-
Notifications
You must be signed in to change notification settings - Fork 1
130 lines (112 loc) · 4.13 KB
/
deploy-cluster.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
name: Deploy Cluster
on:
push:
branches:
- main
pull_request:
branches:
- main
types:
- labeled
- synchronize
- reopened
- opened
- converted_to_draft
workflow_dispatch:
jobs:
validate-terraform:
name: Validate Terraform
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Validate cluster/terraform_aks_cluster
uses: ./.github/actions/validate-terraform
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
terraform_root_folder: cluster/terraform_aks_cluster
- name: Validate cluster/terraform_kubernetes
uses: ./.github/actions/validate-terraform
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
terraform_root_folder: cluster/terraform_kubernetes
- name: Validate custom_domains/terraform/infrastructure
uses: ./.github/actions/validate-terraform
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
terraform_root_folder: custom_domains/terraform/infrastructure
- name: Validate templates/new_service/terraform/application
uses: ./.github/actions/validate-terraform
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
terraform_root_folder: templates/new_service/terraform/application
terrafile_environment: development
- name: Validate templates/new_service/terraform/domains/infrastructure
uses: ./.github/actions/validate-terraform
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
terraform_root_folder: templates/new_service/terraform/domains/infrastructure
terrafile_environment: zones
- name: Validate templates/new_service/terraform/domains/environment_domains
uses: ./.github/actions/validate-terraform
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
terraform_root_folder: templates/new_service/terraform/domains/environment_domains
terrafile_environment: development
deploy:
name: Deploy Cluster
if: github.ref == 'refs/heads/main'
concurrency: deploy_${{ matrix.environment }}
environment:
name: ${{ matrix.environment }}
needs: [validate-terraform]
runs-on: ubuntu-latest
strategy:
max-parallel: 1
matrix:
environment: [platform-test, test, production]
steps:
- uses: actions/checkout@v3
- uses: ./.github/actions/deploy-environment
with:
azure_credentials: ${{ secrets.AZURE_CREDENTIALS }}
environment_name: ${{ matrix.environment }}
update-domains:
name: Update DNS domains
if: github.ref == 'refs/heads/main'
concurrency: update_domains_${{ matrix.environment }}
environment:
name: ${{ matrix.environment }}
needs: [deploy]
runs-on: ubuntu-latest
strategy:
max-parallel: 1
matrix:
environment: [dev-domain, prod-domain]
steps:
- uses: actions/checkout@v3
- uses: hashicorp/setup-terraform@v2
with:
terraform_version: 1.3.1
terraform_wrapper: false
- name: Mask ARM variables
shell: pwsh
run: |
$AZURE_CREDENTIALS_JSON = '${{secrets.AZURE_CREDENTIALS}}'
$ARM_CLIENT_ID = ( $AZURE_CREDENTIALS_JSON | ConvertFrom-Json ).clientId
Write-Output "::add-mask::$ARM_CLIENT_ID"
"ARM_CLIENT_ID=$ARM_CLIENT_ID" >> $env:GITHUB_ENV
$ARM_CLIENT_SECRET = ( $AZURE_CREDENTIALS_JSON | ConvertFrom-Json ).clientSecret
Write-Output "::add-mask::$ARM_CLIENT_SECRET"
"ARM_CLIENT_SECRET=$ARM_CLIENT_SECRET" >> $env:GITHUB_ENV
$ARM_SUBSCRIPTION_ID = ( $AZURE_CREDENTIALS_JSON | ConvertFrom-Json ).subscriptionId
Write-Output "::add-mask::$ARM_SUBSCRIPTION_ID"
"ARM_SUBSCRIPTION_ID=$ARM_SUBSCRIPTION_ID" >> $env:GITHUB_ENV
$ARM_TENANT_ID = ( $AZURE_CREDENTIALS_JSON | ConvertFrom-Json ).tenantId
Write-Output "::add-mask::$ARM_TENANT_ID"
"ARM_TENANT_ID=$ARM_TENANT_ID" >> $env:GITHUB_ENV
- name: Update DNS in ${{ matrix.environment }}
run: |
make ci ${{ matrix.environment }} domains-infra-apply
shell: bash
env:
TF_VAR_azure_sp_credentials_json: ${{ secrets.AZURE_CREDENTIALS }}