-
Notifications
You must be signed in to change notification settings - Fork 1
140 lines (127 loc) · 4.25 KB
/
workflow-path-to-live.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
name: "[Workflow] Path to Live"
concurrency:
group: ${{ github.ref }}-${{ github.workflow }}
defaults:
run:
shell: bash
on:
push:
branches:
- main
permissions:
actions: read
checks: read
contents: write
deployments: none
issues: none
packages: none
pull-requests: write
repository-projects: none
security-events: write
statuses: none
jobs:
branch_name:
runs-on: ubuntu-latest
name: Extract branch name
outputs:
raw_branch: ${{ steps.extract_branch.outputs.branch_raw }}
formatted_branch: ${{ steps.extract_branch.outputs.branch_formatted }}
steps:
- name: extract branch
shell: bash
run: |
echo "branch_raw=main" >> $GITHUB_OUTPUT
echo "branch_formatted=main" >> $GITHUB_OUTPUT
id: extract_branch
create_tags:
name: Create Tags
needs: ['branch_name']
uses: ./.github/workflows/sub-task-tags.yml
with:
branch_name: ${{ needs.branch_name.outputs.formatted_branch }}
secrets:
source_github_token: ${{ secrets.GITHUB_TOKEN }}
docker_build_scan_push:
name: Build, Scan and Push
needs: [ 'create_tags', 'branch_name' ]
uses: ./.github/workflows/sub-task-docker-build.yml
with:
tag: main-${{ needs.create_tags.outputs.version_tag }}
branch_name: ${{ needs.branch_name.outputs.formatted_branch }}
secrets:
aws_access_key_id_actions: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }}
aws_secret_access_key_actions: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }}
development_environment_apply:
name: Development Environment Terraform Plan
needs: [
'create_tags',
'docker_build_scan_push'
]
uses: ./.github/workflows/sub-task-terraform.yml
with:
terraform_path: 'terraform/environment'
image_tag: main-${{ needs.create_tags.outputs.version_tag }}
workspace: development
secrets:
aws_access_key_id_actions: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }}
aws_secret_access_key_actions: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }}
preproduction_environment_apply:
name: Preproduction Environment Terraform Plan and Apply
needs: [
'development_environment_apply',
'create_tags'
]
uses: ./.github/workflows/sub-task-terraform.yml
with:
terraform_path: 'terraform/environment'
image_tag: main-${{ needs.create_tags.outputs.version_tag }}
workspace: preproduction
secrets:
aws_access_key_id_actions: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }}
aws_secret_access_key_actions: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }}
preproduction_integration_tests:
name: Integration tests against preproduction
needs: [
'preproduction_environment_apply'
]
uses: ./.github/workflows/sub-task-integration-tests.yml
with:
workspace: 'preproduction'
secrets:
aws_access_key_id_actions: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }}
aws_secret_access_key_actions: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }}
production_environment_apply:
name: Production Environment Terraform Plan and Apply
needs: [
'preproduction_integration_tests',
'create_tags'
]
uses: ./.github/workflows/sub-task-terraform.yml
with:
terraform_path: 'terraform/environment'
image_tag: main-${{ needs.create_tags.outputs.version_tag }}
workspace: production
secrets:
aws_access_key_id_actions: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }}
aws_secret_access_key_actions: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }}
integration_environment_apply:
name: Integration Environment Terraform Plan and Apply
needs: [
'production_environment_apply',
'create_tags'
]
uses: ./.github/workflows/sub-task-terraform.yml
with:
terraform_path: 'terraform/environment'
image_tag: main-${{ needs.create_tags.outputs.version_tag }}
workspace: integration
secrets:
aws_access_key_id_actions: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }}
aws_secret_access_key_actions: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }}
workflow_complete:
name: Workflow Complete
needs: ['production_environment_apply']
runs-on: ubuntu-latest
steps:
- name: Completion message
run: echo "Workflow Complete - Released to Live"