Skip to content

Commit

Permalink
Enable build and deploy from PR (#2531)
Browse files Browse the repository at this point in the history
  • Loading branch information
@vertism
vertism authored Dec 19, 2024
1 parent 2321467 commit 06fd8ca
Show file tree
Hide file tree
Showing 3 changed files with 91 additions and 209 deletions.
256 changes: 48 additions & 208 deletions .github/workflows/deploy.yml
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,15 @@
name: Deploy Workflow

on:
workflow_dispatch:
workflow_call:

env:
PREFIX: "ct-staff"
SHA: ${{ github.event.pull_request.head.sha || github.sha }}
KUBE_NAMESPACE: ${{ secrets.KUBE_NAMESPACE }}
KUBE_CERT: ${{ secrets.KUBE_CERT }}
KUBE_TOKEN: ${{ secrets.KUBE_TOKEN }}
KUBE_CLUSTER: ${{ secrets.KUBE_CLUSTER }}

concurrency:
group: deploy-${{ github.ref }}
Expand All @@ -16,6 +19,9 @@ jobs:
build:
runs-on: ubuntu-latest

outputs:
build_tag: ${{ steps.vars.outputs.build_tag }}

permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
Expand Down Expand Up @@ -56,7 +62,6 @@ jobs:
- name: Push to ECR
run: docker push ${{ vars.ECR_URL }}:$SHA


deploy-development:
runs-on: ubuntu-latest
needs: build
Expand All @@ -66,9 +71,6 @@ jobs:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout

env:
KUBE_NAMESPACE: ${{ secrets.KUBE_NAMESPACE }}

steps:
- name: Checkout
uses: actions/checkout@v4
Expand All @@ -83,25 +85,13 @@ jobs:
uses: aws-actions/amazon-ecr-login@v2
id: login-ec

- name: Store build tag
id: vars
run: |
branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}
short_sha=$(git rev-parse --short $SHA)
build_tag=$PREFIX-$branch-$short_sha
echo "build_tag=$build_tag" >> $GITHUB_OUTPUT
- name: Tag build and push to ECR
run: |
docker pull ${{ vars.ECR_URL }}:$SHA
docker tag ${{ vars.ECR_URL }}:$SHA ${{ vars.ECR_URL }}:development.latest
docker push ${{ vars.ECR_URL }}:development.latest
- name: Authenticate to the cluster
env:
KUBE_CERT: ${{ secrets.KUBE_CERT }}
KUBE_TOKEN: ${{ secrets.KUBE_TOKEN }}
KUBE_CLUSTER: ${{ secrets.KUBE_CLUSTER }}
run: |
echo "${KUBE_CERT}" > ca.crt
kubectl config set-cluster ${KUBE_CLUSTER} --certificate-authority=./ca.crt --server=https://${KUBE_CLUSTER}
Expand All @@ -127,35 +117,14 @@ jobs:
kubectl set image -n ${KUBE_NAMESPACE} cronjobs/close-expired-rejected-offender-sars \
jobs="${{ vars.ECR_URL }}:$SHA"
- name: Send deploy notification to product Slack channel
uses: slackapi/[email protected]
with:
payload: |
{
"attachments": [
{
"color": "#1d990c",
"text": "${{ github.actor }} deployed *${{ steps.vars.outputs.build_tag }}* to *Development*",
"fields": [
{
"title": "Project",
"value": "Correspondence Tool Staff",
"short": true
}
],
"actions": [
{
"text": "Visit Job",
"type": "button",
"url": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
}
]
}
]
}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
notify-development:
needs: [build, deploy-development]
uses: ./.github/workflows/notification.yml
secrets:
webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }}
with:
build_tag: ${{ needs.build.outputs.build_tag }}
environment: Development

deploy-staging:
runs-on: ubuntu-latest
Expand All @@ -166,9 +135,6 @@ jobs:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout

env:
KUBE_NAMESPACE: ${{ secrets.KUBE_NAMESPACE }}

steps:
- name: Checkout
uses: actions/checkout@v4
Expand All @@ -183,25 +149,13 @@ jobs:
uses: aws-actions/amazon-ecr-login@v2
id: login-ec

- name: Store build tag
id: vars
run: |
branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}
short_sha=$(git rev-parse --short $SHA)
build_tag=$PREFIX-$branch-$short_sha
echo "build_tag=$build_tag" >> $GITHUB_OUTPUT
- name: Tag build and push to ECR
run: |
docker pull ${{ vars.ECR_URL }}:$SHA
docker tag ${{ vars.ECR_URL }}:$SHA ${{ vars.ECR_URL }}:staging.latest
docker push ${{ vars.ECR_URL }}:staging.latest
- name: Authenticate to the cluster
env:
KUBE_CERT: ${{ secrets.KUBE_CERT }}
KUBE_TOKEN: ${{ secrets.KUBE_TOKEN }}
KUBE_CLUSTER: ${{ secrets.KUBE_CLUSTER }}
run: |
echo "${KUBE_CERT}" > ca.crt
kubectl config set-cluster ${KUBE_CLUSTER} --certificate-authority=./ca.crt --server=https://${KUBE_CLUSTER}
Expand All @@ -227,35 +181,14 @@ jobs:
kubectl set image -n ${KUBE_NAMESPACE} cronjobs/close-expired-rejected-offender-sars \
jobs="${{ vars.ECR_URL }}:$SHA"
- name: Send deploy notification to product Slack channel
uses: slackapi/[email protected]
with:
payload: |
{
"attachments": [
{
"color": "#1d990c",
"text": "${{ github.actor }} deployed *${{ steps.vars.outputs.build_tag }}* to *Staging*",
"fields": [
{
"title": "Project",
"value": "Correspondence Tool Staff",
"short": true
}
],
"actions": [
{
"text": "Visit Job",
"type": "button",
"url": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
}
]
}
]
}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
notify-staging:
needs: [build, deploy-staging]
uses: ./.github/workflows/notification.yml
secrets:
webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }}
with:
build_tag: ${{ needs.build.outputs.build_tag }}
environment: Staging

deploy-qa:
runs-on: ubuntu-latest
Expand All @@ -266,9 +199,6 @@ jobs:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout

env:
KUBE_NAMESPACE: ${{ secrets.KUBE_NAMESPACE }}

steps:
- name: Checkout
uses: actions/checkout@v4
Expand All @@ -283,25 +213,13 @@ jobs:
uses: aws-actions/amazon-ecr-login@v2
id: login-ec

- name: Store build tag
id: vars
run: |
branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}
short_sha=$(git rev-parse --short $SHA)
build_tag=$PREFIX-$branch-$short_sha
echo "build_tag=$build_tag" >> $GITHUB_OUTPUT
- name: Tag build and push to ECR
run: |
docker pull ${{ vars.ECR_URL }}:$SHA
docker tag ${{ vars.ECR_URL }}:$SHA ${{ vars.ECR_URL }}:qa.latest
docker push ${{ vars.ECR_URL }}:qa.latest
- name: Authenticate to the cluster
env:
KUBE_CERT: ${{ secrets.KUBE_CERT }}
KUBE_TOKEN: ${{ secrets.KUBE_TOKEN }}
KUBE_CLUSTER: ${{ secrets.KUBE_CLUSTER }}
run: |
echo "${KUBE_CERT}" > ca.crt
kubectl config set-cluster ${KUBE_CLUSTER} --certificate-authority=./ca.crt --server=https://${KUBE_CLUSTER}
Expand All @@ -327,35 +245,14 @@ jobs:
kubectl set image -n ${KUBE_NAMESPACE} cronjobs/close-expired-rejected-offender-sars \
jobs="${{ vars.ECR_URL }}:$SHA"
- name: Send deploy notification to product Slack channel
uses: slackapi/[email protected]
with:
payload: |
{
"attachments": [
{
"color": "#1d990c",
"text": "${{ github.actor }} deployed *${{ steps.vars.outputs.build_tag }}* to *QA*",
"fields": [
{
"title": "Project",
"value": "Correspondence Tool Staff",
"short": true
}
],
"actions": [
{
"text": "Visit Job",
"type": "button",
"url": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
}
]
}
]
}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
notify-qa:
needs: [build, deploy-qa]
uses: ./.github/workflows/notification.yml
secrets:
webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }}
with:
build_tag: ${{ needs.build.outputs.build_tag }}
environment: QA

deploy-production:
runs-on: ubuntu-latest
Expand All @@ -367,9 +264,6 @@ jobs:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout

env:
KUBE_NAMESPACE: ${{ secrets.KUBE_NAMESPACE }}

steps:
- name: Checkout
uses: actions/checkout@v4
Expand All @@ -384,25 +278,13 @@ jobs:
uses: aws-actions/amazon-ecr-login@v2
id: login-ec

- name: Store build tag
id: vars
run: |
branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}
short_sha=$(git rev-parse --short $SHA)
build_tag=$PREFIX-$branch-$short_sha
echo "build_tag=$build_tag" >> $GITHUB_OUTPUT
- name: Tag build and push to ECR
run: |
docker pull ${{ vars.ECR_URL }}:$SHA
docker tag ${{ vars.ECR_URL }}:$SHA ${{ vars.ECR_URL }}:production.latest
docker push ${{ vars.ECR_URL }}:production.latest
- name: Authenticate to the cluster
env:
KUBE_CERT: ${{ secrets.KUBE_CERT }}
KUBE_TOKEN: ${{ secrets.KUBE_TOKEN }}
KUBE_CLUSTER: ${{ secrets.KUBE_CLUSTER }}
run: |
echo "${KUBE_CERT}" > ca.crt
kubectl config set-cluster ${KUBE_CLUSTER} --certificate-authority=./ca.crt --server=https://${KUBE_CLUSTER}
Expand Down Expand Up @@ -431,62 +313,20 @@ jobs:
kubectl set image -n ${KUBE_NAMESPACE} cronjobs/email-status \
jobs="${{ vars.ECR_URL }}:$SHA"
- name: Send deploy notification to product Slack channel
uses: slackapi/[email protected]
with:
payload: |
{
"attachments": [
{
"color": "#1d990c",
"text": "${{ github.actor }} deployed *${{ steps.vars.outputs.build_tag }}* to *Production*",
"fields": [
{
"title": "Project",
"value": "Correspondence Tool Staff",
"short": true
}
],
"actions": [
{
"text": "Visit Job",
"type": "button",
"url": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
}
]
}
]
}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK

- name: Send deploy notification to cdpt production Slack channel
uses: slackapi/[email protected]
with:
payload: |
{
"attachments": [
{
"color": "#1d990c",
"text": "${{ github.actor }} deployed *${{ steps.vars.outputs.build_tag }}* to *Production*",
"fields": [
{
"title": "Project",
"value": "Correspondence Tool Staff",
"short": true
}
],
"actions": [
{
"text": "Visit Job",
"type": "button",
"url": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
}
]
}
]
}
env:
SLACK_WEBHOOK_URL: ${{ secrets.PROD_SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
notify-production:
needs: [build, deploy-production]
uses: ./.github/workflows/notification.yml
secrets:
webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }}
with:
build_tag: ${{ needs.build.outputs.build_tag }}
environment: Production

notify-production-2:
needs: [build, deploy-production]
uses: ./.github/workflows/notification.yml
secrets:
webhook_url: ${{ secrets.PROD_SLACK_WEBHOOK_URL }}
with:
build_tag: ${{ needs.build.outputs.build_tag }}
environment: Production
Loading

0 comments on commit 06fd8ca

Please sign in to comment.