From f223cae7a9c6a8a30492d3cdd2f6752db0d9f523 Mon Sep 17 00:00:00 2001
From: Sahil Singhal <sahil.singhal@synccomputing.com>
Date: Mon, 17 Mar 2025 21:56:34 -0400
Subject: [PATCH 1/5] Use matrix to set env vars for action

---
 .github/workflows/deploy.yml | 34 +++++++++++++++++++++++++++++-----
 1 file changed, 29 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 1779cfd..f0d9f15 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -1,14 +1,38 @@
 name: Deploy
+
 on:
   push:
     branches:
       - main
+  workflow_dispatch:
+    inputs:
+      environment:
+        description: "Select environment to deploy"
+        required: true
+        type: choice
+        options:
+          - production
+
 permissions:
   id-token: write # This is required for requesting tghe JWT
   contents: read # This is required for actions/checkout
 jobs:
   deploy-cube:
     runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        include:
+          - environment: development
+            ECR_REPO: development-sync-cube-ecr
+            ECS_CLUSTER: development-sync-cluster
+          - environment: staging
+            ECR_REPO: staging-sync-cube-ecr
+            ECS_CLUSTER: staging-sync-cluster
+          - environment: production
+            ECR_REPO: production-sync-cube-ecr
+            ECS_CLUSTER: production-sync-cluster
+    environment: ${{ matrix.environment }}
+
     steps:
       - name: Checkout repo
         uses: actions/checkout@v4
@@ -29,7 +53,7 @@ jobs:
       - name: Build, tag, and push cube api docker image to Amazon ECR
         env:
           REGISTRY: ${{ steps.login-ecr.outputs.registry }}
-          REPOSITORY: prod-sync-cube-ecr
+          REPOSITORY: ${{ matrix.ECR_REPO }}
           IMAGE_TAG: "${{ github.sha }}"
         run: |
           docker build -t $REGISTRY/$REPOSITORY:$IMAGE_TAG -f docker/cube/Dockerfile .
@@ -41,7 +65,7 @@ jobs:
         with:
           task-definition-family: cube_api
           container-name: cube-api
-          image: ${{ steps.login-ecr.outputs.registry }}/prod-sync-cube-ecr:${{ github.sha }}
+          image: ${{ steps.login-ecr.outputs.registry }}/${{ matrix.ECR_REPO }}:${{ github.sha }}
 
       - name: Update cube-refresh-worker Task Definition with latest image
         id: cube-refresh-worker-task-def
@@ -49,14 +73,14 @@ jobs:
         with:
           task-definition-family: cube_refresh_worker
           container-name: cube-refresh-worker
-          image: ${{ steps.login-ecr.outputs.registry }}/prod-sync-cube-ecr:${{ github.sha }}
+          image: ${{ steps.login-ecr.outputs.registry }}/${{ matrix.ECR_REPO }}:${{ github.sha }}
 
       - name: Deploy cube-api task definition
         uses: aws-actions/amazon-ecs-deploy-task-definition@v2.3.0
         with:
           task-definition: ${{ steps.cube-api-task-def.outputs.task-definition }}
           service: cube_api
-          cluster: prod-sync-cluster
+          cluster: ${{ matrix.ECS_CLUSTER }}
           wait-for-service-stability: true
 
       - name: Deploy cube-refresh-worker task definition
@@ -64,5 +88,5 @@ jobs:
         with:
           task-definition: ${{ steps.cube-refresh-worker-task-def.outputs.task-definition }}
           service: cube_refresh_worker
-          cluster: prod-sync-cluster
+          cluster: ${{ matrix.ECS_CLUSTER }}
           wait-for-service-stability: true

From 62cdeae3824105fb347b04e79392e5e26b75baea Mon Sep 17 00:00:00 2001
From: Sahil Singhal <sahil.singhal@synccomputing.com>
Date: Mon, 17 Mar 2025 21:57:35 -0400
Subject: [PATCH 2/5] Temp branch switch

---
 .github/workflows/deploy.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index f0d9f15..27f9228 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -3,7 +3,7 @@ name: Deploy
 on:
   push:
     branches:
-      - main
+      - singhals/github-action
   workflow_dispatch:
     inputs:
       environment:

From 99b94a21b8369efbe874f5bd0733ff5c9dd661e2 Mon Sep 17 00:00:00 2001
From: Sahil Singhal <sahil.singhal@synccomputing.com>
Date: Tue, 18 Mar 2025 10:59:28 -0400
Subject: [PATCH 3/5] Remove prod from matrix

---
 .github/workflows/deploy.yml | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 27f9228..4958e44 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -28,9 +28,6 @@ jobs:
           - environment: staging
             ECR_REPO: staging-sync-cube-ecr
             ECS_CLUSTER: staging-sync-cluster
-          - environment: production
-            ECR_REPO: production-sync-cube-ecr
-            ECS_CLUSTER: production-sync-cluster
     environment: ${{ matrix.environment }}
 
     steps:

From 70c840a23ae768ef19c1fd05b157ffeab23c2afe Mon Sep 17 00:00:00 2001
From: Sahil Singhal <sahil.singhal@synccomputing.com>
Date: Tue, 18 Mar 2025 18:00:32 -0400
Subject: [PATCH 4/5] Update IAM roles

---
 .github/workflows/deploy.yml   | 4 +++-
 terraform/modules/sync/main.tf | 2 +-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 4958e44..c8c6867 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -25,9 +25,11 @@ jobs:
           - environment: development
             ECR_REPO: development-sync-cube-ecr
             ECS_CLUSTER: development-sync-cluster
+            GITHUB_IAM_ROLE: arn:aws:iam::471881062455:role/system/development_github_actions_role
           - environment: staging
             ECR_REPO: staging-sync-cube-ecr
             ECS_CLUSTER: staging-sync-cluster
+            GITHUB_IAM_ROLE: arn:aws:iam::471881062455:role/system/staging_github_actions_role
     environment: ${{ matrix.environment }}
 
     steps:
@@ -37,7 +39,7 @@ jobs:
       - name: Configure AWS credentials
         uses: aws-actions/configure-aws-credentials@v4
         with:
-          role-to-assume: arn:aws:iam::471881062455:role/system/github_actions_role
+          role-to-assume: ${{ matrix.GITHUB_IAM_ROLE }}
           role-session-name: GitHub_to_AWS_sync_svc_cube
           aws-region: us-east-1
 
diff --git a/terraform/modules/sync/main.tf b/terraform/modules/sync/main.tf
index 0966810..52b3fa2 100644
--- a/terraform/modules/sync/main.tf
+++ b/terraform/modules/sync/main.tf
@@ -47,7 +47,7 @@ resource "aws_iam_openid_connect_provider" "github_openid" {
 
 module "iam_github_oidc_role" {
   source      = "terraform-aws-modules/iam/aws//modules/iam-github-oidc-role"
-  name        = "github_actions_role"
+  name        = "${var.env}_github_actions_role"
   path        = "/system/"
   description = "GitHub IAM role for GitHub actions"
 

From a3c88436885643098639a1460422d6d236e32aa0 Mon Sep 17 00:00:00 2001
From: Sahil Singhal <sahil.singhal@synccomputing.com>
Date: Tue, 18 Mar 2025 18:11:06 -0400
Subject: [PATCH 5/5] Dont fail fast

---
 .github/workflows/deploy.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index c8c6867..ab962a0 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -20,6 +20,7 @@ jobs:
   deploy-cube:
     runs-on: ubuntu-latest
     strategy:
+      fail-fast: false
       matrix:
         include:
           - environment: development