From 8ebeedc4c186ecca83079731d488a93f9fa3881b Mon Sep 17 00:00:00 2001
From: Manasa Venkatakrishnan <mvenkatakrishnan@chanzuckerberg.com>
Date: Mon, 16 Oct 2023 09:18:48 -0700
Subject: [PATCH] Adding staging deployment workflow

---
 .github/workflows/dev-deploy.yml     | 42 +++++++++++--------------
 .github/workflows/staging-deploy.yml | 47 ++++++++++++++++++++++++++++
 2 files changed, 65 insertions(+), 24 deletions(-)
 create mode 100644 .github/workflows/staging-deploy.yml

diff --git a/.github/workflows/dev-deploy.yml b/.github/workflows/dev-deploy.yml
index dba6604f0..605551cd1 100644
--- a/.github/workflows/dev-deploy.yml
+++ b/.github/workflows/dev-deploy.yml
@@ -1,4 +1,4 @@
-name: Push to dev cluster
+name: Deploy to dev cluster
 
 on:
   push:
@@ -13,13 +13,6 @@ permissions:
       id-token: write
       contents: read
 
-#env:
-  # Force using BuildKit instead of normal Docker, required so that metadata
-  # is written/read to allow us to use layers of previous builds as cache.
-#  DOCKER_BUILDKIT: 1
-#  COMPOSE_DOCKER_CLI_BUILD: 1
-#  DOCKER_REPO: ${{ secrets.ECR_REPO }}/
-
 jobs:
   deploy-to-dev:
     name: deploy dev branch
@@ -46,10 +39,12 @@ jobs:
           else
             echo $GITHUB_REF_NAME | tr '[:upper:]' '[:lower:]' | xargs -I {} -n 1 echo STACK_NAME={} >> $GITHUB_ENV
           fi
-      - name: Create update dev stack
+      - name: Create or update dev stack
         if: ${{ github.event_name == 'push' }}
         uses: chanzuckerberg/github-actions/.github/actions/deploy-happy-stack@v1.24.0
         env:
+          # Force using BuildKit instead of normal Docker, required so that metadata
+          # is written/read to allow us to use layers of previous builds as cache.
           DOCKER_BUILDKIT: 1
           COMPOSE_DOCKER_CLI_BUILD: 1
           DOCKER_REPO: ${{ secrets.ECR_REPO }}/
@@ -63,18 +58,17 @@ jobs:
           env: "dev"
           operation: "create-or-update"
 
-#      - name: Delete dev set up stack name
-#        if: ${{ github.event_name == 'delete' && startsWith(github.event.ref, 'dev-') }}
-#        run: |
-#          echo ${{ github.event.ref }} | tr '[:upper:]' '[:lower:]' | xargs -I {} -n 1 echo DELETE_STACK_NAME={} >> $GITHUB_ENV
-#
-#      - name: Delete dev
-#        if: ${{ github.event_name == 'delete' && startsWith(github.event.ref, 'dev-') }}
-#        uses: chanzuckerberg/github-actions/.github/actions/deploy-happy-stack@v1.24.0
-#        env:
-#          ENV: dev
-#        with:
-#          stack-name: ${{ env.DELETE_STACK_NAME }}
-#          operation: "delete"
-#          tfe-token: ${{ secrets.TFE_TOKEN }}
-#          env: "dev"
+      - name: Delete dev set up stack name
+        if: ${{ github.event_name == 'delete' && startsWith(github.event.ref, 'dev-') }}
+        run: |
+          echo ${{ github.event.ref }} | tr '[:upper:]' '[:lower:]' | xargs -I {} -n 1 echo DELETE_STACK_NAME={} >> $GITHUB_ENV
+      - name: Delete dev
+        if: ${{ github.event_name == 'delete' && startsWith(github.event.ref, 'dev-') }}
+        uses: chanzuckerberg/github-actions/.github/actions/deploy-happy-stack@v1.24.0
+        env:
+          ENV: dev
+        with:
+          stack-name: ${{ env.DELETE_STACK_NAME }}
+          operation: "delete"
+          tfe-token: ${{ secrets.TFE_TOKEN }}
+          env: "dev"
diff --git a/.github/workflows/staging-deploy.yml b/.github/workflows/staging-deploy.yml
new file mode 100644
index 000000000..0c08ee8d6
--- /dev/null
+++ b/.github/workflows/staging-deploy.yml
@@ -0,0 +1,47 @@
+name: Deploy to staging
+
+on:
+  push:
+    branches:
+      - 'main'
+
+# https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services
+permissions:
+      id-token: write
+      contents: read
+
+jobs:
+  deploy-to-staging:
+    name: deploy staging branch
+    runs-on: ubuntu-latest
+    environment: staging
+    if: github.repository == 'chanzuckerberg/cryoet-data-portal'
+    steps:
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          mask-aws-account-id: true
+          aws-region: ${{ secrets.AWS_REGION }}
+          role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
+          role-duration-seconds: 1200
+      - name: Login to ECR
+        uses: docker/login-action@v2
+        with:
+          registry: ${{ secrets.ECR_REPO }}
+      - name: Create or update stack
+        uses: chanzuckerberg/github-actions/.github/actions/deploy-happy-stack@v1.24.0
+        env:
+          # Force using BuildKit instead of normal Docker, required so that metadata
+          # is written/read to allow us to use layers of previous builds as cache.
+          DOCKER_BUILDKIT: 1
+          COMPOSE_DOCKER_CLI_BUILD: 1
+          DOCKER_REPO: ${{ secrets.ECR_REPO }}/
+          ENV: staging
+        with:
+          stack-name: ${{ env.STACK_NAME }}
+          create-tag: "true"
+          tag: ${{ env.STACK_NAME }}
+          tfe-token: ${{ secrets.TFE_TOKEN }}
+          working-directory: ./frontend
+          env: staging
+          operation: "create-or-update"