Github actions WIF #5668
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and deploy to AKS cluster | |
on: | |
push: | |
branches: [main] | |
pull_request: | |
types: [labeled, opened, reopened, synchronize] | |
concurrency: deploy-${{ github.ref }} | |
permissions: | |
packages: write | |
pull-requests: write | |
id-token: write | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
outputs: | |
docker-image-tag: ${{ steps.build-image.outputs.tag }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Build and push docker image | |
id: build-image | |
uses: DFE-Digital/github-actions/build-docker-image@master | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
context: . | |
snyk-token: ${{ secrets.SNYK_TOKEN }} | |
deploy_review: | |
name: Deploy to review environment | |
concurrency: deploy_review_${{ github.event.pull_request.number }} | |
runs-on: ubuntu-latest | |
if: ${{ contains(github.event.pull_request.labels.*.name, 'deploy') }} | |
needs: [build] | |
environment: | |
name: review | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- uses: ./.github/actions/deploy-environment | |
id: deploy | |
with: | |
environment: review | |
docker-image: ${{ needs.build.outputs.docker-image-tag }} | |
pull-request-number: ${{ github.event.number }} | |
azure-client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
azure-subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
- name: Post comment to Pull Request ${{ github.event.number }} | |
if: ${{ github.event_name == 'pull_request' }} | |
uses: marocchino/sticky-pull-request-comment@v2 | |
with: | |
header: aks | |
message: | | |
### Deployments | |
| App | URL | | |
| ----------------- | ---------------------------------------------------------------------------------------- | | |
| Track & Pay | <https://track-and-pay-${{ github.event.number }}.test.teacherservices.cloud> | | |
| School Placements | <https://manage-school-placements-${{ github.event.number }}.test.teacherservices.cloud> | | |
deploy_nonprod: | |
name: Deploy to ${{ matrix.environment }} environment | |
runs-on: ubuntu-latest | |
if: github.ref == 'refs/heads/main' && github.event_name == 'push' | |
concurrency: deploy_${{ matrix.environment }} | |
needs: [build] | |
strategy: | |
max-parallel: 1 | |
matrix: | |
environment: [qa, staging, sandbox] ## add future nonprod environments here | |
environment: | |
name: ${{ matrix.environment }} | |
url: ${{ steps.deploy.outputs.environment_url }} | |
outputs: | |
environment_url: ${{ steps.deploy.outputs.environment_url }} | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- uses: azure/login@v2 | |
with: | |
client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
- name: Fetch secrets from key vault | |
uses: azure/CLI@v2 | |
id: keyvault-yaml-secret | |
with: | |
inlineScript: | | |
SLACK_WEBHOOK=$(az keyvault secret show --name "SLACK-WEBHOOK" --vault-name "${{ secrets.INF_KEY_VAULT }}" --query "value" -o tsv) | |
echo "::add-mask::$SLACK_WEBHOOK" | |
echo "SLACK_WEBHOOK=$SLACK_WEBHOOK" >> $GITHUB_OUTPUT | |
- uses: ./.github/actions/deploy-environment | |
id: deploy | |
with: | |
environment: ${{ matrix.environment }} | |
docker-image: ${{ needs.build.outputs.docker-image-tag }} | |
azure-credentials: ${{ secrets.AZURE_CREDENTIALS }} | |
- name: Slack Notification | |
if: failure() | |
uses: rtCamp/action-slack-notify@master | |
env: | |
SLACK_COLOR: ${{ env.SLACK_FAILURE }} | |
SLACK_TITLE: Failure deploying release to ${{ matrix.environment }} | |
SLACK_MESSAGE: Failure deploying release to ${{ matrix.environment }} - Docker tag ${{ needs.build.outputs.docker-image-tag }} | |
SLACK_WEBHOOK: ${{ steps.keyvault-yaml-secret.outputs.SLACK_WEBHOOK }} | |
deploy_prod: | |
name: Deploy to production environment | |
runs-on: ubuntu-latest | |
if: github.ref == 'refs/heads/main' && github.event_name == 'push' | |
concurrency: deploy_production | |
needs: [build, deploy_nonprod] | |
environment: | |
name: production | |
url: ${{ steps.deploy.outputs.environment_url }} | |
outputs: | |
environment_url: ${{ steps.deploy.outputs.environment_url }} | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- uses: azure/login@v2 | |
with: | |
creds: ${{ secrets.AZURE_CREDENTIALS }} | |
- name: Fetch secrets from key vault | |
uses: azure/CLI@v2 | |
id: keyvault-yaml-secret | |
with: | |
inlineScript: | | |
SLACK_WEBHOOK=$(az keyvault secret show --name "SLACK-WEBHOOK" --vault-name "${{ secrets.INF_KEY_VAULT }}" --query "value" -o tsv) | |
echo "::add-mask::$SLACK_WEBHOOK" | |
echo "SLACK_WEBHOOK=$SLACK_WEBHOOK" >> $GITHUB_OUTPUT | |
- uses: ./.github/actions/deploy-environment | |
id: deploy | |
with: | |
environment: production | |
docker-image: ${{ needs.build.outputs.docker-image-tag }} | |
azure-credentials: ${{ secrets.AZURE_CREDENTIALS }} | |
- name: Slack Notification | |
if: failure() | |
uses: rtCamp/action-slack-notify@master | |
env: | |
SLACK_COLOR: ${{ env.SLACK_FAILURE }} | |
SLACK_TITLE: Failure deploying release to production | |
SLACK_MESSAGE: Failure deploying release to production - Docker tag ${{ needs.build.outputs.docker-image-tag }} | |
SLACK_WEBHOOK: ${{ steps.keyvault-yaml-secret.outputs.SLACK_WEBHOOK }} |