-
Notifications
You must be signed in to change notification settings - Fork 54
150 lines (146 loc) · 5.05 KB
/
deployStg.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
name: Deploy Stg
on:
push:
branches:
- main
# on:
# workflow_run:
# workflows: ["Deploy Test"]
# types:
# - completed
env:
DEPLOY_ENV: stg
NODE_VERSION: 18
concurrency:
group: stg-deploy
jobs:
build-docker:
# if: ${{ github.event.workflow_run.conclusion == 'success' }}
runs-on: ubuntu-latest
defaults:
run:
working-directory: ./backend
steps:
- uses: actions/checkout@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Login to ACR
run: docker login ${{ secrets.ACR_REPO_URL }} -u ${{ secrets.ACR_ADMIN_USERNAME }} -p ${{ secrets.ACR_ADMIN_PASWORD }}
- name: Build and push Docker images
run: ./build_and_push.sh
build-db-client-docker:
runs-on: ubuntu-latest
defaults:
run:
working-directory: ./ops/services/container_instances/db_client/image
steps:
- uses: actions/checkout@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Login to ACR
run: docker login ${{ secrets.ACR_REPO_URL }} -u ${{ secrets.ACR_ADMIN_USERNAME }} -p ${{ secrets.ACR_ADMIN_PASWORD }}
- name: Build and push Docker images
run: ./build_and_push.sh
prerelease-backend:
# if: ${{ github.event.workflow_run.conclusion == 'success' }}
runs-on: ubuntu-latest
needs: [build-docker, build-db-client-docker]
defaults:
run:
working-directory: ./ops
env: # all Azure interaction is through terraform
ARM_CLIENT_ID: ${{ secrets.TERRAFORM_ARM_CLIENT_ID }}
ARM_CLIENT_SECRET: ${{ secrets.TERRAFORM_ARM_CLIENT_SECRET }}
ARM_SUBSCRIPTION_ID: ${{ secrets.TERRAFORM_ARM_SUBSCRIPTION_ID }}
ARM_TENANT_ID: ${{ secrets.TERRAFORM_ARM_TENANT_ID }}
OKTA_API_TOKEN: ${{ secrets.OKTA_API_TOKEN }}
steps:
- uses: actions/checkout@v3
- uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- uses: hashicorp/setup-terraform@v2.0.3
with:
terraform_version: 1.3.3
- name: Build ReportStream function app
uses: ./.github/actions/build-reportstream-functions
with:
deploy-env: ${{env.DEPLOY_ENV}}
- name: Terraform Init
run: make init-${{ env.DEPLOY_ENV }}
- name: Terraform deploy (infrastructure and staging slot)
run: make deploy-${{ env.DEPLOY_ENV }}
- name: Wait for correct release to be deployed in staging slot
timeout-minutes: 5
run: make wait-for-${{ env.DEPLOY_ENV }}-slot-commit
- name: Wait for staging deploy to be ready
timeout-minutes: 1
run: make wait-for-${{ env.DEPLOY_ENV }}-slot-readiness
build-frontend:
# if: ${{ github.event.workflow_run.conclusion == 'success' }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3.7.0
with:
node-version: ${{env.NODE_VERSION}}
- name: Use cache for node_modules
uses: actions/cache@v3.3.1
with:
path: |
./frontend/node_modules
key: npm-${{env.NODE_VERSION}}-${{ hashFiles('frontend/yarn.lock', 'frontend/package.json') }}
- uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- uses: ./.github/actions/build-frontend
name: Build front-end application
with:
deploy-env: ${{env.DEPLOY_ENV}}
smarty-streets-key: ${{ secrets.SMARTY_STREETS_KEY }}
client-tarball: ./client.tgz
okta-enabled: true
okta-url: https://hhs-prime.okta.com
okta-client-id: 0oa62qncijWSeQMuc4h6
- name: Save compiled frontend application
uses: actions/upload-artifact@v3
if: success()
with:
name: frontend-tarball
path: client.tgz
retention-days: 1
deploy:
# if: ${{ github.event.workflow_run.conclusion == 'success' }}
runs-on: ubuntu-latest
environment:
name: Staging
url: https://stg.simplereport.gov
needs: [build-frontend, prerelease-backend]
steps:
- uses: actions/checkout@v3
- uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Retrieve frontend build
uses: actions/download-artifact@v3
with:
name: frontend-tarball
- name: Promote and deploy
uses: ./.github/actions/deploy-application
with:
client-tarball: client.tgz
deploy-env: ${{env.DEPLOY_ENV}}
slack_alert:
runs-on: ubuntu-latest
if: failure()
needs: [deploy]
steps:
- uses: actions/checkout@v3
- name: Send alert to Slack
uses: ./.github/actions/slack-message
with:
username: ${{ github.actor }}
description: |
:siren-gif: Deploy to ${{ env.DEPLOY_ENV }} failed. ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} :siren-gif:
webhook_url: ${{ secrets.SR_ALERTS_SLACK_WEBHOOK_URL }}
user_map: $${{ secrets.SR_ALERTS_GITHUB_SLACK_MAP }}