From d43f284a67b382a3955a5974d3a1eb2a1f5b8855 Mon Sep 17 00:00:00 2001 From: tylerglenski Date: Wed, 12 Feb 2025 19:01:39 -0600 Subject: [PATCH 1/5] vercel first test --- .../workflows/deploy-nextjs-vercel-demo.yaml | 242 ++++++++++++++++++ .github/workflows/deploy-preview-demo.yaml | 25 ++ 2 files changed, 267 insertions(+) create mode 100644 .github/workflows/deploy-nextjs-vercel-demo.yaml create mode 100644 .github/workflows/deploy-preview-demo.yaml diff --git a/.github/workflows/deploy-nextjs-vercel-demo.yaml b/.github/workflows/deploy-nextjs-vercel-demo.yaml new file mode 100644 index 0000000..89b3583 --- /dev/null +++ b/.github/workflows/deploy-nextjs-vercel-demo.yaml @@ -0,0 +1,242 @@ +name: NextJS Vercel Deployment +on: + workflow_call: + inputs: + gsha: + type: string + required: false + default: "" + ghenv: + type: string + required: true + env_filepath: + type: string + required: true + production: + type: string + required: false + default: 'false' + domain_alias: + type: string + required: false + default: "" + aws_secret_name: + type: string + description: 'name of aws secret vault' + required: false + default: '' + aws_region: + type: string + required: false + default: us-east-2 + assumed_role: + type: string + description: 'role to assume' + required: false + default: '' + app_name: + type: string + description: 'name of app' + required: false + default: 'portal' + + + + +permissions: + id-token: write + contents: write + pull-requests: write + issues: write + +env: + NODE_OPTIONS: "--max_old_space_size=4096" + PRODUCTION_DOMAIN: "portal.eco.com" + AWS_REGION: "us-east-2" + +jobs: + deploy: + name: Deploy + runs-on: ubuntu-latest + environment: ${{ inputs.ghenv }} + strategy: + matrix: + node: [20.x] + + + steps: + - name: Checkout Commit SHA Based + if: inputs.gsha != '' + uses: actions/checkout@v3 + with: + ref: ${{ inputs.gsha }} + + - name: Checkout Commit SHA Based + if: inputs.gsha == '' + uses: actions/checkout@v3 + + - name: Setup node env + uses: actions/setup-node@v3 + with: + node-version: ${{ matrix.node }} + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v2 + with: + role-to-assume: ${{ inputs.assumed_role }} + role-session-name: ${{ inputs.app_name }}-${{ inputs.ghenv }}-oidc + aws-region: ${{ inputs.aws_region }} + + - name: Fetch secret from AWS Secrets Manager + if: inputs.aws_secret_name != '' + id: fetch_secret + run: | + SECRET_NAME="${{ inputs.aws_secret_name }}" + SECRET_JSON=$(aws secretsmanager get-secret-value --secret-id $SECRET_NAME --query SecretString --output text) + + KEYS=$(echo $SECRET_JSON | jq -r 'keys[]') + + for KEY in $KEYS; do + VALUE=$(echo $SECRET_JSON | jq -r ".${KEY}") + echo "::add-mask::$VALUE" + echo "${KEY}=${VALUE}" >> $GITHUB_ENV + done + + - name: Import environment variables + run: | + echo "Importing environment variables from ${{ inputs.env_filepath }}" + while IFS='=' read -r key value || [[ -n "$key" ]]; do + echo "$key=$value" >> $GITHUB_ENV + echo "Setting $key" + done < ${{ inputs.env_filepath }} + +# echo "LAUNCHDARKLY_SDK_KEY=${{ env.LAUNCHDARKLY_SDK_KEY }}" >> $GITHUB_ENV + + - name: Install Vercel CLI + run: npm install --global vercel@canary + +# # # Preview environments # # # + - name: Pull Vercel Environment Information Preview Environment + if: inputs.production == 'false' && inputs.domain_alias == '' + working-directory: ./apps/sdk-demo + run: vercel pull --yes --environment=preview --token=${{ env.VERCEL_TOKEN }} --scope=${{ env.VERCEL_ORG_ID }} + + - name: Build Project Artifacts Preview Environment + if: inputs.production == 'false' && inputs.domain_alias == '' + working-directory: ./apps/sdk-demo + run: vercel build --token=${{ env.VERCEL_TOKEN }} --scope=${{ env.VERCEL_ORG_ID }} + + - name: Update Vercel Preview Environment + if: inputs.production == 'false' && inputs.domain_alias == '' + id: url_deploy_preview + working-directory: ./apps/sdk-demo + run: echo "url_preview=$(vercel deploy --prebuilt --token=${{ env.VERCEL_TOKEN }} --scope=${{ env.VERCEL_ORG_ID }})" >> $GITHUB_OUTPUT + + - name: Find pull request for the branch + id: find-pr + env: + GH_TOKEN: ${{ github.token }} + run: | + echo "Listing open pull requests for branch: ${{ github.actor }}:${{ github.ref_name }}" + pr_response=$(gh pr list --repo ${{ github.repository }} --state open --head ${{ github.ref_name }} --json number --jq '.[].number') + + if [ -z "$pr_response" ]; then + echo "No pull request found for the branch." + else + echo "Found pull request number: $pr_response" + echo "PR_NUMBER=$pr_response" >> $GITHUB_ENV + fi + + - name: Log PR number + run: echo "Pull Request number is ${{ env.PR_NUMBER }}" + + - name: Add URL as comment to pull request + if: ${{ env.PR_NUMBER != '' }} && inputs.production == 'false' && inputs.domain_alias == '' + uses: actions/github-script@v6 + with: + script: | + const prNumber = process.env.PR_NUMBER; + if (prNumber) { + github.rest.issues.createComment({ + issue_number: parseInt(prNumber), + owner: context.repo.owner, + repo: context.repo.repo, + body: `Vercel Preview URL: ${{ steps.url_deploy_preview.outputs.url_preview }}` + }); + } else { + console.log("No pull request found."); + } + + - name: Get current SHA from Vercel + id: get-vercel-sha + run: | + # Make the request to the Vercel API and store the response + response=$(curl -X GET "https://api.vercel.com/v9/projects/${{ env.VERCEL_PROJECT_ID }}/env?decrypt=true&slug=${{ env.PRODUCTION_DOMAIN }}&teamId=${{env.VERCEL_ORG_ID}}" \ + -H "Authorization: Bearer ${{ env.VERCEL_TOKEN }}" \ + -H "Content-Type: application/json") + + # Print the response for debugging purposes + echo "Response from Vercel: $response" + + # Use jq to parse the GITHUB_SHA from the response + CURRENT_SHA=$(echo "$response" | jq -r '.envs[] | select(.key == "GITHUB_SHA") | .value') + + # Print the extracted SHA for debugging purposes + echo "Extracted SHA: $CURRENT_SHA" + + # Set the CURRENT_SHA environment variable for future steps + echo "CURRENT_SHA=$CURRENT_SHA" >> $GITHUB_ENV + echo "SHA extracted successfully: $CURRENT_SHA" + + +# # # Production environments # # # + - name: Pull Vercel Environment Information Production + if: inputs.production == 'true' && inputs.domain_alias == env.PRODUCTION_DOMAIN + run: vercel pull --yes --environment=production --token=${{ env.VERCEL_TOKEN }} --scope=${{ env.VERCEL_ORG_ID }} + + - name: Build Project Artifacts Production + if: inputs.production == 'true' && inputs.domain_alias == env.PRODUCTION_DOMAIN + run: vercel build --prod --token=${{ env.VERCEL_TOKEN }} --scope=${{ env.VERCEL_ORG_ID }} + + - name: Update Vercel alias Production + if: inputs.production == 'true' && inputs.domain_alias == env.PRODUCTION_DOMAIN + run: vercel deploy --prebuilt --prod --token=${{ env.VERCEL_TOKEN }} --scope=${{ env.VERCEL_ORG_ID }} + + - name: Store SHA in vercel env + if: inputs.production == 'true' && inputs.domain_alias == env.PRODUCTION_DOMAIN + run: | + curl -X POST 'https://api.vercel.com/v10/projects/${{ env.VERCEL_PROJECT_ID }}/env?slug=${{ env.PRODUCTION_DOMAIN }}&teamId=${{ env.VERCEL_ORG_ID }}&upsert=true' \ + -H 'Authorization: Bearer ${{ env.VERCEL_TOKEN }}' \ + -H 'Content-Type: application/json' \ + -d '{ + "key": "GITHUB_SHA", + "value": "${{ inputs.gsha }}", + "type": "plain", + "target": ["production"], + "comment": "Updating SHA for production deployment" + }' + + +# # # Slack alert for static env deploy # # # + - name: Hit Retool webhook for slack alert + if: inputs.domain_alias != '' + run: | + payload=$(cat < Date: Wed, 12 Feb 2025 19:12:43 -0600 Subject: [PATCH 2/5] second test after hardcoding oidc --- .github/workflows/deploy-nextjs-vercel-demo.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-nextjs-vercel-demo.yaml b/.github/workflows/deploy-nextjs-vercel-demo.yaml index 89b3583..2b07172 100644 --- a/.github/workflows/deploy-nextjs-vercel-demo.yaml +++ b/.github/workflows/deploy-nextjs-vercel-demo.yaml @@ -84,7 +84,7 @@ jobs: uses: aws-actions/configure-aws-credentials@v2 with: role-to-assume: ${{ inputs.assumed_role }} - role-session-name: ${{ inputs.app_name }}-${{ inputs.ghenv }}-oidc + role-session-name: ${{ inputs.app_name }}-production-oidc # fix this if we goto prod remove procdcution and make it the gh_env input aws-region: ${{ inputs.aws_region }} - name: Fetch secret from AWS Secrets Manager From d97c1b74552600057f77bde142a85b4eb593f08a Mon Sep 17 00:00:00 2001 From: tylerglenski Date: Wed, 12 Feb 2025 19:18:29 -0600 Subject: [PATCH 3/5] test-03 fixed ghenv issue --- .../workflows/deploy-nextjs-vercel-demo.yaml | 117 +----------------- .github/workflows/deploy-preview-demo.yaml | 2 +- 2 files changed, 3 insertions(+), 116 deletions(-) diff --git a/.github/workflows/deploy-nextjs-vercel-demo.yaml b/.github/workflows/deploy-nextjs-vercel-demo.yaml index 2b07172..c949f7a 100644 --- a/.github/workflows/deploy-nextjs-vercel-demo.yaml +++ b/.github/workflows/deploy-nextjs-vercel-demo.yaml @@ -84,7 +84,7 @@ jobs: uses: aws-actions/configure-aws-credentials@v2 with: role-to-assume: ${{ inputs.assumed_role }} - role-session-name: ${{ inputs.app_name }}-production-oidc # fix this if we goto prod remove procdcution and make it the gh_env input + role-session-name: ${{ inputs.app_name }}-${{ inputs.ghenv }}-oidc # fix this if we goto prod remove procdcution and make it the gh_env input aws-region: ${{ inputs.aws_region }} - name: Fetch secret from AWS Secrets Manager @@ -110,133 +110,20 @@ jobs: echo "Setting $key" done < ${{ inputs.env_filepath }} -# echo "LAUNCHDARKLY_SDK_KEY=${{ env.LAUNCHDARKLY_SDK_KEY }}" >> $GITHUB_ENV - - name: Install Vercel CLI run: npm install --global vercel@canary # # # Preview environments # # # - name: Pull Vercel Environment Information Preview Environment - if: inputs.production == 'false' && inputs.domain_alias == '' working-directory: ./apps/sdk-demo run: vercel pull --yes --environment=preview --token=${{ env.VERCEL_TOKEN }} --scope=${{ env.VERCEL_ORG_ID }} - name: Build Project Artifacts Preview Environment - if: inputs.production == 'false' && inputs.domain_alias == '' working-directory: ./apps/sdk-demo run: vercel build --token=${{ env.VERCEL_TOKEN }} --scope=${{ env.VERCEL_ORG_ID }} - name: Update Vercel Preview Environment - if: inputs.production == 'false' && inputs.domain_alias == '' id: url_deploy_preview working-directory: ./apps/sdk-demo run: echo "url_preview=$(vercel deploy --prebuilt --token=${{ env.VERCEL_TOKEN }} --scope=${{ env.VERCEL_ORG_ID }})" >> $GITHUB_OUTPUT - - - name: Find pull request for the branch - id: find-pr - env: - GH_TOKEN: ${{ github.token }} - run: | - echo "Listing open pull requests for branch: ${{ github.actor }}:${{ github.ref_name }}" - pr_response=$(gh pr list --repo ${{ github.repository }} --state open --head ${{ github.ref_name }} --json number --jq '.[].number') - - if [ -z "$pr_response" ]; then - echo "No pull request found for the branch." - else - echo "Found pull request number: $pr_response" - echo "PR_NUMBER=$pr_response" >> $GITHUB_ENV - fi - - - name: Log PR number - run: echo "Pull Request number is ${{ env.PR_NUMBER }}" - - - name: Add URL as comment to pull request - if: ${{ env.PR_NUMBER != '' }} && inputs.production == 'false' && inputs.domain_alias == '' - uses: actions/github-script@v6 - with: - script: | - const prNumber = process.env.PR_NUMBER; - if (prNumber) { - github.rest.issues.createComment({ - issue_number: parseInt(prNumber), - owner: context.repo.owner, - repo: context.repo.repo, - body: `Vercel Preview URL: ${{ steps.url_deploy_preview.outputs.url_preview }}` - }); - } else { - console.log("No pull request found."); - } - - - name: Get current SHA from Vercel - id: get-vercel-sha - run: | - # Make the request to the Vercel API and store the response - response=$(curl -X GET "https://api.vercel.com/v9/projects/${{ env.VERCEL_PROJECT_ID }}/env?decrypt=true&slug=${{ env.PRODUCTION_DOMAIN }}&teamId=${{env.VERCEL_ORG_ID}}" \ - -H "Authorization: Bearer ${{ env.VERCEL_TOKEN }}" \ - -H "Content-Type: application/json") - - # Print the response for debugging purposes - echo "Response from Vercel: $response" - - # Use jq to parse the GITHUB_SHA from the response - CURRENT_SHA=$(echo "$response" | jq -r '.envs[] | select(.key == "GITHUB_SHA") | .value') - - # Print the extracted SHA for debugging purposes - echo "Extracted SHA: $CURRENT_SHA" - - # Set the CURRENT_SHA environment variable for future steps - echo "CURRENT_SHA=$CURRENT_SHA" >> $GITHUB_ENV - echo "SHA extracted successfully: $CURRENT_SHA" - - -# # # Production environments # # # - - name: Pull Vercel Environment Information Production - if: inputs.production == 'true' && inputs.domain_alias == env.PRODUCTION_DOMAIN - run: vercel pull --yes --environment=production --token=${{ env.VERCEL_TOKEN }} --scope=${{ env.VERCEL_ORG_ID }} - - - name: Build Project Artifacts Production - if: inputs.production == 'true' && inputs.domain_alias == env.PRODUCTION_DOMAIN - run: vercel build --prod --token=${{ env.VERCEL_TOKEN }} --scope=${{ env.VERCEL_ORG_ID }} - - - name: Update Vercel alias Production - if: inputs.production == 'true' && inputs.domain_alias == env.PRODUCTION_DOMAIN - run: vercel deploy --prebuilt --prod --token=${{ env.VERCEL_TOKEN }} --scope=${{ env.VERCEL_ORG_ID }} - - - name: Store SHA in vercel env - if: inputs.production == 'true' && inputs.domain_alias == env.PRODUCTION_DOMAIN - run: | - curl -X POST 'https://api.vercel.com/v10/projects/${{ env.VERCEL_PROJECT_ID }}/env?slug=${{ env.PRODUCTION_DOMAIN }}&teamId=${{ env.VERCEL_ORG_ID }}&upsert=true' \ - -H 'Authorization: Bearer ${{ env.VERCEL_TOKEN }}' \ - -H 'Content-Type: application/json' \ - -d '{ - "key": "GITHUB_SHA", - "value": "${{ inputs.gsha }}", - "type": "plain", - "target": ["production"], - "comment": "Updating SHA for production deployment" - }' - - -# # # Slack alert for static env deploy # # # - - name: Hit Retool webhook for slack alert - if: inputs.domain_alias != '' - run: | - payload=$(cat < Date: Wed, 12 Feb 2025 19:30:30 -0600 Subject: [PATCH 4/5] fixed env file --- apps/sdk-demo/.env.example | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/apps/sdk-demo/.env.example b/apps/sdk-demo/.env.example index a058b78..e0c1b5f 100644 --- a/apps/sdk-demo/.env.example +++ b/apps/sdk-demo/.env.example @@ -1,8 +1,7 @@ -NEXT_PUBLIC_WALLET_CONNECT_ID="" - -NEXT_PUBLIC_MAINNET_RPC_URL="" -NEXT_PUBLIC_OPTIMISM_RPC_URL="" -NEXT_PUBLIC_POLYGON_RPC_URL="" -NEXT_PUBLIC_MANTLE_RPC_URL="" -NEXT_PUBLIC_BASE_RPC_URL="" -NEXT_PUBLIC_ARBITRUM_RPC_URL="" \ No newline at end of file +NEXT_PUBLIC_WALLET_CONNECT_ID=xxxx +NEXT_PUBLIC_MAINNET_RPC_URL=xxxx +NEXT_PUBLIC_OPTIMISM_RPC_URL=xxxx +NEXT_PUBLIC_POLYGON_RPC_URL=xxxx +NEXT_PUBLIC_MANTLE_RPC_URL=xxxx +NEXT_PUBLIC_BASE_RPC_URL=xxxx +NEXT_PUBLIC_ARBITRUM_RPC_URL=xxxx \ No newline at end of file From d02de21b83dd0f234c1e41728d48e46dce5337b5 Mon Sep 17 00:00:00 2001 From: tylerglenski Date: Wed, 12 Feb 2025 19:34:08 -0600 Subject: [PATCH 5/5] removed working directory --- .github/workflows/deploy-nextjs-vercel-demo.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/deploy-nextjs-vercel-demo.yaml b/.github/workflows/deploy-nextjs-vercel-demo.yaml index c949f7a..6e2fc37 100644 --- a/.github/workflows/deploy-nextjs-vercel-demo.yaml +++ b/.github/workflows/deploy-nextjs-vercel-demo.yaml @@ -115,15 +115,12 @@ jobs: # # # Preview environments # # # - name: Pull Vercel Environment Information Preview Environment - working-directory: ./apps/sdk-demo run: vercel pull --yes --environment=preview --token=${{ env.VERCEL_TOKEN }} --scope=${{ env.VERCEL_ORG_ID }} - name: Build Project Artifacts Preview Environment - working-directory: ./apps/sdk-demo run: vercel build --token=${{ env.VERCEL_TOKEN }} --scope=${{ env.VERCEL_ORG_ID }} - name: Update Vercel Preview Environment id: url_deploy_preview - working-directory: ./apps/sdk-demo run: echo "url_preview=$(vercel deploy --prebuilt --token=${{ env.VERCEL_TOKEN }} --scope=${{ env.VERCEL_ORG_ID }})" >> $GITHUB_OUTPUT \ No newline at end of file