chore: Add Microsoft secrets to Pulumiu infra (take 2) (#3644) #2433
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Pulumi (Deploy Staging) | |
on: | |
push: | |
branches: | |
- main | |
# When a concurrent job or workflow is queued, if another job or workflow using the same concurrency group in the repository is in progress, | |
# the queued job or workflow will be pending. Any previously pending job or workflow in the concurrency group will be canceled. | |
concurrency: staging_environment | |
env: | |
DEPLOYMENT_ENVIRONMENT: staging | |
jobs: | |
build_react: | |
name: Build React | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: ${{ vars.NODE_VERSION }} | |
# https://docs.github.com/en/free-pro-team@latest/actions/guides/caching-dependencies-to-speed-up-workflows#using-the-cache-action | |
- name: NPM cache | |
uses: actions/cache@v4 | |
env: | |
cache-name: cache-npm | |
with: | |
# npm cache files are stored in `~/.npm` on Linux/macOS | |
path: ~/.npm | |
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-build-${{ env.cache-name }}- | |
${{ runner.os }}-build- | |
${{ runner.os }}- | |
- name: PNPM cache | |
uses: actions/cache@v4 | |
env: | |
cache-name: cache-pnpm | |
with: | |
# pnpm cache files are stored in `~/.local/share/pnpm/store` on Linux | |
path: ~/.local/share/pnpm/store | |
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/pnpm-lock.yaml') }} | |
restore-keys: | | |
${{ runner.os }}-build-${{ env.cache-name }}- | |
${{ runner.os }}-build- | |
${{ runner.os }}- | |
- run: npm install -g pnpm@${{ vars.PNPM_VERSION }} | |
- name: Setup .gitconfig | |
run: mv .gitconfig ~/.gitconfig | |
- run: pnpm install --frozen-lockfile | |
working-directory: editor.planx.uk | |
- run: pnpm build | |
working-directory: editor.planx.uk | |
env: | |
VITE_APP_AIRBRAKE_PROJECT_ID: ${{ secrets.AIRBRAKE_PROJECT_ID }} | |
VITE_APP_AIRBRAKE_PROJECT_KEY: ${{ secrets.AIRBRAKE_PROJECT_KEY }} | |
VITE_APP_API_URL: https://api.editor.planx.dev | |
VITE_APP_ENV: staging | |
VITE_APP_HASURA_URL: https://hasura.editor.planx.dev/v1/graphql | |
VITE_APP_MAPBOX_ACCESS_TOKEN: ${{ secrets.MAPBOX_ACCESS_TOKEN }} | |
VITE_APP_HASURA_WEBSOCKET: wss://hasura.editor.planx.dev/v1/graphql | |
VITE_APP_SHAREDB_URL: wss://sharedb.editor.planx.dev | |
- name: Upload Build Artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: build | |
path: ./editor.planx.uk/build | |
if-no-files-found: error | |
preview: | |
name: Pulumi Up | |
needs: build_react | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: ${{ vars.NODE_VERSION }} | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-access-key-id: ${{ secrets.STAGING_AWS_ACCESS_KEY_ID }} | |
aws-region: eu-west-2 | |
aws-secret-access-key: ${{ secrets.STAGING_AWS_SECRET_ACCESS_KEY }} | |
- run: npm install -g pnpm@${{ vars.PNPM_VERSION }} | |
working-directory: infrastructure/application | |
- run: pnpm install --frozen-lockfile | |
working-directory: infrastructure/application | |
- name: Download Build Artifact | |
uses: actions/download-artifact@v4 | |
with: | |
name: build | |
path: ./editor.planx.uk/build | |
- uses: pulumi/actions@v5 | |
with: | |
command: up | |
stack-name: staging | |
work-dir: infrastructure/application | |
edit-pr-comment: true | |
env: | |
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} | |
notifications: | |
name: Notifications | |
needs: preview | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v4 | |
# Airbrake notification - https://airbrake.io/docs/features/deploy-tracking | |
- name: Notify Airbrake of deploy | |
id: airbrake-deploy | |
uses: mtchavez/airbrake-deploy@v1 | |
with: | |
project-id: ${{ secrets.AIRBRAKE_PROJECT_ID }} | |
project-key: ${{ secrets.AIRBRAKE_PROJECT_KEY }} | |
environment: ${{ env.DEPLOYMENT_ENVIRONMENT }} | |
repository: https://github.com${{ github.repo }} | |
revision: ${{ github.sha }} | |
user: ${{ github.actor }} | |
- name: Get Airbrake deploy response | |
run: echo "The response was ${{ steps.airbrake-deploy.outputs.response }}" | |
# Slack deployment notification | |
- name: Slack Notification | |
uses: rtCamp/action-slack-notify@v2 | |
env: | |
SLACK_USERNAME: PlanX Deploy | |
SLACK_COLOR: "#4F93E3" | |
SLACK_TITLE: ${{ env.DEPLOYMENT_ENVIRONMENT }} deploy | |
SLACK_WEBHOOK: ${{ secrets.SLACK_DEPLOYMENT_WEBHOOK }} | |
failure_notification: | |
name: Send failure notification | |
needs: preview | |
if: failure() | |
uses: ./.github/workflows/action-failure.yml | |
secrets: inherit | |
with: | |
environment: Staging |