name: Deploy on: push: branches: [ main, prod ] pull_request: branches: [ main, prod ] workflow_dispatch: permissions: id-token: write contents: read jobs: setup: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Project Variables run: ./scripts/project-variables-github.sh - uses: actions/setup-node@v4 with: node-version: 20 - uses: pnpm/action-setup@v3 with: version: 9 - name: Get pnpm store directory shell: bash run: | echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV - uses: actions/cache@v4 name: Setup pnpm cache with: path: ${{ env.STORE_PATH }} key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }} restore-keys: | ${{ runner.os }}-pnpm-store- - name: Install dependencies run: pnpm install - name: Set Role ARN run: | if [[ "${{ github.ref }}" == "refs/heads/main" ]]; then echo "ROLE_ARN=arn:aws:iam::123456789123:role/GitHub-Deploy" >> $GITHUB_ENV elif [[ "${{ github.ref }}" == "refs/heads/prod" ]]; then echo "ROLE_ARN=arn:aws:iam::123456789123:role/GitHub-Deploy" >> $GITHUB_ENV fi - name: AWS Assume Role id: aws-assume uses: aws-actions/configure-aws-credentials@v4 with: aws-region: ${{ env.AWS_REGION }} role-to-assume: ${{ env.ROLE_ARN }} output-credentials: true - name: AWS Configure id: aws-configure shell: bash run: | echo "Configuring AWS Profile ${{ env.AWS_PROFILE_GITHUB }}" aws configure set region ${{ env.AWS_REGION }} --profile ${{ env.AWS_PROFILE_GITHUB }} aws configure set aws_access_key_id ${{ env.AWS_ACCESS_KEY_ID }} --profile ${{ env.AWS_PROFILE_GITHUB }} aws configure set aws_secret_access_key ${{ env.AWS_SECRET_ACCESS_KEY }} --profile ${{ env.AWS_PROFILE_GITHUB }} aws configure set aws_session_token ${{ env.AWS_SESSION_TOKEN }} --profile ${{ env.AWS_PROFILE_GITHUB }} aws sts get-caller-identity --query "Account" --output text --profile "${{ env.AWS_PROFILE_GITHUB }}" - name: Deploy run: | if [[ ${{ github.ref }} == 'refs/heads/main' ]]; then pnpm run deploy:staging elif [[ ${{ github.ref }} == 'refs/heads/prod' ]]; then pnpm run deploy:prod fi