chore: new s3 storage backend (#407)

* chore: new s3 storage backend

* adding gh permissions for aws auth

* for testing build allowing cypress install

* allowing cypress install in testing deploy

* full dev build because cypress

* use appropriate aws account for prod

.github/workflows/pull-request.yml

@@ -94,3 +94,86 @@ jobs:
           clover_file: 'coverage/clover.xml'
           threshold_alert: 80
           threshold_warning: 90
+  build-ng:
+    runs-on: ${{ matrix.os }}
+    permissions:
+      id-token: write
+      contents: read
+    strategy:
+      matrix:
+        node: [ '14.x' ]
+        os: [ ubuntu-latest ]
+    env:
+      CI: 1 # prevents extra Cypress installation progress messages
+      HUSKY: 0 # disables husky hooks
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v2
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          role-to-assume: arn:aws:iam::914054469264:role/github-actions-admin-dev
+          aws-region: us-east-2
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          role-to-assume: arn:aws:iam::914054469264:role/terraform-admin
+          aws-region: us-east-2
+          role-chaining: true
+
+      - name: Use Node ${{ matrix.node }}
+        uses: actions/setup-node@v1
+        with:
+          node-version: ${{ matrix.node }}
+
+      - name: Install deps (with cache)
+        uses: bahmutov/npm-install@v1
+        env:
+          CYPRESS_INSTALL_BINARY: 0
+
+      - id: read-package-json
+        name: Read package.json
+        run: |
+          content=`cat package.json`
+          content="${content//'%'/'%25'}"
+          content="${content//$'\n'/'%0A'}"
+          content="${content//$'\r'/'%0D'}"
+          echo "::set-output name=packageJson::$content"
+
+      - name: Cache Cypress Binaries
+        id: cache-cypress
+        uses: actions/cache@v2
+        with:
+          path: ~/.cache/Cypress
+          key: cypress-cache-v2-${{ runner.os }}-${{ fromJson(steps.read-package-json.outputs.packageJson).devDependencies.cypress }}
+
+      # Install and check Cypress binary
+      - run: yarn run cypress install
+      - run: yarn run cypress cache list
+
+      - name: Write .env
+        run: make write-lib-vars
+        env:
+          ENVIRONMENT: dev
+          IS_PR_WORKFLOW: true
+
+      - name: Verify
+        run: make verify
+        env:
+          SKIP_INSTALL: 1 # install with cache was done already
+
+      - name: Upload failed e2e tests screenshots
+        uses: actions/upload-artifact@v2
+        if: failure()
+        with:
+          name: cypress-screenshots
+          path: cypress/screenshots
+
+      - name: Verify Infrastructure
+        run: make setup-infra
+        env:
+          AWS: true
+          ENVIRONMENT: dev
+          IS_PR_WORKFLOW: true

.github/workflows/release.yml

@@ -76,3 +76,60 @@ jobs:
           fields: 'repo,commit,message,workflow,job'
         env:
           SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+
+  build-release-ng:
+    runs-on: ${{ matrix.os }}
+    permissions:
+      id-token: write
+      contents: read
+    strategy:
+      matrix:
+        node: [ '14.x' ]
+        os: [ ubuntu-latest ]
+    env:
+      CI: 1 # prevents extra Cypress installation progress messages
+      HUSKY: 0 # disables husky hooks
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v2
+        with:
+          token: ${{ secrets.SEMANTIC_RELEASE_PAT }}
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          role-to-assume: arn:aws:iam::469828239459:role/github-actions-admin-prod
+          aws-region: us-east-2
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          role-to-assume: arn:aws:iam::469828239459:role/terraform-admin
+          aws-region: us-east-2
+          role-chaining: true
+
+      - name: Use Node ${{ matrix.node }}
+        uses: actions/setup-node@v1
+        with:
+          node-version: ${{ matrix.node }}
+
+      - name: Install deps (with cache)
+        uses: bahmutov/npm-install@v1
+        env:
+          CYPRESS_INSTALL_BINARY: 0
+
+      - name: Write .env
+        run: make write-lib-vars
+        env:
+          ENVIRONMENT: prod
+
+      - name: Build
+        run: make build
+        env:
+          SKIP_INSTALL: 0 # install with cache was done already
+
+      - name: Release
+        run: make setup-infra
+        env:
+          AWS: true
+          AWS_REGION: us-east-2
+          ENVIRONMENT: prod

scripts/setupinfra.sh

@@ -29,8 +29,13 @@ VERSIONED_JS_NAME=$(cat package.json | jq -r '.version')
 
 echo "Uploading bundle to $JS_HOST/$INDEX_JS_NAME"
 
+if [[ -z ${AWS} ]]; then
+  JS_BUCKET_NAME=$(aws s3 cp s3://basis-theory-tf-state/basistheory-cloudflare/$ENVIRONMENT/terraform.tfstate - | jq -r .outputs.js_bucket_name.value)
+else
+  JS_BUCKET_NAME="${ENVIRONMENT}-${JS_HOST}"
+fi
+
 # Upload Contnet
-JS_BUCKET_NAME=$(aws s3 cp s3://basis-theory-tf-state/basistheory-cloudflare/$ENVIRONMENT/terraform.tfstate - | jq -r .outputs.js_bucket_name.value)
 aws s3 cp --acl public-read "$BUNDLE_PATH" s3://"${JS_BUCKET_NAME}"/"${INDEX_JS_NAME}"
 
 if [ "$IS_PR_WORKFLOW" = true ] ; then