From e3c2e1f0ff4fe0cf0b83e60f59c2f31eead86f5f Mon Sep 17 00:00:00 2001 From: Rachel Rogers Date: Wed, 11 Mar 2026 15:35:35 -0700 Subject: [PATCH 1/7] Add GitHub Actions workflow for deploying to the development environment --- .github/workflows/deploy-dev.yml | 133 +++++++++++++++++++++++++++++++ 1 file changed, 133 insertions(+) create mode 100644 .github/workflows/deploy-dev.yml diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml new file mode 100644 index 0000000..4857054 --- /dev/null +++ b/.github/workflows/deploy-dev.yml @@ -0,0 +1,133 @@ +name: Deploy to dev environment + +on: + push: + branches: + - main + workflow_dispatch: + +concurrency: + group: deploy-dev + cancel-in-progress: false + +permissions: + id-token: write + contents: read + +jobs: + terraform: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.AWS_ROLE_ARN }} + aws-region: us-east-1 + + - name: Setup Terraform + uses: hashicorp/setup-terraform@v3 + with: + terraform_wrapper: false + + - name: Terraform init + working-directory: terraform/environments/dev + run: terraform init + + - name: Terraform apply + working-directory: terraform/environments/dev + env: + TF_VAR_db_password: ${{ secrets.TF_VAR_db_password }} + TF_VAR_db_username: ${{ secrets.TF_VAR_db_username }} + TF_VAR_redis_auth_token: ${{ secrets.TF_VAR_redis_auth_token }} + TF_VAR_route53_record_name: ${{ secrets.TF_VAR_route53_record_name }} + TF_VAR_auth0_domain: ${{ secrets.TF_VAR_auth0_domain }} + TF_VAR_auth0_client_id: ${{ secrets.TF_VAR_auth0_client_id }} + TF_VAR_auth0_client_secret: ${{ secrets.TF_VAR_auth0_client_secret }} + run: terraform apply -auto-approve -input=false + + build-api: + runs-on: ubuntu-latest + needs: terraform + steps: + - uses: actions/checkout@v4 + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.AWS_ROLE_ARN }} + aws-region: us-east-1 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to ECR + run: | + AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text) + aws ecr get-login-password --region us-east-1 | \ + docker login --username AWS --password-stdin "${AWS_ACCOUNT_ID}.dkr.ecr.us-east-1.amazonaws.com" + echo "ECR_BASE=${AWS_ACCOUNT_ID}.dkr.ecr.us-east-1.amazonaws.com/flexion-notify-dev" >> "$GITHUB_ENV" + + - name: Build and push backend image + run: | + docker buildx build \ + --platform linux/arm64 \ + --push \ + -t "${{ env.ECR_BASE }}/backend:latest" \ + ./notifications-api + + build-admin: + runs-on: ubuntu-latest + needs: terraform + steps: + - uses: actions/checkout@v4 + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.AWS_ROLE_ARN }} + aws-region: us-east-1 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to ECR + run: | + AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text) + aws ecr get-login-password --region us-east-1 | \ + docker login --username AWS --password-stdin "${AWS_ACCOUNT_ID}.dkr.ecr.us-east-1.amazonaws.com" + echo "ECR_BASE=${AWS_ACCOUNT_ID}.dkr.ecr.us-east-1.amazonaws.com/flexion-notify-dev" >> "$GITHUB_ENV" + + - name: Build and push frontend image + run: | + docker buildx build \ + --platform linux/arm64 \ + --push \ + -t "${{ env.ECR_BASE }}/frontend:latest" \ + ./notifications-admin + + deploy-ecs: + runs-on: ubuntu-latest + needs: [build-api, build-admin] + steps: + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.AWS_ROLE_ARN }} + aws-region: us-east-1 + + - name: Force new ECS deployment + run: | + aws ecs update-service \ + --cluster flexion-notify-dev-cluster \ + --service flexion-notify-dev-notify-service \ + --force-new-deployment \ + --region us-east-1 \ + --output text --query 'service.serviceName' From 4331211df3c1f986b739494748fa37ba46165455 Mon Sep 17 00:00:00 2001 From: Rachel Rogers Date: Wed, 11 Mar 2026 15:44:16 -0700 Subject: [PATCH 2/7] TEMP - testing workflow --- .github/workflows/deploy-dev.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml index 4857054..ccc6258 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-dev.yml @@ -4,6 +4,7 @@ on: push: branches: - main + - deploy-to-dev-workflow workflow_dispatch: concurrency: From bdad46c2a9e54c9d24a0bf8f109134c6d134df5f Mon Sep 17 00:00:00 2001 From: Rachel Rogers Date: Thu, 12 Mar 2026 09:04:56 -0700 Subject: [PATCH 3/7] Comment out use of terraform wrapper to see if CI logging returns --- .github/workflows/deploy-dev.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml index ccc6258..2820c55 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-dev.yml @@ -29,8 +29,8 @@ jobs: - name: Setup Terraform uses: hashicorp/setup-terraform@v3 - with: - terraform_wrapper: false + # with: + # terraform_wrapper: false - name: Terraform init working-directory: terraform/environments/dev From 935f57800661f35a4a062b6996e7cc4f240c419a Mon Sep 17 00:00:00 2001 From: Rachel Rogers Date: Thu, 12 Mar 2026 09:06:54 -0700 Subject: [PATCH 4/7] Use latest terraform setup action helper --- .github/workflows/deploy-dev.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml index 2820c55..a161736 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-dev.yml @@ -28,7 +28,7 @@ jobs: aws-region: us-east-1 - name: Setup Terraform - uses: hashicorp/setup-terraform@v3 + uses: hashicorp/setup-terraform@v4 # with: # terraform_wrapper: false From 9ea4a1cb536e5dbbb335fc7838b2fea19fd0dbfd Mon Sep 17 00:00:00 2001 From: Rachel Rogers Date: Fri, 20 Mar 2026 10:06:47 -0700 Subject: [PATCH 5/7] Refactor Dockerfiles to use 'cp' command for creating version.py from version.py.dist instead of COPY instruction. --- notifications-admin/Dockerfile | 2 +- notifications-api/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/notifications-admin/Dockerfile b/notifications-admin/Dockerfile index 0cfcfc2..7f426d5 100644 --- a/notifications-admin/Dockerfile +++ b/notifications-admin/Dockerfile @@ -30,7 +30,7 @@ RUN npm run build # Don't copy sample.env to .env - docker-compose provides REDIS_URL=redis://redis:6379/0 etc. # A copied .env with localhost would override those and break Redis in the container. # Create version.py from version.py.dist -COPY app/version.py.dist app/version.py +RUN cp app/version.py.dist app/version.py # Expose the port the Admin UI runs on EXPOSE 6012 diff --git a/notifications-api/Dockerfile b/notifications-api/Dockerfile index d159bb7..ea607a5 100644 --- a/notifications-api/Dockerfile +++ b/notifications-api/Dockerfile @@ -21,7 +21,7 @@ COPY . . # Don't copy sample.env to .env here - when run via docker-compose, env vars are # provided by compose. Copying would override REDIS_URL etc. with localhost values. # Create version.py from version.py.dist -COPY app/version.py.dist app/version.py +RUN cp app/version.py.dist app/version.py # Entrypoint runs init-databases.sql (mounted by compose) then flask db upgrade, then CMD. # Depends on postgres being up; docker-compose ensures that via depends_on + healthcheck. From b38cc9a102526a9f6ccb46d90576df90ca572ed5 Mon Sep 17 00:00:00 2001 From: Rachel Rogers Date: Fri, 20 Mar 2026 10:41:58 -0700 Subject: [PATCH 6/7] Update Dockerfile to use COPY for version.py creation and add version.py.dist file --- notifications-admin/Dockerfile | 4 +--- notifications-admin/app/version.py.dist | 2 ++ 2 files changed, 3 insertions(+), 3 deletions(-) create mode 100644 notifications-admin/app/version.py.dist diff --git a/notifications-admin/Dockerfile b/notifications-admin/Dockerfile index 7f426d5..cb7c144 100644 --- a/notifications-admin/Dockerfile +++ b/notifications-admin/Dockerfile @@ -12,8 +12,6 @@ ENV POETRY_VERSION=1.8.5 RUN curl -sSL https://install.python-poetry.org | python3 - && \ ln -s /root/.local/bin/poetry /usr/local/bin/poetry -WORKDIR /app - # Copy poetry configuration files COPY pyproject.toml poetry.lock ./ @@ -30,7 +28,7 @@ RUN npm run build # Don't copy sample.env to .env - docker-compose provides REDIS_URL=redis://redis:6379/0 etc. # A copied .env with localhost would override those and break Redis in the container. # Create version.py from version.py.dist -RUN cp app/version.py.dist app/version.py +COPY app/version.py.dist app/version.py # Expose the port the Admin UI runs on EXPOSE 6012 diff --git a/notifications-admin/app/version.py.dist b/notifications-admin/app/version.py.dist new file mode 100644 index 0000000..f328d7f --- /dev/null +++ b/notifications-admin/app/version.py.dist @@ -0,0 +1,2 @@ +__git_commit__ = "" +__time__ = "" From 416cf4979f4d9d2bb77cd6eb844e8a5fc9a42bd7 Mon Sep 17 00:00:00 2001 From: Rachel Rogers Date: Fri, 20 Mar 2026 11:06:27 -0700 Subject: [PATCH 7/7] Remove redundant branch from deploy-dev workflow configuration --- .github/workflows/deploy-dev.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml index a161736..0d1c125 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-dev.yml @@ -4,7 +4,6 @@ on: push: branches: - main - - deploy-to-dev-workflow workflow_dispatch: concurrency: