Skip to content
CI/CD pipeline

CI Pipeline is triggered by PR (by ChloeXiao0409) #113

Sign in to view logs

CI Pipeline is triggered by PR (by ChloeXiao0409)

CI Pipeline is triggered by PR (by ChloeXiao0409) #113

Workflow file for this run

.github/workflows/cicd.yml at 0cfc8f5
name: CI/CD pipeline
run-name: >
${{ github.event_name == 'workflow_dispatch' && format('Manual {0} pipeline (by {1})', inputs.mode, github.actor) ||
github.event_name == 'pull_request' && format('CI Pipeline is triggered by PR (by {0})', github.actor) ||
github.event_name == 'push' && format('CI&CD Pipeline is triggered by PUSH (by {0})', github.actor) ||
'CI/CD pipeline' }}
on:
push:
branches: [main]
pull_request:
branches: [main]
workflow_dispatch:
inputs:
mode:
description: "Choose pipeline mode"
type: choice
options:
- ci
- cicd
default: cicd
required: true
concurrency:
group: ${{ github.workflow }}-${{ github.ref || github.run_id }}
cancel-in-progress: true
permissions:
contents: read
env:
IMAGE_TAG: uat-${{ github.run_number }}
jobs:
ci_frontend:
runs-on: ubuntu-latest
if: ${{ github.event_name != 'workflow_dispatch' || inputs.mode == 'ci' || inputs.mode == 'cicd' }}
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Node
uses: actions/setup-node@v4
with:
node-version: '20'
- name: Setup pnpm
run: npm install -g pnpm
- name: pnpm install
run: pnpm install --frozen-lockfile
- name: Type check
run: pnpm run type-check
- name: Lint
run: pnpm run lint
- name: Test
run: pnpm test
- name: Build (inject NEXT_PUBLIC_API_BASE_URL)
run: |
NEXT_PUBLIC_API_BASE_URL="${{ secrets.UAT_BACKEND_URL }}" pnpm build
- name: Verify build output
run: |
echo "PWD:"
pwd
echo "List:"
ls -la
- name: Upload Next.js artefact
if: ${{ (github.event_name == 'push' && github.ref == 'refs/heads/main') || (github.event_name == 'workflow_dispatch' && inputs.mode == 'cicd') }}
uses: actions/upload-artifact@v4
with:
name: frontend-build
path: |
.next/**
public/**
include-hidden-files: true
retention-days: 1
build_image:
if: ${{ (github.event_name == 'push' && github.ref == 'refs/heads/main') || (github.event_name == 'workflow_dispatch' && inputs.mode == 'cicd') }}
needs: ci_frontend
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Configure AWS credentials (OIDC)
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Login to Amazon ECR
uses: aws-actions/amazon-ecr-login@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Download Next.js artefact
uses: actions/download-artifact@v4
with:
name: frontend-build
path: .
- name: check artefact
run: |
echo "PWD:"
pwd
echo "List:"
ls -la
- name: Build & push
uses: docker/build-push-action@v6
with:
push: true
context: .
file: ./dockerfile
tags: |
${{ secrets.FRONTEND_ECR }}:${{ env.IMAGE_TAG }}
platforms: linux/amd64
provenance: false
deploy:
if: ${{ (github.event_name == 'push' && github.ref == 'refs/heads/main') || (github.event_name == 'workflow_dispatch' && inputs.mode == 'cicd') }}
needs: build_image
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
steps:
- name: Configure AWS credentials (OIDC)
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Ensure jq installed Install jq (ensure present)
run: |
if ! command -v jq >/dev/null 2>&1; then
echo "jq not found, installing..."
sudo apt-get update && sudo apt-get install -y jq
else
echo "jq already installed"
fi
- name: Deploy via SSM SendCommand
run: |
aws ssm send-command \
--document-name "AWS-RunShellScript" \
--comment "GitHub Actions deploy frontend. Image:${{ env.IMAGE_TAG }}." \
--parameters "commands=['sudo bash /home/ubuntu/devops/deploy/deploy-frontend-uat.sh ${{ env.IMAGE_TAG }}']" \
--instance-ids "${{ secrets.EC2_INSTANCE_ID }}" \
--region "${{ secrets.AWS_REGION }}"