🔖 Release v2026.4.26-28e1061 #192
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy to AWS ECS | |
| on: | |
| push: | |
| tags: | |
| - 'v[0-9]+.[0-9]+.[0-9]+-*' | |
| env: | |
| AWS_REGION: eu-west-1 | |
| ECR_REGISTRY: 525984396332.dkr.ecr.eu-west-1.amazonaws.com | |
| ECR_REPOSITORY: b10cks/cms | |
| ECS_CLUSTER: nb-clients01 | |
| ECS_SERVICE: b10cks-cms | |
| ECS_TASK_DEFINITION: b10cks-cms | |
| PHP_VERSION: '8.4' | |
| VITE_S3_BUCKET: ${{ secrets.VITE_S3_BUCKET }} | |
| VITE_APP_FRONTEND_URL: ${{ vars.APP_FRONTEND_URL || 'https://app.b10cks.com/' }} | |
| VITE_APP_BACKEND_URL: ${{ vars.APP_BACKEND_URL || 'https://api.b10cks.com/' }} | |
| VITE_APP_ILUM_BASE_URL: ${{ vars.APP_ILUM_BASE_URL || 'https://api.b10cks.com/ilum/' }} | |
| VITE_APP_POSTHOG_HOST: ${{ vars.POSTHOG_HOST || 'https://eu.i.posthog.com' }} | |
| VITE_APP_POSTHOG_KEY: ${{ secrets.POSTHOG_API_KEY || '' }} | |
| VITE_APP_REVERB_APP_ID: ${{ secrets.REVERB_APP_ID || '' }} | |
| VITE_APP_REVERB_APP_KEY: ${{ secrets.REVERB_APP_KEY || '' }} | |
| VITE_APP_REVERB_APP_SECRET: ${{ secrets.REVERB_APP_SECRET || '' }} | |
| VITE_APP_REVERB_HOST: ${{ secrets.REVERB_HOST || '' }} | |
| VITE_APP_REVERB_PORT: ${{ secrets.REVERB_PORT || '' }} | |
| VITE_APP_REVERB_SCHEME: ${{ secrets.REVERB_SCHEME || '' }} | |
| jobs: | |
| deploy: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 # Fetch all history for commit comparison | |
| - name: Extract version from tag | |
| id: version | |
| run: | | |
| VERSION=${GITHUB_REF#refs/tags/v} | |
| echo "version=${VERSION}" >> $GITHUB_OUTPUT | |
| echo "tag=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT | |
| echo "short_sha=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT | |
| - name: Setup Bun | |
| uses: oven-sh/setup-bun@v2 | |
| with: | |
| bun-version: latest | |
| - name: Setup PHP | |
| uses: shivammathur/setup-php@v2 | |
| with: | |
| php-version: ${{ env.PHP_VERSION }} | |
| extensions: dom, curl, libxml, mbstring, zip, pcntl, pdo, sqlite, pdo_sqlite, bcmath, soap, intl, gd, exif, iconv, imagick, redis | |
| tools: composer:v2 | |
| - name: Install production Composer dependencies | |
| run: composer install --prefer-dist --no-interaction --no-progress --optimize-autoloader --no-dev | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Cache Bun dependencies | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.bun/install/cache | |
| key: ${{ runner.os }}-bun-${{ hashFiles('**/bun.lock') }} | |
| restore-keys: | | |
| ${{ runner.os }}-bun- | |
| - name: Install dependencies | |
| run: bun install --frozen-lockfile | |
| - name: Build frontend | |
| run: | | |
| export VITE_APP_PUBLIC_VERSION="${{ steps.version.outputs.version }}" | |
| bun run build | |
| env: | |
| NODE_ENV: production | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| - name: Build Docker image | |
| env: | |
| IMAGE_TAG: main-${{ steps.version.outputs.version }} | |
| run: | | |
| docker build \ | |
| --build-arg APP_VERSION=${{ steps.version.outputs.version }} \ | |
| --cache-from ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }}:cache \ | |
| --build-arg BUILDKIT_INLINE_CACHE=1 \ | |
| -t ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }}:$IMAGE_TAG \ | |
| -t ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }}:cache \ | |
| . | |
| - name: Push Docker image to ECR | |
| env: | |
| IMAGE_TAG: main-${{ steps.version.outputs.version }} | |
| run: | | |
| docker push ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }}:$IMAGE_TAG | |
| docker push ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }}:cache | |
| - name: Download current task definition | |
| run: | | |
| aws ecs describe-task-definition \ | |
| --task-definition ${{ env.ECS_TASK_DEFINITION }} \ | |
| --query taskDefinition > task-definition.json | |
| - name: Update task definition with new image | |
| id: task-def | |
| uses: aws-actions/amazon-ecs-render-task-definition@v1 | |
| with: | |
| task-definition: task-definition.json | |
| container-name: ${{ env.ECS_TASK_DEFINITION }} | |
| image: ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }}:main-${{ steps.version.outputs.version }} | |
| - name: Sync static assets to S3 | |
| run: | | |
| aws s3 sync public/build/ "s3://${{ env.VITE_S3_BUCKET }}/build" \ | |
| --delete \ | |
| --cache-control "max-age=7776000,s-maxage=604800,public" | |
| - name: Deploy to Amazon ECS service | |
| uses: aws-actions/amazon-ecs-deploy-task-definition@v1 | |
| with: | |
| task-definition: ${{ steps.task-def.outputs.task-definition }} | |
| service: ${{ env.ECS_SERVICE }} | |
| cluster: ${{ env.ECS_CLUSTER }} | |
| wait-for-service-stability: false | |
| - name: Get commits since last release | |
| id: commits | |
| run: | | |
| # Get the previous tag | |
| PREVIOUS_TAG=$(git describe --tags --abbrev=0 HEAD^ 2>/dev/null || echo "") | |
| if [ -z "$PREVIOUS_TAG" ]; then | |
| # If no previous tag, get all commits | |
| COMMITS=$(git log --pretty=format:"• %s" --no-merges) | |
| else | |
| # Get commits between previous tag and current | |
| COMMITS=$(git log ${PREVIOUS_TAG}..HEAD --pretty=format:"• %s" --no-merges) | |
| fi | |
| COMMITS=$(echo -n "$COMMITS" | base64 | tr -d '\n') | |
| echo "commits=${COMMITS}" >> $GITHUB_OUTPUT | |
| echo "previous_tag=${PREVIOUS_TAG:-'Initial Release'}" >> $GITHUB_OUTPUT | |
| - name: Post deployment notification to Discord | |
| if: always() | |
| env: | |
| DISCORD_WEBHOOK: ${{ secrets.DISCORD_WEBHOOK_URL }} | |
| run: | | |
| if [ "${{ job.status }}" == "success" ]; then | |
| COLOR="3066993" # Green | |
| STATUS="✅ Deployment Successful" | |
| else | |
| COLOR="15158332" # Red | |
| STATUS="❌ Deployment Failed" | |
| fi | |
| # Use jq to properly escape the commits for JSON | |
| COMMITS=$(echo "${{ steps.commits.outputs.commits }}" | base64 --decode) | |
| DESCRIPTION=$(echo -e "**Project:** https://github.com/b10cks/cms\n**Version:** \`${{ steps.version.outputs.version }}\`\n\n**Changes since ${{ steps.commits.outputs.previous_tag }}:**\n${COMMITS}") | |
| # Truncate if too long (Discord has a 4096 char limit for description) | |
| if [ ${#DESCRIPTION} -gt 3800 ]; then | |
| DESCRIPTION=$(echo "${DESCRIPTION:0:3800}... (truncated)") | |
| fi | |
| # Create JSON payload with proper escaping | |
| PAYLOAD=$(jq -n \ | |
| --arg title "$STATUS" \ | |
| --arg description "$DESCRIPTION" \ | |
| --arg color "$COLOR" \ | |
| --arg timestamp "$(date -u +%Y-%m-%dT%H:%M:%S.000Z)" \ | |
| --arg footer_text "Commit: ${{ steps.version.outputs.short_sha }}" \ | |
| '{ | |
| "embeds": [{ | |
| "title": $title, | |
| "description": $description, | |
| "color": $color|tonumber, | |
| "timestamp": $timestamp, | |
| "footer": { | |
| "text": $footer_text | |
| } | |
| }] | |
| }') | |
| # Send to Discord | |
| curl -H "Content-Type: application/json" \ | |
| -d "$PAYLOAD" \ | |
| $DISCORD_WEBHOOK | |
| if [ ${{ job.status }} == 'success' ]; then | |
| echo "✅ Deployment successful for version ${{ steps.version.outputs.version }}" | |
| else | |
| echo "❌ Deployment failed for version ${{ steps.version.outputs.version }}" | |
| fi |