opencerts-functions/.github/workflows/deploy-dev.yml at master · OpenCerts/opencerts-functions · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
name: Deploy to AWS (Development)

on:
  push:
    branches:
      - develop    # Development environment
  workflow_dispatch:
    inputs:
      services:
        description: 'Services to deploy (comma-separated: email,storage,verify or "all")'
        required: true
        default: 'all'

jobs:
  # Run tests first
  test:
    name: Run Tests
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: '22.x'
          cache: 'npm'

      - name: Install dependencies
        run: npm ci

      - name: Validate Serverless configurations
        run: npm run sls-config-check

      - name: Run linter
        run: npm run lint

      - name: Setup environment file
        run: cp .env.example .env

      - name: Run unit tests
        run: npm run test

  # Determine deployment strategy
  determine-deployment:
    name: Determine Deployment Strategy
    runs-on: ubuntu-latest
    needs: test
    if: github.event_name == 'push' || github.event_name == 'workflow_dispatch'
    outputs:
      deploy-email: ${{ steps.set-services.outputs.deploy-email }}
      deploy-storage: ${{ steps.set-services.outputs.deploy-storage }}
      deploy-verify: ${{ steps.set-services.outputs.deploy-verify }}
    steps:
      - name: Determine services to deploy
        id: set-services
        run: |
          if [ "${{ github.event_name }}" == "workflow_dispatch" ]; then
            SERVICES="${{ github.event.inputs.services }}"
          else
            SERVICES="all"
          fi

          if [ "$SERVICES" == "all" ]; then
            echo "deploy-email=true" >> $GITHUB_OUTPUT
            echo "deploy-storage=true" >> $GITHUB_OUTPUT
            echo "deploy-verify=true" >> $GITHUB_OUTPUT
          else
            echo "deploy-email=false" >> $GITHUB_OUTPUT
            echo "deploy-storage=false" >> $GITHUB_OUTPUT
            echo "deploy-verify=false" >> $GITHUB_OUTPUT

            IFS=',' read -ra SERVICE_ARRAY <<< "$SERVICES"
            for service in "${SERVICE_ARRAY[@]}"; do
              service=$(echo "$service" | xargs) # trim whitespace
              if [ "$service" == "email" ]; then
                echo "deploy-email=true" >> $GITHUB_OUTPUT
              elif [ "$service" == "storage" ]; then
                echo "deploy-storage=true" >> $GITHUB_OUTPUT
              elif [ "$service" == "verify" ]; then
                echo "deploy-verify=true" >> $GITHUB_OUTPUT
              fi
            done
          fi

  # Deploy Email Service
  deploy-email:
    name: Deploy Email Service (Dev)
    needs: determine-deployment
    if: needs.determine-deployment.outputs.deploy-email == 'true'
    uses: ./.github/workflows/deploy-service.yml
    with:
      service-name: email
      service-path: src/email
      environment: dev
    secrets:
      AWS_ACCESS_KEY_ID: ${{ secrets.DEV_AWS_ACCESS_KEY_ID }}
      AWS_SECRET_ACCESS_KEY: ${{ secrets.DEV_AWS_SECRET_ACCESS_KEY }}
      AWS_REGION: ${{ secrets.DEV_AWS_REGION }}
      SES_KEY_ID: ${{ secrets.DEV_SES_KEY_ID }}
      SES_SECRET: ${{ secrets.DEV_SES_SECRET }}
      SES_REGION: ${{ secrets.DEV_SES_REGION }}
      RECAPTCHA_SECRET: ${{ secrets.DEV_RECAPTCHA_SECRET }}
      EMAIL_API_KEYS: ${{ secrets.DEV_EMAIL_API_KEYS }}
      FROM_EMAIL: ${{ secrets.DEV_FROM_EMAIL }}
      DOMAIN: ${{ secrets.DEV_DOMAIN }}
      CERTIFICATE_DOMAIN: ${{ secrets.DEV_CERTIFICATE_DOMAIN }}
      DISABLE_DOMAIN: ${{ secrets.DEV_DISABLE_DOMAIN }}
      INFURA_API_KEY: ${{ secrets.INFURA_API_KEY }}

  # Deploy Storage Service
  deploy-storage:
    name: Deploy Storage Service (Dev)
    needs: determine-deployment
    if: needs.determine-deployment.outputs.deploy-storage == 'true'
    uses: ./.github/workflows/deploy-service.yml
    with:
      service-name: storage
      service-path: src/storage
      environment: dev
    secrets:
      AWS_ACCESS_KEY_ID: ${{ secrets.DEV_AWS_ACCESS_KEY_ID }}
      AWS_SECRET_ACCESS_KEY: ${{ secrets.DEV_AWS_SECRET_ACCESS_KEY }}
      AWS_REGION: ${{ secrets.DEV_AWS_REGION }}
      BUCKET_NAME: ${{ secrets.DEV_BUCKET_NAME }}
      OBJECT_TTL: ${{ secrets.DEV_OBJECT_TTL }}
      ENABLE_STORAGE_UPLOAD_API_KEY: ${{ secrets.DEV_ENABLE_STORAGE_UPLOAD_API_KEY }}
      DOMAIN: ${{ secrets.DEV_DOMAIN }}
      CERTIFICATE_DOMAIN: ${{ secrets.DEV_CERTIFICATE_DOMAIN }}
      DISABLE_DOMAIN: ${{ secrets.DEV_DISABLE_DOMAIN }}
      INFURA_API_KEY: ${{ secrets.INFURA_API_KEY }}

  # Deploy Verify Service - Development (Sepolia)
  deploy-verify-dev:
    name: Deploy Verify Service (Dev - Sepolia)
    needs: determine-deployment
    if: needs.determine-deployment.outputs.deploy-verify == 'true'
    uses: ./.github/workflows/deploy-service.yml
    with:
      service-name: verify-dev
      service-path: src/verify
      environment: dev
    secrets:
      AWS_ACCESS_KEY_ID: ${{ secrets.DEV_AWS_ACCESS_KEY_ID }}
      AWS_SECRET_ACCESS_KEY: ${{ secrets.DEV_AWS_SECRET_ACCESS_KEY }}
      AWS_REGION: ${{ secrets.DEV_AWS_REGION }}
      NETWORK: sepolia
      DOMAIN: ${{ secrets.DEV_DOMAIN }}
      CERTIFICATE_DOMAIN: ${{ secrets.DEV_CERTIFICATE_DOMAIN }}
      DISABLE_DOMAIN: ${{ secrets.DEV_DISABLE_DOMAIN }}
      INFURA_API_KEY: ${{ secrets.INFURA_API_KEY }}

  # Deployment summary
  deployment-summary:
    name: Deployment Summary
    runs-on: ubuntu-latest
    needs: [determine-deployment, deploy-email, deploy-storage, deploy-verify-dev]
    if: always() && (github.event_name == 'push' || github.event_name == 'workflow_dispatch')
    steps:
      - name: Generate deployment summary
        run: |
          echo "## Deployment Summary (Development)" >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY
          echo "**Environment:** Development" >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY
          echo "### Services Deployed:" >> $GITHUB_STEP_SUMMARY

          if [ "${{ needs.deploy-email.result }}" != "skipped" ]; then
            echo "- **Email Service:** ${{ needs.deploy-email.result }}" >> $GITHUB_STEP_SUMMARY
          fi

          if [ "${{ needs.deploy-storage.result }}" != "skipped" ]; then
            echo "- **Storage Service:** ${{ needs.deploy-storage.result }}" >> $GITHUB_STEP_SUMMARY
          fi

          if [ "${{ needs.deploy-verify-dev.result }}" != "skipped" ]; then
            echo "- **Verify Service (Dev - Sepolia):** ${{ needs.deploy-verify-dev.result }}" >> $GITHUB_STEP_SUMMARY
          fi