SSB environment promotion workflow

[mogul]

User Story

In order to avoid disrupting production applications, we want new deployments of the SSB to be tested in a staging space before the production deployment is replaced.

Acceptance Criteria

[ACs should be clearly demoable/verifiable whenever possible. Try specifying them using BDD.]

• GIVEN I am logged into cloud.gov
  AND I run cf t -o gsa-datagov -s management-staging
  WHEN I run cf marketplace
  THEN I see services for a broker called ssb-staging
• GIVEN I am logged into github.com
  AND I visit the Actions tab on the GSA/datagov-ssb repo
  WHEN I visit the most recent workflow run on main
  THEN I see that the production deployment depends on a staging deployment and tests being successful

Background

[Any helpful contextual notes or links to artifacts/evidence, if needed]

Security Considerations (required)

This change will reduce the potential of introducing insecure or unstable brokered services into view of client spaces (such as data.gov's production space). It will also enable us to make the production deployment fully "hands-off"; any manual tinkering can be limited to the management-staging space.

Sketch

[Notes or a checklist reflecting our understanding of the selected approach]

Aaron and Bret scheduled out the jobs involved in the workflow: