ci: add workflow to build for web

.github/workflows/build-app.yml

@@ -80,7 +80,8 @@ jobs:
         with:
           persist-credentials: false
 
-      - uses: ./.github/actions/build-setup
+      - name: Set up build
+        uses: ./.github/actions/build-setup
         with:
           NPMRC_FILE: ${{ secrets.NPMRC_FILE }}
           ENV_CONFIG_JS: ${{ vars[format('{0}_CONFIG_JS', env.ENVIRONMENT_CAPS)] }}

.github/workflows/build-web.yml

@@ -0,0 +1,91 @@
+# SPDX-FileCopyrightText: Copyright 2025 Opal Health Informatics Group at the Research Institute of the McGill University Health Centre <john.kildea@mcgill.ca>
+#
+# SPDX-License-Identifier: Apache-2.0
+
+name: Build Web
+# Default to dev when running automatically (see also "env" below)
+run-name: Building and (optionally) deploying the web app for ${{ inputs.ENVIRONMENT || 'dev' }} 📦🚀
+on:
+  # When pushing to main, automatically build for dev
+  push:
+    branches:
+      - main
+
+  # When updating a pull request or adding a pull request to a merge queue, automatically build for dev
+  pull_request:
+  merge_group:
+
+  # Offer a manual interface to build for all other environments as needed
+  workflow_dispatch:
+    inputs:
+      ENVIRONMENT:
+        description: 'Environment in which to build'
+        type: choice
+        required: true
+        default: 'dev'
+        options:
+          - dev
+          - prod
+      DEPLOY:
+        description: 'Deploy the resulting web app'
+        required: true
+        default: true
+        type: boolean
+
+env:
+  # Read the target environment from workflow_dispatch inputs, or default to dev
+  ENVIRONMENT: ${{ inputs.ENVIRONMENT || 'dev' }}
+
+permissions:
+  contents: read
+
+jobs:
+  build-web:
+    runs-on: ubuntu-latest
+    steps:
+      # Setup
+      - name: Convert environment to all caps
+        run: echo ENVIRONMENT_CAPS="$(echo "$ENVIRONMENT" | tr '[:lower:]' '[:upper:]')" >> "$GITHUB_ENV"
+      - name: Print environment
+        run: |
+          echo "Environment: $ENVIRONMENT ($ENVIRONMENT_CAPS)"
+      - uses: actions/checkout@v4.2.2
+        with:
+          persist-credentials: false
+
+      - name: Set up build
+        uses: ./.github/actions/build-setup
+        with:
+          NPMRC_FILE: ${{ secrets.NPMRC_FILE }}
+          ENV_CONFIG_JS: ${{ vars[format('{0}_CONFIG_JS', env.ENVIRONMENT_CAPS)] }}
+          ENV_GOOGLE_SERVICES: ${{ vars[format('{0}_GOOGLE_SERVICES', env.ENVIRONMENT_CAPS)] }}
+
+      # Build for web
+      - name: Build the web app
+        run: npm run build:web --env="$ENVIRONMENT"
+      - name: Organize the folder structure for the output
+        run: |
+          mkdir web-app
+          cp -r www web-app
+      - name: Archive build output
+        uses: actions/upload-artifact@v4.6.2
+        with:
+          name: Web app
+          path: web-app
+
+    # Pass $ENVIRONMENT to the next job (workaround for reusable workflows)
+    # See: https://github.com/actions/runner/issues/2372
+    # See: https://stackoverflow.com/questions/73797254/environment-variables-in-github-actions/74217028#74217028)
+    outputs:
+      ENVIRONMENT: ${{ env.ENVIRONMENT }}
+
+  # Call another workflow if applicable to deploy the app
+  deploy-web:
+    needs: build-web
+    # Deploy manually via inputs, or automatically (to dev) when building on main
+    if: ${{ inputs.DEPLOY || github.ref == 'refs/heads/main' }}
+    uses: ./.github/workflows/deploy-web.yml
+    with:
+      ENVIRONMENT: ${{ needs.build-web.outputs.ENVIRONMENT }}
+    secrets:
+      FTP_PASSWORD: ${{ secrets.FTP_PASSWORD }}

.github/workflows/deploy-web.yml

@@ -0,0 +1,67 @@
+# SPDX-FileCopyrightText: Copyright 2025 Opal Health Informatics Group at the Research Institute of the McGill University Health Centre <john.kildea@mcgill.ca>
+#
+# SPDX-License-Identifier: Apache-2.0
+
+name: Deploy Web
+run-name: Deploying the web app for ${{ inputs.ENVIRONMENT }} 🚀
+on:
+  workflow_call:
+    inputs:
+      ENVIRONMENT:
+        required: true
+        type: string
+    secrets:
+      FTP_PASSWORD:
+        required: true
+
+permissions:
+  contents: read
+
+jobs:
+  deploy-web:
+    runs-on: ubuntu-latest
+    steps:
+      # Setup
+      - uses: actions/checkout@v4.2.2
+        with:
+          persist-credentials: false
+      - name: Download web build artifact (`www`)
+        uses: actions/download-artifact@v4.3.0
+        with:
+          name: Web app
+          run-id: ${{ github.run_id }}
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+      - name: Install lftp
+        run: |
+          sudo apt-get install lftp
+          lftp --version
+      - name: List contents of `www`
+        run: ls -la www
+
+      - name: Ensure $ENVIRONMENT is defined to avoid destructive mirroring on the server
+        run: |
+          echo "Environment: $ENVIRONMENT"
+          if [ -z "$ENVIRONMENT" ]; then exit 1; fi
+        shell: bash
+        env:
+          ENVIRONMENT: ${{ inputs.ENVIRONMENT }}
+
+      # Upload web files
+      # See: https://www.cyberciti.biz/faq/lftp-mirror-example/
+      # See: https://linuxconfig.org/lftp-tutorial-on-linux-with-examples
+      - name: Upload files using lftp
+        run: >
+          lftp -c "
+            set cmd:fail-exit yes;
+            open $FTP_HOST
+            user $FTP_USER $FTP_PASSWORD;
+            mirror --exclude='app' --exclude='content' --reverse --delete --verbose ./static/landingpage/ ./app/${ENVIRONMENT}/;
+            mirror --reverse --delete --use-pget-n=10 --verbose ./www/ ./app/${ENVIRONMENT}/app/;
+            ls -la app/${ENVIRONMENT};
+            bye
+          "
+        env:
+          ENVIRONMENT: ${{ inputs.ENVIRONMENT }}
+          FTP_HOST: ${{ vars.FTP_HOST }}
+          FTP_PASSWORD: ${{ secrets.FTP_PASSWORD }}
+          FTP_USER: ${{ vars.FTP_USER }}