Staged deploy to Test, Preprod, and Prod

feat: add trivy image scanning (#1030) #226

Workflow file for this run

.github/workflows/deploy-staged.yml at 4bff2de

	name: Staged deploy to Test, Preprod, and Prod

	on:
	push:
	branches: [main]

	jobs:
	code-tests:
	uses: "./.github/workflows/reusable-tests.yml"

	build:
	needs: code-tests
	uses: "./.github/workflows/reusable-build.yml"
	secrets:
	slack_alert_webhook: ${{ secrets.SLACK_ALERT_WEBHOOK }}

	deploy-test:
	uses: "./.github/workflows/reusable-push-and-deploy.yml"
	needs: build
	with:
	env: "test"
	secrets:
	kube_namespace: ${{ secrets.KUBE_NAMESPACE }}
	kube_cert: ${{ secrets.KUBE_CERT }}
	kube_cluster: ${{ secrets.KUBE_CLUSTER }}
	kube_token: ${{ secrets.KUBE_TOKEN }}
	ecr_role_to_assume: ${{ secrets.TEST_ECR_ROLE_TO_ASSUME }}
	secret_key: ${{ secrets.SECRET_KEY }}
	catalogue_token: ${{ secrets.CATALOGUE_TOKEN }}
	slack_alert_webhook: ${{ secrets.SLACK_ALERT_WEBHOOK }}
	azure_client_secret: ${{ secrets.AZURE_CLIENT_SECRET }}
	notify_api_key: ${{ secrets.NOTIFY_API_KEY }}

	deploy-preprod:
	uses: "./.github/workflows/reusable-push-and-deploy.yml"
	needs: deploy-test
	with:
	env: "preprod"
	secrets:
	kube_namespace: ${{ secrets.KUBE_NAMESPACE }}
	kube_cert: ${{ secrets.KUBE_CERT }}
	kube_cluster: ${{ secrets.KUBE_CLUSTER }}
	kube_token: ${{ secrets.KUBE_TOKEN }}
	ecr_role_to_assume: ${{ secrets.PREPROD_ECR_ROLE_TO_ASSUME }}
	secret_key: ${{ secrets.SECRET_KEY }}
	catalogue_token: ${{ secrets.CATALOGUE_TOKEN }}
	slack_alert_webhook: ${{ secrets.SLACK_ALERT_WEBHOOK }}
	azure_client_secret: ${{ secrets.AZURE_CLIENT_SECRET }}
	notify_api_key: ${{ secrets.NOTIFY_API_KEY }}

	notify-preprod-success:
	needs: deploy-preprod
	runs-on: ubuntu-latest
	steps:
	# Notify Slack - data-catalogue
	- uses: ravsamhq/notify-slack-action@v2
	with:
	status: Success
	notification_title: "Deployment Successful"
	message_format: ":rocket: <https://preprod.find-moj-data.service.justice.gov.uk/\|New Preproduction Deployment>"
	footer: "Linked Repo <${{github.server_url}}/${{github.repository}}\|${{github.repository}}> \| <${{github.server_url}}/${{github.repository}}/actions/runs/${{github.event.workflow_run.id}}\|View>"
	env:
	SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_DATA_CATALOGUE }}

	# Notify MS TEAMS - preprod deployment notifications
	- uses: jdcargile/ms-teams-notification@v1.4
	with:
	github-token: ${{ github.token }} # this will use the runner's token.
	ms-teams-webhook-uri: ${{ secrets.TEAMS_WEBHOOK_PREPROD_DEPLOYMENTS }}
	notification-summary: "Deployment Successful"
	notification-color: 17a2b8
	timezone: Europe/London
	verbose-logging: true

	deploy-prod:
	uses: "./.github/workflows/reusable-push-and-deploy.yml"
	needs: deploy-preprod
	with:
	env: "prod"
	secrets:
	kube_namespace: ${{ secrets.KUBE_NAMESPACE }}
	kube_cert: ${{ secrets.KUBE_CERT }}
	kube_cluster: ${{ secrets.KUBE_CLUSTER }}
	kube_token: ${{ secrets.KUBE_TOKEN }}
	ecr_role_to_assume: ${{ secrets.PROD_ECR_ROLE_TO_ASSUME }}
	secret_key: ${{ secrets.SECRET_KEY }}
	catalogue_token: ${{ secrets.CATALOGUE_TOKEN }}
	slack_alert_webhook: ${{ secrets.SLACK_ALERT_WEBHOOK }}
	azure_client_secret: ${{ secrets.AZURE_CLIENT_SECRET }}
	notify_api_key: ${{ secrets.NOTIFY_API_KEY }}

	post-deploy:
	name: "Post-deploy admin"
	needs: deploy-prod
	runs-on: ubuntu-latest
	env:
	GH_TOKEN: ${{ github.token }}
	steps:
	- name: Checkout repository
	uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # v4.1.4

	- name: Generate a draft release (to be published manually)
	run: gh release create --generate-notes --latest --draft ${{ github.sha }} --title "Release candidate"

	- name: Update last-deployed tag
	run: \|
	git tag -f last-deployed
	git push -f origin last-deployed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: add trivy image scanning (#1030) #226

Workflow file

feat: add trivy image scanning (#1030) #226

Jobs

Run details

Workflow file for this run