Reusable deploy workflow (#46)

* Refactor deployment workflow to use reusable GitHub Actions

* Update deployment workflows to use reusable patterns and enhance DEV deployment process

Author: mwarman

.github/workflows/deploy-dev.yml

@@ -9,77 +9,10 @@ concurrency:
 
 jobs:
   deploy:
-    name: Deploy
-    runs-on: ubuntu-latest
-    timeout-minutes: 15
-
-    permissions:
-      contents: read
-      id-token: write
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v6
-
-      - name: Setup Node.js
-        uses: actions/setup-node@v6
-        with:
-          node-version-file: .nvmrc
-          cache: 'npm'
-
-      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v6
-        with:
-          role-to-assume: ${{ vars.AWS_ROLE_ARN_DEV }}
-          aws-region: ${{ vars.AWS_REGION }}
-          role-session-name: deploy-dev-lambda-starter
-
-      - name: Install dependencies
-        run: npm ci
-
-      - name: Build application
-        run: npm run build
-
-      - name: Run tests
-        run: npm run test
-
-      - name: Install infrastructure dependencies
-        working-directory: ./infrastructure
-        run: npm ci
-
-      - name: Create infrastructure .env file
-        working-directory: ./infrastructure
-        run: echo "${{ vars.CDK_ENV_DEV }}" > .env
-
-      - name: Build infrastructure
-        working-directory: ./infrastructure
-        run: npm run build
-
-      - name: Bootstrap CDK (if needed)
-        working-directory: ./infrastructure
-        run: |
-          # Check if bootstrap is needed
-          if ! aws cloudformation describe-stacks --stack-name CDKToolkit --region ${{ vars.AWS_REGION }} >/dev/null 2>&1; then
-            echo "Bootstrapping CDK..."
-            npm run bootstrap
-          else
-            echo "CDK already bootstrapped"
-          fi
-
-      - name: Synthesize CDK stacks
-        working-directory: ./infrastructure
-        run: npm run synth
-
-      - name: Deploy CDK stacks
-        working-directory: ./infrastructure
-        run: npm run deploy:all -- --require-approval never --progress events
-
-      # Final Step: Clean up sensitive infrastructure files
-      - name: Clean up sensitive files
-        if: always()
-        working-directory: ./infrastructure
-        run: |
-          echo "🧹 Cleaning up sensitive files..."
-          rm -f .env
-          rm -rf cdk.out
-          echo "✅ Sensitive files cleaned up"
+    name: Deploy to DEV
+    uses: ./.github/workflows/deploy-reusable.yml
+    with:
+      aws_role_arn: ${{ vars.AWS_ROLE_ARN_DEV }}
+      aws_region: ${{ vars.AWS_REGION }}
+      cdk_env: ${{ vars.CDK_ENV_DEV }}
+    secrets: inherit

.github/workflows/deploy-reusable.yml

@@ -0,0 +1,95 @@
+name: Deploy (Reusable)
+
+on:
+  workflow_call:
+    inputs:
+      aws_role_arn:
+        description: 'AWS Role ARN for credential assumption'
+        required: true
+        type: string
+      aws_region:
+        description: 'AWS region'
+        required: false
+        type: string
+        default: 'us-east-1'
+      cdk_env:
+        description: 'CDK environment variables'
+        required: true
+        type: string
+
+jobs:
+  deploy:
+    name: Deploy
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+
+    permissions:
+      contents: read
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v6
+        with:
+          node-version-file: .nvmrc
+          cache: 'npm'
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v6
+        with:
+          role-to-assume: ${{ inputs.aws_role_arn }}
+          aws-region: ${{ inputs.aws_region }}
+          role-session-name: deploy-lambda-starter
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Build application
+        run: npm run build
+
+      - name: Run tests
+        run: npm run test
+
+      - name: Install infrastructure dependencies
+        working-directory: ./infrastructure
+        run: npm ci
+
+      - name: Create infrastructure .env file
+        working-directory: ./infrastructure
+        run: echo "${{ inputs.cdk_env }}" > .env
+
+      - name: Build infrastructure
+        working-directory: ./infrastructure
+        run: npm run build
+
+      - name: Bootstrap CDK (if needed)
+        working-directory: ./infrastructure
+        run: |
+          # Check if bootstrap is needed
+          if ! aws cloudformation describe-stacks --stack-name CDKToolkit --region ${{ inputs.aws_region }} >/dev/null 2>&1; then
+            echo "Bootstrapping CDK..."
+            npm run bootstrap
+          else
+            echo "CDK already bootstrapped"
+          fi
+
+      - name: Synthesize CDK stacks
+        working-directory: ./infrastructure
+        run: npm run synth
+
+      - name: Deploy CDK stacks
+        working-directory: ./infrastructure
+        run: npm run deploy:all -- --require-approval never --progress events
+
+      # Final Step: Clean up sensitive infrastructure files
+      - name: Clean up sensitive files
+        if: always()
+        working-directory: ./infrastructure
+        run: |
+          echo "🧹 Cleaning up sensitive files..."
+          rm -f .env
+          rm -rf cdk.out
+          echo "✅ Sensitive files cleaned up"

docs/DevOpsGuide.md

@@ -36,13 +36,17 @@ The project utilizes the following workflows.
 
 ## Deployment Workflows
 
-The project includes environment-specific deployment workflows that use GitHub Actions to deploy the application and infrastructure to AWS. Deployments require proper AWS credentials and environment variables to be configured.
+The project includes deployment workflows that use GitHub Actions to deploy the application and infrastructure to AWS. These workflows use a reusable workflow pattern to maintain consistency across environments. Deployments require proper AWS credentials and environment variables to be configured.
 
-### Deploy to DEV
+### Deploy (Reusable)
 
-**Workflow:** `deploy-dev.yml`
+**Workflow:** `deploy-reusable.yml`
+
+A reusable workflow that provides the foundational deployment logic. This workflow is called by environment-specific deployment workflows and accepts the following inputs:
 
-Manually triggered workflow that deploys the application and infrastructure to the DEV environment.
+- `aws_role_arn` (required): AWS IAM role ARN for credential assumption
+- `aws_region` (optional): AWS region (defaults to `us-east-1`)
+- `cdk_env` (required): CDK environment variables containing stack configuration
 
 **Process:**
 
@@ -51,11 +55,29 @@ Manually triggered workflow that deploys the application and infrastructure to t
 3. Configures AWS credentials via OIDC role assumption
 4. Installs and builds application code
 5. Runs all application tests
-6. Installs and builds infrastructure code
-7. Bootstraps CDK (if needed)
-8. Synthesizes CDK stacks
-9. Deploys all CDK stacks
-10. Cleans up sensitive files
+6. Installs infrastructure dependencies
+7. Creates `.env` file with CDK configuration
+8. Builds infrastructure code
+9. Bootstraps CDK (if needed)
+10. Synthesizes CDK stacks
+11. Deploys all CDK stacks using `npm run deploy:all -- --require-approval never --progress events`
+12. Cleans up sensitive files (`.env`, `cdk.out`)
+
+### Deploy to DEV
+
+**Workflow:** `deploy-dev.yml`
+
+Environment-specific workflow that triggers the reusable deployment workflow for the DEV environment.
+
+**Process:**
+
+- Calls the reusable `deploy-reusable.yml` workflow
+- Passes DEV-specific configuration:
+  - `AWS_ROLE_ARN_DEV` as the AWS role ARN
+  - `AWS_REGION` as the AWS region
+  - `CDK_ENV_DEV` as the CDK environment variables
+
+**Concurrency:** Only one DEV deployment can run at a time; subsequent requests will cancel the in-progress workflow.
 
 **Trigger:** Manual (`workflow_dispatch`)