Automated indexer deployment with API endpoint under same domain

[koenmtb1]

Summary

• Add automated blue-green deployment for the Ponder indexer via two GitHub Actions workflows: one deploys to the slave color and exits, a cron (every 30 min) polls the new backend's sync status and switches over once ready
• Route /api/* requests through the frontend CloudFront distribution (stake.aztec.network/api/*) to the live indexer origin, eliminating the need for a separate API domain and frontend redeployments on indexer switchovers
• Add /api/sync-status endpoint that compares the indexer's max indexed block against the chain head, used by the cron to detect when re-indexing is complete
• Replace the 404 custom_error_response with a CloudFront Function for SPA routing, since custom_error_response is distribution-wide and would swallow API 404s

How it works

• Trigger Deploy Indexer (Blue-Green) workflow → deploys to the slave color (opposite of live), writes a pending switchover to S3, exits (~5 min)
• Check Indexer Sync cron runs every 30 min → hits /api/sync-status on the slave's CloudFront → if synced, updates the indexerOrigin on the frontend CloudFront via AWS CLI, clears the pending state, and triggers a deploy to the old live so both end up updated
• The frontend always hits /api/* on its own domain — CloudFront routes it to whichever indexer backend is live. No frontend redeploy needed for switchovers.

Setup
Run scripts/init-deployment-state.sh <environment> <live_color> once per environment to create the S3 state file before using the blue-green workflow.

[Maddiaa0]

may aswell be staking dashboard no?
prolly a good thing that this doesnt write to the same folder as the terraform managed bucket

[koenmtb1]

The terraform has historically used aztec-token-sale-terraform-state so leaving this as is for now. We can move the state if needed to a new name

[Maddiaa0]

not sure we need this if the rule has been disabled

[koenmtb1]

This is to allow teams to use the API programatically, without this it acts finicky when using curl or in code. Even with User-Agent set

[Maddiaa0]

over all looks good, theres some further cleanup we can do in following prs.

Something that need to be changed / tested

• the buffer for falling behind is a bit too large
• we no longer need to have two cloudfront dist's created for the backends.

[Maddiaa0]

i think you might want to uncomment this - everything this runs it will bring the order back to what is defined here, not what is overwritten in the cli?

[Maddiaa0]

something to look out here for

• even when the primary is switched, it will not respect app versions, might end up flopping between two different app versionos

[koenmtb1]

Agreed, kept that in mind, but felt like separate PR / issue.

[koenmtb1]

• we no longer need to have two cloudfront dist's created for the backends.

I'll make a separate issue for this, which can also include versioning the APIs