This repository was archived by the owner on Feb 24, 2026. It is now read-only.
feat: add new features to control auth (#166) #122
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy API to AWS | |
| on: | |
| push: | |
| branches: [dev-dspot] | |
| tags: | |
| - 'v*' | |
| paths: | |
| - 'apps/api/**/*.*' | |
| - 'packages/auth/**/*.*' | |
| - 'packages/common/**/*.*' | |
| - 'packages/config/**/*.*' | |
| - 'packages/contracts/**/*.*' | |
| - 'packages/core/**/*.*' | |
| - 'packages/desktop-lib/**/*.*' | |
| - 'packages/plugin/**/*.*' | |
| - 'packages/utils/**/*.*' | |
| - 'packages/plugins/changelog/**/*.*' | |
| - 'packages/plugins/integration-ai/**/*.*' | |
| - 'packages/plugins/integration-github/**/*.*' | |
| - 'packages/plugins/integration-hubstaff/**/*.*' | |
| - 'packages/plugins/integration-jira/**/*.*' | |
| - 'packages/plugins/integration-upwork/**/*.*' | |
| - 'packages/plugins/integration-wakatime/**/*.*' | |
| - 'packages/plugins/jitsu-analytics/**/*.*' | |
| - 'packages/plugins/job-proposal/**/*.*' | |
| - 'packages/plugins/job-search/**/*.*' | |
| - 'packages/plugins/knowledge-base/**/*.*' | |
| - 'packages/plugins/product-reviews/**/*.*' | |
| - 'packages/plugins/sentry-tracing/**/*.*' | |
| - 'packages/plugins/videos/**/*.*' | |
| - '.deploy/api/**/*' | |
| - '.github/workflows/aws-deploy-api.yml' | |
| - '.github/workflows/api-dependencies.yml' | |
| - 'package.json' | |
| - 'yarn.lock' | |
| workflow_dispatch: | |
| jobs: | |
| check-dependencies: | |
| name: Check and Build Dependencies | |
| uses: ./.github/workflows/api-dependencies.yml | |
| secrets: inherit | |
| deploy-api: | |
| name: Deploy API to AWS | |
| needs: check-dependencies | |
| runs-on: ubuntu-latest | |
| # Define which environment to use based on branch or tag | |
| environment: ${{ startsWith(github.ref, 'refs/tags/v') && 'production' || 'staging' }} | |
| permissions: | |
| contents: read | |
| id-token: write | |
| # Environment variables are now defined at the job level | |
| env: | |
| # These values come from the environment configuration in GitHub | |
| AWS_REGION: ${{ vars.AWS_REGION }} | |
| ECR_REGISTRY: ${{ vars.ECR_REGISTRY }} | |
| ECR_REPOSITORY_API: ${{ vars.ECR_REPOSITORY_API }} | |
| ECR_REPOSITORY_DEPENDENCIES: ${{ vars.ECR_REPOSITORY_DEPENDENCIES }} | |
| ECS_CLUSTER: ${{ vars.ECS_CLUSTER }} | |
| ECS_SERVICE_API: ${{ vars.ECS_SERVICE_API }} | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@v3 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| role-to-assume: ${{ secrets.AWS_ROLE_ARN }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v1 | |
| - name: Build and tag API image | |
| env: | |
| IMAGE_TAG: ${{ github.sha }} | |
| run: | | |
| docker build \ | |
| --build-arg GIT_HASH="${{ github.sha }}" \ | |
| --build-arg DEPENDENCIES_IMAGE="${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY_DEPENDENCIES }}" \ | |
| -t ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY_API }}:$IMAGE_TAG \ | |
| -t ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY_API }}:latest \ | |
| -f .deploy/api/Dockerfile \ | |
| . | |
| - name: Push API image to Amazon ECR | |
| env: | |
| IMAGE_TAG: ${{ github.sha }} | |
| run: | | |
| docker push ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY_API }} --all-tags | |
| echo "api_image=${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY_API }}:$IMAGE_TAG" >> $GITHUB_ENV | |
| - name: Update API ECS service | |
| run: | | |
| aws ecs update-service \ | |
| --cluster ${{ env.ECS_CLUSTER }} \ | |
| --service ${{ env.ECS_SERVICE_API }} \ | |
| --force-new-deployment |