Skip to content

Instantly share code, notes, and snippets.

@Virtual-Robert

Virtual-Robert/production-workflow-fixed.yml

Created May 22, 2026 19:10
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save Virtual-Robert/7127ffbcbf488156f8a9e11dd471e6e4 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save Virtual-Robert/7127ffbcbf488156f8a9e11dd471e6e4 to your computer and use it in GitHub Desktop.
Download ZIP
Dark Factory production.yml with static AWS keys
Raw
production-workflow-fixed.yml
name: CI/CD Pipeline Production
on:
push:
branches: [main]
jobs:
# TODO: Re-enable typecheck job after fixing PageProps/LayoutProps type debt
# See: https://github.com/Virtual-Robert/AVA-dark-factory/issues (create ticket)
build_deploy_infrastructure:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
outputs:
changes-made: ${{ steps.infrastructure.outputs.changes-made }}
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/build_deploy_infrastructure
id: infrastructure
with:
ENVIRONMENT: production
ROOT_DOMAIN: "ava-factory.ai"
# Using static keys instead of OIDC (GitHub-hosted runners)
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_ACCOUNT_ID: ${{ secrets.AWS_PRODUCTION_ACCOUNT_ID }}
GITHUB_SHA: ${{ github.sha }}
GITHUB_JOB: ${{ github.job }}
AUTH_RESEND_KEY: ${{ secrets.AUTH_RESEND_KEY }}
AUTH0_CLIENT_ID: ${{ secrets.AUTH0_CLIENT_ID }}
AUTH0_CLIENT_SECRET: ${{ secrets.AUTH0_CLIENT_SECRET }}
AUTH0_ISSUER: ${{ secrets.AUTH0_ISSUER }}
FIGMA_CLIENT_ID: ${{ secrets.FIGMA_CLIENT_ID }}
FIGMA_CLIENT_SECRET: ${{ secrets.FIGMA_CLIENT_SECRET }}
KLING_ACCESS_ID: ${{ secrets.KLING_ACCESS_ID }}
KLING_ACCESS_SECRET: ${{ secrets.KLING_ACCESS_SECRET }}
MIXPANEL_TOKEN: ${{ secrets.MIXPANEL_TOKEN }}
SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
SENTRY_FRONTEND_DSN: ${{ secrets.SENTRY_FRONTEND_DSN }}
BYTEPLUS_API_KEY: ${{ secrets.BYTEPLUS_API_KEY }}
GEMINI_API_KEY: ${{ secrets.GEMINI_API_KEY }}
detect_changes:
runs-on: ubuntu-latest
needs: build_deploy_infrastructure
permissions:
contents: read
outputs:
frontend-changed: ${{ steps.detect.outputs.frontend-changed }}
backend-changed: ${{ steps.detect.outputs.backend-changed }}
klingvideosqs-changed: ${{ steps.detect.outputs.klingvideosqs-changed }}
seedreamsqshandler-changed: ${{ steps.detect.outputs.seedreamsqshandler-changed }}
nanobananasqshandler-changed: ${{ steps.detect.outputs.nanobananasqshandler-changed }}
imageprocessingsqshandler-changed: ${{ steps.detect.outputs.imageprocessingsqshandler-changed }}
videoprocessingsqshandler-changed: ${{ steps.detect.outputs.videoprocessingsqshandler-changed }}
worker-changed: ${{ steps.detect.outputs.worker-changed }}
infrastructure-changed: ${{ steps.detect.outputs.infrastructure-changed }}
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/detect_changes_turbo
id: detect
with:
GITHUB_SHA: ${{ github.sha }}
BASE_SHA: ${{ github.event.before || 'HEAD~1' }}
INFRASTRUCTURE_CHANGED: ${{ needs.build_deploy_infrastructure.outputs.changes-made || 'false' }}
build_deploy_frontend:
runs-on: ubuntu-latest
needs: [build_deploy_infrastructure, detect_changes]
if: needs.detect_changes.outputs.frontend-changed == 'true' || needs.detect_changes.outputs.infrastructure-changed == 'true'
permissions:
id-token: write
contents: read
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/build_deploy_frontend
with:
ENVIRONMENT: production
NEXT_PUBLIC_API_URL: "https://ava-factory.ai"
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
GITHUB_SHA: ${{ github.sha }}
GITHUB_JOB: ${{ github.job }}
NEXT_PUBLIC_SENTRY_FRONTEND_DSN: ${{ secrets.SENTRY_FRONTEND_DSN }}
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
build_deploy_backend:
runs-on: ubuntu-latest
needs: [build_deploy_infrastructure, detect_changes]
if: needs.detect_changes.outputs.backend-changed == 'true' || needs.detect_changes.outputs.infrastructure-changed == 'true'
permissions:
id-token: write
contents: read
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/build_deploy_backend
with:
ENVIRONMENT: production
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
GITHUB_SHA: ${{ github.sha }}
GITHUB_JOB: ${{ github.job }}
build_deploy_worker:
runs-on: ubuntu-latest
needs: [build_deploy_infrastructure, detect_changes]
if: needs.detect_changes.outputs.worker-changed == 'true' || needs.detect_changes.outputs.infrastructure-changed == 'true'
permissions:
id-token: write
contents: read
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/build_deploy_worker
with:
ENVIRONMENT: production
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
GITHUB_SHA: ${{ github.sha }}
GITHUB_JOB: ${{ github.job }}
build_deploy_kling_video_queue_handler:
runs-on: ubuntu-latest
needs: [build_deploy_infrastructure, detect_changes]
if: needs.detect_changes.outputs.klingvideosqs-changed == 'true' || needs.detect_changes.outputs.infrastructure-changed == 'true'
permissions:
id-token: write
contents: read
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/build_deploy_kling_video_queue_handler
with:
ENVIRONMENT: production
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
GITHUB_SHA: ${{ github.sha }}
GITHUB_JOB: ${{ github.job }}
build_deploy_seedream_image_generation_queue_handler:
runs-on: ubuntu-latest
needs: [build_deploy_infrastructure, detect_changes]
if: needs.detect_changes.outputs.seedreamsqshandler-changed == 'true' || needs.detect_changes.outputs.infrastructure-changed == 'true'
permissions:
id-token: write
contents: read
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/build_deploy_seedream_image_generation_queue_handler
with:
ENVIRONMENT: production
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
GITHUB_SHA: ${{ github.sha }}
GITHUB_JOB: ${{ github.job }}
build_deploy_nano_banana_image_generation_queue_handler:
runs-on: ubuntu-latest
needs: [build_deploy_infrastructure, detect_changes]
if: needs.detect_changes.outputs.nanobananasqshandler-changed == 'true' || needs.detect_changes.outputs.infrastructure-changed == 'true'
permissions:
id-token: write
contents: read
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/build_deploy_nano_banana_image_generation_queue_handler
with:
ENVIRONMENT: production
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
GITHUB_SHA: ${{ github.sha }}
build_deploy_image_processing_queue_handler:
runs-on: ubuntu-latest
needs: [build_deploy_infrastructure, detect_changes]
if: needs.detect_changes.outputs.imageprocessingsqshandler-changed == 'true' || needs.detect_changes.outputs.infrastructure-changed == 'true'
permissions:
id-token: write
contents: read
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/build_deploy_image_processing_queue_handler
with:
ENVIRONMENT: production
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
GITHUB_SHA: ${{ github.sha }}
GITHUB_JOB: ${{ github.job }}
build_deploy_video_processing_queue_handler:
runs-on: ubuntu-latest
needs: [build_deploy_infrastructure, detect_changes]
if: needs.detect_changes.outputs.videoprocessingsqshandler-changed == 'true' || needs.detect_changes.outputs.infrastructure-changed == 'true'
permissions:
id-token: write
contents: read
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/build_deploy_video_processing_queue_handler
with:
ENVIRONMENT: production
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
GITHUB_SHA: ${{ github.sha }}
GITHUB_JOB: ${{ github.job }}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment