-
-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add CI/CD pipeline for Vercel and AWS deployment #161
base: main
Are you sure you want to change the base?
Conversation
Related to #140 Add CI/CD pipeline for Vercel and AWS deployment. * **Vercel Deployment:** - Modify `apps/web-mobile/vercel.json` to include `buildCommand`, `outputDirectory`, and `framework`. - Add `.github/workflows/vercel-deploy.yml` to create a GitHub Actions workflow for Vercel deployment. - Add a script `deploy:vercel` in `package.json` for Vercel deployment. * **AWS Deployment:** - Add `.github/workflows/aws-deploy.yml` to create a GitHub Actions workflow for AWS deployment. - Add a script `deploy:aws` in `package.json` for AWS deployment.
@vishwamartur is attempting to deploy a commit to the DeTrash Team on Vercel. A member of the Team first needs to authorize it. |
WalkthroughThis pull request introduces two new GitHub Actions workflow files for automated deployments: Changes
Possibly related PRs
Warning Rate limit exceeded@vishwamartur has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 5 minutes and 33 seconds before requesting another review. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 4
🧹 Outside diff range and nitpick comments (1)
package.json (1)
26-27
: Consider adding deployment validation and documentationFor both deployment scripts:
- Add pre-deployment validation steps (e.g., build status, environment checks)
- Document the required credentials and setup in README
- Consider adding
predeploy
scripts for necessary checksExample implementation:
+ "predeploy:vercel": "nx build web-mobile", "deploy:vercel": "./node_modules/.bin/vercel --prod", + "predeploy:aws": "nx build api && node scripts/validate-aws-env.js", "deploy:aws": "aws s3 sync ./dist/apps/api s3://${AWS_S3_BUCKET_NAME} && aws cloudfront create-invalidation --distribution-id ${AWS_CLOUDFRONT_DISTRIBUTION_ID} --paths '/*'"Would you like me to help create the validation script and documentation?
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
📒 Files selected for processing (4)
.github/workflows/aws-deploy.yml
(1 hunks).github/workflows/vercel-deploy.yml
(1 hunks)apps/web-mobile/vercel.json
(1 hunks)package.json
(1 hunks)
🧰 Additional context used
🪛 actionlint (1.7.4)
.github/workflows/vercel-deploy.yml
14-14: the runner of "actions/checkout@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
17-17: the runner of "actions/setup-node@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
.github/workflows/aws-deploy.yml
14-14: the runner of "actions/checkout@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
17-17: the runner of "actions/setup-node@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
28-28: the runner of "aws-actions/configure-aws-credentials@v1" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
🔇 Additional comments (3)
apps/web-mobile/vercel.json (1)
8-10
: LGTM! Verify the output directory path.
The Vercel configuration looks correct with appropriate build command and framework specification.
Let's verify the output directory path matches the project structure:
✅ Verification successful
Output directory path is correctly configured
The dist/apps/web-mobile
path in vercel.json matches the build output configuration in:
- Vite config's
build.outDir
- Project's build target
outputPath
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Verify the build output directory exists in the project structure
fd -t d "dist/apps/web-mobile"
# Check if there are any build scripts referencing this path
rg -l "dist/apps/web-mobile" package.json
Length of output: 72
Script:
#!/bin/bash
# Let's check the build configuration in package.json and any related config files
rg -l "build.*web-mobile" package.json
cat package.json | jq '.scripts'
# Check for build output configuration in vite config
fd -e js -e ts "vite.config"
# Look for nx configuration files that might define build outputs
fd -e json "project.json" "workspace.json"
Length of output: 951
Script:
#!/bin/bash
# Let's check the Vite config for output directory configuration
cat apps/web-mobile/vite.config.ts
# Check project.json in the web-mobile app directory
cat apps/web-mobile/project.json
Length of output: 2786
.github/workflows/aws-deploy.yml (1)
30-32
: Verify AWS IAM permissions.
Ensure the AWS credentials have the minimum required permissions:
- s3:PutObject, s3:GetObject, s3:DeleteObject for the S3 bucket
- cloudfront:CreateInvalidation for the CloudFront distribution
Let's check the AWS resources exist:
package.json (1)
26-27
: Verify AWS CLI availability
The AWS deployment script assumes the AWS CLI is installed and configured. This should be verified before deployment.
Run this script to check AWS CLI installation and authentication:
Updated as per coderabbitai
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 3
🧹 Outside diff range and nitpick comments (5)
.github/workflows/vercel-deploy.yml (3)
3-6
: Consider adding environment protection rules and manual approvalFor production deployments, it's recommended to:
- Add environment protection rules
- Implement manual approval workflow
- Consider adding path filters to trigger only on relevant changes
Apply these changes to improve deployment safety:
on: push: branches: - main + paths: + - 'apps/web-mobile/**' + +environment: + name: production + url: ${{ steps.deploy.outputs.url }} + deployment_protection_rules: + required_reviewers: true
16-20
: Optimize npm cache configurationThe Node.js setup looks good, but the caching strategy could be improved by including the package-lock.json hash.
Apply this change to improve cache effectiveness:
- name: Set up Node.js uses: actions/setup-node@v4 with: node-version: '20' - cache: 'npm' + cache: 'npm' + cache-dependency-path: '**/package-lock.json'
1-38
: Add security scanning stepsThe workflow would benefit from security scanning steps to identify vulnerabilities early.
Add these security scanning steps before the deployment:
+ - name: Security scan dependencies + uses: snyk/actions/node@master + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + with: + args: --severity-threshold=high + + - name: Run SAST scan + uses: github/codeql-action/analyze@v2 + with: + languages: javascript + + - name: Scan for secrets + uses: gitleaks/gitleaks-action@v2 + env: + GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE }}Also, consider adding these security-related workflow settings at the top:
name: Deploy to Vercel + +permissions: + contents: read + deployments: write + pull-requests: write + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true.github/workflows/aws-deploy.yml (2)
1-7
: Consider enhancing workflow triggers for better deployment controlThe current trigger on push to main is basic. Consider adding:
- Pull request trigger for preview deployments
- Manual workflow dispatch for controlled deployments
- Environment protection rules for production
name: Deploy to AWS on: push: branches: - main + pull_request: + branches: + - main + workflow_dispatch: +environment: + name: production + url: ${{ steps.deploy.outputs.url }}
39-48
: Add deployment safety measures and verificationWhile the deployment steps include good error handling, consider these critical improvements:
- Backup current state before deployment
- Verify successful deployment
- Implement gradual rollout strategy
- name: Deploy to AWS run: | + # Backup current state + timestamp=$(date +%Y%m%d_%H%M%S) + aws s3 cp s3://${{ secrets.AWS_S3_BUCKET_NAME }} s3://${{ secrets.AWS_S3_BUCKET_NAME }}_backup_${timestamp} --recursive + if ! aws s3 sync ./dist/apps/api s3://${{ secrets.AWS_S3_BUCKET_NAME }} --delete; then echo "Failed to sync with S3" exit 1 fi + + # Verify deployment + echo "Verifying deployment..." + aws s3api list-objects-v2 --bucket ${{ secrets.AWS_S3_BUCKET_NAME }} --query 'Contents[].Key' --output text + if ! aws cloudfront create-invalidation --distribution-id ${{ secrets.AWS_CLOUDFRONT_DISTRIBUTION_ID }} --paths "/*"; then echo "Failed to invalidate CloudFront distribution" exit 1 fi + + # Wait for CloudFront invalidation to complete + echo "Waiting for CloudFront invalidation to complete..." + sleep 30 + + # Add health check or smoke test here + # curl -f https://your-api-endpoint.com/health || exit 1
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
📒 Files selected for processing (3)
.github/workflows/aws-deploy.yml
(1 hunks).github/workflows/vercel-deploy.yml
(1 hunks)package.json
(1 hunks)
🚧 Files skipped from review as they are similar to previous changes (1)
- package.json
🔇 Additional comments (3)
.github/workflows/aws-deploy.yml (3)
13-20
: LGTM! Good use of latest actions and caching
The Node.js setup follows best practices with:
- Latest checkout action (v4)
- Latest Node.js LTS version
- Proper npm caching configuration
32-37
: LGTM! Secure AWS credentials configuration
The AWS credentials setup follows security best practices:
- Using latest aws-actions/configure-aws-credentials
- Properly using GitHub secrets for sensitive data
22-30
: 🛠️ Refactor suggestion
Enhance build steps with verification and caching
While the build steps are functional, consider these improvements:
- Verify the build output exists
- Cache build artifacts for potential reuse
- Ensure the build:api script exists in package.json
- name: Build the project
env:
NODE_ENV: production
run: npm run build:api
+
+ - name: Verify build output
+ run: |
+ if [ ! -d "./dist/apps/api" ]; then
+ echo "Build output directory not found"
+ exit 1
+ fi
+
+ - name: Cache build output
+ uses: actions/cache@v3
+ with:
+ path: ./dist/apps/api
+ key: ${{ runner.os }}-build-${{ github.sha }}
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
aws-region: ${{ secrets.AWS_REGION }} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
💡 Codebase verification
Document required AWS secrets in repository settings and README
The following AWS secrets are used in the workflows but are not documented in the repository:
- AWS_ACCESS_KEY_ID
- AWS_SECRET_ACCESS_KEY
- AWS_REGION
- AWS_S3_BUCKET_NAME
- AWS_CLOUDFRONT_DISTRIBUTION_ID
Please:
- Configure these secrets in the repository settings
- Add documentation in the README.md about the required secrets and their purpose for deployment workflows
🔗 Analysis chain
Document required secrets in repository settings
Ensure these required secrets are documented and configured in the repository settings:
- AWS_ACCESS_KEY_ID
- AWS_SECRET_ACCESS_KEY
- AWS_REGION
- AWS_S3_BUCKET_NAME
- AWS_CLOUDFRONT_DISTRIBUTION_ID
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# List configured secrets in the repository
gh api repos/{owner}/{repo}/actions/secrets --jq '.secrets[].name' | grep -E 'AWS_(ACCESS_KEY_ID|SECRET_ACCESS_KEY|REGION|S3_BUCKET_NAME|CLOUDFRONT_DISTRIBUTION_ID)'
Length of output: 223
Script:
#!/bin/bash
# Search for AWS secret references in workflow files
rg -U 'secrets\.(AWS_[A-Z_]+)' .github/workflows/
Length of output: 626
Script:
#!/bin/bash
# Check if secrets are documented in README or similar files
rg -i "secret|aws.*(key|region|bucket|distribution)" -A 5 -B 5 "README.md" "CONTRIBUTING.md" "docs/"
Length of output: 96
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 3
🧹 Outside diff range and nitpick comments (3)
.github/workflows/vercel-deploy.yml (3)
22-35
: Enhance build security and caching strategyWhile the clean install and audit are good practices, consider adding:
- Lockfile verification
- Verify cache paths match your project structure
- name: Install dependencies env: NODE_ENV: production run: | + if [ ! -f "package-lock.json" ]; then + echo "Error: package-lock.json not found" + exit 1 + fi npm clean-install npm audit🧰 Tools
🪛 actionlint (1.7.4)
30-30: the runner of "actions/cache@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
37-44
: Enhance build process observabilityAdd build output verification and timing information for better debugging.
- name: Build the project env: NODE_ENV: production run: | + echo "Starting build at $(date)" npm run build:web-mobile || { echo "Build failed" exit 1 } + echo "Build completed at $(date)" + if [ ! -d "dist/apps/web-mobile" ]; then + echo "Error: Build output directory not found" + exit 1 + fi
58-70
: Enhance deployment verificationThe current verification only checks for HTTP status codes. Consider adding:
- Content verification
- SSL certificate validation
- Progressive retry backoff
- name: Verify deployment run: | DEPLOY_URL="${{ steps.deploy.outputs.preview-url }}" MAX_RETRIES=5 COUNT=0 + WAIT_TIME=10 - until curl -s -o /dev/null -w "%{http_code}" "$DEPLOY_URL" | grep -q "200\|404"; do + until curl -s -k -o /dev/null -w "%{http_code}:%{ssl_verify_result}" "$DEPLOY_URL" | grep -q "200:0"; do if [ $COUNT -eq $MAX_RETRIES ]; then echo "Deployment verification failed after $MAX_RETRIES attempts" exit 1 fi COUNT=$((COUNT+1)) - sleep 10 + WAIT_TIME=$((WAIT_TIME * 2)) + echo "Waiting ${WAIT_TIME} seconds before retry ${COUNT}/${MAX_RETRIES}" + sleep $WAIT_TIME done
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
📒 Files selected for processing (1)
.github/workflows/vercel-deploy.yml
(1 hunks)
🧰 Additional context used
🪛 actionlint (1.7.4)
.github/workflows/vercel-deploy.yml
30-30: the runner of "actions/cache@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
73-73: the runner of "actions/github-script@v6" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
🔇 Additional comments (1)
.github/workflows/vercel-deploy.yml (1)
8-20
: LGTM! Environment setup follows best practices
The job configuration uses the latest action versions and appropriate Node.js setup with caching enabled.
on: | ||
push: | ||
branches: | ||
- main |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🛠️ Refactor suggestion
Enhance workflow triggers for better deployment control
Consider adding:
- Pull request trigger for preview deployments
- Environment protection for production deployments
on:
push:
branches:
- main
+ pull_request:
+ types: [opened, synchronize, reopened]
+
+environment:
+ name: production
+ rules:
+ - if: github.ref == 'refs/heads/main'
Committable suggestion skipped: line range outside the PR's diff.
alias-domains: | | ||
staging.your-domain.com | ||
pr-{{PR_NUMBER}}.your-domain.com |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Update placeholder domain values
The alias domains contain placeholder values that need to be updated with actual domain names.
alias-domains: |
- staging.your-domain.com
- pr-{{PR_NUMBER}}.your-domain.com
+ staging.recy-network.com
+ pr-${{ github.event.number }}.recy-network.com
Committable suggestion skipped: line range outside the PR's diff.
- name: Comment PR | ||
uses: actions/github-script@v6 | ||
with: | ||
script: | | ||
github.rest.issues.createComment({ | ||
issue_number: context.issue.number, | ||
owner: context.repo.owner, | ||
repo: context.repo.repo, | ||
body: `✅ Deployed to: ${{ steps.deploy.outputs.preview-url }}` | ||
}) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🛠️ Refactor suggestion
Update github-script action version and enhance PR comment
The current version of github-script action is outdated. Also, consider adding more deployment details in the PR comment.
- name: Comment PR
- uses: actions/github-script@v6
+ uses: actions/github-script@v7
with:
script: |
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
- body: `✅ Deployed to: ${{ steps.deploy.outputs.preview-url }}`
+ body: `## Deployment Status ✅\n\n` +
+ `- **URL:** ${{ steps.deploy.outputs.preview-url }}\n` +
+ `- **Branch:** ${process.env.GITHUB_REF_NAME}\n` +
+ `- **Commit:** ${process.env.GITHUB_SHA}\n` +
+ `- **Deployment Time:** ${new Date().toISOString()}`
})
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
- name: Comment PR | |
uses: actions/github-script@v6 | |
with: | |
script: | | |
github.rest.issues.createComment({ | |
issue_number: context.issue.number, | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
body: `✅ Deployed to: ${{ steps.deploy.outputs.preview-url }}` | |
}) | |
- name: Comment PR | |
uses: actions/github-script@v7 | |
with: | |
script: | | |
github.rest.issues.createComment({ | |
issue_number: context.issue.number, | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
body: `## Deployment Status ✅\n\n` + | |
`- **URL:** ${{ steps.deploy.outputs.preview-url }}\n` + | |
`- **Branch:** ${process.env.GITHUB_REF_NAME}\n` + | |
`- **Commit:** ${process.env.GITHUB_SHA}\n` + | |
`- **Deployment Time:** ${new Date().toISOString()}` | |
}) |
🧰 Tools
🪛 actionlint (1.7.4)
73-73: the runner of "actions/github-script@v6" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
@vishwamartur Great work here! coud you look or aplication @detrash/recy-api We will migrate all backend to here: https://github.com/detrash/recy-api/blob/staging/.github/workflows/DeployApp.yml Coud you look to this current implementation and reply here ? |
@vishwamartur You are welcome to work with us here: https://join.slack.com/t/detrash/shared_invite/zt-2wklkxvjl-OdDo0EMPZbNefeE8Up1wuQ |
Related to #140
Add CI/CD pipeline for Vercel and AWS deployment.
Vercel Deployment:
apps/web-mobile/vercel.json
to includebuildCommand
,outputDirectory
, andframework
..github/workflows/vercel-deploy.yml
to create a GitHub Actions workflow for Vercel deployment.deploy:vercel
inpackage.json
for Vercel deployment.AWS Deployment:
.github/workflows/aws-deploy.yml
to create a GitHub Actions workflow for AWS deployment.deploy:aws
inpackage.json
for AWS deployment.Summary by CodeRabbit
New Features
vercel.json
with build command, output directory, and framework specifications.package.json
for easier command-line deployments to Vercel and AWS.Documentation