-
Notifications
You must be signed in to change notification settings - Fork 3
168 lines (156 loc) · 7.75 KB
/
ci-cd-main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
name: CI/CD Main
on:
workflow_dispatch:
push:
branches: [main]
paths-ignore:
- "tests/k6/**"
jobs:
generate-git-short-sha:
name: Generate git short sha
uses: ./.github/workflows/action-generate-git-short-sha.yml
check-for-changes:
name: Check for changes
uses: ./.github/workflows/action-check-for-changes.yml
build-and-test:
name: Build and test backend
uses: ./.github/workflows/action-build-and-test.yml
needs: [check-for-changes]
if: ${{ needs.check-for-changes.outputs.hasBackendChanges == 'true' }}
publish:
name: Build and publish docker images
uses: ./.github/workflows/action-publish.yml
needs: [generate-git-short-sha, check-for-changes, build-and-test]
if: ${{ always() && needs.check-for-changes.outputs.hasBackendChanges == 'true' }}
secrets:
GCR_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
with:
dockerImageBaseName: ghcr.io/digdir/dialogporten-
gitShortSha: ${{ needs.generate-git-short-sha.outputs.gitShortSha }}
deploy-infra-test:
name: Deploy infra to test
needs: [generate-git-short-sha, check-for-changes, publish]
if: ${{ always() && needs.check-for-changes.outputs.hasAzureChanges == 'true' }}
uses: ./.github/workflows/action-deploy-infra.yml
secrets:
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
AZURE_SOURCE_KEY_VAULT_NAME: ${{ secrets.AZURE_SOURCE_KEY_VAULT_NAME }}
AZURE_SOURCE_KEY_VAULT_SUBSCRIPTION_ID: ${{ secrets.AZURE_SOURCE_KEY_VAULT_SUBSCRIPTION_ID }}
AZURE_SOURCE_KEY_VAULT_RESOURCE_GROUP: ${{ secrets.AZURE_SOURCE_KEY_VAULT_RESOURCE_GROUP }}
with:
environment: test
region: norwayeast
gitShortSha: ${{ needs.generate-git-short-sha.outputs.gitShortSha }}
deploy-apps-test:
name: Deploy apps to test
needs: [generate-git-short-sha, check-for-changes, deploy-infra-test]
if: ${{ always() && needs.check-for-changes.outputs.hasBackendChanges == 'true' }}
uses: ./.github/workflows/action-deploy-apps.yml
secrets:
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
# todo: consider resolving these in another way since they are created in the infra-step
AZURE_RESOURCE_GROUP_NAME: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }}
AZURE_ADO_CONNECTION_STRING_SECRET_URI: ${{ secrets.AZURE_ADO_CONNECTION_STRING_SECRET_URI }}
AZURE_ENVIRONMENT_KEY_VAULT_NAME: ${{ secrets.AZURE_ENVIRONMENT_KEY_VAULT_NAME }}
AZURE_CONTAINER_APP_ENVIRONMENT_ID: ${{ secrets.AZURE_CONTAINER_APP_ENVIRONMENT_ID }}
AZURE_APP_INSIGHTS_CONNECTION_STRING: ${{ secrets.AZURE_APP_INSIGHTS_CONNECTION_STRING }}
AZURE_APP_CONFIGURATION_NAME: ${{ secrets.AZURE_APP_CONFIGURATION_NAME }}
with:
environment: test
region: norwayeast
gitShortSha: ${{ needs.generate-git-short-sha.outputs.gitShortSha }}
deploy-slack-notifier-test:
name: Deploy slack notifier (test)
needs: [check-for-changes, deploy-apps-test]
if: ${{ always() && needs.check-for-changes.outputs.hasSlackNotifierChanges == 'true' }}
uses: ./.github/workflows/action-deploy-function.yml
secrets:
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
with:
function-app-name: "dp-be-test-slacknotifier-fa"
function-project-path: "./src/Digdir.Tool.Dialogporten.SlackNotifier"
environment: test
# todo: figure out a way to run this and skipping environment gates on dry-run
# might go for a solution such as this?: https://github.com/orgs/community/discussions/27600
dry-run-deploy-infra-staging:
name: Deploy infra to staging (dry run)
needs: [generate-git-short-sha, check-for-changes, deploy-infra-test]
# todo: remove once we want to roll out staging. Also, we need to use something other than the check-for-changes here..
# we want to figure out whether we have changes in the infra since last time we deployed to staging, not whether we have changes in the repo
# maybe use another trigger here? An action to create a tag, and then use that tag as a trigger for the staging deployment?
# or we could always try to run deployments in staging after review is approved...(!)
if: false
# if: ${{ always() && needs.check-for-changes.outputs.hasAzureChanges == 'true' }}
uses: ./.github/workflows/action-deploy-infra.yml
secrets:
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
AZURE_SOURCE_KEY_VAULT_NAME: ${{ secrets.AZURE_SOURCE_KEY_VAULT_NAME }}
AZURE_SOURCE_KEY_VAULT_SUBSCRIPTION_ID: ${{ secrets.AZURE_SOURCE_KEY_VAULT_SUBSCRIPTION_ID }}
AZURE_SOURCE_KEY_VAULT_RESOURCE_GROUP: ${{ secrets.AZURE_SOURCE_KEY_VAULT_RESOURCE_GROUP }}
with:
environment: staging
region: norwayeast
dryRun: true
gitShortSha: ${{ needs.generate-git-short-sha.outputs.gitShortSha }}
deploy-infra-staging:
name: Deploy infra to staging
needs:
[generate-git-short-sha, check-for-changes, dry-run-deploy-infra-staging]
# todo: remove once we want to roll out staging
if: false
uses: ./.github/workflows/action-deploy-infra.yml
secrets:
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
AZURE_SOURCE_KEY_VAULT_NAME: ${{ secrets.AZURE_SOURCE_KEY_VAULT_NAME }}
AZURE_SOURCE_KEY_VAULT_SUBSCRIPTION_ID: ${{ secrets.AZURE_SOURCE_KEY_VAULT_SUBSCRIPTION_ID }}
AZURE_SOURCE_KEY_VAULT_RESOURCE_GROUP: ${{ secrets.AZURE_SOURCE_KEY_VAULT_RESOURCE_GROUP }}
with:
environment: staging
region: norwayeast
gitShortSha: ${{ needs.generate-git-short-sha.outputs.gitShortSha }}
dry-run-deploy-apps-staging:
name: Deploy apps to staging (dryrun)
needs: [generate-git-short-sha, check-for-changes, deploy-infra-staging]
# todo: remove once we want to roll out staging
if: false
uses: ./.github/workflows/action-deploy-infra.yml
secrets:
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
AZURE_SOURCE_KEY_VAULT_NAME: ${{ secrets.AZURE_SOURCE_KEY_VAULT_NAME }}
AZURE_SOURCE_KEY_VAULT_SUBSCRIPTION_ID: ${{ secrets.AZURE_SOURCE_KEY_VAULT_SUBSCRIPTION_ID }}
AZURE_SOURCE_KEY_VAULT_RESOURCE_GROUP: ${{ secrets.AZURE_SOURCE_KEY_VAULT_RESOURCE_GROUP }}
with:
environment: staging
region: norwayeast
dryRun: true
gitShortSha: ${{ needs.generate-git-short-sha.outputs.gitShortSha }}
deploy-apps-staging:
name: Deploy apps to staging (dryrun)
needs:
[generate-git-short-sha, check-for-changes, dry-run-deploy-apps-staging]
uses: ./.github/workflows/action-deploy-infra.yml
# todo: remove once we want to roll out staging
if: false
secrets:
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
AZURE_SOURCE_KEY_VAULT_NAME: ${{ secrets.AZURE_SOURCE_KEY_VAULT_NAME }}
AZURE_SOURCE_KEY_VAULT_SUBSCRIPTION_ID: ${{ secrets.AZURE_SOURCE_KEY_VAULT_SUBSCRIPTION_ID }}
AZURE_SOURCE_KEY_VAULT_RESOURCE_GROUP: ${{ secrets.AZURE_SOURCE_KEY_VAULT_RESOURCE_GROUP }}
with:
environment: staging
region: norwayeast
gitShortSha: ${{ needs.generate-git-short-sha.outputs.gitShortSha }}