Created
May 22, 2026 19:10
-
-
Save Virtual-Robert/7127ffbcbf488156f8a9e11dd471e6e4 to your computer and use it in GitHub Desktop.
Dark Factory production.yml with static AWS keys
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI/CD Pipeline Production | |
| on: | |
| push: | |
| branches: [main] | |
| jobs: | |
| # TODO: Re-enable typecheck job after fixing PageProps/LayoutProps type debt | |
| # See: https://github.com/Virtual-Robert/AVA-dark-factory/issues (create ticket) | |
| build_deploy_infrastructure: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: read | |
| outputs: | |
| changes-made: ${{ steps.infrastructure.outputs.changes-made }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: ./.github/actions/build_deploy_infrastructure | |
| id: infrastructure | |
| with: | |
| ENVIRONMENT: production | |
| ROOT_DOMAIN: "ava-factory.ai" | |
| # Using static keys instead of OIDC (GitHub-hosted runners) | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| AWS_ACCOUNT_ID: ${{ secrets.AWS_PRODUCTION_ACCOUNT_ID }} | |
| GITHUB_SHA: ${{ github.sha }} | |
| GITHUB_JOB: ${{ github.job }} | |
| AUTH_RESEND_KEY: ${{ secrets.AUTH_RESEND_KEY }} | |
| AUTH0_CLIENT_ID: ${{ secrets.AUTH0_CLIENT_ID }} | |
| AUTH0_CLIENT_SECRET: ${{ secrets.AUTH0_CLIENT_SECRET }} | |
| AUTH0_ISSUER: ${{ secrets.AUTH0_ISSUER }} | |
| FIGMA_CLIENT_ID: ${{ secrets.FIGMA_CLIENT_ID }} | |
| FIGMA_CLIENT_SECRET: ${{ secrets.FIGMA_CLIENT_SECRET }} | |
| KLING_ACCESS_ID: ${{ secrets.KLING_ACCESS_ID }} | |
| KLING_ACCESS_SECRET: ${{ secrets.KLING_ACCESS_SECRET }} | |
| MIXPANEL_TOKEN: ${{ secrets.MIXPANEL_TOKEN }} | |
| SENTRY_DSN: ${{ secrets.SENTRY_DSN }} | |
| SENTRY_FRONTEND_DSN: ${{ secrets.SENTRY_FRONTEND_DSN }} | |
| BYTEPLUS_API_KEY: ${{ secrets.BYTEPLUS_API_KEY }} | |
| GEMINI_API_KEY: ${{ secrets.GEMINI_API_KEY }} | |
| detect_changes: | |
| runs-on: ubuntu-latest | |
| needs: build_deploy_infrastructure | |
| permissions: | |
| contents: read | |
| outputs: | |
| frontend-changed: ${{ steps.detect.outputs.frontend-changed }} | |
| backend-changed: ${{ steps.detect.outputs.backend-changed }} | |
| klingvideosqs-changed: ${{ steps.detect.outputs.klingvideosqs-changed }} | |
| seedreamsqshandler-changed: ${{ steps.detect.outputs.seedreamsqshandler-changed }} | |
| nanobananasqshandler-changed: ${{ steps.detect.outputs.nanobananasqshandler-changed }} | |
| imageprocessingsqshandler-changed: ${{ steps.detect.outputs.imageprocessingsqshandler-changed }} | |
| videoprocessingsqshandler-changed: ${{ steps.detect.outputs.videoprocessingsqshandler-changed }} | |
| worker-changed: ${{ steps.detect.outputs.worker-changed }} | |
| infrastructure-changed: ${{ steps.detect.outputs.infrastructure-changed }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: ./.github/actions/detect_changes_turbo | |
| id: detect | |
| with: | |
| GITHUB_SHA: ${{ github.sha }} | |
| BASE_SHA: ${{ github.event.before || 'HEAD~1' }} | |
| INFRASTRUCTURE_CHANGED: ${{ needs.build_deploy_infrastructure.outputs.changes-made || 'false' }} | |
| build_deploy_frontend: | |
| runs-on: ubuntu-latest | |
| needs: [build_deploy_infrastructure, detect_changes] | |
| if: needs.detect_changes.outputs.frontend-changed == 'true' || needs.detect_changes.outputs.infrastructure-changed == 'true' | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: ./.github/actions/build_deploy_frontend | |
| with: | |
| ENVIRONMENT: production | |
| NEXT_PUBLIC_API_URL: "https://ava-factory.ai" | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| GITHUB_SHA: ${{ github.sha }} | |
| GITHUB_JOB: ${{ github.job }} | |
| NEXT_PUBLIC_SENTRY_FRONTEND_DSN: ${{ secrets.SENTRY_FRONTEND_DSN }} | |
| SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
| build_deploy_backend: | |
| runs-on: ubuntu-latest | |
| needs: [build_deploy_infrastructure, detect_changes] | |
| if: needs.detect_changes.outputs.backend-changed == 'true' || needs.detect_changes.outputs.infrastructure-changed == 'true' | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: ./.github/actions/build_deploy_backend | |
| with: | |
| ENVIRONMENT: production | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| GITHUB_SHA: ${{ github.sha }} | |
| GITHUB_JOB: ${{ github.job }} | |
| build_deploy_worker: | |
| runs-on: ubuntu-latest | |
| needs: [build_deploy_infrastructure, detect_changes] | |
| if: needs.detect_changes.outputs.worker-changed == 'true' || needs.detect_changes.outputs.infrastructure-changed == 'true' | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: ./.github/actions/build_deploy_worker | |
| with: | |
| ENVIRONMENT: production | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| GITHUB_SHA: ${{ github.sha }} | |
| GITHUB_JOB: ${{ github.job }} | |
| build_deploy_kling_video_queue_handler: | |
| runs-on: ubuntu-latest | |
| needs: [build_deploy_infrastructure, detect_changes] | |
| if: needs.detect_changes.outputs.klingvideosqs-changed == 'true' || needs.detect_changes.outputs.infrastructure-changed == 'true' | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: ./.github/actions/build_deploy_kling_video_queue_handler | |
| with: | |
| ENVIRONMENT: production | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| GITHUB_SHA: ${{ github.sha }} | |
| GITHUB_JOB: ${{ github.job }} | |
| build_deploy_seedream_image_generation_queue_handler: | |
| runs-on: ubuntu-latest | |
| needs: [build_deploy_infrastructure, detect_changes] | |
| if: needs.detect_changes.outputs.seedreamsqshandler-changed == 'true' || needs.detect_changes.outputs.infrastructure-changed == 'true' | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: ./.github/actions/build_deploy_seedream_image_generation_queue_handler | |
| with: | |
| ENVIRONMENT: production | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| GITHUB_SHA: ${{ github.sha }} | |
| GITHUB_JOB: ${{ github.job }} | |
| build_deploy_nano_banana_image_generation_queue_handler: | |
| runs-on: ubuntu-latest | |
| needs: [build_deploy_infrastructure, detect_changes] | |
| if: needs.detect_changes.outputs.nanobananasqshandler-changed == 'true' || needs.detect_changes.outputs.infrastructure-changed == 'true' | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: ./.github/actions/build_deploy_nano_banana_image_generation_queue_handler | |
| with: | |
| ENVIRONMENT: production | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| GITHUB_SHA: ${{ github.sha }} | |
| build_deploy_image_processing_queue_handler: | |
| runs-on: ubuntu-latest | |
| needs: [build_deploy_infrastructure, detect_changes] | |
| if: needs.detect_changes.outputs.imageprocessingsqshandler-changed == 'true' || needs.detect_changes.outputs.infrastructure-changed == 'true' | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: ./.github/actions/build_deploy_image_processing_queue_handler | |
| with: | |
| ENVIRONMENT: production | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| GITHUB_SHA: ${{ github.sha }} | |
| GITHUB_JOB: ${{ github.job }} | |
| build_deploy_video_processing_queue_handler: | |
| runs-on: ubuntu-latest | |
| needs: [build_deploy_infrastructure, detect_changes] | |
| if: needs.detect_changes.outputs.videoprocessingsqshandler-changed == 'true' || needs.detect_changes.outputs.infrastructure-changed == 'true' | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: ./.github/actions/build_deploy_video_processing_queue_handler | |
| with: | |
| ENVIRONMENT: production | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| GITHUB_SHA: ${{ github.sha }} | |
| GITHUB_JOB: ${{ github.job }} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment