This repository was archived by the owner on Feb 24, 2026. It is now read-only.
feat: add new features to control auth (#166) #148
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy WebApp to AWS | |
| on: | |
| push: | |
| branches: [dev-dspot] | |
| tags: | |
| - 'v*' | |
| paths: | |
| - 'apps/gauzy/**/*.*' | |
| - 'packages/contracts/**/*.*' | |
| - 'packages/ui-*/**/*.*' | |
| - 'packages/plugins/*-ui/**/*.*' | |
| - '.deploy/webapp/**/*' | |
| - '.github/workflows/aws-deploy-webapp.yml' | |
| - '.github/workflows/webapp-dependencies.yml' | |
| - 'package.json' | |
| - 'yarn.lock' | |
| workflow_dispatch: | |
| jobs: | |
| check-web-dependencies: | |
| name: Check and Build Dependencies | |
| uses: ./.github/workflows/webapp-dependencies.yml | |
| secrets: inherit | |
| deploy-webapp: | |
| name: Deploy WebApp to AWS | |
| needs: check-web-dependencies | |
| runs-on: ubuntu-latest | |
| # Define which environment to use based on branch or tag | |
| environment: ${{ startsWith(github.ref, 'refs/tags/v') && 'production' || 'staging' }} | |
| permissions: | |
| contents: read | |
| id-token: write | |
| # Environment variables are now defined at the job level | |
| env: | |
| # These values come from the environment configuration in GitHub | |
| AWS_REGION: ${{ vars.AWS_REGION }} | |
| ECR_REGISTRY: ${{ vars.ECR_REGISTRY }} | |
| ECR_REPOSITORY_WEBAPP: ${{ vars.ECR_REPOSITORY_WEBAPP }} | |
| ECR_REPOSITORY_DEPENDENCIES: ${{ vars.ECR_REPOSITORY_DEPENDENCIES }} | |
| ECS_CLUSTER: ${{ vars.ECS_CLUSTER }} | |
| ECS_SERVICE_WEBAPP: ${{ vars.ECS_SERVICE_WEBAPP }} | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@v3 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| role-to-assume: ${{ secrets.AWS_ROLE_ARN }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v1 | |
| - name: Build and tag WebApp image | |
| env: | |
| IMAGE_TAG: ${{ github.sha }} | |
| run: | | |
| docker build \ | |
| --build-arg DEPENDENCIES_IMAGE="${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY_DEPENDENCIES }}:latest-webapp" \ | |
| -t ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY_WEBAPP }}:$IMAGE_TAG \ | |
| -t ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY_WEBAPP }}:latest \ | |
| -f .deploy/webapp/Dockerfile \ | |
| . | |
| - name: Push WebApp image to Amazon ECR | |
| run: | | |
| docker push ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY_WEBAPP }} --all-tags | |
| echo "webapp_image=${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY_WEBAPP }}:$IMAGE_TAG" >> $GITHUB_ENV | |
| - name: Update WebApp ECS service | |
| run: | | |
| aws ecs update-service \ | |
| --cluster ${{ env.ECS_CLUSTER }} \ | |
| --service ${{ env.ECS_SERVICE_WEBAPP }} \ | |
| --force-new-deployment | |
| aws ecs wait services-stable \ | |
| --cluster ${{ env.ECS_CLUSTER }} \ | |
| --services ${{ env.ECS_SERVICE_WEBAPP }} |