-
Notifications
You must be signed in to change notification settings - Fork 3
170 lines (157 loc) · 8.1 KB
/
ci-cd-prod.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
name: CI/CD Production
on:
workflow_dispatch:
push:
tags:
- "v*.*.*"
concurrency:
group: ${{ github.workflow }}-${{ github.ref_name }}
jobs:
get-versions-from-github:
name: Get Latest Deployed Version Info from GitHub
uses: ./.github/workflows/workflow-get-latest-deployed-version-info-from-github.yml
with:
environment: prod
secrets:
GH_TOKEN: ${{ secrets.RELEASE_VERSION_STORAGE_PAT }}
check-for-changes:
name: Check for changes
needs: [get-versions-from-github]
uses: ./.github/workflows/workflow-check-for-changes.yml
with:
infra_base_sha: ${{ needs.get-versions-from-github.outputs.infra_version_sha }}
apps_base_sha: ${{ needs.get-versions-from-github.outputs.apps_version_sha }}
get-current-version:
name: Get current version
uses: ./.github/workflows/workflow-get-current-version.yml
dry-run-deploy-infra:
name: Dry run deploy infra to prod
if: ${{ github.event_name == 'workflow_dispatch' || needs.check-for-changes.outputs.hasInfraChanges == 'true' }}
needs: [get-current-version, check-for-changes]
uses: ./.github/workflows/workflow-deploy-infra.yml
secrets:
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
AZURE_SOURCE_KEY_VAULT_NAME: ${{ secrets.AZURE_SOURCE_KEY_VAULT_NAME }}
AZURE_SOURCE_KEY_VAULT_SUBSCRIPTION_ID: ${{ secrets.AZURE_SOURCE_KEY_VAULT_SUBSCRIPTION_ID }}
AZURE_SOURCE_KEY_VAULT_RESOURCE_GROUP: ${{ secrets.AZURE_SOURCE_KEY_VAULT_RESOURCE_GROUP }}
AZURE_SOURCE_KEY_VAULT_SSH_JUMPER_SSH_PUBLIC_KEY: ${{ secrets.AZURE_SOURCE_KEY_VAULT_SSH_JUMPER_SSH_PUBLIC_KEY }}
with:
environment: prod
region: norwayeast
version: ${{ needs.get-current-version.outputs.version }}
dryRun: true
deploy-infra:
name: Deploy infra to prod
if: ${{ github.event_name == 'workflow_dispatch' || needs.check-for-changes.outputs.hasInfraChanges == 'true' }}
needs: [get-current-version, check-for-changes, dry-run-deploy-infra]
uses: ./.github/workflows/workflow-deploy-infra.yml
secrets:
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
AZURE_SOURCE_KEY_VAULT_NAME: ${{ secrets.AZURE_SOURCE_KEY_VAULT_NAME }}
AZURE_SOURCE_KEY_VAULT_SUBSCRIPTION_ID: ${{ secrets.AZURE_SOURCE_KEY_VAULT_SUBSCRIPTION_ID }}
AZURE_SOURCE_KEY_VAULT_RESOURCE_GROUP: ${{ secrets.AZURE_SOURCE_KEY_VAULT_RESOURCE_GROUP }}
AZURE_SOURCE_KEY_VAULT_SSH_JUMPER_SSH_PUBLIC_KEY: ${{ secrets.AZURE_SOURCE_KEY_VAULT_SSH_JUMPER_SSH_PUBLIC_KEY }}
with:
environment: prod
region: norwayeast
version: ${{ needs.get-current-version.outputs.version }}
store-infra-version:
name: Store Latest Deployed Infra Version as GitHub Variable
needs: [deploy-infra, get-current-version]
if: ${{ needs.deploy-infra.result == 'success' }}
uses: ./.github/workflows/workflow-store-github-env-variable.yml
with:
variable_name: LATEST_DEPLOYED_INFRA_VERSION
variable_value: ${{ needs.get-current-version.outputs.version }}
environment: prod
secrets:
GH_TOKEN: ${{ secrets.RELEASE_VERSION_STORAGE_PAT }}
dry-run-deploy-apps:
name: Dry run deploy apps to prod
needs:
[get-current-version, check-for-changes, deploy-infra]
# we want deployment of apps to be dependent on deployment of infrastructure, but if infrastructure is skipped, we still want to dry-run deploy the apps
if: ${{ always() && !failure() && !cancelled() && (github.event_name == 'workflow_dispatch' || needs.check-for-changes.outputs.hasBackendChanges == 'true') }}
uses: ./.github/workflows/workflow-deploy-apps.yml
secrets:
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
# todo: consider resolving these in another way since they are created in the infra-step
AZURE_RESOURCE_GROUP_NAME: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }}
AZURE_ENVIRONMENT_KEY_VAULT_NAME: ${{ secrets.AZURE_ENVIRONMENT_KEY_VAULT_NAME }}
AZURE_CONTAINER_APP_ENVIRONMENT_NAME: ${{ secrets.AZURE_CONTAINER_APP_ENVIRONMENT_NAME }}
AZURE_APP_INSIGHTS_CONNECTION_STRING: ${{ secrets.AZURE_APP_INSIGHTS_CONNECTION_STRING }}
AZURE_APP_CONFIGURATION_NAME: ${{ secrets.AZURE_APP_CONFIGURATION_NAME }}
AZURE_SERVICE_BUS_NAMESPACE_NAME: ${{ secrets.AZURE_SERVICE_BUS_NAMESPACE_NAME }}
with:
environment: prod
region: norwayeast
version: ${{ needs.get-current-version.outputs.version }}
dryRun: true
runMigration: ${{ github.event_name == 'workflow_dispatch' || needs.check-for-changes.outputs.hasMigrationChanges == 'true' }}
deploy-apps:
name: Deploy apps to prod
needs:
[get-current-version, check-for-changes, dry-run-deploy-apps]
if: ${{ github.event_name == 'workflow_dispatch' || needs.check-for-changes.outputs.hasBackendChanges == 'true' }}
uses: ./.github/workflows/workflow-deploy-apps.yml
secrets:
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
# todo: consider resolving these in another way since they are created in the infra-step
AZURE_RESOURCE_GROUP_NAME: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }}
AZURE_ENVIRONMENT_KEY_VAULT_NAME: ${{ secrets.AZURE_ENVIRONMENT_KEY_VAULT_NAME }}
AZURE_CONTAINER_APP_ENVIRONMENT_NAME: ${{ secrets.AZURE_CONTAINER_APP_ENVIRONMENT_NAME }}
AZURE_APP_INSIGHTS_CONNECTION_STRING: ${{ secrets.AZURE_APP_INSIGHTS_CONNECTION_STRING }}
AZURE_APP_CONFIGURATION_NAME: ${{ secrets.AZURE_APP_CONFIGURATION_NAME }}
AZURE_SERVICE_BUS_NAMESPACE_NAME: ${{ secrets.AZURE_SERVICE_BUS_NAMESPACE_NAME }}
with:
environment: prod
region: norwayeast
version: ${{ needs.get-current-version.outputs.version }}
runMigration: ${{ github.event_name == 'workflow_dispatch' || needs.check-for-changes.outputs.hasMigrationChanges == 'true' }}
store-apps-version:
name: Store Latest Deployed Apps Version as GitHub Variable
needs: [deploy-apps, get-current-version]
if: ${{ always() && !failure() && !cancelled() && (github.event_name == 'workflow_dispatch' || needs.deploy-apps.outputs.deployment_executed == 'true') }}
uses: ./.github/workflows/workflow-store-github-env-variable.yml
with:
variable_name: LATEST_DEPLOYED_APPS_VERSION
variable_value: ${{ needs.get-current-version.outputs.version }}
environment: prod
secrets:
GH_TOKEN: ${{ secrets.RELEASE_VERSION_STORAGE_PAT }}
# run-e2e-tests:
# name: "Run K6 functional end-to-end tests"
# # we want the end-to-end tests to be dependent on deployment of infrastructure and apps, but if infrastructure is skipped, we still want to run the tests
# if: ${{ always() && !failure() && !cancelled() && (github.event_name == 'workflow_dispatch' || needs.check-for-changes.outputs.hasBackendChanges == 'true') }}
# needs: [deploy-apps, check-for-changes]
# uses: ./.github/workflows/workflow-run-k6-tests.yml
# secrets:
# TOKEN_GENERATOR_USERNAME: ${{ secrets.TOKEN_GENERATOR_USERNAME }}
# TOKEN_GENERATOR_PASSWORD: ${{ secrets.TOKEN_GENERATOR_PASSWORD }}
# with:
# environment: prod
# apiVersion: v1
# testSuitePath: tests/k6/suites/all-single-pass.js
# permissions:
# checks: write
# pull-requests: write
send-slack-message-on-failure:
name: Send Slack message on failure
needs: [deploy-infra, deploy-apps]
if: ${{ always() && failure() && !cancelled() }}
uses: ./.github/workflows/workflow-send-ci-cd-status-slack-message.yml
with:
environment: prod
infra_status: ${{ needs.deploy-infra.result }}
apps_status: ${{ needs.deploy-apps.result }}
secrets:
SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
SLACK_CHANNEL_ID: ${{ secrets.SLACK_CHANNEL_ID_FOR_CI_CD_STATUS }}