Update CI scripts

NASA-IMPACT · Jul 27, 2023 · 68fd211 · 68fd211
2 parents c5c6e09 + 357eabf
commit 68fd211
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 178 deletions.
diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml
@@ -27,17 +27,10 @@ jobs:
         with:
           access_token: ${{ github.token }}
 
-      # Both veda-ui and veda-config are private repos. Since the token issued
-      # to GH does not have access to the veda-ui submodule, we have to
-      # manually check it out using a ssh deploy key.
       - name: Checkout
         uses: actions/checkout@v3
-      - name: Get submodules
-        env:
-          SSH_KEY_SUBMODULE: ${{secrets.DELTA_UI_FETCH_KEY}}
-        run: |
-          eval `ssh-agent -s`
-          ssh-add - <<< "${SSH_KEY_SUBMODULE}"; git submodule update --init --recursive
+        with:
+          submodules: recursive
 
       - name: Use Node.js ${{ env.NODE }}
         uses: actions/setup-node@v1
@@ -63,16 +56,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v3
-
-      # See comment on checks-yml - prep step
-      - name: Checkout
-        uses: actions/checkout@v3
-      - name: Get submodules
-        env:
-          SSH_KEY_SUBMODULE: ${{secrets.DELTA_UI_FETCH_KEY}}
-        run: |
-          eval `ssh-agent -s`
-          ssh-add - <<< "${SSH_KEY_SUBMODULE}"; git submodule update --init --recursive
+        with:
+          submodules: recursive
 
       - name: Use Node.js ${{ env.NODE }}
         uses: actions/setup-node@v1

diff --git a/.github/workflows/deploy-prod.yml b/.github/workflows/deploy-prod.yml
@@ -2,15 +2,18 @@
 
 name: Deploy Production - MCP (S3)
 
+permissions:
+  id-token: write
+  contents: read
+
 on:
   push:
     branches:
     - 'main'
 
 env:
   NODE: 16
-  # DOMAIN_PROD: https://www.earthdata.nasa.gov/dashboard
-  DOMAIN_PROD: /dashboard
+  DOMAIN_PROD: https://www.earthdata.nasa.gov/dashboard
   DEPLOY_BUCKET_PROD: climatedashboard
   DEPLOY_BUCKET_PROD_REGION: us-east-1
 
@@ -24,15 +27,10 @@ jobs:
         with:
           access_token: ${{ github.token }}
 
-      # See comment on checks.yml - prep step
       - name: Checkout
         uses: actions/checkout@v3
-      - name: Get submodules
-        env:
-          SSH_KEY_SUBMODULE: ${{secrets.DELTA_UI_FETCH_KEY}}
-        run: |
-          eval `ssh-agent -s`
-          ssh-add - <<< "${SSH_KEY_SUBMODULE}"; git submodule update --init --recursive
+        with:
+          submodules: recursive
 
       - name: Use Node.js ${{ env.NODE }}
         uses: actions/setup-node@v1
@@ -71,15 +69,11 @@ jobs:
     needs: build
 
     steps:
-      # See comment on checks.yml - prep step
       - name: Checkout
         uses: actions/checkout@v3
-      - name: Get submodules
-        env:
-          SSH_KEY_SUBMODULE: ${{secrets.DELTA_UI_FETCH_KEY}}
-        run: |
-          eval `ssh-agent -s`
-          ssh-add - <<< "${SSH_KEY_SUBMODULE}"; git submodule update --init --recursive
+        with:
+          submodules: recursive
+
       - name: Restore node_modules
         uses: actions/cache@v2
         id: cache-node-modules
@@ -107,28 +101,18 @@ jobs:
           mv dist deploy/dashboard
           cp deploy/dashboard/index.html deploy/index.html
 
-      - name: Deploy to S3 Production
-        uses: jakejarvis/s3-sync-action@master
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v2
         with:
-          # acl is not permitted with current credentials
-          # args: --acl public-read --follow-symlinks --delete
-          args: --follow-symlinks --delete
-        env:
-          AWS_S3_BUCKET: ${{ env.DEPLOY_BUCKET_PROD }}
-          AWS_REGION: ${{ env.DEPLOY_BUCKET_PROD_REGION }}
-          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          # When serving from a subpath:
-          # SOURCE_DIR: ./deploy
-          # Otherwise use the build directory directly:
-          # SOURCE_DIR: ./dist
-          SOURCE_DIR: ./deploy
+          role-to-assume: ${{ secrets.DEPLOYMENT_ROLE_ARN }}
+          role-session-name: "veda-dashboard-prod-deployment"
+          aws-region: ${{ env.DEPLOY_BUCKET_PROD_REGION }}
+
+      - name: Deploy to S3 Production
+        run: |
+          aws s3 sync ./deploy s3://${{ env.DEPLOY_BUCKET_PROD }}  --delete
 
       - name: Invalidate CloudFront cache
-        uses: chetan/invalidate-cloudfront-action@v2
-        env:
-          DISTRIBUTION: ${{ secrets.CLOUDFRONT_DISTRIBUTION_PROD }}
-          PATHS: "/*"
-          AWS_REGION: ${{ env.DEPLOY_BUCKET_PROD_REGION }}
-          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        uses: oneyedev/aws-cloudfront-invalidation@v1
+        with:
+          distribution-id: ${{ secrets.CLOUDFRONT_DISTRIBUTION_PROD }}
diff --git a/.github/workflows/deploy-staging.yml b/.github/workflows/deploy-staging.yml