ci: add dispatch for infrastructure (#495) #105
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI/CD Main | |
on: | |
workflow_dispatch: | |
push: | |
branches: [main] | |
paths-ignore: | |
- "tests/k6/**" | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref_name }} | |
jobs: | |
generate-git-short-sha: | |
name: Generate git short sha | |
uses: ./.github/workflows/action-generate-git-short-sha.yml | |
check-for-changes: | |
name: Check for changes | |
uses: ./.github/workflows/action-check-for-changes.yml | |
build-and-test: | |
name: Build and test backend | |
uses: ./.github/workflows/action-build-and-test.yml | |
needs: [check-for-changes] | |
if: ${{ needs.check-for-changes.outputs.hasBackendChanges == 'true' }} | |
publish: | |
name: Build and publish docker images | |
uses: ./.github/workflows/action-publish.yml | |
needs: [generate-git-short-sha, check-for-changes, build-and-test] | |
if: ${{ always() && !failure() && !cancelled() && needs.check-for-changes.outputs.hasBackendChanges == 'true' }} | |
secrets: | |
GCR_PASSWORD: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
dockerImageBaseName: ghcr.io/digdir/dialogporten- | |
gitShortSha: ${{ needs.generate-git-short-sha.outputs.gitShortSha }} | |
deploy-infra-test: | |
name: Deploy infra to test | |
needs: [generate-git-short-sha, check-for-changes, publish] | |
if: ${{ always() && !failure() && !cancelled() && needs.check-for-changes.outputs.hasAzureChanges == 'true' }} | |
uses: ./.github/workflows/action-deploy-infra.yml | |
secrets: | |
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} | |
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} | |
AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
AZURE_SOURCE_KEY_VAULT_NAME: ${{ secrets.AZURE_SOURCE_KEY_VAULT_NAME }} | |
AZURE_SOURCE_KEY_VAULT_SUBSCRIPTION_ID: ${{ secrets.AZURE_SOURCE_KEY_VAULT_SUBSCRIPTION_ID }} | |
AZURE_SOURCE_KEY_VAULT_RESOURCE_GROUP: ${{ secrets.AZURE_SOURCE_KEY_VAULT_RESOURCE_GROUP }} | |
with: | |
environment: test | |
region: norwayeast | |
gitShortSha: ${{ needs.generate-git-short-sha.outputs.gitShortSha }} | |
deploy-apps-test: | |
name: Deploy apps to test | |
needs: [generate-git-short-sha, check-for-changes, deploy-infra-test] | |
if: ${{ always() && !failure() && !cancelled() && needs.check-for-changes.outputs.hasBackendChanges == 'true' }} | |
uses: ./.github/workflows/action-deploy-apps.yml | |
secrets: | |
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} | |
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} | |
AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
# todo: consider resolving these in another way since they are created in the infra-step | |
AZURE_RESOURCE_GROUP_NAME: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }} | |
AZURE_ADO_CONNECTION_STRING_SECRET_URI: ${{ secrets.AZURE_ADO_CONNECTION_STRING_SECRET_URI }} | |
AZURE_ENVIRONMENT_KEY_VAULT_NAME: ${{ secrets.AZURE_ENVIRONMENT_KEY_VAULT_NAME }} | |
AZURE_CONTAINER_APP_ENVIRONMENT_NAME: ${{ secrets.AZURE_CONTAINER_APP_ENVIRONMENT_NAME }} | |
AZURE_APP_INSIGHTS_CONNECTION_STRING: ${{ secrets.AZURE_APP_INSIGHTS_CONNECTION_STRING }} | |
AZURE_APP_CONFIGURATION_NAME: ${{ secrets.AZURE_APP_CONFIGURATION_NAME }} | |
with: | |
environment: test | |
region: norwayeast | |
gitShortSha: ${{ needs.generate-git-short-sha.outputs.gitShortSha }} | |
deploy-slack-notifier-test: | |
name: Deploy slack notifier (test) | |
needs: [check-for-changes, deploy-apps-test] | |
if: ${{ always() && !failure() && !cancelled() && needs.check-for-changes.outputs.hasSlackNotifierChanges == 'true' }} | |
uses: ./.github/workflows/action-deploy-function.yml | |
secrets: | |
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} | |
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} | |
AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
with: | |
function-app-name: "dp-be-test-slacknotifier-fa" | |
function-project-path: "./src/Digdir.Tool.Dialogporten.SlackNotifier" | |
environment: test | |
# todo: figure out a way to run this and skipping environment gates on dry-run | |
# might go for a solution such as this?: https://github.com/orgs/community/discussions/27600 | |
dry-run-deploy-infra-staging: | |
name: Deploy infra to staging (dry run) | |
needs: [generate-git-short-sha, check-for-changes, deploy-infra-test] | |
# todo: we want to figure out whether we have changes in the infra since last time we deployed to staging, not whether we have changes in the repo | |
# maybe use another trigger here? An action to create a tag, and then use that tag as a trigger for the staging deployment? | |
# or we could always try to run deployments in staging after review is approved...(!) | |
uses: ./.github/workflows/action-deploy-infra.yml | |
secrets: | |
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} | |
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} | |
AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
AZURE_SOURCE_KEY_VAULT_NAME: ${{ secrets.AZURE_SOURCE_KEY_VAULT_NAME }} | |
AZURE_SOURCE_KEY_VAULT_SUBSCRIPTION_ID: ${{ secrets.AZURE_SOURCE_KEY_VAULT_SUBSCRIPTION_ID }} | |
AZURE_SOURCE_KEY_VAULT_RESOURCE_GROUP: ${{ secrets.AZURE_SOURCE_KEY_VAULT_RESOURCE_GROUP }} | |
with: | |
environment: staging | |
region: norwayeast | |
dryRun: true | |
gitShortSha: ${{ needs.generate-git-short-sha.outputs.gitShortSha }} | |
deploy-infra-staging: | |
name: Deploy infra to staging | |
needs: | |
[generate-git-short-sha, check-for-changes, dry-run-deploy-infra-staging] | |
uses: ./.github/workflows/action-deploy-infra.yml | |
secrets: | |
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} | |
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} | |
AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
AZURE_SOURCE_KEY_VAULT_NAME: ${{ secrets.AZURE_SOURCE_KEY_VAULT_NAME }} | |
AZURE_SOURCE_KEY_VAULT_SUBSCRIPTION_ID: ${{ secrets.AZURE_SOURCE_KEY_VAULT_SUBSCRIPTION_ID }} | |
AZURE_SOURCE_KEY_VAULT_RESOURCE_GROUP: ${{ secrets.AZURE_SOURCE_KEY_VAULT_RESOURCE_GROUP }} | |
with: | |
environment: staging | |
region: norwayeast | |
gitShortSha: ${{ needs.generate-git-short-sha.outputs.gitShortSha }} | |
dry-run-deploy-apps-staging: | |
name: Deploy apps to staging (dry run) | |
needs: [generate-git-short-sha, check-for-changes, deploy-apps-test] | |
uses: ./.github/workflows/action-deploy-apps.yml | |
secrets: | |
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} | |
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} | |
AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
# todo: consider resolving these in another way since they are created in the infra-step | |
AZURE_RESOURCE_GROUP_NAME: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }} | |
AZURE_ADO_CONNECTION_STRING_SECRET_URI: ${{ secrets.AZURE_ADO_CONNECTION_STRING_SECRET_URI }} | |
AZURE_ENVIRONMENT_KEY_VAULT_NAME: ${{ secrets.AZURE_ENVIRONMENT_KEY_VAULT_NAME }} | |
AZURE_CONTAINER_APP_ENVIRONMENT_NAME: ${{ secrets.AZURE_CONTAINER_APP_ENVIRONMENT_NAME }} | |
AZURE_APP_INSIGHTS_CONNECTION_STRING: ${{ secrets.AZURE_APP_INSIGHTS_CONNECTION_STRING }} | |
AZURE_APP_CONFIGURATION_NAME: ${{ secrets.AZURE_APP_CONFIGURATION_NAME }} | |
with: | |
environment: staging | |
region: norwayeast | |
dryRun: true | |
gitShortSha: ${{ needs.generate-git-short-sha.outputs.gitShortSha }} | |
deploy-apps-staging: | |
name: Deploy apps to staging | |
needs: | |
[generate-git-short-sha, check-for-changes, dry-run-deploy-apps-staging] | |
uses: ./.github/workflows/action-deploy-apps.yml | |
secrets: | |
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} | |
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} | |
AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
# todo: consider resolving these in another way since they are created in the infra-step | |
AZURE_RESOURCE_GROUP_NAME: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }} | |
AZURE_ADO_CONNECTION_STRING_SECRET_URI: ${{ secrets.AZURE_ADO_CONNECTION_STRING_SECRET_URI }} | |
AZURE_ENVIRONMENT_KEY_VAULT_NAME: ${{ secrets.AZURE_ENVIRONMENT_KEY_VAULT_NAME }} | |
AZURE_CONTAINER_APP_ENVIRONMENT_NAME: ${{ secrets.AZURE_CONTAINER_APP_ENVIRONMENT_NAME }} | |
AZURE_APP_INSIGHTS_CONNECTION_STRING: ${{ secrets.AZURE_APP_INSIGHTS_CONNECTION_STRING }} | |
AZURE_APP_CONFIGURATION_NAME: ${{ secrets.AZURE_APP_CONFIGURATION_NAME }} | |
with: | |
environment: staging | |
region: norwayeast | |
gitShortSha: ${{ needs.generate-git-short-sha.outputs.gitShortSha }} |