[EC-150] Add pipelines for release (#397)

pagopa · Feb 6, 2024 · 0c9024d · 0c9024d
1 parent ba999fd
commit 0c9024d
Show file tree

Hide file tree

Showing 5 changed files with 172 additions and 31 deletions.
diff --git a/.github/workflows/call_release_ms.yml b/.github/workflows/call_release_ms.yml
@@ -0,0 +1,68 @@
+on:
+  workflow_call:
+    inputs:
+      environment:
+        type: string
+        required: true
+      tf_environment:
+        type: string
+        required: false
+
+env:
+  # DIR: "./infra/container_apps/onboarding-ms"
+  ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+  ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+  ARM_USE_OIDC: true
+  ARM_USE_AZUREAD: true
+  ARM_STORAGE_USE_AZUREAD: true
+
+jobs:
+
+  build:
+    name: 'Build Docker image'
+    runs-on: ubuntu-20.04
+    environment: ${{ inputs.environment }}-cd
+    permissions:
+      packages: write
+
+    steps:
+
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        name: Checkout
+
+      - name: Setup Docker buildx
+        uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Docker Meta
+        id: meta
+        uses: docker/metadata-action@dbef88086f6cef02e264edb7dbf63250c17cef6c # v5.5.0
+        with:
+          images: ghcr.io/${{ github.repository }}
+          tags: |
+            type=raw,value=latest,enable={{is_default_branch}}
+            type=ref,event=branch
+            type=sha
+          labels:
+            org.opencontainers.image.title=${{ github.repository }}
+            org.opencontainers.image.description=SelfCare core microservice
+            org.opencontainers.image.authors=PagoPA
+            org.opencontainers.image.url=github.com/pagopa/${{ github.repository }}
+            org.opencontainers.image.source=https://github.com/${{ github.repository }}
+
+      - name: Build and Push Image
+        uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
+        with:
+          context: .
+          file: ./Dockerfile
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=min
diff --git a/.github/workflows/pr_ms.yml b/.github/workflows/pr_ms.yml
@@ -10,23 +10,25 @@ on:
       - reopened
       - ready_for_review
     paths:
-      - '!./.devops/**'
-      - '!./.github/**'
-      - '!./.identity/**'
-      - '!./helm/**'
+      - '.github/workflows/pr_ms.yml'
+      - '.github/workflows/release_ms.yml'
+      - '.github/workflows/release_ms_pnpg.yml'
+      - '!.devops/**'
+      - '!.identity/**'
+      - '!helm/**'
       - '!**.md'
-      - '!./.**ignore'
-      - '!./infra/**'
-      - '!./.terraform-version'
-      - '!./CODEOWNERS'
+      - '!**ignore'
+      - '!infra/**'
+      - '!.terraform-version'
+      - '!CODEOWNERS'
 
 jobs:
 
   code_review:
     uses: ./.github/workflows/call_code_review.yml
     name: Core Code Review
     secrets: inherit
-    if: ${{ github.head_ref == 'main' || startsWith(github.head_ref, 'releases/') }}
+    if: github.base_ref == 'main'
     with:
       pr_number: ${{ github.event.pull_request.number }}
       source_branch: ${{ github.head_ref }}

diff --git a/.github/workflows/release_container_apps_infra.yml b/.github/workflows/release_container_apps_infra.yml
diff --git a/.github/workflows/release_ms.yml b/.github/workflows/release_ms.yml
@@ -0,0 +1,45 @@
+name: Deploy core ms
+
+on:
+  push:
+    branches:
+      - main
+      - releases/**
+    paths:
+      - '!./.devops/**'
+      - '!./.github/**'
+      - '!./.identity/**'
+      - '!./helm/**'
+      - '!**.md'
+      - '!./.**ignore'
+      - '!./infra/**'
+      - '!./.terraform-version'
+      - '!./CODEOWNERS'
+
+  workflow_dispatch:
+
+jobs:
+
+  release_dev:
+    uses: ./.github/workflows/call_release_ms.yml
+    name: '[Dev] Core ms Release'
+    if: github.ref_name == 'main'
+    secrets: inherit
+    with:
+      environment: dev
+
+  release_uat:
+    uses: ./.github/workflows/call_release_ms.yml
+    name: '[UAT] Core ms Release'
+    if: startsWith(github.ref_name, 'releases/')
+    secrets: inherit
+    with:
+      environment: uat
+
+  release_prod:
+    uses: ./.github/workflows/call_release_ms.yml
+    name: '[Prod] Core ms Release'
+    if: startsWith(github.ref_name, 'releases/')
+    secrets: inherit
+    with:
+      environment: prod
diff --git a/.github/workflows/release_ms_pnpg.yml b/.github/workflows/release_ms_pnpg.yml
@@ -0,0 +1,48 @@
+name: Deploy PNPG core ms
+
+on:
+  push:
+    branches:
+      - main
+      - releases/**
+    paths:
+      - '!./.devops/**'
+      - '!./.github/**'
+      - '!./.identity/**'
+      - '!./helm/**'
+      - '!**.md'
+      - '!./.**ignore'
+      - '!./infra/**'
+      - '!./.terraform-version'
+      - '!./CODEOWNERS'
+
+  workflow_dispatch:
+
+jobs:
+
+  release_dev:
+    uses: ./.github/workflows/call_release_ms.yml
+    name: '[Dev] Core ms Release'
+    if: github.ref_name == 'main'
+    secrets: inherit
+    with:
+      environment: dev
+      tf_environment: dev-pnpg
+
+  release_uat:
+    uses: ./.github/workflows/call_release_ms.yml
+    name: '[UAT] Core ms Release'
+    if: startsWith(github.ref_name, 'releases/')
+    secrets: inherit
+    with:
+      environment: uat
+      tf_environment: uat-pnpg
+
+  release_prod:
+    uses: ./.github/workflows/call_release_ms.yml
+    name: '[Prod] Core ms Release'
+    if: startsWith(github.ref_name, 'releases/')
+    secrets: inherit
+    with:
+      environment: prod
+      tf_environment: prod-pnpg