number }} + +jobs: + build_and_deploy: + name: Build and deploy + runs-on: ubuntu-latest + # don't run if labeled "no deploy" && don't run on PRs from forks + if: (!contains(github.event.pull_request.labels.*.name, 'no deploy')) && github.event.pull_request.head.repo.full_name == github.repository + environment: + name: staging-${{ github.event.pull_request.number }} + url: https://staging-${{ github.event.pull_request.number }}.peterportal.org + steps: + - name: Checkout repo + uses: actions/checkout@v4 + + - name: Setup pnpm + uses: ./.github/actions/setup-pnpm + + - name: Install dependencies + run: pnpm install + env: + HUSKY: 0 + + - name: Build and deploy + run: pnpm sst deploy --stage staging-${{ github.event.pull_request.number }} + env: + DATABASE_URL: ${{ secrets.DEV_DATABASE_URL }} + NODE_ENV: staging + + PUBLIC_API_URL: ${{ secrets.PUBLIC_API_URL }} + SESSION_SECRET: ${{ secrets.SESSION_SECRET }} + GOOGLE_CLIENT: ${{ secrets.GOOGLE_CLIENT }} + GOOGLE_SECRET: ${{ secrets.GOOGLE_SECRET }} + GRECAPTCHA_SECRET: ${{ secrets.GRECAPTCHA_SECRET }} + ADMIN_EMAILS: ${{ secrets.ADMIN_EMAILS }} + PRODUCTION_DOMAIN: ${{ secrets.PRODUCTION_DOMAIN }} + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + ANTEATER_API_KEY: ${{ secrets.ANTEATER_API_KEY }} diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index ea0aec03..b35febac 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -15,34 +15,12 @@ jobs: lint: name: Lint and check formatting runs-on: ubuntu-latest - steps: - - name: Check Out Repo + - name: Checkout repo uses: actions/checkout@v4 - - name: Install Node.js - uses: actions/setup-node@v4 - with: - node-version: 20 - - - uses: pnpm/action-setup@v3 - name: Install pnpm - with: - version: 9 - run_install: false - - - name: Get pnpm store directory - shell: bash - run: | - echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV - - - uses: actions/cache@v4 - name: Setup pnpm cache - with: - path: ${{ env.STORE_PATH }} - key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }} - restore-keys: | - ${{ runner.os }}-pnpm-store- + - name: Setup pnpm + uses: ./.github/actions/setup-pnpm - name: Install Dependencies run: pnpm install diff --git a/.github/workflows/remove-staging.yml b/.github/workflows/remove-staging.yml new file mode 100644 index 00000000..0165c1cd --- /dev/null +++ b/.github/workflows/remove-staging.yml @@ -0,0 +1,41 @@ +name: Remove staging + +on: + pull_request: + types: + - closed + +# use pr number for group instead of github.ref because ref will be main branch when the PR closes which is not a unique group for the PR +# group should match with deploy-staging workflow so those don't run concurrently (if someone closes/reopens a PR) +concurrency: + group: staging-${{ github.event.pull_request.number }} + +jobs: + clean-up-pr: + runs-on: ubuntu-latest + # don't run on PRs from forks + if: github.event.pull_request.head.repo.full_name == github.repository + steps: + - name: Checkout repo + uses: actions/checkout@v4 + + - name: Setup pnpm + uses: ./.github/actions/setup-pnpm + + - name: Install Dependencies + run: pnpm install + env: + HUSKY: 0 + + - name: Remove staging + run: pnpm sst remove --stage staging-${{ github.event.pull_request.number }} + env: + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + + - name: Deactivate deployment + uses: strumwolf/delete-deployment-environment@v3.0.0 + with: + environment: staging-${{ github.event.pull_request.number }} + token: ${{ secrets.GITHUB_TOKEN }} + onlyDeactivateDeployments: true