feat: add user account approval with admin review UI (#2145) #253
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Web UI deploy | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - ".github/workflows/web-deploy.yml" | |
| - "moon/apps/web/**" | |
| - "moon/packages/**" | |
| env: | |
| TIPTAP_PRIVATE_REGISTRY_KEY: ${{ secrets.TIPTAP_PRIVATE_REGISTRY_KEY }} | |
| REGISTRY_ALIAS: m8q5m4u3 | |
| REPOSITORY: mega/mega-ui | |
| IMAGE_VERSION: latest | |
| permissions: | |
| id-token: write | |
| contents: read | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| # --------------------------------------------------------------------------- | |
| # Build ONE environment-agnostic image. | |
| # | |
| # NEXT_PUBLIC_* values are NOT baked per environment anymore: the image is | |
| # built with placeholder URLs (moon/apps/web/.env.runtime) that are replaced | |
| # at container start by docker-entrypoint.sh using runtime env vars. Each | |
| # environment (ECS task definition) must supply its own NEXT_PUBLIC_* values | |
| # at runtime. | |
| # --------------------------------------------------------------------------- | |
| build-push: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 15 | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: "20" | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Configure AWS Credentials (ECR Public, us-east-1) | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: us-east-1 | |
| - name: Login to Amazon ECR Public | |
| id: login-ecr-public | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| with: | |
| registry-type: public | |
| - name: Build & push unified image | |
| working-directory: moon | |
| env: | |
| ECR_PUBLIC_REGISTRY: ${{ steps.login-ecr-public.outputs.registry }} | |
| PLATFORM: linux/amd64 | |
| run: | | |
| set -euo pipefail | |
| ARCH_SUFFIX="amd64" | |
| IMAGE_TAG="${IMAGE_VERSION}-${ARCH_SUFFIX}" | |
| SHORT_SHA="${GITHUB_SHA:0:7}" | |
| SHA_TAG="${SHORT_SHA}-${ARCH_SUFFIX}" | |
| PUBLIC_IMAGE="$ECR_PUBLIC_REGISTRY/${{ env.REGISTRY_ALIAS }}/${{ env.REPOSITORY }}:$IMAGE_TAG" | |
| PUBLIC_IMAGE_SHA="$ECR_PUBLIC_REGISTRY/${{ env.REGISTRY_ALIAS }}/${{ env.REPOSITORY }}:$SHA_TAG" | |
| docker buildx build \ | |
| --platform "$PLATFORM" \ | |
| --cache-from type=gha,scope=mega-ui \ | |
| --cache-to type=gha,mode=max,scope=mega-ui \ | |
| --provenance=false \ | |
| --sbom=false \ | |
| -f apps/web/Dockerfile \ | |
| -t "$PUBLIC_IMAGE" \ | |
| -t "$PUBLIC_IMAGE_SHA" . \ | |
| --push | |
| manifest: | |
| needs: build-push | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: us-east-1 | |
| - name: Login to Amazon ECR Public | |
| id: login-ecr-public | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| with: | |
| registry-type: public | |
| - name: Create & push unified manifest | |
| env: | |
| REGISTRY: ${{ steps.login-ecr-public.outputs.registry }} | |
| run: | | |
| set -euo pipefail | |
| IMAGE_BASE="$REGISTRY/${{ env.REGISTRY_ALIAS }}/${{ env.REPOSITORY }}" | |
| TAG="${IMAGE_VERSION}" | |
| SHORT_SHA="${GITHUB_SHA:0:7}" | |
| # latest manifest | |
| docker manifest create "$IMAGE_BASE:$TAG" \ | |
| "$IMAGE_BASE:${TAG}-amd64" | |
| docker manifest push "$IMAGE_BASE:$TAG" | |
| # commit-hash manifest | |
| docker manifest create "$IMAGE_BASE:$SHORT_SHA" \ | |
| "$IMAGE_BASE:${SHORT_SHA}-amd64" | |
| docker manifest push "$IMAGE_BASE:$SHORT_SHA" | |
| deploy-aws: | |
| needs: manifest | |
| if: ${{ github.repository == 'gitmono-dev/mega' }} | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| strategy: | |
| matrix: | |
| include: | |
| - cluster: gitmega-com | |
| service: mega-frontend-development-service-6dcihwup | |
| - cluster: gitmono-com-mega-app | |
| service: mega-ui-service | |
| steps: | |
| - name: Force ECS redeploy | |
| run: | | |
| aws ecs update-service \ | |
| --cluster ${{ matrix.cluster }} \ | |
| --service ${{ matrix.service }} \ | |
| --force-new-deployment | |
| env: | |
| AWS_REGION: ap-southeast-2 | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} |