-
Notifications
You must be signed in to change notification settings - Fork 11
145 lines (138 loc) · 5.97 KB
/
app-build-and-deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
# This workflow will build a docker image, push it to ghcr.io, and deploy it to an Azure WebApp.
# v3.0.0 - This tag coordinates the other reusable parts of this workflow.
# * app-build-docker-image.yml
# * app-deploy-to-azure.yml
# * app-is-deployable.yml
name: Build and Deploy to prod service app
on:
workflow_call:
secrets:
AZURE_CREDENTIALS:
description: 'Service principal that has access to the Azure apps (dev and prod) - Defined in org action secrets'
required: true
AZURE_WEBAPP_PUBLISH_PROFILE:
description: 'Publish profile for the Azure WebApp being deployed - Defined in repo action secrets'
required: true
AZURE_SECONDARY_WEBAPP_PUBLISH_PROFILE:
description: 'Publish profile for a secondary Azure WebApp if being deployed - Defined in repo action secrets'
required: false
DEPLOY_TOKEN:
description: 'Token that is used to determine if the deployment is allowed - Defined in org action secrets'
required: true
PRODUCTION_DEPLOYERS:
description: 'Name of the team that defines who can deploy to production - Defined in org action secrets'
required: true
DOCKERHUB_TOKEN:
description: 'Token to be used if publishing image to dockerhub, input.docker-hub-username must also be provided'
required: false
inputs:
deploy-env:
description: 'environment to deploy (i.e. dev | prod)'
required: true
type: string
application-type:
description: 'application type (i.e. api | worker | ui) - used as a label on the Docker image'
required: true
type: string
azure-app-base-name:
description: 'Azure application name of webapp to deploy (i.e. clearlydefined-api | cdcrawler | clearlydefined)'
required: true
type: string
azure-app-name-postfix:
description: 'postfix to apply to the base name for the primary deploy site (e.g. -prod, -dev)'
required: true
type: string
secondary-azure-app-name-postfix:
description: 'postfix to apply to the base name for a secondary deploy site (e.g. -prod-europe, do not specify if no secondary site)'
type: string
default: ''
docker-build-args:
description: 'optionally pass in build args to the Docker build command (e.g. "MY_VAR=my_value")'
required: false
type: string
docker-hub-username:
description: 'optionally pass to publish image to docker-hub'
required: false
type: string
jobs:
determine-trigger:
name: Determine if this was triggered by a release or workflow_dispatch
runs-on: ubuntu-latest
outputs:
is-release: "${{ env.IS_RELEASE }}"
steps:
- name: Check if this was triggered by a release
id: release
run: |
echo "IS_RELEASE"=${{ github.event_name == 'release' }} >> $GITHUB_ENV
get-version:
name: Get version from package-lock.json
runs-on: ubuntu-latest
needs: determine-trigger
outputs:
version: "${{ env.VERSION }}"
steps:
- name: Download package-lock.json
uses: actions/download-artifact@v4
with:
name: package-lock.json
path: .
- name: Checkout this repo
uses: actions/[email protected]
with:
repository: 'clearlydefined/operations'
ref: 'v3.2.0'
path: 'operations'
- name: Get version from package-lock.json
id: get_version
shell: bash
run: |
script_log=$(./operations/scripts/app-workflows/get-version.sh \
"${{ inputs.deploy-env }}" \
"${{ needs.determine-trigger.outputs.is-release }}" \
"${{ github.event.release.tag_name }}" \
"${{ github.sha }}") || (echo "$script_log" && exit 1)
echo -e "---- script log\n$script_log\n----"; \
version=$(echo "$script_log" | tail -n 1)
echo "VERSION=$version" >> $GITHUB_ENV
build-and-publish-image:
name: Build and publish Docker image
needs: get-version
uses: ./.github/workflows/app-build-docker-image.yml
secrets:
DEPLOY_TOKEN: ${{ secrets.DEPLOY_TOKEN }}
PRODUCTION_DEPLOYERS: ${{ secrets.PRODUCTION_DEPLOYERS }}
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
with:
deploy-env: ${{ inputs.deploy-env }}
application-type: ${{ inputs.application-type }}
application-version: ${{ needs.get-version.outputs.version }}
build-args: ${{ inputs.docker-build-args }}
docker-hub-username: ${{ inputs.docker-hub-username }}
deploy-primary-app-to-azure:
name: Deploy to primary Azure app
needs: [get-version, build-and-publish-image]
uses: ./.github/workflows/app-deploy-to-azure.yml
secrets:
AZURE_WEBAPP_PUBLISH_PROFILE: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}
AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
DEPLOY_TOKEN: ${{ secrets.DEPLOY_TOKEN }}
PRODUCTION_DEPLOYERS: ${{ secrets.PRODUCTION_DEPLOYERS }}
with:
deploy-env: ${{ inputs.deploy-env }}
azure-webapp-name: ${{ inputs.azure-app-base-name }}${{ inputs.azure-app-name-postfix }}
image-name-with-tag: ${{ needs.build-and-publish-image.outputs.docker-image-name-with-tag }}
deploy-secondary-app-to-azure:
name: Deploy to secondary Azure app
if: ${{ inputs.secondary-azure-app-name-postfix != '' }}
needs: [get-version, build-and-publish-image]
uses: ./.github/workflows/app-deploy-to-azure.yml
secrets:
AZURE_WEBAPP_PUBLISH_PROFILE: ${{ secrets.AZURE_SECONDARY_WEBAPP_PUBLISH_PROFILE }}
AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
DEPLOY_TOKEN: ${{ secrets.DEPLOY_TOKEN }}
PRODUCTION_DEPLOYERS: ${{ secrets.PRODUCTION_DEPLOYERS }}
with:
deploy-env: ${{ inputs.deploy-env }}
azure-webapp-name: ${{ inputs.azure-app-base-name }}${{ inputs.secondary-azure-app-name-postfix }}
image-name-with-tag: ${{ needs.build-and-publish-image.outputs.docker-image-name-with-tag }}