.github/workflows/deploy.yml

name: Build and deploy

on:
  push:
    branches: main
  workflow_dispatch:

concurrency:
  group: deploy
  cancel-in-progress: false

env:
  REGISTRY: ghcr.io
  IMAGE_NAME: ${{ github.repository }}
  AWS_REGION: us-east-1
  STACK_NAME: prod-HexBug
  S3_BUCKET: prod-objectobject-ca-codedeploy-artifacts
  CDK_IAM_ROLE_ARN: arn:aws:iam::511603859520:role/prod-objectobject-ca-GitHubActionsCDKRole19D97701-sweSB0Sp33WN
  HEALTH_CHECK_CHANNEL_ID: "1191901093077188710"

jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
        with:
          submodules: recursive
      - uses: object-Object/ci/setup@v0
        with:
          python-version: 3.11
          python-packages: nox

      - name: Run tests
        run: nox

  scrape-book-types:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
        with:
          submodules: recursive
      - uses: object-Object/ci/setup@v0
        with:
          python-version: 3.11
          python-packages: .[runtime]
      
      - name: Scrape book types
        run: |
          python scripts/github/scrape_book_types.py > book_types.py.new
          mv book_types.py.new src/HexBug/utils/book_types.py
          ruff format src/HexBug/utils/book_types.py
          ruff check --select=I --fix src/HexBug/utils/book_types.py

      - name: Fail if book types need to be updated
        run: git diff --exit-code
      
      - name: Dump patterns
        run: python scripts/github/dump_patterns.py patterns.csv.new
      
      - name: Check out gh-pages
        uses: actions/checkout@v3
        with:
          clean: false
          ref: gh-pages
      
      - name: Overwrite file
        run: mv patterns.csv.new patterns.csv
      
      - name: Commit updated pattern dump
        uses: stefanzweifel/git-auto-commit-action@v4
        with:
          commit_message: Update pattern dump
          file_pattern: patterns.csv

  deploy-aws-cdk:
    needs: [test, scrape-book-types]
    runs-on: ubuntu-latest
    environment:
      name: prod-aws-cdk
    permissions:
      id-token: write
      contents: read
    outputs:
      application-name: ${{ steps.cdk-outputs.outputs.application-name }}
      deployment-group-name: ${{ steps.cdk-outputs.outputs.deployment-group-name }}
      iam-role-arn: ${{ steps.cdk-outputs.outputs.iam-role-arn }}
    steps:
      - uses: actions/checkout@v4
      - uses: object-Object/ci/setup@v0
        with:
          python-version: 3.11
          python-packages: .[aws-cdk]
          node-version: 18
          npm-packages: aws-cdk
          aws-region: ${{ env.AWS_REGION }}
          role-to-assume: ${{ env.CDK_IAM_ROLE_ARN }}
      
      - name: Deploy CDK stack
        run: cdk deploy prod --ci --require-approval never --outputs-file outputs.json

      - name: Parse CDK outputs file
        id: cdk-outputs
        run: |
          outputs_json="$(cat outputs.json | jq '.["${{ env.STACK_NAME }}"]')"
          echo "application-name=$(echo "$outputs_json" | jq '.ApplicationName' --raw-output)" >> "$GITHUB_OUTPUT"
          echo "deployment-group-name=$(echo "$outputs_json" | jq '.DeploymentGroupName' --raw-output)" >> "$GITHUB_OUTPUT"
          echo "iam-role-arn=$(echo "$outputs_json" | jq '.GitHubActionsRoleARN' --raw-output)" >> "$GITHUB_OUTPUT"

  build-image:
    needs: [test, scrape-book-types]
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write
    environment:
      name: prod-docker
    outputs:
      image-id: ${{ steps.push.outputs.imageid }}
    steps:
      - uses: actions/checkout@v4
        with:
          submodules: recursive
      
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Login to GitHub Container Registry
        uses: docker/login-action@v3
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Extract image metadata
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}

      - name: Build and push Docker image
        id: push
        uses: docker/build-push-action@v5
        with:
          context: .
          push: true
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}

  deploy-codedeploy:
    needs: [deploy-aws-cdk, build-image]
    runs-on: ubuntu-latest
    env:
      APPLICATION_NAME: ${{ needs.deploy-aws-cdk.outputs.application-name }}
      DEPLOYMENT_GROUP_NAME: ${{ needs.deploy-aws-cdk.outputs.deployment-group-name }}
      IAM_ROLE_ARN: ${{ needs.deploy-aws-cdk.outputs.iam-role-arn }}
    environment:
      name: prod-codedeploy
      url: ${{ steps.create-deployment.outputs.url }}
    permissions:
      id-token: write
      contents: read
    steps:
      - uses: actions/checkout@v4
      - uses: object-Object/ci/setup@v0
        with:
          python-version: 3.11
          aws-region: ${{ env.AWS_REGION }}
          role-to-assume: ${{ env.IAM_ROLE_ARN }}

      - name: Set runtime environment variables
        run: |
          cat <<EOF > codedeploy/.env
          IMAGE_ID="${{ needs.build-image.outputs.image-id }}"
          TOKEN="${{ secrets.DISCORD_TOKEN }}"
          LOG_WEBHOOK_URL="${{ secrets.LOG_WEBHOOK_URL }}"
          HEALTH_CHECK_CHANNEL_ID="${{ env.HEALTH_CHECK_CHANNEL_ID }}"
          GITHUB_SHA=main
          GITHUB_REPOSITORY=object-Object/HexBug
          GITHUB_PAGES_URL=https://object-object.github.io/HexBug
          EOF

      - name: Upload deployment bundle to S3
        id: upload-bundle
        run: |
          S3_KEY="${{ env.STACK_NAME }}/${{ github.sha }}.zip"
          echo "s3-key=$S3_KEY" >> "$GITHUB_OUTPUT"
          aws deploy push \
            --application-name ${{ env.APPLICATION_NAME }} \
            --s3-location s3://${{ env.S3_BUCKET }}/$S3_KEY \
            --source codedeploy

      - name: Create CodeDeploy deployment
        id: create-deployment
        run: |
          response="$(aws deploy create-deployment \
            --application-name ${{ env.APPLICATION_NAME }} \
            --deployment-group-name ${{ env.DEPLOYMENT_GROUP_NAME }} \
            --s3-location "bucket=${{ env.S3_BUCKET }},key=${{ steps.upload-bundle.outputs.s3-key }},bundleType=zip")"
          
          deployment_id="$(echo "$response" | jq '.deploymentId' --raw-output)"
          url="https://${{ env.AWS_REGION }}.console.aws.amazon.com/codesuite/codedeploy/deployments/${deployment_id}?region=${{ env.AWS_REGION }}"
          echo "Deployment URL: $url"

          echo "deployment-id=$deployment_id" >> "$GITHUB_OUTPUT"
          echo "url=$url" >> "$GITHUB_OUTPUT"

      - name: Wait for deployment to finish
        run: |
          aws deploy wait deployment-successful \
            --deployment-id ${{ steps.create-deployment.outputs.deployment-id }}

  # purge-deployments:
  #   needs: [deploy-aws-cdk, deploy-codedeploy]
  #   runs-on: ubuntu-latest
  #   env:
  #     IAM_ROLE_ARN: ${{ needs.deploy-aws-cdk.outputs.iam-role-arn }}
  #   environment:
  #     name: prod-codedeploy
  #   permissions:
  #     id-token: write
  #     contents: read
  #   steps:
  #     - uses: actions/checkout@v4
  #       with:
  #         submodules: recursive
  #     - uses: actions/setup-python@v4
  #       with:
  #         python-version: "3.11"
  #         cache: pip
  #     - uses: aws-actions/configure-aws-credentials@v4
  #       with:
  #         aws-region: ${{ env.AWS_REGION }}
  #         role-to-assume: ${{ env.IAM_ROLE_ARN }}

  #     - name: Install Python packages
  #       run: pip install .[codedeploy]
      
  #     - name: Purge old deployment bundles
  #       run: python scripts/github/purge_deployments.py ${{ env.S3_BUCKET }} ${{ env.STACK_NAME }}