feat(deploy): ecqm and twh instance support

.github/workflows/deploy-ecqm-mieweb.yml

@@ -0,0 +1,192 @@
+name: Deploy eCQM OS MIEWeb
+
+on:
+  push:
+    branches: [main]
+  workflow_dispatch:
+    inputs:
+      replace_existing:
+        description: Delete and recreate existing MIE containers if the hostnames already exist.
+        required: true
+        default: "false"
+        type: choice
+        options:
+          - "false"
+          - "true"
+
+concurrency:
+  group: deploy-ecqm-mieweb-${{ github.ref }}
+  cancel-in-progress: false
+
+env:
+  REGISTRY: ghcr.io
+  BACKEND_IMAGE: ghcr.io/taleef7/workwell-api
+  FRONTEND_IMAGE: ghcr.io/taleef7/workwell-ecqm-frontend
+  FRONTEND_URL: https://ecqm.os.mieweb.org
+  BACKEND_URL: https://ecqm-api.os.mieweb.org
+  API_HOSTNAME: ecqm-api
+  FRONTEND_HOSTNAME: ecqm
+  SITE_ID: 1
+  APP_NAME: "WorkWell eCQM Studio"
+  APP_TAGLINE: "clinical quality measures for the workforce."
+
+jobs:
+  build-backend:
+    name: Build backend image
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: docker/setup-buildx-action@v3
+
+      - uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - uses: docker/build-push-action@v6
+        with:
+          context: ./backend
+          file: ./backend/Dockerfile
+          push: true
+          tags: |
+            ${{ env.BACKEND_IMAGE }}:latest
+            ${{ env.BACKEND_IMAGE }}:sha-${{ github.sha }}
+
+  build-frontend:
+    name: Build ecqm frontend image
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: docker/setup-buildx-action@v3
+
+      - uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - uses: docker/build-push-action@v6
+        with:
+          context: ./frontend
+          file: ./frontend/Dockerfile
+          push: true
+          build-args: |
+            NEXT_PUBLIC_API_URL=${{ env.BACKEND_URL }}
+            NEXT_PUBLIC_APP_NAME=${{ env.APP_NAME }}
+            NEXT_PUBLIC_APP_TAGLINE=${{ env.APP_TAGLINE }}
+          tags: |
+            ${{ env.FRONTEND_IMAGE }}:latest
+            ${{ env.FRONTEND_IMAGE }}:sha-${{ github.sha }}
+
+  deploy-backend:
+    name: Deploy ecqm backend container
+    runs-on: ubuntu-latest
+    needs: build-backend
+    env:
+      MIEWEB_API_URL: ${{ secrets.LAUNCHPAD_API_URL }}
+      MIEWEB_API_KEY: ${{ secrets.LAUNCHPAD_API_KEY }}
+      DATABASE_URL: ${{ secrets.DATABASE_URL_ECQM }}
+      OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
+      WORKWELL_AUTH_JWT_SECRET: ${{ secrets.WORKWELL_AUTH_JWT_SECRET_ECQM }}
+      REPLACE_EXISTING: ${{ github.event_name == 'push' || inputs.replace_existing == 'true' }}
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Validate required secrets
+        run: |
+          missing=()
+          [ -z "$MIEWEB_API_URL" ] && missing+=("LAUNCHPAD_API_URL")
+          [ -z "$MIEWEB_API_KEY" ] && missing+=("LAUNCHPAD_API_KEY")
+          [ -z "$DATABASE_URL" ] && missing+=("DATABASE_URL_ECQM")
+          [ -z "$OPENAI_API_KEY" ] && missing+=("OPENAI_API_KEY")
+          [ -z "$WORKWELL_AUTH_JWT_SECRET" ] && missing+=("WORKWELL_AUTH_JWT_SECRET_ECQM")
+          if [ ${#missing[@]} -gt 0 ]; then
+            echo "::error::Missing required secret(s): ${missing[*]}"
+            exit 1
+          fi
+
+      - name: Prepare backend environment variables
+        id: backend-env
+        run: |
+          {
+            echo 'json<<EOF'
+            jq -nc \
+              --arg database_url "$DATABASE_URL" \
+              --arg openai_api_key "$OPENAI_API_KEY" \
+              --arg jwt_secret "$WORKWELL_AUTH_JWT_SECRET" \
+              --arg frontend_url "$FRONTEND_URL" \
+              '[
+                {key: "DATABASE_URL", value: $database_url},
+                {key: "OPENAI_API_KEY", value: $openai_api_key},
+                {key: "JAVA_OPTS", value: "-Xmx768m -Xms256m -Xss256k"},
+                {key: "SPRING_PROFILES_ACTIVE", value: "prod,production"},
+                {key: "WORKWELL_CORS_ALLOWED_ORIGINS", value: $frontend_url},
+                {key: "CORS_ALLOWED_ORIGINS", value: $frontend_url},
+                {key: "WORKWELL_AUTH_COOKIE_SAME_SITE", value: "None"},
+                {key: "WORKWELL_AUTH_COOKIE_SECURE", value: "true"},
+                {key: "WORKWELL_AUTH_JWT_SECRET", value: $jwt_secret},
+                {key: "WORKWELL_INSTANCE", value: "ecqm"}
+              ]'
+            echo EOF
+          } >> "$GITHUB_OUTPUT"
+
+      - name: Deploy backend through Create-a-Container API
+        env:
+          CONTAINER_HOSTNAME: ${{ env.API_HOSTNAME }}
+          CONTAINER_IMAGE: ${{ env.BACKEND_IMAGE }}:sha-${{ github.sha }}
+          INTERNAL_PORT: 8080
+          CONTAINER_ENV_VARS_JSON: ${{ steps.backend-env.outputs.json }}
+        run: bash .github/scripts/deploy-mieweb-container.sh
+
+  deploy-frontend:
+    name: Deploy ecqm frontend container
+    runs-on: ubuntu-latest
+    needs: [build-frontend, deploy-backend]
+    env:
+      MIEWEB_API_URL: ${{ secrets.LAUNCHPAD_API_URL }}
+      MIEWEB_API_KEY: ${{ secrets.LAUNCHPAD_API_KEY }}
+      REPLACE_EXISTING: ${{ github.event_name == 'push' || inputs.replace_existing == 'true' }}
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Validate required secrets
+        run: |
+          missing=()
+          [ -z "$MIEWEB_API_URL" ] && missing+=("LAUNCHPAD_API_URL")
+          [ -z "$MIEWEB_API_KEY" ] && missing+=("LAUNCHPAD_API_KEY")
+          if [ ${#missing[@]} -gt 0 ]; then
+            echo "::error::Missing required secret(s): ${missing[*]}"
+            exit 1
+          fi
+
+      - name: Prepare frontend environment variables
+        id: frontend-env
+        run: |
+          {
+            echo 'json<<EOF'
+            jq -nc \
+              --arg backend_url "$BACKEND_URL" \
+              '[
+                {key: "NODE_ENV", value: "production"},
+                {key: "NEXT_PUBLIC_API_URL", value: $backend_url},
+                {key: "NEXT_PUBLIC_API_BASE_URL", value: $backend_url}
+              ]'
+            echo EOF
+          } >> "$GITHUB_OUTPUT"
+
+      - name: Deploy frontend through Create-a-Container API
+        env:
+          CONTAINER_HOSTNAME: ${{ env.FRONTEND_HOSTNAME }}
+          CONTAINER_IMAGE: ${{ env.FRONTEND_IMAGE }}:sha-${{ github.sha }}
+          INTERNAL_PORT: 3000
+          CONTAINER_ENV_VARS_JSON: ${{ steps.frontend-env.outputs.json }}
+        run: bash .github/scripts/deploy-mieweb-container.sh

.github/workflows/deploy-twh-mieweb.yml

@@ -0,0 +1,192 @@
+name: Deploy TWH OS MIEWeb
+
+on:
+  push:
+    branches: [main]
+  workflow_dispatch:
+    inputs:
+      replace_existing:
+        description: Delete and recreate existing MIE containers if the hostnames already exist.
+        required: true
+        default: "false"
+        type: choice
+        options:
+          - "false"
+          - "true"
+
+concurrency:
+  group: deploy-twh-mieweb-${{ github.ref }}
+  cancel-in-progress: false
+
+env:
+  REGISTRY: ghcr.io
+  BACKEND_IMAGE: ghcr.io/taleef7/workwell-api
+  FRONTEND_IMAGE: ghcr.io/taleef7/workwell-twh-frontend
+  FRONTEND_URL: https://twh.os.mieweb.org
+  BACKEND_URL: https://twh-api.os.mieweb.org
+  API_HOSTNAME: twh-api
+  FRONTEND_HOSTNAME: twh
+  SITE_ID: 1
+  APP_NAME: "WorkWell TWH"
+  APP_TAGLINE: "Total Worker Health — safety and wellness unified."
+
+jobs:
+  build-backend:
+    name: Build backend image
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: docker/setup-buildx-action@v3
+
+      - uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - uses: docker/build-push-action@v6
+        with:
+          context: ./backend
+          file: ./backend/Dockerfile
+          push: true
+          tags: |
+            ${{ env.BACKEND_IMAGE }}:latest
+            ${{ env.BACKEND_IMAGE }}:sha-${{ github.sha }}
+
+  build-frontend:
+    name: Build twh frontend image
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: docker/setup-buildx-action@v3
+
+      - uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - uses: docker/build-push-action@v6
+        with:
+          context: ./frontend
+          file: ./frontend/Dockerfile
+          push: true
+          build-args: |
+            NEXT_PUBLIC_API_URL=${{ env.BACKEND_URL }}
+            NEXT_PUBLIC_APP_NAME=${{ env.APP_NAME }}
+            NEXT_PUBLIC_APP_TAGLINE=${{ env.APP_TAGLINE }}
+          tags: |
+            ${{ env.FRONTEND_IMAGE }}:latest
+            ${{ env.FRONTEND_IMAGE }}:sha-${{ github.sha }}
+
+  deploy-backend:
+    name: Deploy twh backend container
+    runs-on: ubuntu-latest
+    needs: build-backend
+    env:
+      MIEWEB_API_URL: ${{ secrets.LAUNCHPAD_API_URL }}
+      MIEWEB_API_KEY: ${{ secrets.LAUNCHPAD_API_KEY }}
+      DATABASE_URL: ${{ secrets.DATABASE_URL_TWH }}
+      OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
+      WORKWELL_AUTH_JWT_SECRET: ${{ secrets.WORKWELL_AUTH_JWT_SECRET_TWH }}
+      REPLACE_EXISTING: ${{ github.event_name == 'push' || inputs.replace_existing == 'true' }}
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Validate required secrets
+        run: |
+          missing=()
+          [ -z "$MIEWEB_API_URL" ] && missing+=("LAUNCHPAD_API_URL")
+          [ -z "$MIEWEB_API_KEY" ] && missing+=("LAUNCHPAD_API_KEY")
+          [ -z "$DATABASE_URL" ] && missing+=("DATABASE_URL_TWH")
+          [ -z "$OPENAI_API_KEY" ] && missing+=("OPENAI_API_KEY")
+          [ -z "$WORKWELL_AUTH_JWT_SECRET" ] && missing+=("WORKWELL_AUTH_JWT_SECRET_TWH")
+          if [ ${#missing[@]} -gt 0 ]; then
+            echo "::error::Missing required secret(s): ${missing[*]}"
+            exit 1
+          fi
+
+      - name: Prepare backend environment variables
+        id: backend-env
+        run: |
+          {
+            echo 'json<<EOF'
+            jq -nc \
+              --arg database_url "$DATABASE_URL" \
+              --arg openai_api_key "$OPENAI_API_KEY" \
+              --arg jwt_secret "$WORKWELL_AUTH_JWT_SECRET" \
+              --arg frontend_url "$FRONTEND_URL" \
+              '[
+                {key: "DATABASE_URL", value: $database_url},
+                {key: "OPENAI_API_KEY", value: $openai_api_key},
+                {key: "JAVA_OPTS", value: "-Xmx768m -Xms256m -Xss256k"},
+                {key: "SPRING_PROFILES_ACTIVE", value: "prod,production"},
+                {key: "WORKWELL_CORS_ALLOWED_ORIGINS", value: $frontend_url},
+                {key: "CORS_ALLOWED_ORIGINS", value: $frontend_url},
+                {key: "WORKWELL_AUTH_COOKIE_SAME_SITE", value: "None"},
+                {key: "WORKWELL_AUTH_COOKIE_SECURE", value: "true"},
+                {key: "WORKWELL_AUTH_JWT_SECRET", value: $jwt_secret},
+                {key: "WORKWELL_INSTANCE", value: "twh"}
+              ]'
+            echo EOF
+          } >> "$GITHUB_OUTPUT"
+
+      - name: Deploy backend through Create-a-Container API
+        env:
+          CONTAINER_HOSTNAME: ${{ env.API_HOSTNAME }}
+          CONTAINER_IMAGE: ${{ env.BACKEND_IMAGE }}:sha-${{ github.sha }}
+          INTERNAL_PORT: 8080
+          CONTAINER_ENV_VARS_JSON: ${{ steps.backend-env.outputs.json }}
+        run: bash .github/scripts/deploy-mieweb-container.sh
+
+  deploy-frontend:
+    name: Deploy twh frontend container
+    runs-on: ubuntu-latest
+    needs: [build-frontend, deploy-backend]
+    env:
+      MIEWEB_API_URL: ${{ secrets.LAUNCHPAD_API_URL }}
+      MIEWEB_API_KEY: ${{ secrets.LAUNCHPAD_API_KEY }}
+      REPLACE_EXISTING: ${{ github.event_name == 'push' || inputs.replace_existing == 'true' }}
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Validate required secrets
+        run: |
+          missing=()
+          [ -z "$MIEWEB_API_URL" ] && missing+=("LAUNCHPAD_API_URL")
+          [ -z "$MIEWEB_API_KEY" ] && missing+=("LAUNCHPAD_API_KEY")
+          if [ ${#missing[@]} -gt 0 ]; then
+            echo "::error::Missing required secret(s): ${missing[*]}"
+            exit 1
+          fi
+
+      - name: Prepare frontend environment variables
+        id: frontend-env
+        run: |
+          {
+            echo 'json<<EOF'
+            jq -nc \
+              --arg backend_url "$BACKEND_URL" \
+              '[
+                {key: "NODE_ENV", value: "production"},
+                {key: "NEXT_PUBLIC_API_URL", value: $backend_url},
+                {key: "NEXT_PUBLIC_API_BASE_URL", value: $backend_url}
+              ]'
+            echo EOF
+          } >> "$GITHUB_OUTPUT"
+
+      - name: Deploy frontend through Create-a-Container API
+        env:
+          CONTAINER_HOSTNAME: ${{ env.FRONTEND_HOSTNAME }}
+          CONTAINER_IMAGE: ${{ env.FRONTEND_IMAGE }}:sha-${{ github.sha }}
+          INTERNAL_PORT: 3000
+          CONTAINER_ENV_VARS_JSON: ${{ steps.frontend-env.outputs.json }}
+        run: bash .github/scripts/deploy-mieweb-container.sh