sillsdev · FyreByrd · Mar 26, 2026 · Feb 27, 2026 · Mar 25, 2026 · Mar 26, 2026
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -0,0 +1,82 @@
+name: BuildEngine v2 Deploy to AWS
+
+on:
+  workflow_call:
+    inputs:
+      BUILD_NUMBER:
+        type: 'string'
+        required: true
+      ECS_CLUSTER:
+        type: 'string'
+        required: true
+      DOCKER_TAG:
+        type: 'string'
+        required: true
+      BUILD_ENGINE_BUILD_TAG:
+        type: 'string'
+        required: true
+      OTEL_BUILD_TAG:
+        type: 'string'
+        required: true
+    secrets:
+      AWS_ACCESS_KEY_ID:
+        required: true
+      AWS_SECRET_ACCESS_KEY:
+        required: true
+      AWS_DEFAULT_REGION:
+        required: true
+      AWS_ECR_ACCOUNT:
+        required: true
+
+jobs:
+  deploy-to-ecr:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Pull from GHCR
+        run: |
+          docker pull ghcr.io/sillsdev/appbuilder-buildengine-api:${{ inputs.DOCKER_TAG }}
+          docker pull ghcr.io/sillsdev/appbuilder-buildengine-otel:${{ inputs.DOCKER_TAG }}
+
+      - name: Configure AWS credentials
+        id: aws
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
+
+      - name: Login to AWS ECR
+        id: ecr
+        uses: aws-actions/amazon-ecr-login@v2
+        with:
+          registries: ${{ secrets.AWS_ECR_ACCOUNT }}
+
+      - name: Build deployment target variables
+        id: vars
+        run: |
+          echo "Setting up deployment variables..."
+          echo "IMAGE_URL=${{ steps.ecr.outputs.registry }}/appbuilder-buildengine-api-origin" >> $GITHUB_OUTPUT
+          echo "OTEL_URL=${{ steps.ecr.outputs.registry }}/appbuilder-buildengine-api-otel-collector" >> $GITHUB_OUTPUT
+
+      - name: Push to AWS ECR
+        run: |
+          docker tag ${{ inputs.BUILD_ENGINE_BUILD_TAG}} "${{ steps.vars.outputs.IMAGE_URL }}:${{ inputs.DOCKER_TAG }}"
+          docker tag ${{ inputs.BUILD_ENGINE_BUILD_TAG}} "${{ steps.vars.outputs.IMAGE_URL }}:${{ inputs.BUILD_NUMBER }}"
+          docker tag ${{ inputs.OTEL_BUILD_TAG}} "${{ steps.vars.outputs.OTEL_URL }}:${{ inputs.DOCKER_TAG }}"
+          docker tag ${{ inputs.OTEL_BUILD_TAG}} "${{ steps.vars.outputs.OTEL_URL }}:${{ inputs.BUILD_NUMBER }}"
+          echo "Docker images tagged as ${{ inputs.DOCKER_TAG }} and ${{ inputs.BUILD_NUMBER }}"
+
+          docker push "${{ steps.vars.outputs.IMAGE_URL }}:${{ inputs.DOCKER_TAG }}"
+          docker push "${{ steps.vars.outputs.IMAGE_URL }}:${{ inputs.BUILD_NUMBER }}"
+          echo "Docker images pushed successfully to ${{ steps.vars.outputs.IMAGE_URL }}"
+
+          docker push "${{ steps.vars.outputs.OTEL_URL }}:${{ inputs.DOCKER_TAG }}"
+          docker push "${{ steps.vars.outputs.OTEL_URL }}:${{ inputs.BUILD_NUMBER }}"
+          echo "Docker images pushed successfully to ${{ steps.vars.outputs.OTEL_URL }}"
+
+      - name: Deploy to ECS
+        if: ${{ inputs.ECS_CLUSTER != 'none' }}
+        run: |
+          echo "Deploying ${{ inputs.BUILD_NUMBER }} to ${{ inputs.ECS_CLUSTER }}"
+          # Deploy to ECS cluster with service name 'build-engine', setting all images to the latest tag
+          ecs-deploy -c ${{ inputs.ECS_CLUSTER }} -n buildengine -i ignore -to ${{ inputs.BUILD_NUMBER }} --max-definitions 20 --timeout 600
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -1,70 +1,54 @@
-name: BuildEngine CI
+name: BuildEngine v2 Test and Deploy
 
 on:
   push:
-    branches: [master, develop, github-builds]
-  pull_request:
   workflow_dispatch:
     inputs:
-      logLevel:
-        description: "Log Level"
-        required: true
-        default: "warning"
       tags:
         description: "Tags"
-  schedule:
-    - cron: "0 0 * * 0" # weekly
 
 env:
-  BUILD_TAG: "build-engine-api:${{ github.run_number }}"
-  BUILD_NUMBER: ${{ github.run_number }}
+  BUILD_ENGINE_BUILD_TAG: "build-engine-api:${{ github.run_number }}"
+  OTEL_BUILD_TAG: "build-engine-otel:${{ github.run_number }}"
 
 jobs:
-  build:
+  check:
+    uses: "./.github/workflows/setup.yml"
+    secrets:
+      AUTH0_SECRET: ${{ secrets.AUTH0_SECRET }}
+  push-to-ghcr:
     runs-on: ubuntu-latest
-
+    needs: check
+    outputs:
+      DOCKER_TAG: ${{ steps.branch.outputs.DOCKER_TAG }}
+      ECS_CLUSTER: ${{ steps.branch.outputs.ECS_CLUSTER }}
+      BUILD_ENGINE_BUILD_TAG: ${{ env.BUILD_ENGINE_BUILD_TAG }}
+      OTEL_BUILD_TAG: ${{ env.OTEL_BUILD_TAG }}
+    if: ${{ success() && (github.ref == 'refs/heads/develop' || github.ref == 'refs/heads/master') }}
     steps:
-      - uses: actions/checkout@v3
-
-      - name: Get environment info
-        run: |
-          echo Docker version
-          docker --version
-          echo
-          echo Env
-          env
-
-      - name: Setup local.env
-        run: |
-          echo "COMPOSER_AUTH={\"github-oauth\":{\"github.com\":\""${{ secrets.GITHUB_TOKEN }}\""}}" > local.env
-
-      - name: Install dependencies
-        run: |
-          echo "Installing ecs-deploy script..."
-          mkdir -p $HOME/.local/bin
-          curl -o $HOME/.local/bin/ecs-deploy https://raw.githubusercontent.com/silinternational/ecs-deploy/master/ecs-deploy
-          chmod +x $HOME/.local/bin/ecs-deploy
-
-      - name: Tests
-        run: |
-          make test
+      - name: Checkout
+        uses: actions/checkout@v5
 
-      - name: Build docker image
-        uses: docker/build-push-action@v4
+      - name: Setup node
+        uses: actions/setup-node@v5
         with:
-          push: false
-          tags: ${{ env.BUILD_TAG }}
-          context: .
-          load: true
+          node-version: 24
 
       - name: Determine branch tag
         id: branch
         run: |
           if [[ "${GITHUB_HEAD_REF}" != "" ]]; then BRANCH="${GITHUB_HEAD_REF}"; else BRANCH="${GITHUB_REF_NAME}"; fi
           case $BRANCH in develop) DOCKER_TAG="staging" ;; master) DOCKER_TAG="production" ;; *) DOCKER_TAG="${BRANCH//\//-}" ;; esac
           case $BRANCH in develop) ECS_CLUSTER="scriptoria-stg";; master) ECS_CLUSTER="scriptoria-prd" ;; *) ECS_CLUSTER="none" ;; esac
-          echo "DockerTag=${DOCKER_TAG}" >> $GITHUB_OUTPUT
-          echo "EcsCluster=${ECS_CLUSTER}" >> $GITHUB_OUTPUT
+          echo "DOCKER_TAG=${DOCKER_TAG}" >> $GITHUB_OUTPUT
+          echo "ECS_CLUSTER=${ECS_CLUSTER}" >> $GITHUB_OUTPUT
+
+      - name: Build Docker images
+        run: |
+          echo "Building Docker images..."
+          docker build -t ${{ env.BUILD_ENGINE_BUILD_TAG}} .
+          docker build -t ${{ env.OTEL_BUILD_TAG}} -f Dockerfile.otel .
+          echo "Docker images built successfully."
 
       - name: Login to GitHub Container Registry
         uses: docker/login-action@v2
@@ -75,110 +59,54 @@ jobs:
 
       - name: Push to GHCR
         run: |
-          docker tag ${{ env.BUILD_TAG }} ghcr.io/sillsdev/appbuilder-buildengine-api:${{ steps.branch.outputs.DockerTag }}
-          docker push ghcr.io/sillsdev/appbuilder-buildengine-api:${{ steps.branch.outputs.DockerTag }}
-
-      - name: Configure AWS credentials (SIL)
-        id: aws_sil
-        uses: aws-actions/configure-aws-credentials@v4
-        with:
-          aws-access-key-id: ${{ secrets.SIL__AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.SIL__AWS_SECRET_ACCESS_KEY }}
-          aws-region: ${{ secrets.SIL__AWS_DEFAULT_REGION }}
-
-      - name: Login to AWS ECR (SIL)
-        id: ecr_sil
-        uses: aws-actions/amazon-ecr-login@v2
-        with:
-          registries: ${{ secrets.SIL__AWS_ECR_ACCOUNT }}
-
-      - name: Push to AWS ECR (SIL)
-        run: |
-          docker tag ${{ env.BUILD_TAG }} "${{ steps.ecr_sil.outputs.registry }}/appbuilder-buildengine-api:${{ steps.branch.outputs.DockerTag }}"
-          docker tag ${{ env.BUILD_TAG }} "${{ steps.ecr_sil.outputs.registry }}/appbuilder-buildengine-api:${{ env.BUILD_NUMBER }}"
-          docker push "${{ steps.ecr_sil.outputs.registry }}/appbuilder-buildengine-api:${{ steps.branch.outputs.DockerTag }}"
-          docker push "${{ steps.ecr_sil.outputs.registry }}/appbuilder-buildengine-api:${{ env.BUILD_NUMBER }}"
-
-      - name: Deploy to ECS (SIL)
-        if: ${{ steps.branch.outputs.EcsCluster != 'none' }}
-        run: |
-          echo "Deploying ${{ env.BUILD_NUMBER }} to ${{ steps.branch.outputs.EcsCluster }}"
-          # Deploy to ECS cluster with service name 'build-engine', setting all images to the latest tag
-          ecs-deploy -c ${{ steps.branch.outputs.EcsCluster }} -n buildengine -i ignore -to ${{ env.BUILD_NUMBER }} --max-definitions 20 --timeout 600
-          echo "Deployment initiated successfully."
-
-      - name: Configure AWS credentials (FCBH)
-        if: false # Temporarily disabled - remove this line to re-enable
-        # if: ${{ steps.branch.outputs.EcsCluster == 'scriptoria-prd' }}  # Restore this when re-enabling
-        id: aws_fcbh
-        uses: aws-actions/configure-aws-credentials@v4
-        with:
-          aws-access-key-id: ${{ secrets.FCBH__AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.FCBH__AWS_SECRET_ACCESS_KEY }}
-          aws-region: ${{ secrets.FCBH__AWS_DEFAULT_REGION }}
-
-      - name: Login to AWS ECR (FCBH)
-        if: false # Temporarily disabled - remove this line to re-enable
-        # if: ${{ steps.branch.outputs.EcsCluster == 'scriptoria-prd' }}  # Restore this when re-enabling
-        id: ecr_fcbh
-        uses: aws-actions/amazon-ecr-login@v2
-        with:
-          registries: ${{ secrets.FCBH__AWS_ECR_ACCOUNT }}
-
-      - name: Push to AWS ECR (FCBH)
-        if: false # Temporarily disabled - remove this line to re-enable
-        # if: ${{ steps.branch.outputs.EcsCluster == 'scriptoria-prd' }}  # Restore this when re-enabling
-        run: |
-          docker tag ${{ env.BUILD_TAG }} "${{ steps.ecr_fcbh.outputs.registry }}/appbuilder-buildengine-api:${{ steps.branch.outputs.DockerTag }}"
-          docker tag ${{ env.BUILD_TAG }} "${{ steps.ecr_fcbh.outputs.registry }}/appbuilder-buildengine-api:${{ env.BUILD_NUMBER }}"
-          docker push "${{ steps.ecr_fcbh.outputs.registry }}/appbuilder-buildengine-api:${{ steps.branch.outputs.DockerTag }}"
-          docker push "${{ steps.ecr_fcbh.outputs.registry }}/appbuilder-buildengine-api:${{ env.BUILD_NUMBER }}"
-
-      - name: Deploy to ECS (FCBH)
-        if: false # Temporarily disabled - remove this line to re-enable
-        # if: ${{ steps.branch.outputs.EcsCluster == 'scriptoria-prd' }}  # Restore this when re-enabling
-        run: |
-          echo "Deploying ${{ env.BUILD_NUMBER }} to ${{ steps.branch.outputs.EcsCluster }}"
-          # Deploy to ECS cluster with service name 'build-engine', setting all images to the latest tag
-          ecs-deploy -c ${{ steps.branch.outputs.EcsCluster }} -n buildengine -i ignore -to ${{ env.BUILD_NUMBER }} --max-definitions 20 --timeout 600
-          echo "Deployment initiated successfully."
-
-      - name: Configure AWS credentials (LU)
-        if: ${{ steps.branch.outputs.EcsCluster == 'scriptoria-stg' }}
-        id: aws_lu
-        uses: aws-actions/configure-aws-credentials@v4
-        with:
-          aws-access-key-id: ${{ secrets.LU__AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.LU__AWS_SECRET_ACCESS_KEY }}
-          aws-region: ${{ secrets.LU__AWS_DEFAULT_REGION }}
-
-      - name: Login to AWS ECR (LU)
-        if: ${{ steps.branch.outputs.EcsCluster == 'scriptoria-stg' }}
-        id: ecr_lu
-        uses: aws-actions/amazon-ecr-login@v2
-        with:
-          registries: ${{ secrets.LU__AWS_ECR_ACCOUNT }}
-
-      - name: Push to AWS ECR (LU)
-        if: ${{ steps.branch.outputs.EcsCluster == 'scriptoria-stg' }}
-        run: |
-          docker tag ${{ env.BUILD_TAG }} "${{ steps.ecr_lu.outputs.registry }}/appbuilder-buildengine-api:${{ steps.branch.outputs.DockerTag }}"
-          docker tag ${{ env.BUILD_TAG }} "${{ steps.ecr_lu.outputs.registry }}/appbuilder-buildengine-api:${{ env.BUILD_NUMBER }}"
-          docker push "${{ steps.ecr_lu.outputs.registry }}/appbuilder-buildengine-api:${{ steps.branch.outputs.DockerTag }}"
-          docker push "${{ steps.ecr_lu.outputs.registry }}/appbuilder-buildengine-api:${{ env.BUILD_NUMBER }}"
-
-      - name: Deploy to ECS (LU)
-        if: ${{ steps.branch.outputs.EcsCluster == 'scriptoria-stg' }}
-        run: |
-          echo "Deploying ${{ env.BUILD_NUMBER }} to ${{ steps.branch.outputs.EcsCluster }}"
-          # Deploy to ECS cluster with service name 'build-engine', setting all images to the latest tag
-          ecs-deploy -c ${{ steps.branch.outputs.EcsCluster }} -n buildengine -i ignore -to ${{ env.BUILD_NUMBER }} --max-definitions 20 --timeout 600
-          echo "Deployment initiated successfully."
-
-      - name: Clean up older packages
-        uses: actions/delete-package-versions@v4
-        with:
-          package-name: "appbuilder-buildengine-api"
-          package-type: "container"
-          min-versions-to-keep: 6
-          delete-only-untagged-versions: "true"
+          docker tag ${{ env.BUILD_ENGINE_BUILD_TAG }} ghcr.io/sillsdev/appbuilder-buildengine-api:${{ steps.branch.outputs.DOCKER_TAG }}
+          docker push ghcr.io/sillsdev/appbuilder-buildengine-api:${{ steps.branch.outputs.DOCKER_TAG }}
+
+          docker tag ${{ env.OTEL_BUILD_TAG }} ghcr.io/sillsdev/appbuilder-buildengine-otel:${{ steps.branch.outputs.DOCKER_TAG }}
+          docker push ghcr.io/sillsdev/appbuilder-buildengine-otel:${{ steps.branch.outputs.DOCKER_TAG }}
+
+  deploy-sil:
+    needs: push-to-ghcr
+    uses: "./.github/workflows/deploy.yml"
+    with:
+      BUILD_NUMBER: ${{ github.run_number }}
+      ECS_CLUSTER: ${{ needs.push-to-ghcr.outputs.ECS_CLUSTER }}
+      DOCKER_TAG: ${{ needs.push-to-ghcr.outputs.DOCKER_TAG }}
+      BUILD_ENGINE_BUILD_TAG: ${{ needs.push-to-ghcr.outputs.BUILD_ENGINE_BUILD_TAG }}
+      OTEL_BUILD_TAG: ${{ needs.push-to-ghcr.outputs.OTEL_BUILD_TAG }}
+    secrets:
+      AWS_ACCESS_KEY_ID: ${{ secrets.SIL__AWS_ACCESS_KEY_ID }}
+      AWS_SECRET_ACCESS_KEY: ${{ secrets.SIL__AWS_SECRET_ACCESS_KEY }}
+      AWS_DEFAULT_REGION: ${{ secrets.SIL__AWS_DEFAULT_REGION }}
+      AWS_ECR_ACCOUNT: ${{ secrets.SIL__AWS_ECR_ACCOUNT }}
+  deploy-fcbh:
+    needs: push-to-ghcr
+    if: false # Temporarily disabled - remove this line to re-enable
+    # if: ${{ needs.push-to-ghcr.outputs.ECS_CLUSTER == 'scriptoria-prd' }}  # Restore this when re-enabling
+    uses: "./.github/workflows/deploy.yml"
+    with:
+      BUILD_NUMBER: ${{ github.run_number }}
+      ECS_CLUSTER: ${{ needs.push-to-ghcr.outputs.ECS_CLUSTER }}
+      DOCKER_TAG: ${{ needs.push-to-ghcr.outputs.DOCKER_TAG }}
+      BUILD_ENGINE_BUILD_TAG: ${{ needs.push-to-ghcr.outputs.BUILD_ENGINE_BUILD_TAG }}
+      OTEL_BUILD_TAG: ${{ needs.push-to-ghcr.outputs.OTEL_BUILD_TAG }}
+    secrets:
+      AWS_ACCESS_KEY_ID: ${{ secrets.FCBH__AWS_ACCESS_KEY_ID }}
+      AWS_SECRET_ACCESS_KEY: ${{ secrets.FCBH__AWS_SECRET_ACCESS_KEY }}
+      AWS_DEFAULT_REGION: ${{ secrets.FCBH__AWS_DEFAULT_REGION }}
+      AWS_ECR_ACCOUNT: ${{ secrets.FCBH__AWS_ECR_ACCOUNT }}
+  deploy-lu:
+    needs: push-to-ghcr
+    if: ${{ needs.push-to-ghcr.outputs.ECS_CLUSTER == 'scriptoria-stg' }}
+    uses: "./.github/workflows/deploy.yml"
+    with:
+      BUILD_NUMBER: ${{ github.run_number }}
+      ECS_CLUSTER: ${{ needs.push-to-ghcr.outputs.ECS_CLUSTER }}
+      DOCKER_TAG: ${{ needs.push-to-ghcr.outputs.DOCKER_TAG }}
+      BUILD_ENGINE_BUILD_TAG: ${{ needs.push-to-ghcr.outputs.BUILD_ENGINE_BUILD_TAG }}
+      OTEL_BUILD_TAG: ${{ needs.push-to-ghcr.outputs.OTEL_BUILD_TAG }}
+    secrets:
+      AWS_ACCESS_KEY_ID: ${{ secrets.LU__AWS_ACCESS_KEY_ID }}
+      AWS_SECRET_ACCESS_KEY: ${{ secrets.LU__AWS_SECRET_ACCESS_KEY }}
+      AWS_DEFAULT_REGION: ${{ secrets.LU__AWS_DEFAULT_REGION }}
+      AWS_ECR_ACCOUNT: ${{ secrets.LU__AWS_ECR_ACCOUNT }}
diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
@@ -0,0 +1,11 @@
+name: Test and Lint
+
+on:
+  pull_request:
+    branches:
+      - master
+      - develop
+
+jobs:
+  checks:
+    uses: ./.github/workflows/setup.yml