From e6b5a8eb95187a00521b447b577cb88b74473ffd Mon Sep 17 00:00:00 2001
From: Sauli Anto <sauli.anto@gofore.com>
Date: Mon, 2 Dec 2024 12:05:02 +0200
Subject: [PATCH] OPHJOD-1065: Add deployment workflows

---
 .github/workflows/build.yml  | 26 +++++++++++++++++
 .github/workflows/deploy.yml | 54 ++++++++++++++++++++++++++++++++++++
 2 files changed, 80 insertions(+)
 create mode 100644 .github/workflows/deploy.yml

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index ce3e359..db50d33 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -67,3 +67,29 @@ jobs:
         with:
           name: dist
           path: dist/
+
+  deploy-development:
+    name: Deploy to development
+    if: github.ref == 'refs/heads/main' || github.event_name == 'workflow_dispatch'
+    needs: build
+    uses: ./.github/workflows/deploy.yml
+    permissions:
+      id-token: write # Needed to interact with GitHub's OIDC Token endpoint
+      contents: read
+      actions: read
+    secrets: inherit
+    with:
+      environment: 'development'
+
+  deploy-test:
+    name: Deploy to testing
+    if: github.ref == 'refs/heads/main'
+    needs: build
+    uses: ./.github/workflows/deploy.yml
+    permissions:
+      id-token: write # Needed to interact with GitHub's OIDC Token endpoint
+      contents: read
+      actions: read
+    secrets: inherit
+    with:
+      environment: 'test'
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
new file mode 100644
index 0000000..9c0e2d7
--- /dev/null
+++ b/.github/workflows/deploy.yml
@@ -0,0 +1,54 @@
+name: deploy
+on:
+  workflow_call:
+    inputs:
+      environment:
+        type: string
+        description: 'Environment to deploy to'
+        required: true
+  workflow_dispatch:
+    inputs:
+      environment:
+        type: choice
+        description: 'Environment to deploy to'
+        required: true
+        default: 'development'
+        options:
+          - development
+          - test
+      run-id:
+        type: string
+        description: 'Build workflow run id'
+        required: true
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write # Needed to interact with GitHub's OIDC Token endpoint
+      contents: read
+      actions: read
+    environment: ${{ inputs.environment }}
+    concurrency:
+      group: deploy-${{ inputs.environment }}
+    steps:
+      - name: Download dist artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: dist
+          github-token: ${{ github.token }}
+          run-id: ${{ inputs.run-id || github.run_id }}
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: arn:aws:iam::${{ secrets.JOD_AWS_ACCOUNT_ID }}:role/${{ secrets.JOD_AWS_GITHUB_ROLE_NAME}}
+          aws-region: eu-west-1
+
+      - name: Copy files to S3
+        run: |
+          aws s3 sync --size-only --delete --cache-control "public,max-age=31536000,immutable" assets/ s3://${{ secrets.JOD_AWS_DIST_BUCKET }}/assets
+          aws s3 sync --exclude "assets/*" --delete --cache-control "public,max-age=0,s-maxage=60,must-revalidate" . s3://${{ secrets.JOD_AWS_DIST_BUCKET }}
+
+      - name: Invalidate cache for index.html on deploy
+        run: aws cloudfront create-invalidation --distribution-id ${{ secrets.JOD_AWS_CLOUDFRONT_ID }} --paths '/index.html'