Deployment of CISA Crossfeed is done automatically through GitHub Actions from the cisagov/crossfeed GitHub repository.
Environments are configured to ensure that only specific users with the appropriate permissions can trigger workflows on GitHub Actions or access secrets that perform deployments. At the moment, GitHub Actions jobs that deploy to staging and prod or access credentials for those AWS environments must be manually approved.
To set up automatic deployment to your own AWS environment, you must first create an IAM user with enough permissions to the right resources on AWS. Then, set the GitHub repository's secrets
AWS_SECRET_KEY to the access credentials of this user.
Here are instructions on how to deploy the different components of Crossfeed manually.
Infrastructure is managed by Terraform. To deploy to staging, run:
cd infrastructure make init make plan make apply
The backend API is managed by the Serverless Framework. To deploy, run:
cd backend npx sls create_domain --stage=staging npx sls deploy --stage=staging
To change the environment variables used to build the backend, edit
env.yaml. Most of these
variables are set through SSM variables (which should be set manually / through Terraform -- see below),
but some of these variables are hard-coded and configurable by just editing
Deploying the worker involves building the Docker image and pushing it to ECR:
cd backend npm run deploy-worker
worker_ecs_repository_url output from Terraform changes, you will need to modify
Deploying the frontend involves building the React code, uploading it to an S3 bucket, then invalidating the Cloudfront cache:
cd frontend cp stage.env .env npm run build aws s3 sync build/ s3://staging.crossfeed.cyber.dhs.gov --delete