Release And Deploy #175
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release And Deploy | |
| # Controls when the workflow will run | |
| on: | |
| pull_request: | |
| types: [ closed ] | |
| # Allows you to run this workflow manually from the Actions tab | |
| workflow_dispatch: | |
| inputs: | |
| environment: | |
| required: true | |
| type: choice | |
| description: Select the Environment | |
| options: | |
| - dev | |
| - uat | |
| - prod | |
| beta: | |
| required: false | |
| type: boolean | |
| description: deploy beta version on AKS | |
| default: false | |
| skip_release: | |
| required: false | |
| type: boolean | |
| description: skip the release. Only deploy | |
| default: false | |
| permissions: | |
| packages: write | |
| contents: write | |
| issues: write | |
| id-token: write | |
| actions: read | |
| jobs: | |
| update_openapi: | |
| runs-on: ubuntu-latest | |
| name: Update OpenAPI | |
| environment: ${{ inputs.environment }} | |
| steps: | |
| - name: Checkout | |
| id: checkout | |
| # from https://github.com/actions/checkout/commits/main | |
| uses: actions/checkout@1f9a0c22da41e6ebfa534300ef656657ea2c6707 | |
| with: | |
| persist-credentials: false | |
| - name: Setup Terraform | |
| # from https://github.com/hashicorp/setup-terraform/commits/main | |
| uses: hashicorp/setup-terraform@8feba2b913ea459066180f9cb177f58a881cf146 | |
| with: | |
| terraform_version: "1.3.6" | |
| - name: Login | |
| id: login | |
| # from https://github.com/Azure/login/commits/master | |
| uses: azure/login@v2.1.0 | |
| with: | |
| auth-type: IDENTITY | |
| client-id: ${{ secrets.CD_CLIENT_ID }} | |
| tenant-id: ${{ secrets.TENANT_ID }} | |
| subscription-id: ${{ secrets.SUBSCRIPTION_ID }} | |
| - name: Terraform Apply | |
| shell: bash | |
| run: | | |
| cd ./infra | |
| export ARM_OIDC_TOKEN=${{ env.ACTIONS_RUNTIME_TOKEN }} | |
| export ARM_USE_OIDC=true | |
| export ARM_CLIENT_ID="${{ secrets.CD_CLIENT_ID }}" | |
| export ARM_SUBSCRIPTION_ID=$(az account show --query id --output tsv) | |
| export ARM_TENANT_ID=$(az account show --query tenantId --output tsv) | |
| bash ./terraform.sh init weu-${{ inputs.environment }} | |
| bash ./terraform.sh apply weu-${{ inputs.environment }} -auto-approve | |
| ## A workflow run is made up of one or more jobs that can run sequentially or in parallel | |
| #jobs: | |
| # setup: | |
| # name: Setup | |
| # runs-on: ubuntu-latest | |
| # outputs: | |
| # semver: ${{ steps.get_semver.outputs.semver }} | |
| # environment: ${{ steps.get_env.outputs.environment }} | |
| # steps: | |
| # - name: pull request rejected | |
| # if: github.event_name == 'pull_request' && github.event.action == 'closed' && github.event.pull_request.merged != true | |
| # run: | | |
| # echo "❌ PR was closed without a merge" | |
| # exit 1 | |
| # | |
| # # Set Semvar | |
| # - run: echo "SEMVER=patch" >> $GITHUB_ENV | |
| # | |
| # - if: ${{ (github.event.pull_request.merged && contains(github.event.pull_request.labels.*.name, 'breaking-change')) }} | |
| # run: echo "SEMVER=major" >> $GITHUB_ENV | |
| # | |
| # - if: ${{ inputs.environment == 'uat' }} | |
| # run: echo "SEMVER=minor" >> $GITHUB_ENV | |
| # | |
| # - if: ${{ inputs.environment == 'prod' }} | |
| # run: echo "SEMVER=skip" >> $GITHUB_ENV | |
| # | |
| # - if: ${{ github.ref_name != 'main' }} | |
| # run: echo "SEMVER=buildNumber" >> $GITHUB_ENV | |
| # | |
| # - if: ${{ inputs.skip_release }} | |
| # run: echo "SEMVER=skip" >> $GITHUB_ENV | |
| # | |
| # - id: get_semver | |
| # name: Set Output | |
| # run: echo "semver=${{env.SEMVER}}" >> $GITHUB_OUTPUT | |
| # | |
| # # Set Environment | |
| # - run: echo "ENVIRNOMENT=${{ inputs.environment}}" >> $GITHUB_ENV | |
| # | |
| # - if: ${{ inputs.environment == null }} | |
| # run: echo "ENVIRNOMENT=dev" >> $GITHUB_ENV | |
| # | |
| # - id: get_env | |
| # name: Set Output | |
| # run: echo "environment=${{env.ENVIRNOMENT}}" >> $GITHUB_OUTPUT | |
| # | |
| # | |
| # release: | |
| # name: Create a New Release | |
| # runs-on: ubuntu-latest | |
| # needs: [setup] | |
| # outputs: | |
| # version: ${{ steps.release.outputs.version }} | |
| # steps: | |
| # - name: Make Release | |
| # id: release | |
| # uses: pagopa/github-actions-template/maven-release@v1.5.4 | |
| # with: | |
| # semver: ${{ needs.setup.outputs.semver }} | |
| # github_token: ${{ secrets.BOT_TOKEN_GITHUB }} | |
| # beta: ${{ inputs.beta }} | |
| # skip_ci: false | |
| # | |
| # image: | |
| # needs: [ setup, release ] | |
| # name: Build and Push Docker Image | |
| # runs-on: ubuntu-latest | |
| # if: ${{ inputs.semver != 'skip' }} | |
| # steps: | |
| # # - name: Build and Push | |
| # # id: semver | |
| # # uses: pagopa/github-actions-template/ghcr-build-push@v1.5.4 | |
| # # with: | |
| # # branch: ${{ github.ref_name}} | |
| # # github_token: ${{ secrets.GITHUB_TOKEN }} | |
| # # tag: ${{ needs.release.outputs.version }} | |
| # - uses: actions/checkout@v3 | |
| # with: | |
| # ref: ${{ github.ref_name }} | |
| # | |
| # - name: Login to GitHub Container Registry | |
| # uses: docker/login-action@v2 | |
| # with: | |
| # registry: ghcr.io | |
| # username: ${{ github.actor }} | |
| # password: ${{ secrets.GITHUB_TOKEN }} | |
| # | |
| # - name: Docker meta | |
| # id: meta | |
| # uses: docker/metadata-action@v4.3.0 | |
| # with: | |
| # images: ghcr.io/${{ github.repository }} | |
| # tags: | | |
| # latest | |
| # ${{ needs.release.outputs.version }} | |
| # type=ref,event=branch | |
| # type=sha | |
| # | |
| # - name: Build and push | |
| # uses: docker/build-push-action@v4 | |
| # with: | |
| # context: . | |
| # push: true | |
| # tags: ${{ steps.meta.outputs.tags }} | |
| # labels: ${{ steps.meta.outputs.labels }} | |
| # secrets: | | |
| # GH_TOKEN=${{ secrets.READ_PACKAGES_TOKEN }} | |
| # | |
| # deploy_aks: | |
| # name: Deploy on AKS | |
| # needs: [ setup, release, image ] | |
| # if: ${{ always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') }} | |
| # strategy: | |
| # matrix: | |
| # environment: [ dev, uat, prod ] | |
| # uses: ./.github/workflows/deploy_with_github_runner.yml | |
| # with: | |
| # environment: ${{ matrix.environment }} | |
| # target: ${{ needs.setup.outputs.environment }} | |
| # secrets: inherit | |
| # | |
| # notify: | |
| # needs: [ setup, release, deploy_aks ] | |
| # runs-on: ubuntu-latest | |
| # name: Notify | |
| # if: always() | |
| # steps: | |
| # - name: Report Status | |
| # if: ${{ needs.setup.outputs.environment == 'prod' }} | |
| # uses: ravsamhq/notify-slack-action@v2 | |
| # with: | |
| # status: ${{ needs.deploy_aks.result }} | |
| # token: ${{ secrets.GITHUB_TOKEN }} | |
| # notification_title: 'New Release on Production ${{ needs.release.outputs.version }} has {status_message}' | |
| # message_format: '{emoji} <{run_url}|{workflow}> {status_message} in <{repo_url}|{repo}>' | |
| # footer: 'Linked to <{workflow_url}| workflow file>' | |
| # icon_success: ':white_check_mark:' | |
| # env: | |
| # SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} |