BIDMCDigitalPsychiatry · willscripted · Dec 29, 2024 · Jan 10, 2025 · Jan 10, 2025 · Jan 10, 2025
diff --git a/.github/workflows/callable-build-docker.yml b/.github/workflows/callable-build-docker.yml
@@ -0,0 +1,61 @@
+name: "Deploy ECS"
+on:
+  workflow_call:
+    inputs:
+      ref:
+        description: 'The git sha to build'
+        required: true
+        type: string
+      push:
+        description: 'To push or not to push'
+        required: true
+        type: boolean
+
+permissions:
+  packages: write
+  contents: read
+  attestations: write
+  id-token: write
+
+jobs:
+  build-image:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+          ref: ${{ inputs.ref }}
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/${{ github.repository_owner}}/${{ github.event.repository.name }}
+
+      - name: Build and push Docker image
+        id: push
+        uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671
+        with:
+          context: .
+          file: ./Dockerfile
+          push: ${{ inputs.push }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+
+      - name: Generate artifact attestation
+        uses: actions/attest-build-provenance@v2
+        if: ${{ inputs.push }}
+        with:
+          subject-name: ghcr.io/${{ github.repository_owner}}/${{ github.event.repository.name }}
+          subject-digest: ${{ steps.push.outputs.digest }}
+          push-to-registry: ${{ inputs.push }}
diff --git a/.github/workflows/callable-deploy-ecs.yml b/.github/workflows/callable-deploy-ecs.yml
@@ -0,0 +1,42 @@
+name: "Deploy ECS"
+on:
+  workflow_call:
+    inputs:
+      env:
+        description: Target environment of deployment. (stg, prod)
+        required: true
+        type: string
+      container_tag:
+        description: 'The container tag to deploy'
+        required: true
+        type: string
+
+permissions:
+  contents: 'read'
+  id-token: 'write'
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    environment: ${{ inputs.env }}
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ vars.IAM_ROLE_ARN }}
+          aws-region: us-east-2
+
+      - name: Download task definition
+        run: |
+          aws ecs describe-task-definition --task-definition ${{ vars.ECS_TASK_DEF_FAMILY }} --query taskDefinition > task-definition.json
+
+      # TODO: Substitute in the correct tag that should be deployed next
+      - name: Deploy Amazon ECS task definition
+        uses: aws-actions/amazon-ecs-deploy-task-definition@df9643053eda01f169e64a0e60233aacca83799a
+        with:
+          task-definition: ${{ steps.task-def.outputs.task-definition }}
+          service: ${{ vars.ECS_SERVICE }}
+          cluster: ${{ vars.ECS_CLUSTER }}
+          wait-for-service-stability: true
diff --git a/.github/workflows/callable-deploy-ghpages.yml b/.github/workflows/callable-deploy-ghpages.yml
@@ -0,0 +1,19 @@
+name: "Deploy ECS"
+on:
+  workflow_call:
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - uses: actions/setup-node@v1
+        with:
+          node-version: 14.x
+      - run: |
+          npm install
+          npm run build
+      - uses: JamesIves/[email protected]
+        with:
+          branch: gh-pages
+          folder: build
diff --git a/.github/workflows/manual-build-and-deploy-ref.yml b/.github/workflows/manual-build-and-deploy-ref.yml
@@ -0,0 +1,40 @@
+name: 'Manually deploy tag'
+on:
+  workflow_dispatch:
+    inputs:
+      ref:
+        type: string
+        required: true
+        description: 
+      env:
+        type: environment
+        default: stg
+
+jobs:
+  pre-run:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Cancel Previous Runs
+        uses: styfle/[email protected]
+        with:
+          access_token: ${{ github.token }}
+
+  build-docker:
+    name: "Build Container"
+    uses: ./.github/workflows/callable-build-docker.yml
+    secrets: inherit
+    with:
+      ref: ${{ inputs.ref }}
+      push: true
+    needs:
+      - pre-run
+
+  deploy-ecs:
+    name: "Deploy container to ECS"
+    uses: ./.github/workflows/callable-deploy-ecs.yml
+    secrets: inherit
+    with:
+      env: ${{ inputs.env }}
+      container-tag: ${{ inputs.ref }}
+    needs: 
+      - build-docker
diff --git a/.github/workflows/manual-deploy-tag.yml b/.github/workflows/manual-deploy-tag.yml
@@ -0,0 +1,31 @@
+name: 'Manually deploy tag'
+on:
+  workflow_dispatch:
+    inputs:
+      tag:
+        type: string
+        required: true
+        description: The tag to deploy (must already exist)
+      env:
+        type: environment
+        default: stg
+
+jobs:
+  pre-run:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Cancel Previous Runs
+        uses: styfle/[email protected]
+        with:
+          access_token: ${{ github.token }}
+
+
+  deploy-env-stg:
+    name: "Deploy to stg environment"
+    uses: ./.github/workflows/callable-deploy-ecs.yml
+    secrets: inherit
+    with:
+      env: ${{ inputs.env }}
+      container_tag: ${{ inputs.tag }}
+    needs: 
+      - pre-run
diff --git a/.github/workflows/on-merge-to-master.yml b/.github/workflows/on-merge-to-master.yml
@@ -0,0 +1,35 @@
+name: On merge to master
+on:
+  push:
+    branches:
+      - master
+  workflow_dispatch:
+
+jobs:
+  pre-run:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Cancel Previous Runs
+        uses: styfle/[email protected]
+        with:
+          access_token: ${{ github.token }}
+
+  build-docker:
+    name: "Build Container"
+    uses: ./.github/workflows/callable-build-docker.yml
+    secrets: inherit
+    with:
+      ref: ${{ github.sha }}
+      push: true
+    needs:
+      - pre-run
+
+  deploy-env-stg:
+    name: "Deploy to stg environment"
+    uses: ./.github/workflows/callable-deploy-ecs.yml
+    secrets: inherit
+    with:
+      env: stg
+      container_tag: ${{ github.sha }}
+    needs: 
+      - build-docker
diff --git a/.github/workflows/on-pr-update.yml b/.github/workflows/on-pr-update.yml
@@ -0,0 +1,16 @@
+name: Pull Request Updated
+on:
+  pull_request:
+    types:
+      - opened
+      - edited
+      - synchronize
+
+jobs:
+  build-docker:
+    name: "Build Container"
+    uses: ./.github/workflows/callable-build-docker.yml
+    secrets: inherit
+    with:
+      ref: ${{ github.sha }}
+      push: false
diff --git a/.github/workflows/on-tag.yml b/.github/workflows/on-tag.yml
@@ -0,0 +1,41 @@
+name: On tag
+on:
+  push:
+    tags: '*'
+  workflow_dispatch:
+
+jobs:
+  pre-run:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Cancel Previous Runs
+        uses: styfle/[email protected]
+        with:
+          access_token: ${{ github.token }}
+
+  build-docker:
+    name: "Build Container"
+    uses: ./.github/workflows/callable-build-docker.yml
+    secrets: inherit
+    with:
+      ref: ${{ github.sha }}
+      push: true
+    needs:
+      - pre-run
+
+  deploy-stg:
+    name: "Deploy to stg environment"
+    uses: ./.github/workflows/callable-deploy-ecs.yml
+    secrets: inherit
+    with:
+      env: stg
+      container_tag: aoeuaoeu
+    needs: 
+      - build-docker
+
+  deploy-pages:
+    name: "Publish gh-pages"
+    uses: ./.github/workflows/callable-deploy-ghpages.yml
+    secrets: inherit
+    needs: 
+      - deploy-stg
diff --git a/.github/workflows/production.yml b/.github/workflows/production.yml