Add GitHub Actions workflow for S3 deployment

- Automated deployment script upload to public S3 bucket - Uses GitHub OIDC for secure AWS authentication - Updates README with current S3 URLs automatically - Enables deployment from private repository - Uploads systemd service and Caddyfile configurations
2025-07-02 23:56:18 -04:00 · 2025-07-02 23:56:18 -04:00 · 08a8ded5f9
commit 08a8ded5f9
parent 5af83966d6
3 changed files with 115 additions and 7 deletions
--- a/.github/workflows/deploy-scripts.yml
+++ b/.github/workflows/deploy-scripts.yml
@ -0,0 +1,67 @@
 name: Deploy Scripts to S3
 on:
  push:
    branches: [ main ]
    paths:
      - 'scripts/**'
      - '.github/workflows/deploy-scripts.yml'
  workflow_dispatch:
 permissions:
  id-token: write
  contents: read
 jobs:
  deploy-scripts:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      - name: Configure AWS credentials using OIDC
        uses: aws-actions/configure-aws-credentials@v4
        with:
          role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
          aws-region: ${{ secrets.AWS_REGION }}
          role-session-name: icewatch-deploy-scripts
      - name: Upload deployment script to S3
        run: |
          # Upload the main deployment script
          aws s3 cp scripts/deploy.sh s3://${{ secrets.S3_BUCKET_NAME }}/icewatch/deploy.sh \
            --acl public-read \
            --content-type "text/plain" \
            --metadata-directive REPLACE \
            --metadata "version=$(git rev-parse --short HEAD),updated=$(date -u +%Y-%m-%dT%H:%M:%SZ)"
          # Upload systemd service file
          aws s3 cp scripts/icewatch.service s3://${{ secrets.S3_BUCKET_NAME }}/icewatch/icewatch.service \
            --acl public-read \
            --content-type "text/plain"
          # Upload Caddyfile
          aws s3 cp scripts/Caddyfile s3://${{ secrets.S3_BUCKET_NAME }}/icewatch/Caddyfile \
            --acl public-read \
            --content-type "text/plain"
          echo "✅ Scripts uploaded successfully!"
          echo "📁 Deploy script URL: https://${{ secrets.S3_BUCKET_NAME }}.s3.amazonaws.com/icewatch/deploy.sh"
      - name: Update README with current URLs
        run: |
          # Update README with current S3 URLs
          sed -i "s|curl -sSL.*deploy.sh|curl -sSL https://${{ secrets.S3_BUCKET_NAME }}.s3.amazonaws.com/icewatch/deploy.sh|g" README.md
          # Check if README was modified
          if git diff --quiet README.md; then
            echo "No README updates needed"
          else
            echo "README updated with new S3 URLs"
            git config --local user.email "action@github.com"
            git config --local user.name "GitHub Action"
            git add README.md
            git commit -m "Update deployment URLs [skip ci]"
            git push
          fi
--- a/README.md
+++ b/README.md
@ -65,7 +65,7 @@ PORT=3000
 1. **Run the deployment script on your server:**
   ```bash
-   curl -sSL https://raw.githubusercontent.com/deco/ice/main/scripts/deploy.sh | bash
+   curl -sSL https://your-bucket-name.s3.amazonaws.com/icewatch/deploy.sh | bash
   ```
 2. **Deploy your application:**
--- a/scripts/deploy.sh
+++ b/scripts/deploy.sh
@ -32,10 +32,51 @@ sudo chown $USER:$USER /opt/icewatch
 # Navigate to app directory
 cd /opt/icewatch
 # Create icewatch user for security
 echo "👤 Creating icewatch user..."
 sudo useradd --system --shell /bin/false --home /opt/icewatch --create-home icewatch
 # Download additional configuration files from S3
 echo "📥 Downloading configuration files..."
 S3_BASE_URL="https://your-bucket-name.s3.amazonaws.com/icewatch"
 # Download systemd service file
 echo "📥 Downloading systemd service..."
 curl -sSL "$S3_BASE_URL/icewatch.service" | sudo tee /etc/systemd/system/icewatch.service > /dev/null
 # Download Caddyfile template
 echo "📥 Downloading Caddy configuration..."
 curl -sSL "$S3_BASE_URL/Caddyfile" | sudo tee /etc/caddy/Caddyfile.template > /dev/null
 echo "✅ Server setup complete!"
-echo "Next steps:"
+echo ""
-echo "1. Upload your app files to /opt/icewatch"
+echo "🚀 Next steps to deploy ICE Watch:"
-echo "2. Run: npm install"
+echo ""
-echo "3. Configure your .env file"
+echo "1. Clone your repository:"
-echo "4. Set up systemd service"
+echo "   git clone https://github.com/yourusername/icewatch.git /opt/icewatch"
-echo "5. Configure Caddy"
+echo ""
 echo "2. Set up the application:"
 echo "   cd /opt/icewatch"
 echo "   npm install"
 echo "   cp .env.example .env"
 echo "   nano .env  # Add your MapBox token and admin password"
 echo ""
 echo "3. Configure domain in Caddyfile:"
 echo "   sudo nano /etc/caddy/Caddyfile.template"
 echo "   # Replace 'yourdomain.com' with your actual domain"
 echo "   sudo mv /etc/caddy/Caddyfile.template /etc/caddy/Caddyfile"
 echo ""
 echo "4. Set permissions:"
 echo "   sudo chown -R icewatch:icewatch /opt/icewatch"
 echo "   sudo chmod 660 /opt/icewatch/.env"
 echo ""
 echo "5. Start services:"
 echo "   sudo systemctl daemon-reload"
 echo "   sudo systemctl enable icewatch caddy"
 echo "   sudo systemctl start icewatch caddy"
 echo ""
 echo "6. Check status:"
 echo "   sudo systemctl status icewatch"
 echo "   sudo systemctl status caddy"
 echo ""
 echo "🌐 Your ICE Watch app will be available at: https://yourdomain.com"