From 269e563f1a7a6f38078d9c04ddf4042ad0573819 Mon Sep 17 00:00:00 2001
From: Ryan Ahearn <ryan.ahearn@gsa.gov>
Date: Fri, 10 Jan 2025 10:47:56 -0500
Subject: [PATCH] Split assets building out of terraform steps in github
 actions

---
 .../github/workflows/deploy-production.yml    | 34 ++++++++++++++--
 .../github/workflows/deploy-staging.yml       | 34 ++++++++++++++--
 .../github/workflows/terraform-production.yml | 39 ++++++++++++++++---
 .../github/workflows/terraform-staging.yml    | 39 ++++++++++++++++---
 .../terraform/templates/terraform/app.tf.tt   |  3 +-
 5 files changed, 128 insertions(+), 21 deletions(-)

diff --git a/lib/generators/rails_template18f/github_actions/templates/github/workflows/deploy-production.yml b/lib/generators/rails_template18f/github_actions/templates/github/workflows/deploy-production.yml
index e6a7180..d604704 100644
--- a/lib/generators/rails_template18f/github_actions/templates/github/workflows/deploy-production.yml
+++ b/lib/generators/rails_template18f/github_actions/templates/github/workflows/deploy-production.yml
@@ -12,20 +12,37 @@ permissions:
   pull-requests: write
 
 jobs:
+  build-assets:
+    name: Compile and clean assets
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Compile assets
+        uses: ./.github/actions/compile-assets
+        with:
+          rails_env: production
+          save_cache: true
+      - name: Upload assets
+        uses: actions/upload-artifact@v4
+        with:
+          name: production-assets
+          path: public/assets
+
   deploy:
     name: Deploy to production
     runs-on: ubuntu-latest
+    needs: build-assets
     environment: production
     env:
       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     steps:
       - uses: actions/checkout@v4
 
-      - name: Compile assets
-        uses: ./.github/actions/compile-assets
+      - name: Download assets
+        uses: actions/download-artifact@v4
         with:
-          rails_env: production
-          save_cache: true
+          name: production-assets
+          path: public/assets
 
       - name: Terraform apply
         uses: dflook/terraform-apply@v1
@@ -44,3 +61,12 @@ jobs:
             secret_key=${{ secrets.TERRAFORM_STATE_SECRET_ACCESS_KEY }}
             bucket=${{ secrets.TERRAFORM_STATE_BUCKET_NAME }}
             key=terraform.tfstate.production
+
+      - name: Save app zip for debugging
+        if: failure()
+        uses: actions/upload-artifact@v4
+        with:
+          name: app-src-apply
+          path: terraform/dist/src.zip
+          compression-level: 0
+          retention-days: 1
diff --git a/lib/generators/rails_template18f/github_actions/templates/github/workflows/deploy-staging.yml b/lib/generators/rails_template18f/github_actions/templates/github/workflows/deploy-staging.yml
index 9338a36..e4eee46 100644
--- a/lib/generators/rails_template18f/github_actions/templates/github/workflows/deploy-staging.yml
+++ b/lib/generators/rails_template18f/github_actions/templates/github/workflows/deploy-staging.yml
@@ -12,20 +12,37 @@ permissions:
   pull-requests: write
 
 jobs:
+  build-assets:
+    name: Compile and clean assets
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Compile assets
+        uses: ./.github/actions/compile-assets
+        with:
+          rails_env: staging
+          save_cache: true
+      - name: Upload assets
+        uses: actions/upload-artifact@v4
+        with:
+          name: staging-assets
+          path: public/assets
+
   deploy:
     name: Deploy to staging
     runs-on: ubuntu-latest
+    needs: build-assets
     environment: staging
     env:
       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     steps:
       - uses: actions/checkout@v4
 
-      - name: Compile assets
-        uses: ./.github/actions/compile-assets
+      - name: Download assets
+        uses: actions/download-artifact@v4
         with:
-          rails_env: staging
-          save_cache: true
+          name: staging-assets
+          path: public/assets
 
       - name: Terraform apply
         uses: dflook/terraform-apply@v1
@@ -44,3 +61,12 @@ jobs:
             secret_key=${{ secrets.TERRAFORM_STATE_SECRET_ACCESS_KEY }}
             bucket=${{ secrets.TERRAFORM_STATE_BUCKET_NAME }}
             key=terraform.tfstate.staging
+
+      - name: Save app zip for debugging
+        if: failure()
+        uses: actions/upload-artifact@v4
+        with:
+          name: app-src-apply
+          path: terraform/dist/src.zip
+          compression-level: 0
+          retention-days: 1
diff --git a/lib/generators/rails_template18f/github_actions/templates/github/workflows/terraform-production.yml b/lib/generators/rails_template18f/github_actions/templates/github/workflows/terraform-production.yml
index f6e1c71..f184af8 100644
--- a/lib/generators/rails_template18f/github_actions/templates/github/workflows/terraform-production.yml
+++ b/lib/generators/rails_template18f/github_actions/templates/github/workflows/terraform-production.yml
@@ -9,9 +9,28 @@ permissions:
   pull-requests: write
 
 jobs:
+  build-assets:
+    name: Compile and clean assets
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Compile assets
+        uses: ./.github/actions/compile-assets
+        with:
+          rails_env: production
+          # you may want to enable the next line to surface issues with missing assets,
+          # but not until after you've deployed once and the cache has been created
+          # fail_on_missing_cache: true
+      - name: Upload assets
+        uses: actions/upload-artifact@v4
+        with:
+          name: production-assets
+          path: public/assets
+
   terraform:
     name: Terraform plan
     runs-on: ubuntu-latest
+    needs: build-assets
     environment: production
     env:
       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -29,13 +48,11 @@ jobs:
         with:
           path: terraform
 
-      - name: Compile assets
-        uses: ./.github/actions/compile-assets
+      - name: Download assets
+        uses: actions/download-artifact@v4
         with:
-          rails_env: production
-          # you may want to enable the next line to surface issues with missing assets,
-          # but not until after you've deployed once and the cache has been created
-          # fail_on_missing_cache: true
+          name: production-assets
+          path: public/assets
 
       - name: terraform plan
         uses: dflook/terraform-plan@v1
@@ -55,3 +72,13 @@ jobs:
             secret_key=${{ secrets.TERRAFORM_STATE_SECRET_ACCESS_KEY }}
             bucket=${{ secrets.TERRAFORM_STATE_BUCKET_NAME }}
             key=terraform.tfstate.production
+
+      # Uncomment this step if you need to debug issues
+      # with mismatched app checksum between plan and apply
+      # - name: Save app zip for debugging
+      #   uses: actions/upload-artifact@v4
+      #   with:
+      #     name: app-src-plan
+      #     path: terraform/dist/src.zip
+      #     compression-level: 0
+      #     retention-days: 1
diff --git a/lib/generators/rails_template18f/github_actions/templates/github/workflows/terraform-staging.yml b/lib/generators/rails_template18f/github_actions/templates/github/workflows/terraform-staging.yml
index bbe0c54..2e398b4 100644
--- a/lib/generators/rails_template18f/github_actions/templates/github/workflows/terraform-staging.yml
+++ b/lib/generators/rails_template18f/github_actions/templates/github/workflows/terraform-staging.yml
@@ -9,9 +9,28 @@ permissions:
   pull-requests: write
 
 jobs:
+  build-assets:
+    name: Compile and clean assets
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Compile assets
+        uses: ./.github/actions/compile-assets
+        with:
+          rails_env: staging
+          # you may want to enable the next line to surface issues with missing assets,
+          # but not until after you've deployed once and the cache has been created
+          # fail_on_missing_cache: true
+      - name: Upload assets
+        uses: actions/upload-artifact@v4
+        with:
+          name: staging-assets
+          path: public/assets
+
   terraform:
     name: Terraform plan
     runs-on: ubuntu-latest
+    needs: build-assets
     environment: staging
     env:
       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -29,13 +48,11 @@ jobs:
         with:
           path: terraform
 
-      - name: Compile assets
-        uses: ./.github/actions/compile-assets
+      - name: Download assets
+        uses: actions/download-artifact@v4
         with:
-          rails_env: staging
-          # you may want to enable the next line to surface issues with missing assets,
-          # but not until after you've deployed once and the cache has been created
-          # fail_on_missing_cache: true
+          name: staging-assets
+          path: public/assets
 
       - name: terraform plan
         uses: dflook/terraform-plan@v1
@@ -55,3 +72,13 @@ jobs:
             secret_key=${{ secrets.TERRAFORM_STATE_SECRET_ACCESS_KEY }}
             bucket=${{ secrets.TERRAFORM_STATE_BUCKET_NAME }}
             key=terraform.tfstate.staging
+
+      # Uncomment this step if you need to debug issues
+      # with mismatched app checksum between plan and apply
+      # - name: Save app zip for debugging
+      #   uses: actions/upload-artifact@v4
+      #   with:
+      #     name: app-src-plan
+      #     path: terraform/dist/src.zip
+      #     compression-level: 0
+      #     retention-days: 1
diff --git a/lib/generators/rails_template18f/terraform/templates/terraform/app.tf.tt b/lib/generators/rails_template18f/terraform/templates/terraform/app.tf.tt
index 5e92566..971f43f 100644
--- a/lib/generators/rails_template18f/terraform/templates/terraform/app.tf.tt
+++ b/lib/generators/rails_template18f/terraform/templates/terraform/app.tf.tt
@@ -4,7 +4,8 @@ data "archive_file" "src" {
   output_path = "${path.module}/dist/src.zip"
   excludes = [
     ".git*",
-    "node_modules/*",
+    ".circleci/*",
+    ".bundle/*",
     "tmp/**/*",
     "terraform/*",
     "log/*",