Skip to content

Release And Deploy #189

Release And Deploy

Release And Deploy #189

name: Release And Deploy
# Controls when the workflow will run
on:
pull_request:
types: [ closed ]
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
inputs:
environment:
required: true
type: choice
description: Select the Environment
options:
- dev
- uat
- prod
beta:
required: false
type: boolean
description: deploy beta version on AKS
default: false
skip_release:
required: false
type: boolean
description: skip the release. Only deploy
default: false
permissions:
packages: write
contents: write
issues: write
id-token: write
actions: read
jobs:
create_runner:
name: Create Runner
runs-on: ubuntu-22.04
environment:
name: ${{ inputs.environment }}
outputs:
runner_name: ${{ steps.create_github_runner.outputs.runner_name }}
steps:
- name: Create GitHub Runner
id: create_github_runner
# from https://github.com/pagopa/eng-github-actions-iac-template/tree/main/azure/github-self-hosted-runner-azure-create-action
uses: pagopa/eng-github-actions-iac-template/azure/github-self-hosted-runner-azure-create-action@main
with:
client_id: ${{ secrets.CD_CLIENT_ID }}
tenant_id: ${{ secrets.TENANT_ID }}
subscription_id: ${{ secrets.SUBSCRIPTION_ID }}
container_app_environment_name: ${{ vars.CONTAINER_APP_ENVIRONMENT_NAME }}
resource_group_name: ${{ vars.CONTAINER_APP_ENVIRONMENT_RESOURCE_GROUP_NAME }} # RG of the runner
pat_token: ${{ secrets.BOT_TOKEN_GITHUB }}
update_openapi:
needs: [ create_runner ]
runs-on: [ self-hosted, "${{ needs.create_runner.outputs.runner_name }}" ]
name: Update OpenAPI
environment: ${{ inputs.environment }}
steps:
- name: Checkout
id: checkout
# from https://github.com/actions/checkout/commits/main
uses: actions/checkout@1f9a0c22da41e6ebfa534300ef656657ea2c6707
with:
persist-credentials: false
- name: Setup Terraform
# from https://github.com/hashicorp/setup-terraform/commits/main
uses: hashicorp/setup-terraform@8feba2b913ea459066180f9cb177f58a881cf146
with:
terraform_version: "1.3.6"
- name: Login
id: login
# from https://github.com/Azure/login/commits/master
uses: azure/login@v2
with:
client-id: "7812f4d1-a382-45e9-a116-4fd56fcd3622"
tenant-id: "7788edaf-0346-4068-9d79-c868aed15b3d"
subscription-id: "bbe47ad4-08b3-4925-94c5-1278e5819b86"
- name: Terraform Apply
shell: bash
run: |
cd ./infra
echo "🤔: ${{ env.ACTIONS_RUNTIME_TOKEN}}"
export ARM_OIDC_TOKEN=${{ env.ACTIONS_RUNTIME_TOKEN }}
export ARM_USE_OIDC=true
export ARM_CLIENT_ID="51641492-9772-4871-bb4b-9dbbc20d4221"
export ARM_SUBSCRIPTION_ID=$(az account show --query id --output tsv)
export ARM_TENANT_ID=$(az account show --query tenantId --output tsv)
bash ./terraform.sh apply weu-${{ inputs.environment }} -auto-approve
cleanup_runner:
name: Cleanup Runner
needs: [ create_runner, update_openapi ]
if: ${{ success() || failure() }}
runs-on: [ self-hosted, "${{ needs.create_runner.outputs.runner_name }}" ]
environment: ${{ inputs.environment }}
steps:
- name: Cleanup GitHub Runner
id: cleanup_github_runner
# from https://github.com/pagopa/eng-github-actions-iac-template/tree/main/azure/github-self-hosted-runner-azure-cleanup-action
uses: pagopa/eng-github-actions-iac-template/azure/github-self-hosted-runner-azure-cleanup-action@0ee2f58fd46d10ac7f00bce4304b98db3dbdbe9a
with:
client_id: ${{ secrets.CD_CLIENT_ID }}
tenant_id: ${{ secrets.TENANT_ID }}
subscription_id: ${{ secrets.SUBSCRIPTION_ID }}
resource_group_name: ${{ vars.CONTAINER_APP_ENVIRONMENT_RESOURCE_GROUP_NAME }}
runner_name: ${{ needs.create_runner.outputs.runner_name }}
pat_token: ${{ secrets.BOT_TOKEN_GITHUB }}
## A workflow run is made up of one or more jobs that can run sequentially or in parallel
#jobs:
# setup:
# name: Setup
# runs-on: ubuntu-latest
# outputs:
# semver: ${{ steps.get_semver.outputs.semver }}
# environment: ${{ steps.get_env.outputs.environment }}
# steps:
# - name: pull request rejected
# if: github.event_name == 'pull_request' && github.event.action == 'closed' && github.event.pull_request.merged != true
# run: |
# echo "❌ PR was closed without a merge"
# exit 1
#
# # Set Semvar
# - run: echo "SEMVER=patch" >> $GITHUB_ENV
#
# - if: ${{ (github.event.pull_request.merged && contains(github.event.pull_request.labels.*.name, 'breaking-change')) }}
# run: echo "SEMVER=major" >> $GITHUB_ENV
#
# - if: ${{ inputs.environment == 'uat' }}
# run: echo "SEMVER=minor" >> $GITHUB_ENV
#
# - if: ${{ inputs.environment == 'prod' }}
# run: echo "SEMVER=skip" >> $GITHUB_ENV
#
# - if: ${{ github.ref_name != 'main' }}
# run: echo "SEMVER=buildNumber" >> $GITHUB_ENV
#
# - if: ${{ inputs.skip_release }}
# run: echo "SEMVER=skip" >> $GITHUB_ENV
#
# - id: get_semver
# name: Set Output
# run: echo "semver=${{env.SEMVER}}" >> $GITHUB_OUTPUT
#
# # Set Environment
# - run: echo "ENVIRNOMENT=${{ inputs.environment}}" >> $GITHUB_ENV
#
# - if: ${{ inputs.environment == null }}
# run: echo "ENVIRNOMENT=dev" >> $GITHUB_ENV
#
# - id: get_env
# name: Set Output
# run: echo "environment=${{env.ENVIRNOMENT}}" >> $GITHUB_OUTPUT
#
#
# release:
# name: Create a New Release
# runs-on: ubuntu-latest
# needs: [setup]
# outputs:
# version: ${{ steps.release.outputs.version }}
# steps:
# - name: Make Release
# id: release
# uses: pagopa/github-actions-template/maven-release@v1.5.4
# with:
# semver: ${{ needs.setup.outputs.semver }}
# github_token: ${{ secrets.BOT_TOKEN_GITHUB }}
# beta: ${{ inputs.beta }}
# skip_ci: false
#
# image:
# needs: [ setup, release ]
# name: Build and Push Docker Image
# runs-on: ubuntu-latest
# if: ${{ inputs.semver != 'skip' }}
# steps:
# # - name: Build and Push
# # id: semver
# # uses: pagopa/github-actions-template/ghcr-build-push@v1.5.4
# # with:
# # branch: ${{ github.ref_name}}
# # github_token: ${{ secrets.GITHUB_TOKEN }}
# # tag: ${{ needs.release.outputs.version }}
# - uses: actions/checkout@v3
# with:
# ref: ${{ github.ref_name }}
#
# - name: Login to GitHub Container Registry
# uses: docker/login-action@v2
# with:
# registry: ghcr.io
# username: ${{ github.actor }}
# password: ${{ secrets.GITHUB_TOKEN }}
#
# - name: Docker meta
# id: meta
# uses: docker/metadata-action@v4.3.0
# with:
# images: ghcr.io/${{ github.repository }}
# tags: |
# latest
# ${{ needs.release.outputs.version }}
# type=ref,event=branch
# type=sha
#
# - name: Build and push
# uses: docker/build-push-action@v4
# with:
# context: .
# push: true
# tags: ${{ steps.meta.outputs.tags }}
# labels: ${{ steps.meta.outputs.labels }}
# secrets: |
# GH_TOKEN=${{ secrets.READ_PACKAGES_TOKEN }}
#
# deploy_aks:
# name: Deploy on AKS
# needs: [ setup, release, image ]
# if: ${{ always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') }}
# strategy:
# matrix:
# environment: [ dev, uat, prod ]
# uses: ./.github/workflows/deploy_with_github_runner.yml
# with:
# environment: ${{ matrix.environment }}
# target: ${{ needs.setup.outputs.environment }}
# secrets: inherit
#
# notify:
# needs: [ setup, release, deploy_aks ]
# runs-on: ubuntu-latest
# name: Notify
# if: always()
# steps:
# - name: Report Status
# if: ${{ needs.setup.outputs.environment == 'prod' }}
# uses: ravsamhq/notify-slack-action@v2
# with:
# status: ${{ needs.deploy_aks.result }}
# token: ${{ secrets.GITHUB_TOKEN }}
# notification_title: 'New Release on Production ${{ needs.release.outputs.version }} has {status_message}'
# message_format: '{emoji} <{run_url}|{workflow}> {status_message} in <{repo_url}|{repo}>'
# footer: 'Linked to <{workflow_url}| workflow file>'
# icon_success: ':white_check_mark:'
# env:
# SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}