fix(ci): remove release please (#1193)

.github/workflows/.tests.yml

@@ -66,7 +66,7 @@ jobs:
           working-directory: ./frontend
           browser: ${{ matrix.browser }}
 
-      - uses: actions/upload-artifact@v4
+      - uses: actions/upload-artifact@v3
         if: failure()
         with:
           name: cypress-screenshots

.github/workflows/analysis.yml

@@ -3,9 +3,7 @@ name: Analysis
 on:
   push:
     branches: [main]
-    paths-ignore:
-      - '.release-please-manifest.json'
-      - '*.md'
+  merge_group:
   pull_request:
     types: [opened, reopened, synchronize, ready_for_review, converted_to_draft]
   schedule:
@@ -37,6 +35,29 @@ jobs:
         with:
           category: "/language:javascript"
 
+  # https://github.com/marketplace/actions/aqua-security-trivy
+  trivy:
+    name: Trivy Security Scan
+    if: ${{ ! github.event.pull_request.draft }}
+    runs-on: ubuntu-22.04
+    timeout-minutes: 1
+    steps:
+      - uses: actions/checkout@v4
+      - name: Run Trivy vulnerability scanner in repo mode
+        uses: aquasecurity/[email protected]
+        with:
+          format: "sarif"
+          output: "trivy-results.sarif"
+          ignore-unfixed: true
+          scan-type: "fs"
+          scanners: "vuln,secret,config"
+          severity: "CRITICAL,HIGH"
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: "trivy-results.sarif"
+
   tests:
     name: Tests
     if: ${{ ! github.event.pull_request.draft }}
@@ -94,27 +115,11 @@ jobs:
           sonar_token: ${{ secrets[matrix.token] }}
           triggers: ${{ matrix.triggers }}
 
-  # https://github.com/marketplace/actions/aqua-security-trivy
-  trivy:
-    name: Trivy Security Scan
-    if: ${{ ! github.event.pull_request.draft }}
-    needs: [codeql, tests]
+  results:
+    name: Results
+    needs: [codeql, trivy, tests]
+    if: always() && (! failure())
     runs-on: ubuntu-22.04
     timeout-minutes: 1
     steps:
-      - uses: actions/checkout@v4
-      - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/[email protected]
-        with:
-          format: "sarif"
-          output: "trivy-results.sarif"
-          ignore-unfixed: true
-          scan-type: "fs"
-          scanners: "vuln,secret,config"
-          severity: "CRITICAL,HIGH"
-
-      - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v3
-        with:
-          sarif_file: "trivy-results.sarif"
-
+      - run: echo "Success!"

.github/workflows/deploys-demo.yml → .github/workflows/demo.yml

@@ -1,4 +1,4 @@
-name: deploys-demo
+name: Deploy Demo
 
 on:
   workflow_dispatch:

.github/workflows/merge.yml

@@ -0,0 +1,111 @@
+name: Merge
+
+on:
+  push:
+    branches: [main]
+    paths-ignore:
+      - '*.md'
+      - '.github/**'
+      - 'common/graphics/**'
+      - '!.github/workflows/deploy.yml'
+      - '!.github/workflows/merge.yml'
+  workflow_dispatch:
+    inputs:
+      pr_no:
+        description: "PR-numbered container set to deploy"
+        type: number
+        required: true
+
+concurrency:
+  group: ${{ github.workflow }}
+  cancel-in-progress: true
+
+jobs:
+  vars:
+    name: Set Variables
+    outputs:
+      pr: ${{ steps.pr.outputs.pr }}
+    runs-on: ubuntu-22.04
+    timeout-minutes: 1
+    steps:
+      # Get PR number for squash merges to main
+      - name: PR Number
+        id: pr
+        uses: bcgov-nr/[email protected]
+
+  deploys-test:
+    name: Deploys (test)
+    needs: [vars]
+    uses: ./.github/workflows/deploy.yml
+    secrets: inherit
+    with:
+      autoscaling: false
+      environment: test
+      release: test
+      tag: ${{ needs.vars.outputs.pr }}
+      vault_role: nonprod
+      vault_zone: test
+
+
+  promote-images-test:
+    name: Promote Images - Test
+    needs: [deploys-test, vars]
+    runs-on: ubuntu-22.04
+    permissions:
+      packages: write
+    strategy:
+      matrix:
+        package: [dops, vehicles, frontend, tps-migration]
+    timeout-minutes: 2
+    steps:
+      - uses: shrink/actions-docker-registry-tag@v4
+        with:
+          registry: ghcr.io
+          repository: ${{ github.repository }}/${{ matrix.package }}
+          target: ${{ needs.vars.outputs.pr }}
+          tags: test  #Promote images AFTER successful deploy
+
+  deploys-prod:
+    name: Deploys (prod)
+    needs: [promote-images-test, vars]
+    uses: ./.github/workflows/deploy.yml
+    secrets: inherit
+    with:
+      autoscaling: true
+      environment: prod
+      tag: ${{ needs.vars.outputs.pr }}
+      release: prod
+      vault_role: prod
+      vault_zone: prod
+
+  promote-images-prod:
+    name: Promote Images - Prod
+    needs: [deploys-prod, vars]
+    runs-on: ubuntu-22.04
+    permissions:
+      packages: write
+    strategy:
+      matrix:
+        package: [dops, vehicles, frontend, tps-migration]
+    timeout-minutes: 2
+    steps:
+      - uses: shrink/actions-docker-registry-tag@v4
+        with:
+          registry: ghcr.io
+          repository: ${{ github.repository }}/${{ matrix.package }}
+          target: ${{ needs.vars.outputs.pr }}
+          tags: prod  #Promote images AFTER successful deploy
+
+  create-release:
+    name: Create release
+    runs-on: ubuntu-22.04
+    needs: [deploys-prod, vars]
+    env:
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    steps:
+      - name: Create Release
+        run: |
+          gh release create "${{ needs.vars.outputs.pr }}" \
+          --repo=${{ github.repository }} \
+          --title="${{ github.repository }}-${{ needs.vars.outputs.pr }}" \
+          --generate-notes