Merge pull request #243 from wizelineacademy/dev #275
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: deploy | |
| on: | |
| push: | |
| branches: | |
| - main | |
| env: | |
| AUTH_SECRET: ${{ secrets.AUTH_SECRET }} | |
| POSTGRES_URL: ${{ secrets.POSTGRES_URL }} | |
| OPENAI_KEY: ${{ secrets.OPENAI_KEY }} | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| # These permissions are needed to interact with GitHub's OIDC Token endpoint. | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - name: Git checkout | |
| uses: actions/checkout@v4 | |
| - name: Install SST | |
| run: | | |
| wget https://github.com/sst/ion/releases/download/v0.0.411/sst-linux-amd64.deb | |
| sudo dpkg -i sst-linux-amd64.deb | |
| - name: Install Bun | |
| uses: oven-sh/setup-bun@v1 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: arn:aws:iam::211125454464:role/GitHub | |
| role-duration-seconds: 1200 #adjust as needed for your build time | |
| aws-region: us-east-1 | |
| - name: Unlock SST | |
| run: | | |
| sst unlock --stage prod | |
| - name: Copy Secrets for Production | |
| run: | | |
| sst secret set AuthSecret ${{ secrets.AUTH_SECRET }} --stage=prod | |
| sst secret set PostgresURL ${{ secrets.POSTGRES_URL }} --stage=prod | |
| sst secret set OpenAIKey ${{ secrets.OPENAI_KEY }} --stage=prod | |
| - name: Deploy to AWS with SST | |
| run: | | |
| bun install | |
| sst deploy --stage=prod --verbose |