Release And Deploy #189
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release And Deploy | |
# Controls when the workflow will run | |
on: | |
pull_request: | |
types: [ closed ] | |
# Allows you to run this workflow manually from the Actions tab | |
workflow_dispatch: | |
inputs: | |
environment: | |
required: true | |
type: choice | |
description: Select the Environment | |
options: | |
- dev | |
- uat | |
- prod | |
beta: | |
required: false | |
type: boolean | |
description: deploy beta version on AKS | |
default: false | |
skip_release: | |
required: false | |
type: boolean | |
description: skip the release. Only deploy | |
default: false | |
permissions: | |
packages: write | |
contents: write | |
issues: write | |
id-token: write | |
actions: read | |
jobs: | |
create_runner: | |
name: Create Runner | |
runs-on: ubuntu-22.04 | |
environment: | |
name: ${{ inputs.environment }} | |
outputs: | |
runner_name: ${{ steps.create_github_runner.outputs.runner_name }} | |
steps: | |
- name: Create GitHub Runner | |
id: create_github_runner | |
# from https://github.com/pagopa/eng-github-actions-iac-template/tree/main/azure/github-self-hosted-runner-azure-create-action | |
uses: pagopa/eng-github-actions-iac-template/azure/github-self-hosted-runner-azure-create-action@main | |
with: | |
client_id: ${{ secrets.CD_CLIENT_ID }} | |
tenant_id: ${{ secrets.TENANT_ID }} | |
subscription_id: ${{ secrets.SUBSCRIPTION_ID }} | |
container_app_environment_name: ${{ vars.CONTAINER_APP_ENVIRONMENT_NAME }} | |
resource_group_name: ${{ vars.CONTAINER_APP_ENVIRONMENT_RESOURCE_GROUP_NAME }} # RG of the runner | |
pat_token: ${{ secrets.BOT_TOKEN_GITHUB }} | |
update_openapi: | |
needs: [ create_runner ] | |
runs-on: [ self-hosted, "${{ needs.create_runner.outputs.runner_name }}" ] | |
name: Update OpenAPI | |
environment: ${{ inputs.environment }} | |
steps: | |
- name: Checkout | |
id: checkout | |
# from https://github.com/actions/checkout/commits/main | |
uses: actions/checkout@1f9a0c22da41e6ebfa534300ef656657ea2c6707 | |
with: | |
persist-credentials: false | |
- name: Setup Terraform | |
# from https://github.com/hashicorp/setup-terraform/commits/main | |
uses: hashicorp/setup-terraform@8feba2b913ea459066180f9cb177f58a881cf146 | |
with: | |
terraform_version: "1.3.6" | |
- name: Login | |
id: login | |
# from https://github.com/Azure/login/commits/master | |
uses: azure/login@v2 | |
with: | |
client-id: "7812f4d1-a382-45e9-a116-4fd56fcd3622" | |
tenant-id: "7788edaf-0346-4068-9d79-c868aed15b3d" | |
subscription-id: "bbe47ad4-08b3-4925-94c5-1278e5819b86" | |
- name: Terraform Apply | |
shell: bash | |
run: | | |
cd ./infra | |
echo "🤔: ${{ env.ACTIONS_RUNTIME_TOKEN}}" | |
export ARM_OIDC_TOKEN=${{ env.ACTIONS_RUNTIME_TOKEN }} | |
export ARM_USE_OIDC=true | |
export ARM_CLIENT_ID="51641492-9772-4871-bb4b-9dbbc20d4221" | |
export ARM_SUBSCRIPTION_ID=$(az account show --query id --output tsv) | |
export ARM_TENANT_ID=$(az account show --query tenantId --output tsv) | |
bash ./terraform.sh apply weu-${{ inputs.environment }} -auto-approve | |
cleanup_runner: | |
name: Cleanup Runner | |
needs: [ create_runner, update_openapi ] | |
if: ${{ success() || failure() }} | |
runs-on: [ self-hosted, "${{ needs.create_runner.outputs.runner_name }}" ] | |
environment: ${{ inputs.environment }} | |
steps: | |
- name: Cleanup GitHub Runner | |
id: cleanup_github_runner | |
# from https://github.com/pagopa/eng-github-actions-iac-template/tree/main/azure/github-self-hosted-runner-azure-cleanup-action | |
uses: pagopa/eng-github-actions-iac-template/azure/github-self-hosted-runner-azure-cleanup-action@0ee2f58fd46d10ac7f00bce4304b98db3dbdbe9a | |
with: | |
client_id: ${{ secrets.CD_CLIENT_ID }} | |
tenant_id: ${{ secrets.TENANT_ID }} | |
subscription_id: ${{ secrets.SUBSCRIPTION_ID }} | |
resource_group_name: ${{ vars.CONTAINER_APP_ENVIRONMENT_RESOURCE_GROUP_NAME }} | |
runner_name: ${{ needs.create_runner.outputs.runner_name }} | |
pat_token: ${{ secrets.BOT_TOKEN_GITHUB }} | |
## A workflow run is made up of one or more jobs that can run sequentially or in parallel | |
#jobs: | |
# setup: | |
# name: Setup | |
# runs-on: ubuntu-latest | |
# outputs: | |
# semver: ${{ steps.get_semver.outputs.semver }} | |
# environment: ${{ steps.get_env.outputs.environment }} | |
# steps: | |
# - name: pull request rejected | |
# if: github.event_name == 'pull_request' && github.event.action == 'closed' && github.event.pull_request.merged != true | |
# run: | | |
# echo "❌ PR was closed without a merge" | |
# exit 1 | |
# | |
# # Set Semvar | |
# - run: echo "SEMVER=patch" >> $GITHUB_ENV | |
# | |
# - if: ${{ (github.event.pull_request.merged && contains(github.event.pull_request.labels.*.name, 'breaking-change')) }} | |
# run: echo "SEMVER=major" >> $GITHUB_ENV | |
# | |
# - if: ${{ inputs.environment == 'uat' }} | |
# run: echo "SEMVER=minor" >> $GITHUB_ENV | |
# | |
# - if: ${{ inputs.environment == 'prod' }} | |
# run: echo "SEMVER=skip" >> $GITHUB_ENV | |
# | |
# - if: ${{ github.ref_name != 'main' }} | |
# run: echo "SEMVER=buildNumber" >> $GITHUB_ENV | |
# | |
# - if: ${{ inputs.skip_release }} | |
# run: echo "SEMVER=skip" >> $GITHUB_ENV | |
# | |
# - id: get_semver | |
# name: Set Output | |
# run: echo "semver=${{env.SEMVER}}" >> $GITHUB_OUTPUT | |
# | |
# # Set Environment | |
# - run: echo "ENVIRNOMENT=${{ inputs.environment}}" >> $GITHUB_ENV | |
# | |
# - if: ${{ inputs.environment == null }} | |
# run: echo "ENVIRNOMENT=dev" >> $GITHUB_ENV | |
# | |
# - id: get_env | |
# name: Set Output | |
# run: echo "environment=${{env.ENVIRNOMENT}}" >> $GITHUB_OUTPUT | |
# | |
# | |
# release: | |
# name: Create a New Release | |
# runs-on: ubuntu-latest | |
# needs: [setup] | |
# outputs: | |
# version: ${{ steps.release.outputs.version }} | |
# steps: | |
# - name: Make Release | |
# id: release | |
# uses: pagopa/github-actions-template/maven-release@v1.5.4 | |
# with: | |
# semver: ${{ needs.setup.outputs.semver }} | |
# github_token: ${{ secrets.BOT_TOKEN_GITHUB }} | |
# beta: ${{ inputs.beta }} | |
# skip_ci: false | |
# | |
# image: | |
# needs: [ setup, release ] | |
# name: Build and Push Docker Image | |
# runs-on: ubuntu-latest | |
# if: ${{ inputs.semver != 'skip' }} | |
# steps: | |
# # - name: Build and Push | |
# # id: semver | |
# # uses: pagopa/github-actions-template/ghcr-build-push@v1.5.4 | |
# # with: | |
# # branch: ${{ github.ref_name}} | |
# # github_token: ${{ secrets.GITHUB_TOKEN }} | |
# # tag: ${{ needs.release.outputs.version }} | |
# - uses: actions/checkout@v3 | |
# with: | |
# ref: ${{ github.ref_name }} | |
# | |
# - name: Login to GitHub Container Registry | |
# uses: docker/login-action@v2 | |
# with: | |
# registry: ghcr.io | |
# username: ${{ github.actor }} | |
# password: ${{ secrets.GITHUB_TOKEN }} | |
# | |
# - name: Docker meta | |
# id: meta | |
# uses: docker/metadata-action@v4.3.0 | |
# with: | |
# images: ghcr.io/${{ github.repository }} | |
# tags: | | |
# latest | |
# ${{ needs.release.outputs.version }} | |
# type=ref,event=branch | |
# type=sha | |
# | |
# - name: Build and push | |
# uses: docker/build-push-action@v4 | |
# with: | |
# context: . | |
# push: true | |
# tags: ${{ steps.meta.outputs.tags }} | |
# labels: ${{ steps.meta.outputs.labels }} | |
# secrets: | | |
# GH_TOKEN=${{ secrets.READ_PACKAGES_TOKEN }} | |
# | |
# deploy_aks: | |
# name: Deploy on AKS | |
# needs: [ setup, release, image ] | |
# if: ${{ always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') }} | |
# strategy: | |
# matrix: | |
# environment: [ dev, uat, prod ] | |
# uses: ./.github/workflows/deploy_with_github_runner.yml | |
# with: | |
# environment: ${{ matrix.environment }} | |
# target: ${{ needs.setup.outputs.environment }} | |
# secrets: inherit | |
# | |
# notify: | |
# needs: [ setup, release, deploy_aks ] | |
# runs-on: ubuntu-latest | |
# name: Notify | |
# if: always() | |
# steps: | |
# - name: Report Status | |
# if: ${{ needs.setup.outputs.environment == 'prod' }} | |
# uses: ravsamhq/notify-slack-action@v2 | |
# with: | |
# status: ${{ needs.deploy_aks.result }} | |
# token: ${{ secrets.GITHUB_TOKEN }} | |
# notification_title: 'New Release on Production ${{ needs.release.outputs.version }} has {status_message}' | |
# message_format: '{emoji} <{run_url}|{workflow}> {status_message} in <{repo_url}|{repo}>' | |
# footer: 'Linked to <{workflow_url}| workflow file>' | |
# icon_success: ':white_check_mark:' | |
# env: | |
# SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} |