From b0dfdf44f16e5d1143bdbc5110681ef434c45e39 Mon Sep 17 00:00:00 2001 From: Nirmal Sunny Date: Wed, 20 May 2026 11:41:34 +0100 Subject: [PATCH 1/2] [Platform Migration] Add `dev` deployment target --- .github/workflows/deploy.yml | 13 +++++++++---- .github/workflows/main.yml | 19 +++++++++++++++++++ config.toml | 8 +++++++- 3 files changed, 35 insertions(+), 5 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 7e2055827e..ec2021ba54 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -12,9 +12,14 @@ on: required: false type: string default: "us-west-2" + deploy-role-arn: + description: "AWS OIDC role ARN to assume" + required: false + type: string + default: "" secrets: AWS_OIDC_ROLE: - required: true + required: false HUGO_LLM_API: required: true HUGO_RAG_API: @@ -40,7 +45,7 @@ jobs: contents: read steps: # Checks-out the repository under $GITHUB_WORKSPACE, so the job can access it - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: submodules: true # Fetch Hugo Themes fetch-depth: 0 @@ -60,9 +65,9 @@ jobs: run: npm install postcss-cli - name: AWS Github OIDC Login - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@v6 with: - role-to-assume: ${{ secrets.AWS_OIDC_ROLE }} + role-to-assume: ${{ inputs.deploy-role-arn || secrets.AWS_OIDC_ROLE }} aws-region: ${{ inputs.aws-region }} # Builds arm-software-developer repo diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 72c9b0f0e9..3232c9d91f 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -11,6 +11,7 @@ on: workflow_dispatch: jobs: + # Deprecated: kept temporarily while the dev deployment is validated. build_and_deploy_internal: name: Build and Deploy Internal uses: ./.github/workflows/deploy.yml @@ -27,3 +28,21 @@ jobs: HUGO_PHI_ONNX_LLM_API: ${{ secrets.HUGO_PHI_ONNX_LLM_API }} HUGO_DEV_PROG_SIGNIUP_FORM_MUNCHKIN_ID: ${{ secrets.HUGO_DEV_PROG_SIGNIUP_FORM_MUNCHKIN_ID }} HUGO_FORM_ID_FOR_PROGRAM_SIGNUP: ${{ secrets.HUGO_FORM_ID_FOR_PROGRAM_SIGNUP }} + + build_and_deploy_dev: + name: Build and Deploy Dev + uses: ./.github/workflows/deploy.yml + permissions: + id-token: write + contents: read + with: + target: dev + aws-region: us-east-1 + deploy-role-arn: arn:aws:iam::688080325088:role/Proj-GHA-arm-learning-paths-dev + secrets: + HUGO_LLM_API: ${{ secrets.HUGO_LLM_API }} + HUGO_RAG_API: ${{ secrets.HUGO_RAG_API }} + HUGO_AUDIO_API: ${{ secrets.HUGO_AUDIO_API }} + HUGO_PHI_ONNX_LLM_API: ${{ secrets.HUGO_PHI_ONNX_LLM_API }} + HUGO_DEV_PROG_SIGNIUP_FORM_MUNCHKIN_ID: ${{ secrets.HUGO_DEV_PROG_SIGNIUP_FORM_MUNCHKIN_ID }} + HUGO_FORM_ID_FOR_PROGRAM_SIGNUP: ${{ secrets.HUGO_FORM_ID_FOR_PROGRAM_SIGNUP }} diff --git a/config.toml b/config.toml index 512a7a0ee3..12c39f7bba 100644 --- a/config.toml +++ b/config.toml @@ -13,11 +13,17 @@ name = "internal-existing" URL = "s3://armswdev.tk?region=us-east-1" cloudFrontDistributionID = "E2VDQ2CYZATMO9" +# Deprecated: kept temporarily while the dev deployment is validated. [[deployment.targets]] name = "internal" URL = "s3://arm-learning-paths-internal?region=us-west-2" cloudFrontDistributionID = "ENN4LK1IZUDIX" +[[deployment.targets]] +name = "dev" +URL = "s3://arm-learning-paths-dev?region=us-east-1" +cloudFrontDistributionID = "EAMKPMDBM18II" + [[deployment.targets]] name = "production" URL = "s3://arm-learning-paths?region=us-west-2" @@ -102,4 +108,4 @@ math = true notAlternative = true [outputs] - home = ["HTML", "COVEO"] \ No newline at end of file + home = ["HTML", "COVEO"] From 43f05afac85d42fccaae1e8810f94609a2312d9f Mon Sep 17 00:00:00 2001 From: Nirmal Sunny Date: Wed, 20 May 2026 17:33:57 +0100 Subject: [PATCH 2/2] add prod --- .github/workflows/production.yml | 21 ++++++++++++++++++++- config.toml | 6 ++++++ 2 files changed, 26 insertions(+), 1 deletion(-) diff --git a/.github/workflows/production.yml b/.github/workflows/production.yml index b3b393fb83..adaadd4e88 100644 --- a/.github/workflows/production.yml +++ b/.github/workflows/production.yml @@ -11,8 +11,9 @@ on: workflow_dispatch: jobs: + # Deprecated: kept temporarily while the prod deployment is validated. build_and_deploy_production: - name: Build and Deploy Production + name: Build and Deploy Production Deprecated uses: ./.github/workflows/deploy.yml permissions: id-token: write @@ -27,3 +28,21 @@ jobs: HUGO_PHI_ONNX_LLM_API: ${{ secrets.HUGO_PHI_ONNX_LLM_API }} HUGO_DEV_PROG_SIGNIUP_FORM_MUNCHKIN_ID: ${{ secrets.HUGO_DEV_PROG_SIGNIUP_FORM_MUNCHKIN_ID }} HUGO_FORM_ID_FOR_PROGRAM_SIGNUP: ${{ secrets.HUGO_FORM_ID_FOR_PROGRAM_SIGNUP }} + + build_and_deploy_prod: + name: Build and Deploy Prod + uses: ./.github/workflows/deploy.yml + permissions: + id-token: write + contents: read + with: + target: prod + aws-region: us-east-1 + deploy-role-arn: arn:aws:iam::084149021538:role/Proj-GHA-arm-learning-paths-prod + secrets: + HUGO_LLM_API: ${{ secrets.HUGO_LLM_API }} + HUGO_RAG_API: ${{ secrets.HUGO_RAG_API }} + HUGO_AUDIO_API: ${{ secrets.HUGO_AUDIO_API }} + HUGO_PHI_ONNX_LLM_API: ${{ secrets.HUGO_PHI_ONNX_LLM_API }} + HUGO_DEV_PROG_SIGNIUP_FORM_MUNCHKIN_ID: ${{ secrets.HUGO_DEV_PROG_SIGNIUP_FORM_MUNCHKIN_ID }} + HUGO_FORM_ID_FOR_PROGRAM_SIGNUP: ${{ secrets.HUGO_FORM_ID_FOR_PROGRAM_SIGNUP }} diff --git a/config.toml b/config.toml index 12c39f7bba..772ab5f9f0 100644 --- a/config.toml +++ b/config.toml @@ -24,11 +24,17 @@ name = "dev" URL = "s3://arm-learning-paths-dev?region=us-east-1" cloudFrontDistributionID = "EAMKPMDBM18II" +# Deprecated: kept temporarily while the prod deployment is validated. [[deployment.targets]] name = "production" URL = "s3://arm-learning-paths?region=us-west-2" cloudFrontDistributionID = "E2NEF61QWPFRIH" +[[deployment.targets]] +name = "prod" +URL = "s3://arm-learning-paths-prod?region=us-east-1" +cloudFrontDistributionID = "E2IA2AC83UE2VJ" + [markup] [markup.goldmark] [markup.goldmark.renderer]