-
Notifications
You must be signed in to change notification settings - Fork 2
134 lines (123 loc) · 5.45 KB
/
ci-cd-prod.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
# Deploys the specified version to production
name: CI/CD Production
run-name: CI/CD Production ${{ inputs.version && format('({0})', inputs.version) || '' }}
on:
workflow_dispatch:
inputs:
version:
required: true
type: string
concurrency:
group: ${{ github.workflow }}-${{ github.ref_name }}
jobs:
check-if-version-exists:
name: Check if version exists
runs-on: ubuntu-latest
steps:
- name: Check if tag exists
run: |
if ! gh api repos/${{ github.repository }}/git/refs/tags/v${{ inputs.version }} &>/dev/null; then
echo "::error::Version ${{ inputs.version }} does not exist as a tag"
exit 1
fi
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
get-versions-from-github:
name: Get Latest Deployed Version Info from GitHub
needs: [check-if-version-exists]
uses: ./.github/workflows/workflow-get-latest-deployed-version-info-from-github.yml
with:
environment: prod
secrets:
GH_TOKEN: ${{ secrets.RELEASE_VERSION_STORAGE_PAT }}
check-for-changes:
name: Check for changes
needs: [get-versions-from-github]
uses: ./.github/workflows/workflow-check-for-changes.yml
with:
infra_base_sha: ${{ needs.get-versions-from-github.outputs.infra_base_sha }}
apps_base_sha: ${{ needs.get-versions-from-github.outputs.apps_base_sha }}
deploy-infrastructure:
name: Deploy infrastructure to prod
uses: ./.github/workflows/workflow-deploy-infrastructure.yml
needs: [check-for-changes]
if: ${{ needs.check-for-changes.outputs.hasInfrastructureChanges == 'true' }}
secrets:
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
AZURE_SOURCE_KEY_VAULT_NAME: ${{ secrets.AZURE_SOURCE_KEY_VAULT_NAME }}
AZURE_SOURCE_KEY_VAULT_SUBSCRIPTION_ID: ${{ secrets.AZURE_SOURCE_KEY_VAULT_SUBSCRIPTION_ID }}
AZURE_SOURCE_KEY_VAULT_RESOURCE_GROUP: ${{ secrets.AZURE_SOURCE_KEY_VAULT_RESOURCE_GROUP }}
AZURE_CERTIFICATE_KEY_VAULT_NAME: ${{ secrets.AZURE_CERTIFICATE_KEY_VAULT_NAME }}
AZURE_SOURCE_KEY_VAULT_SSH_JUMPER_SSH_PUBLIC_KEY: ${{ secrets.AZURE_SOURCE_KEY_VAULT_SSH_JUMPER_SSH_PUBLIC_KEY }}
APPLICATION_GATEWAY_WHITELISTED_IPS: ${{ secrets.APPLICATION_GATEWAY_WHITELISTED_IPS }}
with:
environment: prod
region: norwayeast
version: ${{ inputs.version }}
ref: "refs/tags/v${{ inputs.version }}"
store-infra-version:
name: Store Latest Deployed Infra Version as GitHub Variable
needs: [deploy-infrastructure]
if: ${{ needs.deploy-infrastructure.result == 'success' }}
uses: ./.github/workflows/workflow-store-github-env-variable.yml
with:
variable_name: LATEST_DEPLOYED_INFRA_VERSION
variable_value: ${{ inputs.version }}
environment: prod
secrets:
GH_TOKEN: ${{ secrets.RELEASE_VERSION_STORAGE_PAT }}
deploy-apps:
name: Deploy apps to prod
needs:
[
check-for-changes,
deploy-infrastructure
]
# we want deployment of apps to be dependent on a dry-run deployment of apps, but if deploying infrastructure is skipped, we still want to deploy the apps
if: ${{ always() && !failure() && !cancelled() && (needs.check-for-changes.outputs.hasApplicationChanges == 'true') }}
uses: ./.github/workflows/workflow-deploy-apps.yml
secrets:
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
# todo: consider resolving these in another way since they are created in the infra-step
AZURE_RESOURCE_GROUP_NAME: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }}
AZURE_ENVIRONMENT_KEY_VAULT_NAME: ${{ secrets.AZURE_ENVIRONMENT_KEY_VAULT_NAME }}
AZURE_CONTAINER_APP_ENVIRONMENT_NAME: ${{ secrets.AZURE_CONTAINER_APP_ENVIRONMENT_NAME }}
AZURE_APP_INSIGHTS_CONNECTION_STRING: ${{ secrets.AZURE_APP_INSIGHTS_CONNECTION_STRING }}
AZURE_APPLICATION_INSIGHTS_INSTRUMENTATION_KEY: ${{ secrets.AZURE_APPLICATION_INSIGHTS_INSTRUMENTATION_KEY }}
AZURE_APP_CONFIGURATION_NAME: ${{ secrets.AZURE_APP_CONFIGURATION_NAME }}
with:
environment: prod
region: norwayeast
version: ${{ inputs.version }}
runMigration: ${{ needs.check-for-changes.outputs.hasMigrationChanges == 'true' }}
ref: "refs/tags/v${{ inputs.version }}"
store-apps-version:
name: Store Latest Deployed Apps Version as GitHub Variable
needs: [deploy-apps]
if: ${{ always() && !failure() && (needs.deploy-apps.outputs.deployment_executed == 'true') }}
uses: ./.github/workflows/workflow-store-github-env-variable.yml
with:
variable_name: LATEST_DEPLOYED_APPS_VERSION
variable_value: ${{ inputs.version }}
environment: prod
secrets:
GH_TOKEN: ${{ secrets.RELEASE_VERSION_STORAGE_PAT }}
send-slack-message-on-failure:
name: Send Slack message on failure
needs: [
deploy-infrastructure,
deploy-apps,
]
if: ${{ always() && failure() && !cancelled() }}
uses: ./.github/workflows/workflow-send-ci-cd-status-slack-message.yml
with:
environment: prod
infra_status: ${{ needs.deploy-infrastructure.result }}
apps_status: ${{ needs.deploy-apps.result }}
secrets:
SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
SLACK_CHANNEL_ID: ${{ secrets.SLACK_CHANNEL_ID_FOR_CI_CD_STATUS }}