feat: add CI workflow for integration testing and deployment with environment tagging

zAbuQasem · zAbuQasem · commit 3148f81763f5 · 2026-04-12T13:02:16.000+03:00
diff --git a/.github/workflows/tester-tag.yml b/.github/workflows/tester-tag.yml
@@ -0,0 +1,74 @@
+name: ci
+
+on:
+  workflow_dispatch:
+    inputs:
+      environment:
+        description: "Target environment tag value"
+        required: true
+        default: staging
+        type: choice
+        options: [staging, production]
+  push:
+    branches:
+      - develop
+
+env:
+  MINIMUM_PACKAGE_AGE_HOURS: 0
+  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
+  SAFE_CHAIN_VERSION: "1.4.7"
+  SAFE_CHAIN_SHA256: "54c750232d149106ecf4f5f28fee82ba49d2428f1e411e0ed961c0263ae19eaf"
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  test:
+    name: Integration test
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+
+      - name: Setup Bun
+        uses: oven-sh/setup-bun@735343b667d3e6f658f44d0eca948eb6282f2b76 # v2.0.2
+
+      - name: Install safe-chain
+        run: |
+          curl -fsSL "https://github.com/AikidoSec/safe-chain/releases/download/${SAFE_CHAIN_VERSION}/install-safe-chain.sh" \
+            -o install-safe-chain.sh
+          echo "${SAFE_CHAIN_SHA256}  install-safe-chain.sh" | sha256sum --check
+          sh install-safe-chain.sh --ci
+
+      - name: Install dependencies
+        run: bun install
+        env:
+          SAFE_CHAIN_MINIMUM_PACKAGE_AGE_HOURS: ${{ env.MINIMUM_PACKAGE_AGE_HOURS }}
+
+      - name: Configure AWS credentials (OIDC)
+        uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0
+        with:
+          role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
+          aws-region: ${{ secrets.AWS_REGION }}
+
+      - name: Deploy to ${{ inputs.environment || 'production' }}
+        id: deploy
+        uses: ./
+        with:
+          aws-region: us-east-1
+          # Targets all instances tagged env=<environment> AND role=web
+          targets: |
+            Key=tag:env,Values=${{ inputs.environment || 'production' }}
+            Key=tag:role,Values=web
+          working-directory: /home/ec2-user
+          wait-for-output: true
+          wait-timeout: 180
+          comment: Deploy ${{ github.sha }} to ${{ inputs.environment || 'production' }}
+          command: |
+            echo `date +%Y-%m-%dT%H:%M:%S%z` "Hello from tester-tag.yml" >> logs.txt
+            cat logs.txt
+
+      - name: Print output
+        run: echo "${{ steps.deploy.outputs.output }}"
diff --git a/.github/workflows/tester.yml b/.github/workflows/tester.yml
@@ -47,13 +47,19 @@ jobs:
           aws-region: ${{ secrets.AWS_REGION }}
 
       - name: Run SSM command
+        id: deploy
         uses: ./
         with:
           aws-region: ${{ secrets.AWS_REGION }}
           instance-ids: ${{ secrets.INSTANCE_ID }}
+          wait-for-output: true
+          wait-timeout: 180
           working-directory: /home/ec2-user
           comment: aws-ssm-action CI test
           command: |
             echo "Hello from GitHub Actions!" >> logs.txt
             echo $(date) >> logs.txt
             cat logs.txt
+
+      - name: Print output
+        run: echo "${{ steps.deploy.outputs.output }}"
