Skip to content

feat: add user account approval with admin review UI (#2145) #253

feat: add user account approval with admin review UI (#2145)

feat: add user account approval with admin review UI (#2145) #253

Workflow file for this run

name: Web UI deploy
on:
push:
branches:
- main
paths:
- ".github/workflows/web-deploy.yml"
- "moon/apps/web/**"
- "moon/packages/**"
env:
TIPTAP_PRIVATE_REGISTRY_KEY: ${{ secrets.TIPTAP_PRIVATE_REGISTRY_KEY }}
REGISTRY_ALIAS: m8q5m4u3
REPOSITORY: mega/mega-ui
IMAGE_VERSION: latest
permissions:
id-token: write
contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
# ---------------------------------------------------------------------------
# Build ONE environment-agnostic image.
#
# NEXT_PUBLIC_* values are NOT baked per environment anymore: the image is
# built with placeholder URLs (moon/apps/web/.env.runtime) that are replaced
# at container start by docker-entrypoint.sh using runtime env vars. Each
# environment (ECS task definition) must supply its own NEXT_PUBLIC_* values
# at runtime.
# ---------------------------------------------------------------------------
build-push:
runs-on: ubuntu-latest
timeout-minutes: 15
permissions:
id-token: write
contents: read
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: "20"
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Configure AWS Credentials (ECR Public, us-east-1)
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
- name: Login to Amazon ECR Public
id: login-ecr-public
uses: aws-actions/amazon-ecr-login@v2
with:
registry-type: public
- name: Build & push unified image
working-directory: moon
env:
ECR_PUBLIC_REGISTRY: ${{ steps.login-ecr-public.outputs.registry }}
PLATFORM: linux/amd64
run: |
set -euo pipefail
ARCH_SUFFIX="amd64"
IMAGE_TAG="${IMAGE_VERSION}-${ARCH_SUFFIX}"
SHORT_SHA="${GITHUB_SHA:0:7}"
SHA_TAG="${SHORT_SHA}-${ARCH_SUFFIX}"
PUBLIC_IMAGE="$ECR_PUBLIC_REGISTRY/${{ env.REGISTRY_ALIAS }}/${{ env.REPOSITORY }}:$IMAGE_TAG"
PUBLIC_IMAGE_SHA="$ECR_PUBLIC_REGISTRY/${{ env.REGISTRY_ALIAS }}/${{ env.REPOSITORY }}:$SHA_TAG"
docker buildx build \
--platform "$PLATFORM" \
--cache-from type=gha,scope=mega-ui \
--cache-to type=gha,mode=max,scope=mega-ui \
--provenance=false \
--sbom=false \
-f apps/web/Dockerfile \
-t "$PUBLIC_IMAGE" \
-t "$PUBLIC_IMAGE_SHA" . \
--push
manifest:
needs: build-push
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
- name: Login to Amazon ECR Public
id: login-ecr-public
uses: aws-actions/amazon-ecr-login@v2
with:
registry-type: public
- name: Create & push unified manifest
env:
REGISTRY: ${{ steps.login-ecr-public.outputs.registry }}
run: |
set -euo pipefail
IMAGE_BASE="$REGISTRY/${{ env.REGISTRY_ALIAS }}/${{ env.REPOSITORY }}"
TAG="${IMAGE_VERSION}"
SHORT_SHA="${GITHUB_SHA:0:7}"
# latest manifest
docker manifest create "$IMAGE_BASE:$TAG" \
"$IMAGE_BASE:${TAG}-amd64"
docker manifest push "$IMAGE_BASE:$TAG"
# commit-hash manifest
docker manifest create "$IMAGE_BASE:$SHORT_SHA" \
"$IMAGE_BASE:${SHORT_SHA}-amd64"
docker manifest push "$IMAGE_BASE:$SHORT_SHA"
deploy-aws:
needs: manifest
if: ${{ github.repository == 'gitmono-dev/mega' }}
runs-on: ubuntu-latest
permissions:
contents: read
strategy:
matrix:
include:
- cluster: gitmega-com
service: mega-frontend-development-service-6dcihwup
- cluster: gitmono-com-mega-app
service: mega-ui-service
steps:
- name: Force ECS redeploy
run: |
aws ecs update-service \
--cluster ${{ matrix.cluster }} \
--service ${{ matrix.service }} \
--force-new-deployment
env:
AWS_REGION: ap-southeast-2
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}