-
Notifications
You must be signed in to change notification settings - Fork 0
108 lines (97 loc) · 3.93 KB
/
deploy-staged.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
name: Staged deploy to Test, Preprod, and Prod
on:
push:
branches: [main]
jobs:
code-tests:
uses: "./.github/workflows/reusable-tests.yml"
build:
needs: code-tests
uses: "./.github/workflows/reusable-build.yml"
secrets:
slack_alert_webhook: ${{ secrets.SLACK_ALERT_WEBHOOK }}
deploy-test:
uses: "./.github/workflows/reusable-push-and-deploy.yml"
needs: build
with:
env: "test"
secrets:
kube_namespace: ${{ secrets.KUBE_NAMESPACE }}
kube_cert: ${{ secrets.KUBE_CERT }}
kube_cluster: ${{ secrets.KUBE_CLUSTER }}
kube_token: ${{ secrets.KUBE_TOKEN }}
ecr_role_to_assume: ${{ secrets.TEST_ECR_ROLE_TO_ASSUME }}
secret_key: ${{ secrets.SECRET_KEY }}
catalogue_token: ${{ secrets.CATALOGUE_TOKEN }}
slack_alert_webhook: ${{ secrets.SLACK_ALERT_WEBHOOK }}
azure_client_secret: ${{ secrets.AZURE_CLIENT_SECRET }}
notify_api_key: ${{ secrets.NOTIFY_API_KEY }}
deploy-preprod:
uses: "./.github/workflows/reusable-push-and-deploy.yml"
needs: deploy-test
with:
env: "preprod"
secrets:
kube_namespace: ${{ secrets.KUBE_NAMESPACE }}
kube_cert: ${{ secrets.KUBE_CERT }}
kube_cluster: ${{ secrets.KUBE_CLUSTER }}
kube_token: ${{ secrets.KUBE_TOKEN }}
ecr_role_to_assume: ${{ secrets.PREPROD_ECR_ROLE_TO_ASSUME }}
secret_key: ${{ secrets.SECRET_KEY }}
catalogue_token: ${{ secrets.CATALOGUE_TOKEN }}
slack_alert_webhook: ${{ secrets.SLACK_ALERT_WEBHOOK }}
azure_client_secret: ${{ secrets.AZURE_CLIENT_SECRET }}
notify_api_key: ${{ secrets.NOTIFY_API_KEY }}
notify-preprod-success:
needs: deploy-preprod
runs-on: ubuntu-latest
steps:
# Notify Slack - data-catalogue
- uses: ravsamhq/notify-slack-action@v2
with:
status: Success
notification_title: "Deployment Successful"
message_format: ":rocket: <https://preprod.find-moj-data.service.justice.gov.uk/|New Preproduction Deployment>"
footer: "Linked Repo <${{github.server_url}}/${{github.repository}}|${{github.repository}}> | <${{github.server_url}}/${{github.repository}}/actions/runs/${{github.event.workflow_run.id}}|View>"
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_DATA_CATALOGUE }}
# Notify MS TEAMS - preprod deployment notifications
- uses: jdcargile/[email protected]
with:
github-token: ${{ github.token }} # this will use the runner's token.
ms-teams-webhook-uri: ${{ secrets.TEAMS_WEBHOOK_PREPROD_DEPLOYMENTS }}
notification-summary: "Deployment Successful"
notification-color: 17a2b8
timezone: Europe/London
verbose-logging: true
deploy-prod:
uses: "./.github/workflows/reusable-push-and-deploy.yml"
needs: deploy-preprod
with:
env: "prod"
secrets:
kube_namespace: ${{ secrets.KUBE_NAMESPACE }}
kube_cert: ${{ secrets.KUBE_CERT }}
kube_cluster: ${{ secrets.KUBE_CLUSTER }}
kube_token: ${{ secrets.KUBE_TOKEN }}
ecr_role_to_assume: ${{ secrets.PROD_ECR_ROLE_TO_ASSUME }}
secret_key: ${{ secrets.SECRET_KEY }}
catalogue_token: ${{ secrets.CATALOGUE_TOKEN }}
slack_alert_webhook: ${{ secrets.SLACK_ALERT_WEBHOOK }}
azure_client_secret: ${{ secrets.AZURE_CLIENT_SECRET }}
notify_api_key: ${{ secrets.NOTIFY_API_KEY }}
post-deploy:
name: "Post-deploy admin"
needs: deploy-prod
runs-on: ubuntu-latest
env:
GH_TOKEN: ${{ github.token }}
steps:
- name: Checkout repository
uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # v4.1.4
- name: Generate a draft release (to be published manually)
run: gh release create --generate-notes --latest --draft ${{ github.sha }} --title "Release candidate"
- name: Update last-deployed tag
run: |
git tag -f last-deployed
git push -f origin last-deployed