.github/workflows/ci-cd.yaml

name: ci/cd

on:
  push:
    branches:
      - main
  pull_request:

permissions:
  id-token: write
  contents: read
  pull-requests: write

env:
  AWS_REGION: ${{ secrets.AWS_REGION }}
  TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
  TURBO_TEAM: ${{ vars.TURBO_TEAM }}

jobs:
  ci:
    name: ci
    runs-on: ubuntu-22.04

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Setup node
        uses: actions/setup-node@v4
        with:
          node-version: "20.x"

      - name: Setup pnpm
        uses: pnpm/action-setup@v3
        with:
          version: 9
          run_install: |
            - recursive: true

      - name: Format
        run: pnpm run format:check

      - name: Write frontend environment variables
        run: printf "VITE_API_BASE_URL=%s\n" "${{ vars.VITE_API_BASE_URL }}" >> .env
        working-directory: ./apps/frontend

      - name: Write backend environment variables
        run: |
          printf "EXTERNAL_API_BASE_URL=%s\n" "${{ vars.API_FUNCTION_EXTERNAL_API_BASE_URL }}" >> .env
          printf "RESTAURANT_SCRAPE_BASE_URL=%s\n" "${{ vars.API_FUNCTION_RESTAURANT_SCRAPE_BASE_URL }}" >> .env
          printf "FLAVORS_SCRAPE_BASE_URL=%s\n" "${{ vars.API_FUNCTION_FLAVORS_SCRAPE_BASE_URL }}" >> .env
          printf "FLAVOR_IMAGE_BASE_URL=%s\n" "${{ vars.API_FUNCTION_FLAVOR_IMAGE_BASE_URL }}" >> .env
          printf "LOGO_SVG_URL=%s\n" "${{ vars.API_FUNCTION_LOGO_SVG_URL }}" >> .env
          printf "CORS_ORIGIN=%s\n" "${{ vars.API_FUNCTION_CORS_ORIGIN }}" >> .env
        working-directory: ./apps/backend

      - name: Build
        run: pnpm run build

      - name: Lint
        run: pnpm run lint

      - name: Test
        run: pnpm run test

      - name: Upload backend build artifact
        uses: actions/upload-artifact@v4
        with:
          name: backend
          path: ./apps/backend/lambda/index.js

      - name: Upload frontend build artifact
        uses: actions/upload-artifact@v4
        with:
          name: frontend
          path: ./apps/frontend/dist/*

  cd:
    name: cd
    runs-on: ubuntu-22.04
    needs: [ci]
    env:
      TF_VAR_aws_region: ${{ secrets.AWS_REGION }}
      TF_VAR_root_domain_name: ${{ vars.ROOT_DOMAIN_NAME }}
      TF_VAR_cloudflare_api_token: ${{ secrets.TERRAFORM_CLOUDFLARE_API_TOKEN }}
      TF_VAR_cloudflare_zone_id: ${{ secrets.TERRAFORM_CLOUDFLARE_ZONE_ID }}
      TF_VAR_api_function_external_api_base_url: ${{ vars.API_FUNCTION_EXTERNAL_API_BASE_URL }}
      TF_VAR_api_function_restaurant_scrape_base_url: ${{ vars.API_FUNCTION_RESTAURANT_SCRAPE_BASE_URL }}
      TF_VAR_api_function_flavors_scrape_base_url: ${{ vars.API_FUNCTION_FLAVORS_SCRAPE_BASE_URL }}
      TF_VAR_api_function_flavor_image_base_url: ${{ vars.API_FUNCTION_FLAVOR_IMAGE_BASE_URL }}
      TF_VAR_api_function_logo_svg_url: ${{ vars.API_FUNCTION_LOGO_SVG_URL }}
      TF_VAR_api_function_cors_origin: ${{ vars.API_FUNCTION_CORS_ORIGIN }}

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Download backend build artifact
        uses: actions/download-artifact@v4
        with:
          name: backend
          path: ./apps/backend/lambda

      - name: Download frontend build artifact
        uses: actions/download-artifact@v4
        with:
          name: frontend
          path: ./apps/frontend/dist

      - name: Download LLRT
        run: curl -L -o llrt.zip https://github.com/awslabs/llrt/releases/latest/download/llrt-lambda-arm64.zip
        working-directory: ./apps/backend
      - name: Unzip LLRT
        run: unzip llrt.zip
        working-directory: ./apps/backend
      - name: Copy bootstrap
        run: cp bootstrap ./lambda/
        working-directory: ./apps/backend

      - name: Zip lambda
        run: zip -j lambda.zip ./lambda/*
        working-directory: ./apps/backend

      - name: AWS CLI version
        run: aws --version

      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v4
        with:
          role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
          aws-region: ${{ secrets.AWS_REGION }}

      - name: Setup Terraform
        uses: hashicorp/setup-terraform@v3

      - name: Terraform init
        run: terraform init
        working-directory: ./infra

      - name: Terraform validate
        run: terraform validate
        working-directory: ./infra

      - name: Terraform format
        run: terraform fmt -check
        working-directory: ./infra

      - name: Terraform plan
        if: github.event_name == 'pull_request'
        run: terraform plan -input=false
        working-directory: ./infra

      - name: Terraform apply
        if: github.ref == 'refs/heads/main' && github.event_name == 'push'
        run: terraform apply -auto-approve -input=false
        working-directory: ./infra

      - name: Terraform outputs
        id: terraform
        run: |
          echo "API_FUNCTION_NAME=$(terraform output -raw api_function_name)" >> $GITHUB_OUTPUT
          echo "API_DISTRIBUTION_ID=$(terraform output -raw api_distribution_id)" >> $GITHUB_OUTPUT
          echo "APP_DISTRIBUTION_ID=$(terraform output -raw app_distribution_id)" >> $GITHUB_OUTPUT
        working-directory: ./infra

        # Deploy frontend and backend

      - name: Update api lambda function code
        if: github.ref == 'refs/heads/main' && github.event_name == 'push'
        run: aws lambda update-function-code --zip-file fileb://lambda.zip --function-name ${{ steps.terraform.outputs.API_FUNCTION_NAME }}
        working-directory: ./apps/backend

      - name: Invalidate api distribution
        if: github.ref == 'refs/heads/main' && github.event_name == 'push'
        run: aws cloudfront create-invalidation --distribution-id ${{ steps.terraform.outputs.API_DISTRIBUTION_ID }} --paths "/**/*"
        working-directory: ./apps/backend

      - name: Sync app s3 bucket
        if: github.ref == 'refs/heads/main' && github.event_name == 'push'
        run: aws s3 sync dist/ s3://fodder.declanlscott.com/ --delete --exclude ".DS_Store"
        working-directory: ./apps/frontend

      - name: Invalidate app distribution
        if: github.ref == 'refs/heads/main' && github.event_name == 'push'
        run: aws cloudfront create-invalidation --distribution-id ${{ steps.terraform.outputs.APP_DISTRIBUTION_ID }} --paths "/**/*"
        working-directory: ./apps/frontend