From 8badf1868daad375305a65a33249acd14d443725 Mon Sep 17 00:00:00 2001
From: isaackps <isaac.kps@gmail.com>
Date: Wed, 24 Sep 2025 12:30:12 +0800
Subject: [PATCH 1/4] fix: add GitHub Actions workflow to deploy static site to
 S3

---
 .github/workflows/deploy-s3.yml | 56 +++++++++++++++++++++++++++++++++
 1 file changed, 56 insertions(+)
 create mode 100644 .github/workflows/deploy-s3.yml

diff --git a/.github/workflows/deploy-s3.yml b/.github/workflows/deploy-s3.yml
new file mode 100644
index 0000000..bcaaa8a
--- /dev/null
+++ b/.github/workflows/deploy-s3.yml
@@ -0,0 +1,56 @@
+name: Build and Deploy to S3
+
+on:
+  push:
+    branches: [imda]
+  workflow_dispatch:
+
+jobs:
+  build-and-deploy:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Use Node.js 10.x
+        uses: actions/setup-node@v3
+        with:
+          node-version: "10.x"
+
+      - name: Cache npm
+        uses: actions/cache@v4
+        with:
+          path: ~/.npm
+          key: ${{ runner.os }}-node-10-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-node-10-
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Build static export
+        run: npm run deploy
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ${{ secrets.AWS_REGION }}
+
+      - name: Deploy to S3
+        run: |
+          aws s3 sync ./out s3://${{ secrets.S3_BUCKET }} \
+            --delete \
+            --acl public-read \
+            --cache-control max-age=300
+
+      - name: Invalidate CloudFront (optional)
+        env:
+          CLOUDFRONT_DISTRIBUTION_ID: ${{ secrets.CLOUDFRONT_DISTRIBUTION_ID }}
+        if: ${{ env.CLOUDFRONT_DISTRIBUTION_ID != '' }}
+        run: |
+          aws cloudfront create-invalidation \
+            --distribution-id "${{ env.CLOUDFRONT_DISTRIBUTION_ID }}" \
+            --paths "/*"

From 2547d0c9324c6771506a733ed1a3c18b5bf42db5 Mon Sep 17 00:00:00 2001
From: isaackps <isaac.kps@gmail.com>
Date: Wed, 24 Sep 2025 12:38:54 +0800
Subject: [PATCH 2/4] fix: update yml

---
 .github/workflows/deploy-s3.yml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/.github/workflows/deploy-s3.yml b/.github/workflows/deploy-s3.yml
index bcaaa8a..46014a3 100644
--- a/.github/workflows/deploy-s3.yml
+++ b/.github/workflows/deploy-s3.yml
@@ -43,8 +43,6 @@ jobs:
         run: |
           aws s3 sync ./out s3://${{ secrets.S3_BUCKET }} \
             --delete \
-            --acl public-read \
-            --cache-control max-age=300
 
       - name: Invalidate CloudFront (optional)
         env:

From ed8c48891963f6798cd74763950372bb458e14a1 Mon Sep 17 00:00:00 2001
From: Isaackps <isaac.kps@gmail.com>
Date: Wed, 22 Oct 2025 16:58:27 +0800
Subject: [PATCH 3/4] fix: remove on push

---
 .github/workflows/deploy-s3.yml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/.github/workflows/deploy-s3.yml b/.github/workflows/deploy-s3.yml
index 46014a3..0740375 100644
--- a/.github/workflows/deploy-s3.yml
+++ b/.github/workflows/deploy-s3.yml
@@ -1,8 +1,6 @@
 name: Build and Deploy to S3
 
 on:
-  push:
-    branches: [imda]
   workflow_dispatch:
 
 jobs:

From c0f2a5d072bf9aa5896a2ce6a01af9965b3c9921 Mon Sep 17 00:00:00 2001
From: Isaackps <isaac.kps@gmail.com>
Date: Mon, 3 Nov 2025 16:58:04 +0800
Subject: [PATCH 4/4] feat: split S3 deployment workflow into separate dev and
 prod environments

---
 .../{deploy-s3.yml => deploy-s3-dev.yml}      | 19 +++---
 .github/workflows/deploy-s3-prod.yml          | 65 +++++++++++++++++++
 2 files changed, 76 insertions(+), 8 deletions(-)
 rename .github/workflows/{deploy-s3.yml => deploy-s3-dev.yml} (72%)
 create mode 100644 .github/workflows/deploy-s3-prod.yml

diff --git a/.github/workflows/deploy-s3.yml b/.github/workflows/deploy-s3-dev.yml
similarity index 72%
rename from .github/workflows/deploy-s3.yml
rename to .github/workflows/deploy-s3-dev.yml
index 0740375..b0af28b 100644
--- a/.github/workflows/deploy-s3.yml
+++ b/.github/workflows/deploy-s3-dev.yml
@@ -1,11 +1,14 @@
-name: Build and Deploy to S3
+name: Build and Deploy to S3 (Development)
 
 on:
-  workflow_dispatch:
+  push:
+    branches:
+      - develop
 
 jobs:
   build-and-deploy:
     runs-on: ubuntu-latest
+    environment: development
 
     steps:
       - name: Checkout repository
@@ -33,18 +36,18 @@ jobs:
       - name: Configure AWS credentials
         uses: aws-actions/configure-aws-credentials@v4
         with:
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-access-key-id: ${{ secrets.DEV_AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.DEV_AWS_SECRET_ACCESS_KEY}}
           aws-region: ${{ secrets.AWS_REGION }}
 
-      - name: Deploy to S3
+      - name: Deploy to S3 (Development)
         run: |
-          aws s3 sync ./out s3://${{ secrets.S3_BUCKET }} \
+          aws s3 sync ./out s3://${{ secrets.S3_BUCKET_DEV }} \
             --delete \
 
-      - name: Invalidate CloudFront (optional)
+      - name: Invalidate CloudFront (Development)
         env:
-          CLOUDFRONT_DISTRIBUTION_ID: ${{ secrets.CLOUDFRONT_DISTRIBUTION_ID }}
+          CLOUDFRONT_DISTRIBUTION_ID: ${{ secrets.CLOUDFRONT_DISTRIBUTION_ID_DEV }}
         if: ${{ env.CLOUDFRONT_DISTRIBUTION_ID != '' }}
         run: |
           aws cloudfront create-invalidation \
diff --git a/.github/workflows/deploy-s3-prod.yml b/.github/workflows/deploy-s3-prod.yml
new file mode 100644
index 0000000..e40df15
--- /dev/null
+++ b/.github/workflows/deploy-s3-prod.yml
@@ -0,0 +1,65 @@
+name: Build and Deploy to S3 (Production)
+
+on:
+  workflow_dispatch:
+    inputs:
+      confirmation:
+        description: 'Type "DEPLOY_TO_PRODUCTION" to confirm deployment'
+        required: true
+        default: ''
+
+jobs:
+  build-and-deploy:
+    runs-on: ubuntu-latest
+    environment: production
+
+    steps:
+      - name: Verify production deployment confirmation
+        if: ${{ github.event.inputs.confirmation != 'DEPLOY_TO_PRODUCTION' }}
+        run: |
+          echo "❌ Production deployment cancelled: confirmation input required"
+          echo "Please enter 'DEPLOY_TO_PRODUCTION' in the confirmation field"
+          exit 1
+
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Use Node.js 10.x
+        uses: actions/setup-node@v3
+        with:
+          node-version: "10.x"
+
+      - name: Cache npm
+        uses: actions/cache@v4
+        with:
+          path: ~/.npm
+          key: ${{ runner.os }}-node-10-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-node-10-
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Build static export
+        run: npm run deploy
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ${{ secrets.AWS_REGION }}
+
+      - name: Deploy to S3 (Production)
+        run: |
+          aws s3 sync ./out s3://${{ secrets.S3_BUCKET }} \
+            --delete \
+
+      - name: Invalidate CloudFront (Production)
+        env:
+          CLOUDFRONT_DISTRIBUTION_ID: ${{ secrets.CLOUDFRONT_DISTRIBUTION_ID_PROD }}
+        if: ${{ env.CLOUDFRONT_DISTRIBUTION_ID != '' }}
+        run: |
+          aws cloudfront create-invalidation \
+            --distribution-id "${{ env.CLOUDFRONT_DISTRIBUTION_ID }}" \
+            --paths "/*"