Deploy Process #339
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy Process | |
| permissions: | |
| contents: read | |
| on: | |
| push: | |
| branches: | |
| - master | |
| workflow_dispatch: # Enable manual triggering | |
| pull_request: | |
| schedule: | |
| - cron: 0 4 * * * # Redeploy at 4 AM every day | |
| jobs: | |
| build: | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: Firenza/secrets-to-env@v1.2.0 | |
| with: | |
| secrets: ${{ toJSON(secrets) }} | |
| - name: Specify PHP version | |
| uses: shivammathur/setup-php@v2 | |
| with: | |
| php-version: '8.4' | |
| - name: Make branch name available as Bash variable | |
| run: echo "GITHUB_BRANCH=${GITHUB_REF#refs/heads/}" >> $GITHUB_ENV | |
| - run: >- | |
| sudo apt-get update && | |
| sudo apt-get install -y php5.6-cli php5.6-curl php5.6-memcached php5.6-mysql yarn zip curl | |
| - uses: actions/checkout@v3 | |
| - run: sudo apt-get update -qq | |
| - run: >- | |
| curl -L https://github.com/openva/richmondsunlight.com/archive/refs/heads/deploy.zip -o deploy.zip | |
| && unzip deploy.zip | |
| && mv richmondsunlight.com-deploy richmondsunlight.com | |
| && rm deploy.zip | |
| - run: cd richmondsunlight.com && composer install && cd .. | |
| - run: mkdir htdocs/includes/ | |
| - run: cp richmondsunlight.com/htdocs/includes/*.php htdocs/includes/ | |
| - run: rm -Rf richmondsunlight.com | |
| - run: find cron/*.php -print0 |xargs -0 -n1 -P8 php5.6 -l | |
| - run: >- | |
| ./deploy/config_variables.sh | |
| && zip -qr latest.zip rs-machine . --exclude *.git* *.scannerwork* | |
| && mkdir -p upload | |
| && mv latest.zip upload/latest.zip | |
| - name: Save secret-populated code for a subsequent deploy step | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: codebase | |
| path: . | |
| deploy: | |
| runs-on: ubuntu-24.04 | |
| needs: build # Don't deploy unless the build succeeds | |
| steps: | |
| - name: Get the secret-populated code | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: codebase | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v3 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY }} | |
| aws-region: us-east-1 | |
| - name: Cancel any active CodeDeploy deployment | |
| run: | | |
| set -euo pipefail | |
| active_deployment_id=$(aws deploy list-deployments \ | |
| --application-name RS-API \ | |
| --deployment-group-name RS-API-Fleet \ | |
| --include-only-statuses Created Queued InProgress Ready \ | |
| --query "deployments[0]" \ | |
| --output text) | |
| if [ -n "$active_deployment_id" ] && [ "$active_deployment_id" != "None" ]; then | |
| if aws deploy stop-deployment \ | |
| --deployment-id "$active_deployment_id" \ | |
| --auto-rollback-enabled; then | |
| echo "Stopped active deployment: $active_deployment_id" | |
| else | |
| echo "Stop-deployment failed (likely already finished); continuing" | |
| fi | |
| else | |
| echo "No active deployment to stop" | |
| fi | |
| - name: Deploy via CodeDeploy | |
| run: | | |
| aws deploy push --application-name RS-API \ | |
| --s3-location s3://deploy.richmondsunlight.com/rs-api-master.zip \ | |
| --ignore-hidden-files | |
| aws deploy create-deployment \ | |
| --application-name RS-API \ | |
| --deployment-group-name RS-API-Fleet \ | |
| --deployment-config-name CodeDeployDefault.OneAtATime \ | |
| --s3-location bucket=deploy.richmondsunlight.com,key=rs-api-master.zip,bundleType=zip |