Add CI/CD workflow for AWS S3 deployment

[thaobk54]

Add CI/CD for the master branch

[vercel]

@thaobk54 is attempting to deploy a commit to the umami-software Team on Vercel.

A member of the Team first needs to authorize it.

[greptile-apps]

Greptile Overview

Greptile Summary

This PR adds a new GitHub Actions workflow (mastercicd.yml) that implements CI/CD automation for the master branch. The workflow is designed to build Docker images, push them to AWS ECR, and deploy to an AWS EKS cluster. However, the implementation contains several critical issues that make it unsuitable for the open-source Umami repository. The workflow appears to be organization-specific, containing hardcoded Lloyd's Bank infrastructure details including specific AWS account IDs, ECR registries, and EKS cluster names. The workflow uses deprecated GitHub Actions versions and legacy output commands, lacks proper error handling, and doesn't include any testing or validation steps before deployment.

Important Files Changed

Filename	Score	Overview
.github/workflows/mastercicd.yml	1/5	Adds new CI/CD workflow with hardcoded organization-specific infrastructure details and deprecated actions

Confidence score: 1/5

• This PR contains critical security and operational issues that make it completely unsuitable for merging into the open-source repository
• Score reflects hardcoded sensitive infrastructure details (AWS account IDs, Lloyd's Bank domains), deprecated GitHub Actions, lack of error handling, and organization-specific configuration that doesn't belong in a public repository
• The entire workflow file requires complete removal or major revision to remove hardcoded infrastructure details and update to current best practices

Sequence Diagram

sequenceDiagram
    participant User
    participant GitHub
    participant "GitHub Actions"
    participant Python/pip
    participant "AWS CLI"
    participant "Node.js"
    participant "AWS STS"
    participant "Amazon ECR"
    participant Docker
    participant "Amazon EKS"
    participant kubectl
    participant "AWS SSM"

    User->>GitHub: "Push to master branch"
    GitHub->>+"GitHub Actions": "Trigger workflow"
    
    "GitHub Actions"->>+"GitHub Actions": "Checkout code"
    "GitHub Actions"->>+Python/pip: "Setup Python 3.8"
    Python/pip-->>-"GitHub Actions": "Python environment ready"
    
    "GitHub Actions"->>+"AWS CLI": "Install AWS CLI via pip"
    "AWS CLI"-->>-"GitHub Actions": "AWS CLI installed"
    
    "GitHub Actions"->>+"Node.js": "Setup Node.js 18.18.1"
    "Node.js"-->>-"GitHub Actions": "Node.js environment ready"
    
    "GitHub Actions"->>+"AWS STS": "Configure AWS credentials"
    "AWS STS"-->>-"GitHub Actions": "AWS credentials configured"
    
    "GitHub Actions"->>+"AWS STS": "Get caller identity and account ID"
    "AWS STS"-->>-"GitHub Actions": "Account ID retrieved"
    
    "GitHub Actions"->>+Amazon ECR: "Login to ECR"
    Amazon ECR-->>-"GitHub Actions": "ECR login successful"
    
    "GitHub Actions"->>+Docker: "Build Docker image with tag"
    Docker-->>-"GitHub Actions": "Docker image built"
    
    "GitHub Actions"->>+Amazon ECR: "Push Docker image to ECR"
    Amazon ECR-->>-"GitHub Actions": "Image pushed successfully"
    
    "GitHub Actions"->>+"GitHub Actions": "Download kubectl binary"
    "GitHub Actions"->>+kubectl: "Setup kubectl and authenticate with EKS"
    kubectl-->>-"GitHub Actions": "kubectl configured"
    
    "GitHub Actions"->>+"Amazon EKS": "Update kubeconfig for eks-prod-406"
    "Amazon EKS"-->>-"GitHub Actions": "Kubeconfig updated"
    
    "GitHub Actions"->>+kubectl: "Update deployment image in lloyds namespace"
    kubectl-->>-"GitHub Actions": "Deployment updated"
    
    "GitHub Actions"->>+"AWS SSM": "Store successful deployment parameter"
    "AWS SSM"-->>-"GitHub Actions": "Parameter stored"
    
    "GitHub Actions"-->>-GitHub: "Deployment complete"

Loading

[greptile-apps]

_{1 file reviewed, 2 comments}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

style: Workflow name mentions S3 but actually deploys to EKS - misleading title

Suggested change

	name: Website CI on AWS S3
	name: Website CI/CD for EKS Deployment

_{Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!}

Prompt To Fix With AI

This is a comment left during a code review.
Path: .github/workflows/mastercicd.yml
Line: 6:6

Comment:
**style:** Workflow name mentions S3 but actually deploys to EKS - misleading title

```suggestion
name: Website CI/CD for EKS Deployment
```

<sub>Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!</sub>

How can I resolve this? If you propose a fix, please make it concise.

[greptile-apps]

syntax: Using deprecated set-output and ##[set-output] commands - GitHub deprecated these in favor of $GITHUB_OUTPUT

Suggested change

	echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})"
	echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"
	echo "branch=$(echo ${GITHUB_REF#refs/heads/})" >> $GITHUB_OUTPUT
	echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT

Prompt To Fix With AI

This is a comment left during a code review.
Path: .github/workflows/mastercicd.yml
Line: 43:44

Comment:
**syntax:** Using deprecated `set-output` and `##[set-output]` commands - GitHub deprecated these in favor of `$GITHUB_OUTPUT`

```suggestion
        echo "branch=$(echo ${GITHUB_REF#refs/heads/})" >> $GITHUB_OUTPUT
        echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
```

How can I resolve this? If you propose a fix, please make it concise.