-
Notifications
You must be signed in to change notification settings - Fork 2
138 lines (125 loc) · 5.47 KB
/
ci-cd-main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
name: CI/CD Main
on:
push:
branches:
- main
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.ref_name }}
permissions:
actions: read
contents: write
pull-requests: write
packages: write
id-token: write
security-events: write
pages: write
jobs:
release-please:
name: Release please
runs-on: ubuntu-latest
steps:
- uses: googleapis/release-please-action@v4
id: release
with:
token: ${{ secrets.RELEASE_PLEASE_PAT }}
release-type: node
generate-git-short-sha:
name: Generate git short sha
uses: ./.github/workflows/workflow-generate-git-short-sha.yml
get-current-version:
name: Get current version
uses: ./.github/workflows/workflow-get-current-version.yml
check-for-changes:
name: Check for changes
uses: ./.github/workflows/workflow-check-for-changes.yml
build-and-test:
uses: ./.github/workflows/workflow-build-and-test.yml
needs: [check-for-changes]
if: ${{ github.event_name == 'workflow_dispatch' || needs.check-for-changes.outputs.hasApplicationChanges == 'true' }}
with:
environment: test
docker-build-and-push:
name: Build and publish docker images
if: ${{ github.event_name == 'workflow_dispatch' || needs.check-for-changes.outputs.hasApplicationChanges == 'true' }}
uses: ./.github/workflows/workflow-docker-build-and-push.yml
needs:
[
check-for-changes,
generate-git-short-sha,
get-current-version,
build-and-test,
]
# todo: only run this if necessary (the appropriate files have changed)
secrets:
GCR_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
with:
dockerImageBaseName: ghcr.io/digdir/dialogporten-frontend-
version: ${{ needs.get-current-version.outputs.version }}-${{ needs.generate-git-short-sha.outputs.gitShortSha }}
deploy-documentation:
uses: ./.github/workflows/workflow-deploy-docs.yml
deploy-infrastructure:
uses: ./.github/workflows/workflow-deploy-infrastructure.yml
needs: [generate-git-short-sha, check-for-changes, get-current-version]
if: ${{ github.event_name == 'workflow_dispatch' || needs.check-for-changes.outputs.hasInfrastructureChanges == 'true' }}
secrets:
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
AZURE_SOURCE_KEY_VAULT_NAME: ${{ secrets.AZURE_SOURCE_KEY_VAULT_NAME }}
AZURE_SOURCE_KEY_VAULT_SUBSCRIPTION_ID: ${{ secrets.AZURE_SOURCE_KEY_VAULT_SUBSCRIPTION_ID }}
AZURE_SOURCE_KEY_VAULT_RESOURCE_GROUP: ${{ secrets.AZURE_SOURCE_KEY_VAULT_RESOURCE_GROUP }}
AZURE_CERTIFICATE_KEY_VAULT_NAME: ${{ secrets.AZURE_CERTIFICATE_KEY_VAULT_NAME }}
AZURE_SOURCE_KEY_VAULT_SSH_JUMPER_SSH_PUBLIC_KEY: ${{ secrets.AZURE_SOURCE_KEY_VAULT_SSH_JUMPER_SSH_PUBLIC_KEY }}
with:
environment: test
region: norwayeast
version: ${{ needs.get-current-version.outputs.version }}-${{ needs.generate-git-short-sha.outputs.gitShortSha }}
deploy-apps:
name: Deploy apps to test
needs:
[
get-current-version,
check-for-changes,
generate-git-short-sha,
docker-build-and-push,
deploy-infrastructure
]
# we want deployment of apps to be dependent on deployment of infrastructure, but if infrastructure is skipped, we still want to deploy the apps
if: ${{ always() && !failure() && !cancelled() && (github.event_name == 'workflow_dispatch' || needs.check-for-changes.outputs.hasApplicationChanges == 'true') }}
uses: ./.github/workflows/workflow-deploy-apps.yml
secrets:
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
# todo: consider resolving these in another way since they are created in the infra-step
AZURE_RESOURCE_GROUP_NAME: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }}
AZURE_ENVIRONMENT_KEY_VAULT_NAME: ${{ secrets.AZURE_ENVIRONMENT_KEY_VAULT_NAME }}
AZURE_CONTAINER_APP_ENVIRONMENT_NAME: ${{ secrets.AZURE_CONTAINER_APP_ENVIRONMENT_NAME }}
AZURE_APP_INSIGHTS_CONNECTION_STRING: ${{ secrets.AZURE_APP_INSIGHTS_CONNECTION_STRING }}
AZURE_APPLICATION_INSIGHTS_INSTRUMENTATION_KEY: ${{ secrets.AZURE_APPLICATION_INSIGHTS_INSTRUMENTATION_KEY }}
AZURE_APP_CONFIGURATION_NAME: ${{ secrets.AZURE_APP_CONFIGURATION_NAME }}
with:
environment: test
region: norwayeast
version: ${{ needs.get-current-version.outputs.version }}-${{ needs.generate-git-short-sha.outputs.gitShortSha }}
runMigration: ${{ github.event_name == 'workflow_dispatch' || needs.check-for-changes.outputs.hasMigrationChanges == 'true' }}
send-slack-message-on-failure:
name: Send Slack message on failure
needs: [
build-and-test,
docker-build-and-push,
deploy-infrastructure,
deploy-apps,
]
if: ${{ always() && failure() && !cancelled() }}
uses: ./.github/workflows/workflow-send-ci-cd-status-slack-message.yml
with:
environment: test
build_and_test_status: ${{ needs.build-and-test.result }}
docker_build_and_push_status: ${{ needs.docker-build-and-push.result }}
infra_status: ${{ needs.deploy-infrastructure.result }}
apps_status: ${{ needs.deploy-apps.result }}
secrets:
SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
SLACK_CHANNEL_ID: ${{ secrets.SLACK_CHANNEL_ID_FOR_CI_CD_STATUS }}