Build & Deploy to EC2 #9

	name: Build & Deploy to EC2

	on:
	push:
	branches: [ "main" ]
	workflow_dispatch:

	permissions:
	id-token: write
	contents: read

	concurrency:
	group: deploy-prod
	cancel-in-progress: true

	jobs:
	build-and-deploy:
	runs-on: ubuntu-latest

	env:
	JAR_NAME: ${{ vars.JAR_NAME }}
	EC2_APP_DIR: ${{ vars.EC2_APP_DIR }}

	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Set up Corretto JDK 17
	uses: actions/setup-java@v4
	with:
	distribution: corretto
	java-version: '17'

	- name: Set up Gradle cache
	uses: gradle/actions/setup-gradle@v3

	- name: Build (prod profile)
	run: \|
	./gradlew clean bootJar -Dspring.profiles.active=prod -x test
	ls -lh build/libs

	- name: Configure AWS credentials
	uses: aws-actions/configure-aws-credentials@v4
	with:
	aws-region: ${{secrets.AWS_REGION}}
	role-to-assume: ${{secrets.IAM_ROLE}}

	- name: Upload JAR to S3 (triggers Lambda)
	run: \|
	set -euo pipefail
	JAR=$(ls -t build/libs/*.jar \| grep -v plain \| head -n1)
	TS=$(date +%Y%m%d-%H%M%S)
	aws s3 cp "$JAR" "s3://notive-deploy-artifacts/notive/prod/${TS}-app.jar"

Provide feedback