integrated ci/cd process to aws staging

Author: OlegPhenomenon

.DS_Store

@@ -0,0 +1,37 @@
+name: 'Post Deploy Comment'
+
+on:
+  repository_dispatch:
+    types: [deploy-complete]
+
+jobs:
+  post-comment:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 💬 Post deploy info to PR
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const prNumber = '${{ github.event.client_payload.pr_number }}';
+            const deployUrl = '${{ github.event.client_payload.deploy_url }}';
+            const slotNumber = '${{ github.event.client_payload.slot_number }}';
+            const appName = '${{ github.event.client_payload.app_name }}';
+            const namespace = '${{ github.event.client_payload.namespace }}';
+
+            const body = `## 🚀 Deploy Complete!
+
+            | Property | Value |
+            |----------|-------|
+            | **App** | \`${appName}\` |
+            | **Slot** | \`${slotNumber}\` |
+            | **URL** | [${deployUrl}](${deployUrl}) |
+            | **Namespace** | \`${namespace}\` |
+
+            *(Environment ready for testing)*`;
+
+            await github.rest.issues.createComment({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: parseInt(prNumber),
+              body: body
+            });

.github/workflows/deploy-complete.yml

@@ -0,0 +1,103 @@
+name: 01 PR Deploy to Staging (Kubernetes)
+
+on:
+  workflow_dispatch:
+    inputs:
+      deploy_target:
+        description: 'What to deploy'
+        required: true
+        type: choice
+        options:
+          - pr
+          - master
+        default: pr
+      pr_number:
+        description: 'Number of PR to deploy (only digits, e.g., 2889). Required only for PR deploy.'
+        required: false
+        type: string
+
+permissions:
+  id-token: write
+  contents: read
+  pull-requests: write
+  
+env:
+  APP_NAME: epp-proxy
+  ECR_URL: 034362061030.dkr.ecr.eu-north-1.amazonaws.com
+  AWS_REGION: eu-north-1
+  EKS_ASSUME_ROLE_ARN: arn:aws:iam::605134427993:role/terraform 
+
+jobs:
+  build-and-deploy:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: ✅ Validate inputs
+        run: |
+          if [[ "${{ inputs.deploy_target }}" == "pr" && -z "${{ inputs.pr_number }}" ]]; then
+            echo "::error::PR number is required when deploy target is 'pr'"
+            exit 1
+          fi
+
+      - name: ⬇️ Checkout application code
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ inputs.deploy_target == 'master' && 'master' || format('refs/pull/{0}/merge', inputs.pr_number) }}
+
+      - name: 🔑 Configure AWS Credentials (for ECR and EKS)
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.GH_ACTIONS_DEPLOY_ROLE_ARN }} 
+          aws-region: ${{ env.AWS_REGION }}
+
+      - name: 🛠️ Build and Tag Docker image
+        id: docker_build
+        run: |
+          if [[ "${{ inputs.deploy_target }}" == "master" ]]; then
+            SHORT_SHA=$(git rev-parse --short HEAD)
+            TAG="master-${SHORT_SHA}"
+          else
+            TAG="pr-${{ inputs.pr_number }}"
+          fi
+
+          echo "IMAGE_TAG=$TAG" >> $GITHUB_OUTPUT
+
+          docker build --no-cache --platform linux/amd64 -f Dockerfile.staging \
+            -t ${{ env.APP_NAME }}:${TAG} .
+
+      - name: 🔑 ECR Login using AWS CLI
+        run: |
+          aws ecr get-login-password --region ${{ env.AWS_REGION }} | \
+          docker login --username AWS --password-stdin ${{ env.ECR_URL }}
+
+      - name: ⬆️ Push Docker image to ECR
+        run: |
+          TAG=${{ steps.docker_build.outputs.IMAGE_TAG }}
+          ECR_IMAGE="${{ env.ECR_URL }}/${{ env.APP_NAME }}:${TAG}"
+          docker tag ${{ env.APP_NAME }}:${TAG} ${ECR_IMAGE}
+          docker push ${ECR_IMAGE}
+      
+      - name: 🔐 Mint GitHub App installation token (for IaC repo)
+        id: app-token
+        uses: actions/create-github-app-token@v2
+        with:
+          app-id: ${{ vars.GH_APP_ID }}
+          private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
+          owner: internetee
+          repositories: Ry_AWS_IaC
+
+      - name: 🚀 Trigger IaC deploy (repository_dispatch)
+        uses: peter-evans/repository-dispatch@v3
+        with:
+          token: ${{ steps.app-token.outputs.token }}
+          repository: internetee/Ry_AWS_IaC
+          event-type: deploy-service-staging
+          client-payload: |
+            {
+              "app_name": "epproxy",
+              "image_tag": "${{ steps.docker_build.outputs.IMAGE_TAG }}",
+              "namespace": "epproxy",
+              "pr_number": "${{ inputs.deploy_target == 'master' && '0' || inputs.pr_number }}",
+              "source_repo": "internetee/epp_proxy"
+            }
+            

.github/workflows/deploy-pr-staging.yml

@@ -0,0 +1,35 @@
+name: 02 Manual Destroy Staging
+
+on:
+  workflow_dispatch:
+    inputs:
+      pr_number:
+        description: 'Number of PR to destroy (only digits, e.g., 2890)'
+        required: true
+        type: string
+
+jobs:
+  destroy-request:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 🔐 Mint GitHub App token
+        id: app-token
+        uses: actions/create-github-app-token@v2
+        with:
+          app-id: ${{ vars.GH_APP_ID }}
+          private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
+          owner: internetee
+          repositories: Ry_AWS_IaC
+
+      - name: 🚀 Send Destroy Signal to IaC
+        uses: peter-evans/repository-dispatch@v3
+        with:
+          token: ${{ steps.app-token.outputs.token }}
+          repository: internetee/Ry_AWS_IaC
+          event-type: cleanup-service-staging
+          client-payload: |
+            {
+              "app_name": "eppproxy",
+              "namespace": "${{ github.event.repository.name }}-pr-${{ github.event.inputs.pr_number }}",
+              "pr_number": "${{ github.event.inputs.pr_number }}"
+            }

.github/workflows/manual-destroy-staging.yml

@@ -0,0 +1,62 @@
+FROM debian:bullseye-slim
+
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+COPY ./docker/apt/sources.list /etc/apt/
+
+# Install all dependencies in a single layer to reduce image size
+RUN apt-get update && apt-get install -y -qq \
+  wget \
+  git \
+  build-essential \
+  libncurses5-dev \
+  automake \
+  autoconf \
+  curl \
+  ca-certificates \
+  libssl-dev \
+  libreadline-dev \
+  libdpkg-perl \
+  liberror-perl \
+  libc6 \
+  libc-dev \
+  perl \
+  procps \
+  inotify-tools \
+  libssl1.1 \
+  perl-base \
+  zlib1g-dev \
+  # Additional dependencies for Erlang build
+  libncurses-dev \
+  libsctp-dev \
+  # Documentation tools to prevent build failures
+  xsltproc \
+  libxml2-utils \
+  # Dependencies for Ruby 3.2.2
+  libffi-dev \
+  libyaml-dev \
+  && apt-get clean \
+  && rm -rf /var/lib/apt/lists/*
+
+# Set environment variables for Erlang build
+ENV KERL_CONFIGURE_OPTIONS="--disable-debug --without-javac --without-wx --without-odbc --disable-hipe --without-jinterface --without-docs"
+ENV KERL_BUILD_DOCS="no"
+ENV KERL_DOC_TARGETS=""
+ENV KERL_INSTALL_HTMLDOCS="no"
+ENV KERL_INSTALL_MANPAGES="no"
+
+RUN git clone https://github.com/asdf-vm/asdf.git --branch v0.6.3 "$HOME"/.asdf && \
+    echo '. $HOME/.asdf/asdf.sh' >> "$HOME"/.bashrc && \
+        echo '. $HOME/.asdf/asdf.sh' >> "$HOME"/.profile
+
+ENV PATH="${PATH}:/root/.asdf/shims:/root/.asdf/bin"
+
+RUN mkdir -p /opt/erlang/epp_proxy
+WORKDIR /opt/erlang/epp_proxy
+
+COPY .tool-versions ./
+RUN asdf plugin-add erlang
+RUN . $HOME/.asdf/asdf.sh && asdf install
+RUN asdf global erlang $(grep erlang .tool-versions | cut -d' ' -f2)
+RUN asdf plugin-add ruby
+RUN asdf plugin-add rebar
+RUN asdf install