This document outlines the process for deploying the TRMNL Salah Prayer Times Plugin backend to AWS using the Serverless Framework and details the continuous integration and deployment (CI/CD) pipelin
This document outlines the process for deploying the TRMNL Salah Prayer Times Plugin backend to AWS using the Serverless Framework and details the continuous integration and deployment (CI/CD) pipeline implemented with GitHub Actions.
The project leverages the Serverless Framework↗ to define, build, and deploy the application's backend infrastructure (AWS Lambda functions, API Gateway, etc.) as code. This approach simplifies the management of serverless resources and ensures consistency across environments.
To deploy the backend to AWS:
Prerequisites:
TRMNL_CLIENT_ID, TRMNL_CLIENT_SECRET, SUPABASE_URL, SUPABASE_SERVICE_KEY) must be set in your deployment environment (e.g., via a .env file or environment variables for the CI/CD pipeline).Install Dependencies: If you haven't already, install the project's dependencies:
Deploy: Execute the Serverless deploy command from the project root. This command will package your TypeScript code, create or update AWS resources (Lambda functions, API Gateway endpoints, etc.), and deploy them to your configured AWS region (eu-west-2 as per serverless.yml).
Upon successful deployment, the Serverless Framework will output the API Gateway URL for your endpoints (e.g., https://your-api-gateway-url/install, https://your-api-gateway-url/prayer-times). This URL is crucial for configuring the plugin in the TRMNL dashboard.
The project uses GitHub Actions to automate the continuous integration and deployment workflow, ensuring code quality and efficient delivery. The pipeline is defined in the .github/workflows/build-and-deploy.yml file.
The CI/CD pipeline is triggered in the following scenarios:
Continuous Integration (CI):
push to any branch.pull_request targeting the main branch.
This ensures that all proposed changes are automatically validated before being merged.Continuous Deployment (CD):
push to the main branch.
This enables automatic deployment of tested and verified code to the production environment.The GitHub Actions workflow comprises two main stages:
This stage focuses on validating the codebase and runs for all pushes and pull requests.
yarn.yarn lint) to enforce coding standards and identify potential issues.yarn check-types) to catch type-related errors.yarn test) to ensure functionality and prevent regressions.If any of these CI steps fail, the workflow stops, and the changes are flagged, preventing them from proceeding to deployment.
This stage is responsible for deploying the application to AWS and runs only when the CI stage is successful and the changes are pushed to the main branch.
yarn serverless:deploy.serverless.yml and environment variables).To enable the GitHub Actions pipeline to deploy to AWS and interact with TRMNL and Supabase, the following secrets must be configured in your GitHub repository's settings:
AWS_ACCESS_KEY_ID: Your AWS Access Key ID, required for the GitHub Actions runner to authenticate with your AWS account and deploy resources.AWS_SECRET_ACCESS_KEY: Your AWS Secret Access Key, providing programmatic access to your AWS account.TRMNL_CLIENT_ID: The Client ID issued by TRMNL when you registered your plugin. This is used by the backend for OAuth flows.TRMNL_CLIENT_SECRET: The Client Secret associated with your TRMNL plugin. Also used for secure OAuth communication.SUPABASE_URL: The URL of your Supabase project API, necessary for the backend to connect to your Supabase database.SUPABASE_SERVICE_KEY: The Supabase Service Role Key, which grants the backend appropriate permissions to interact with your database tables (e.g., user_settings).These secrets ensure that sensitive credentials are not hardcoded into the repository but are securely managed and injected into the CI/CD pipeline at runtime.