Skip to content

[major] Major release: Laravel/PHP/Node platform upgrade #356

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
rbruhn merged 20 commits into from
May 17, 2026
Merged

[major] Major release: Laravel/PHP/Node platform upgrade #356

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
8934218
Remove unused `SnsTopicSubscriptionEvent` and its associated dependen…
rbruhn May 11, 2026
00d508b
Merge branch 'main' into Biospex-350
rbruhn May 11, 2026
a226388
Update Composer dependencies to the latest versions and remove `maste…
rbruhn May 12, 2026
024c09a
Refactor event logging and simplify response cache configuration
rbruhn May 13, 2026
b2dc597
Update `composer.lock` to reflect latest dependency versions
rbruhn May 13, 2026
3a3fc69
Migrate OpCache reset functionality to API v1 and remove obsolete adm…
rbruhn May 13, 2026
d28b6ae
Update Node.js version and replace public-ip action in deploy.yml
rbruhn May 14, 2026
9f634f1
Merge pull request #352 from AustinMastLab/Biospex-351
rbruhn May 14, 2026
1199143
Refactor OpCache reset handling and streamline `config/app.php` imports
rbruhn May 14, 2026
2fe54f1
Merge branch 'development' into Biospex-350
rbruhn May 14, 2026
5ff3976
Update Composer dependencies and enhance response cache configuration
rbruhn May 14, 2026
db94814
Remove `VerifyCsrfToken` middleware and replace it with `PreventReque…
rbruhn May 14, 2026
f8a8fcd
Update Composer dependencies and require Deployer v8
rbruhn May 15, 2026
e0506ce
Update Composer dependencies and upgrade `intervention/*` packages to…
rbruhn May 15, 2026
4024d01
Merge pull request #353 from AustinMastLab/Biospex-350
rbruhn May 15, 2026
0d939aa
Streamline `sanctum.php` configuration by simplifying middleware imports
rbruhn May 16, 2026
405e989
Update Composer dependencies and streamline deployment workflows
rbruhn May 16, 2026
aabb604
Merge pull request #355 from AustinMastLab/Biospex-354
rbruhn May 16, 2026
ddfdf83
Upgrade `webfactory/ssh-agent` action to v0.10.0 in deploy workflow
rbruhn May 16, 2026
31c3c5a
Merge remote-tracking branch 'origin/development' into development
rbruhn May 16, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
124 changes: 87 additions & 37 deletions .github/workflows/deploy.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,15 +21,14 @@ name: Build and Deploy
on:
push:
branches:
- main # Calculates version, deploys to production, then creates release
- development # Development environment
- main
- development

permissions:
id-token: write
contents: read

jobs:
# Calculate the next version number — deployment and release creation happen in subsequent jobs
calculate-version:
runs-on: ubuntu-latest
if: "github.ref == 'refs/heads/main' && !contains(github.event.head_commit.message, '[skip deploy]') && !contains(github.event.head_commit.message, '[no deploy]')"
Expand All @@ -39,7 +38,7 @@ jobs:
steps:
- uses: actions/checkout@v6
with:
fetch-depth: 0 # Fetch all history for proper versioning
fetch-depth: 0

- name: Determine version bump
id: version_bump
Expand Down Expand Up @@ -80,7 +79,7 @@ jobs:
run: |
CURRENT="${{ steps.version_bump.outputs.current_version }}"
BUMP_TYPE="${{ steps.version_bump.outputs.bump_type }}"

# Parse current version
if [[ $CURRENT =~ ^([0-9]+)\.([0-9]+)\.([0-9]+) ]]; then
MAJOR=${BASH_REMATCH[1]}
Expand All @@ -91,7 +90,7 @@ jobs:
MINOR=0
PATCH=0
fi

# Increment based on bump type
case $BUMP_TYPE in
"major")
Expand All @@ -107,39 +106,43 @@ jobs:
PATCH=$((PATCH + 1))
;;
esac

NEW_VERSION="$MAJOR.$MINOR.$PATCH"
echo "New version: $NEW_VERSION"
echo "new_version=$NEW_VERSION" >> $GITHUB_OUTPUT
echo "new_version=$NEW_VERSION" >> "$GITHUB_OUTPUT"

# Production deployment (runs after version is calculated)
build-and-deploy-production:
needs: calculate-version
runs-on: ubuntu-latest
environment: production
if: "github.ref == 'refs/heads/main' && !contains(github.event.head_commit.message, '[skip deploy]') && !contains(github.event.head_commit.message, '[no deploy]')"
steps:
- uses: actions/checkout@v6

- name: Get Runner IP
id: ip
uses: haythem/public-ip@v1.3
run: echo "ipv4=$(curl -s https://checkip.amazonaws.com)" >> "$GITHUB_OUTPUT"

- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v6
with:
role-to-assume: arn:aws:iam::147899039648:role/GitHubActionsDeployRole
aws-region: ${{ secrets.AWS_REGION }}

- name: Whitelist Runner IP in AWS Security Group
run: |
aws ec2 authorize-security-group-ingress \
--group-id ${{ secrets.AWS_SECURITY_GROUP_ID }} \
--protocol tcp \
--port 22 \
--cidr ${{ steps.ip.outputs.ipv4 }}/32

- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
php-version: '8.3'
php-version: '8.5'
extensions: mbstring, xml, bcmath, ctype, json, tokenizer, pdo, pdo_mysql

- name: Cache Composer packages
id: composer-cache
uses: actions/cache@v5
Expand All @@ -148,30 +151,35 @@ jobs:
key: ${{ runner.os }}-php-${{ hashFiles('**/composer.lock') }}
restore-keys: |
${{ runner.os }}-php-
- name: Install Composer dependencies
run: composer install --prefer-dist --no-progress --no-suggest --no-dev --optimize-autoloader --no-scripts

- name: Install Composer dependencies for deployment runner
run: composer install --prefer-dist --no-progress --no-suggest --optimize-autoloader --no-scripts

- name: Setup Node.js
uses: actions/setup-node@v6
with:
node-version: '20'
node-version: '24'
cache: 'yarn'

- name: Install Yarn dependencies
run: yarn install --frozen-lockfile --ignore-engines

- name: Build assets for Production
run: npm run production
env:
MIX_REVERB_APP_KEY: ${{ vars.PROD_REVERB_APP_KEY }}
MIX_REVERB_HOST: ${{ vars.PROD_REVERB_HOST }}
MIX_REVERB_PORT: ${{ vars.PROD_REVERB_PORT }}
MIX_REVERB_SCHEME: ${{ vars.PROD_REVERB_SCHEME }}

- name: Create deployment package
run: |
# Clean any prior
rm -rf deployment-package || true

# Create isolated temp dir
TEMP_DIR=$(mktemp -d)

# Sync repo files to temp (exclusions prevent bloat/self-ref)
rsync -av \
--exclude=node_modules \
Expand All @@ -181,28 +189,45 @@ jobs:
--exclude=storage/logs \
--exclude=vendor \
. "$TEMP_DIR/"

# Copy assets into temp/public/ (these are already built via npm run production)
cp -r public/css public/js public/fonts public/images public/svg public/mix-manifest.json "$TEMP_DIR/public/" || true

# Rename to package name
mv "$TEMP_DIR" deployment-package

- name: Upload deployment artifact
uses: actions/upload-artifact@v7
with:
name: biospex-${{ github.sha }}
path: deployment-package/
retention-days: 30
- name: Deploy with Deployer
uses: deployphp/action@v1

- name: Setup SSH key
uses: webfactory/ssh-agent@v0.10.0
with:
private-key: ${{ secrets.DEPLOY_PRIVATE_KEY }}
dep: deploy production
ssh-private-key: ${{ secrets.DEPLOY_PRIVATE_KEY }}

- name: Configure SSH host key checking
run: |
mkdir -p ~/.ssh
cat > ~/.ssh/config <<'EOF'
Host *
StrictHostKeyChecking no
UserKnownHostsFile=/dev/null
EOF
chmod 700 ~/.ssh
chmod 600 ~/.ssh/config

- name: Deploy with Deployer
run: vendor/bin/dep deploy production
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_SHA: ${{ github.sha }}
GITHUB_REPO: ${{ github.repository }}
API_TOKEN: ${{ secrets.API_TOKEN }}
OPCACHE_WEBHOOK_TOKEN: ${{ secrets.OPCACHE_WEBHOOK_TOKEN }}

- name: Revoke Runner IP from AWS Security Group
if: always()
run: |
Expand All @@ -212,7 +237,6 @@ jobs:
--port 22 \
--cidr ${{ steps.ip.outputs.ipv4 }}/32

# Create release only after a successful production deployment
create-release:
needs: [calculate-version, build-and-deploy-production]
runs-on: ubuntu-latest
Expand Down Expand Up @@ -254,30 +278,34 @@ jobs:
build-and-deploy-development:
runs-on: ubuntu-latest
environment: development
# Skip deployment if commit message contains [skip deploy] or [no deploy]
if: "github.ref == 'refs/heads/development' && !contains(github.event.head_commit.message, '[skip deploy]') && !contains(github.event.head_commit.message, '[no deploy]')"
steps:
- uses: actions/checkout@v6

- name: Get Runner IP
id: ip
uses: haythem/public-ip@v1.3
run: echo "ipv4=$(curl -s https://checkip.amazonaws.com)" >> "$GITHUB_OUTPUT"

- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v6
with:
role-to-assume: arn:aws:iam::147899039648:role/GitHubActionsDeployRole
aws-region: ${{ secrets.AWS_REGION }}

- name: Whitelist Runner IP in AWS Security Group
run: |
aws ec2 authorize-security-group-ingress \
--group-id ${{ secrets.AWS_SECURITY_GROUP_ID }} \
--protocol tcp \
--port 22 \
--cidr ${{ steps.ip.outputs.ipv4 }}/32

- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
php-version: '8.3'
php-version: '8.5'
extensions: mbstring, xml, bcmath, ctype, json, tokenizer, pdo, pdo_mysql

- name: Cache Composer packages
id: composer-cache
uses: actions/cache@v5
Expand All @@ -286,30 +314,35 @@ jobs:
key: ${{ runner.os }}-php-${{ hashFiles('**/composer.lock') }}
restore-keys: |
${{ runner.os }}-php-
- name: Install Composer dependencies
run: composer install --prefer-dist --no-progress --no-suggest --no-dev --optimize-autoloader --no-scripts

- name: Install Composer dependencies for deployment runner
run: composer install --prefer-dist --no-progress --no-suggest --optimize-autoloader --no-scripts

- name: Setup Node.js
uses: actions/setup-node@v6
with:
node-version: '20'
node-version: '24'
cache: 'yarn'

- name: Install Yarn dependencies
run: yarn install --frozen-lockfile --ignore-engines

- name: Build assets for Development
run: npm run production
env:
MIX_REVERB_APP_KEY: ${{ vars.DEV_REVERB_APP_KEY }}
MIX_REVERB_HOST: ${{ vars.DEV_REVERB_HOST }}
MIX_REVERB_PORT: ${{ vars.DEV_REVERB_PORT }}
MIX_REVERB_SCHEME: ${{ vars.DEV_REVERB_SCHEME }}

- name: Create deployment package
run: |
# Clean any prior
rm -rf deployment-package || true

# Create isolated temp dir
TEMP_DIR=$(mktemp -d)

# Sync repo files to temp (exclusions prevent bloat/self-ref)
rsync -av \
--exclude=node_modules \
Expand All @@ -319,28 +352,45 @@ jobs:
--exclude=storage/logs \
--exclude=vendor \
. "$TEMP_DIR/"

# Copy assets into temp/public/ (these are already built via npm run production)
cp -r public/css public/js public/fonts public/images public/svg public/mix-manifest.json "$TEMP_DIR/public/" || true

# Rename to package name
mv "$TEMP_DIR" deployment-package

- name: Upload deployment artifact
uses: actions/upload-artifact@v7
with:
name: biospex-${{ github.sha }}
path: deployment-package/
retention-days: 30
- name: Deploy with Deployer
uses: deployphp/action@v1

- name: Setup SSH key
uses: webfactory/ssh-agent@v0.10.0
with:
private-key: ${{ secrets.DEPLOY_PRIVATE_KEY }}
dep: deploy development
ssh-private-key: ${{ secrets.DEPLOY_PRIVATE_KEY }}

- name: Configure SSH host key checking
run: |
mkdir -p ~/.ssh
cat > ~/.ssh/config <<'EOF'
Host *
StrictHostKeyChecking no
UserKnownHostsFile=/dev/null
EOF
chmod 700 ~/.ssh
chmod 600 ~/.ssh/config

- name: Deploy with Deployer
run: vendor/bin/dep deploy development
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_SHA: ${{ github.sha }}
GITHUB_REPO: ${{ github.repository }}
API_TOKEN: ${{ secrets.API_TOKEN }}
OPCACHE_WEBHOOK_TOKEN: ${{ secrets.OPCACHE_WEBHOOK_TOKEN }}

- name: Revoke Runner IP from AWS Security Group
if: always()
run: |
Expand Down
Loading