diff --git a/.github/workflows/sst.deploy.yml b/.github/workflows/sst.deploy.yml new file mode 100644 index 0000000..0d4d0d7 --- /dev/null +++ b/.github/workflows/sst.deploy.yml @@ -0,0 +1,63 @@ +name: SST Deploy + +on: + workflow_call: + inputs: + environment: + description: 'GitHub environment name' + required: true + type: string + sst-stage: + description: 'SST deployment stage' + required: true + type: string + secrets: + CLOUDFLARE_API_TOKEN: + required: true + MONGODB_URI: + required: true + SG_CARS_TRENDS_API_TOKEN: + required: true + UPSTASH_REDIS_REST_TOKEN: + required: true + UPSTASH_REDIS_REST_URL: + required: true + +jobs: + Deploy: + runs-on: ubuntu-latest + environment: ${{ inputs.environment }} + env: + CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }} + MONGODB_URI: ${{ secrets.MONGODB_URI }} + SG_CARS_TRENDS_API_TOKEN: ${{ secrets.SG_CARS_TRENDS_API_TOKEN }} + UPSTASH_REDIS_REST_TOKEN: ${{ secrets.UPSTASH_REDIS_REST_TOKEN }} + UPSTASH_REDIS_REST_URL: ${{ secrets.UPSTASH_REDIS_REST_URL }} + FEATURE_FLAG_RATE_LIMIT: ${{ vars.FEATURE_FLAG_RATE_LIMIT }} + + # Concurrency group name ensures concurrent workflow runs wait for any in-progress job to finish + concurrency: + group: merge-${{ github.ref }} + + permissions: + id-token: write + contents: read + + steps: + - uses: actions/checkout@v4 + - uses: pnpm/action-setup@v4 + with: + version: latest + - uses: actions/setup-node@v4 + with: + node-version: latest + cache: 'pnpm' + - name: Install dependencies + run: pnpm install + - uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ vars.ROLE_TO_ASSUME }} + aws-region: ${{ vars.AWS_REGION }} + - name: Deploy app + run: | + pnpm sst deploy --stage ${{ inputs.sst-stage }} diff --git a/.github/workflows/sst.dev.yml b/.github/workflows/sst.dev.yml index fc79ecc..fcd1d34 100644 --- a/.github/workflows/sst.dev.yml +++ b/.github/workflows/sst.dev.yml @@ -6,41 +6,10 @@ on: - 'main' - 'release/**' -# Concurrency group name ensures concurrent workflow runs wait for any in-progress job to finish -concurrency: - group: merge-${{ github.ref }} - -permissions: - id-token: write # This is required for requesting the JWT - contents: read # This is required for actions/checkout - jobs: Deploy: - runs-on: ubuntu-latest - environment: Development - env: - CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }} - MONGODB_URI: ${{ secrets.MONGODB_URI }} - SG_CARS_TRENDS_API_TOKEN: ${{ secrets.SG_CARS_TRENDS_API_TOKEN }} - UPSTASH_REDIS_REST_TOKEN: ${{ secrets.UPSTASH_REDIS_REST_TOKEN }} - UPSTASH_REDIS_REST_URL: ${{ secrets.UPSTASH_REDIS_REST_URL }} - FEATURE_FLAG_RATE_LIMIT: ${{ secrets.FEATURE_FLAG_RATE_LIMIT }} - steps: - - uses: actions/checkout@v4 - - uses: pnpm/action-setup@v4 - with: - version: latest - - name: Install Node.js - uses: actions/setup-node@v4 - with: - node-version: 20 - cache: 'pnpm' - - name: Install dependencies - run: pnpm install - - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: ${{ vars.ROLE_TO_ASSUME }} - aws-region: ap-southeast-1 - - name: Deploy app - run: | - pnpm sst deploy --stage dev + uses: ./.github/workflows/sst.deploy.yml + with: + environment: Development + sst-stage: dev + secrets: inherit diff --git a/.github/workflows/sst.prod.yml b/.github/workflows/sst.prod.yml index 0582f82..75a8172 100644 --- a/.github/workflows/sst.prod.yml +++ b/.github/workflows/sst.prod.yml @@ -6,41 +6,10 @@ on: - 'v[0-9]+.[0-9]+.[0-9]+' - 'v[0-9]+.[0-9]+.[0-9]+-beta.[0-9]+' -# Concurrency group name ensures concurrent workflow runs wait for any in-progress job to finish -concurrency: - group: merge-${{ github.ref }} - -permissions: - id-token: write # This is required for requesting the JWT - contents: read # This is required for actions/checkout - jobs: Deploy: - runs-on: ubuntu-latest - environment: Production - env: - CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }} - MONGODB_URI: ${{ secrets.MONGODB_URI }} - SG_CARS_TRENDS_API_TOKEN: ${{ secrets.SG_CARS_TRENDS_API_TOKEN }} - UPSTASH_REDIS_REST_TOKEN: ${{ secrets.UPSTASH_REDIS_REST_TOKEN }} - UPSTASH_REDIS_REST_URL: ${{ secrets.UPSTASH_REDIS_REST_URL }} - FEATURE_FLAG_RATE_LIMIT: ${{ secrets.FEATURE_FLAG_RATE_LIMIT }} - steps: - - uses: actions/checkout@v4 - - uses: pnpm/action-setup@v4 - with: - version: latest - - name: Install Node.js - uses: actions/setup-node@v4 - with: - node-version: 20 - cache: 'pnpm' - - name: Install dependencies - run: pnpm install - - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: ${{ vars.ROLE_TO_ASSUME }} - aws-region: ap-southeast-1 - - name: Deploy app - run: | - pnpm sst deploy --stage prod + uses: ./.github/workflows/sst.deploy.yml + with: + environment: Production + sst-stage: prod + secrets: inherit diff --git a/.github/workflows/sst.staging.yml b/.github/workflows/sst.staging.yml index 907f831..75f60c0 100644 --- a/.github/workflows/sst.staging.yml +++ b/.github/workflows/sst.staging.yml @@ -8,40 +8,10 @@ on: tags-ignore: - '*' -concurrency: - group: merge-${{ github.ref }} - -permissions: - id-token: write # This is required for requesting the JWT - contents: read # This is required for actions/checkout - jobs: Deploy: - runs-on: ubuntu-latest - environment: Staging - env: - CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }} - MONGODB_URI: ${{ secrets.MONGODB_URI }} - SG_CARS_TRENDS_API_TOKEN: ${{ secrets.SG_CARS_TRENDS_API_TOKEN }} - UPSTASH_REDIS_REST_TOKEN: ${{ secrets.UPSTASH_REDIS_REST_TOKEN }} - UPSTASH_REDIS_REST_URL: ${{ secrets.UPSTASH_REDIS_REST_URL }} - FEATURE_FLAG_RATE_LIMIT: ${{ secrets.FEATURE_FLAG_RATE_LIMIT }} - steps: - - uses: actions/checkout@v4 - - uses: pnpm/action-setup@v4 - with: - version: latest - - name: Install Node.js - uses: actions/setup-node@v4 - with: - node-version: 20 - cache: 'pnpm' - - name: Install dependencies - run: pnpm install - - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: ${{ vars.ROLE_TO_ASSUME }} - aws-region: ap-southeast-1 - - name: Deploy app - run: | - pnpm sst deploy --stage staging + uses: ./.github/workflows/sst.deploy.yml + with: + environment: Staging + sst-stage: staging + secrets: inherit