From e478f6b4644de03e104f505a44f95ff6b8400b4c Mon Sep 17 00:00:00 2001
From: Dougal Rea <dougal.rea@gmail.com>
Date: Wed, 15 May 2024 12:53:48 +0100
Subject: [PATCH] Add build & deploy workflow

---
 .github/workflows/build-deploy-fe.yml | 89 +++++++++++++++++++++++++++
 1 file changed, 89 insertions(+)
 create mode 100644 .github/workflows/build-deploy-fe.yml

diff --git a/.github/workflows/build-deploy-fe.yml b/.github/workflows/build-deploy-fe.yml
new file mode 100644
index 0000000..8e3dd62
--- /dev/null
+++ b/.github/workflows/build-deploy-fe.yml
@@ -0,0 +1,89 @@
+name: Build & Deploy FE
+
+on:
+  workflow_dispatch:
+    inputs:
+      account:
+        description: AWS account to deploy to
+        required: true
+        type: choice
+        options:
+          - b3tr-dev
+        default: b3tr-dev
+      s3_bucket_name:
+        description: Name of the S3 bucket which stores static FE
+        required: true
+        type: string
+        default: b3tr-dev-insight-fe
+      cloudfront_distribution_id:
+        description: ID of the Cloudfront distribution to invalidate
+        required: true
+        type: string
+        default: E38AJF9PZBDTJ6
+  workflow_call:
+    inputs:
+      account:
+        description: AWS account to deploy to
+        required: true
+        default: b3tr-dev
+        type: string
+      s3_bucket_name:
+        description: Name of the S3 bucket which stores static FE
+        required: true
+        type: string
+        default: b3tr-dev-insight-fe
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}-deploy-fe
+  cancel-in-progress: true
+
+# Required for authentication through GitHub OIDC
+permissions:
+  id-token: write # This is required for requesting the JWT
+  contents: read # This is required for actions/checkout
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+
+      - name: Install
+        run: yarn
+
+      - name: Build
+        run: yarn build
+
+      - name: Determine AWS account ID and role
+        id: determine-account
+        # For any account requiring insights depoyment, configure OIDC authentication in that account and update this step accordingly
+        run: |
+            case ${{ inputs.account }} in
+              b3tr-dev)
+                echo "role_arn=${{ secrets.B3TR_DEV_AWS_ACC_ROLE }}" >> $GITHUB_OUTPUT
+                ;;
+              *)
+                echo "Invalid account specified. Please ensure the OIDC role for the desired account has been added to this repository's secrets."
+                exit 1
+                ;;
+            esac
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+            aws-region: eu-west-1
+            role-to-assume: ${{ steps.determine-account.outputs.role_arn }}
+
+      - name: Upload to S3
+        run: aws s3 sync ./packages/frontend/dist s3://${{ inputs.s3_bucket_name }} --delete
+
+      - name: Cloudfront Invalidation
+        run: |
+          AWS_MAX_ATTEMPTS=10 aws cloudfront create-invalidation --distribution-id ${{ inputs.cloudfront_distribution_id }} --paths '/' '/*'