Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for running "Deploy" GitHub workflow when GitHub pre-release/release is created #286

Closed
6 tasks done
Tracked by #282
angela-tran opened this issue Aug 8, 2023 · 4 comments · Fixed by #329
Closed
6 tasks done
Tracked by #282
Assignees
Labels
actions Related to GitHub Actions workflows

Comments

@angela-tran
Copy link
Member

angela-tran commented Aug 8, 2023

  • Update deploy.yml to check for pre-release/release events
  • Add step(s) to deploy.yml to run appropriate checks (run tests, etc.) if pre-release/release
  • Add logic to name the Docker tag appropriately when we see a GitHub pre-release/release
  • Create Docker tag with Git tag name too
  • Configure tag protections so that only benefits-admin team can push tags that trigger deployment (same sort of protection as what we have with branch protections for current deployment model)
  • Configure Required reviewers on GitHub deployment environments for test/prod to provide an additional opportunity to check that the deployment looks correct
@angela-tran angela-tran added this to the Tag-based deployment model milestone Aug 8, 2023
@thekaveman thekaveman added the actions Related to GitHub Actions workflows label Aug 16, 2023
@angela-tran angela-tran moved this from Todo to In Progress in Digital Services Sep 25, 2023
@angela-tran angela-tran self-assigned this Sep 25, 2023
@thekaveman thekaveman moved this from In Progress to Stretch in Digital Services Sep 29, 2023
@thekaveman thekaveman moved this from Stretch to Todo in Digital Services Oct 26, 2023
@angela-tran angela-tran linked a pull request Dec 4, 2023 that will close this issue
@angela-tran
Copy link
Member Author

  • Configure tag protections so that only benefits-admin team can push tags that trigger deployment (same sort of protection as what we have with branch protections for current deployment model)

While setting up tag protection, I noticed some UI for using repository rules instead:

image

image

Repository rules had their GA release in July 2023 and are more flexible than branch protection and tag protection.

I set up two repository rules to protect the creation/update/deletion of tags: one rule for pre-release tags and one for release tags. Anyone with read access to the repository can view these rules to help determine why their action was blocked.

Someone who is not on the rule's bypass list will see an error message when trying to do a protected action:

image

Someone who is on the bypass list will be able to bypass the protection:

image

@angela-tran
Copy link
Member Author

Because repository rules show you what your target pattern matches, I noticed that the glob pattern we're using for release tags in azure-pipelines.yml is too permissive - 20??.??.?* matches more than just release tags.

For the release-tag repository rule, I used a simpler pattern that is more strict about the end of the value.

I will create a new issue to update our trigger pattern in MST's pipeline and SBMTD's pipeline.

@angela-tran
Copy link
Member Author

  • Configure Required reviewers on GitHub deployment environments for test/prod to provide an additional opportunity to check that the deployment looks correct

I updated the deployment protection rules on our test and prod GitHub environments so they require a review from the benefits-admin team.

image

@angela-tran angela-tran moved this from Todo to In Progress in Digital Services Dec 4, 2023
@angela-tran
Copy link
Member Author

All tasks for this issue are done. We can close this ticket after we go over it in our dev workshop on Wednesday

@github-project-automation github-project-automation bot moved this from In Progress to Done in Digital Services Dec 20, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
actions Related to GitHub Actions workflows
Projects
Status: Done
Development

Successfully merging a pull request may close this issue.

2 participants