Deploy refs/tags/v313.0.1 to production by @vroullier-pass #315
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "0 [on_dispatch/CD] Deploy release or hotfix" | |
run-name: "Deploy ${{ github.ref }} to ${{ github.event.inputs.target_environment }} by @${{ github.actor }}" | |
on: | |
workflow_dispatch: | |
inputs: | |
target_environment: | |
type: choice | |
description: "Environnement cible" | |
required: true | |
options: | |
- staging | |
- production | |
- testing | |
permissions: write-all | |
jobs: | |
check-worflow-ref: | |
name: "Check worflow ref" | |
runs-on: ubuntu-latest | |
steps: | |
- name: "Check worflow ref" | |
run: | | |
echo "Deploying to ${{ github.event.inputs.target_environment }} from ref: ${{ github.ref }}" | |
if ! [[ ${{ github.ref }} == refs\/tags\/v* ]]; then | |
echo "This workflow can only be triggered from a tag (starting with a 'v')" | |
exit 1 | |
fi | |
ask-for-review-on-slack: | |
name: "Ask for deployment review on Slack" | |
runs-on: ubuntu-latest | |
needs: check-worflow-ref | |
continue-on-error: true | |
steps: | |
- name: "Authentification to Google" | |
uses: 'google-github-actions/auth@v2' | |
with: | |
workload_identity_provider: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }} | |
service_account: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }} | |
- name: "Get Slackbot token Secret" | |
id: 'slackbot-token-secret' | |
uses: 'google-github-actions/get-secretmanager-secrets@v2' | |
with: | |
secrets: |- | |
SLACK_BOT_TOKEN:passculture-metier-ehp/passculture-ci-slack-bot-token | |
- name: "Post a link to Slack for the deployment review" | |
uses: slackapi/[email protected] | |
with: | |
channel-id: "CU0SQ8Y58" | |
payload: | | |
{ | |
"blocks": [ | |
{ | |
"type": "section", | |
"text": { | |
"type": "mrkdwn", | |
"text": ":rocket: Un <https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}|déploiement> de `${{ github.ref_name }}` a été demandé sur `${{ github.event.inputs.target_environment }}` par ${{ github.actor }}" | |
} | |
} | |
] | |
} | |
env: | |
SLACK_BOT_TOKEN: ${{ steps.slackbot-token-secret.outputs.SLACK_BOT_TOKEN }} | |
version: | |
name: "Version" | |
needs: check-worflow-ref | |
# `deploy` is an artificial environment with protection rules, which allows a single required review instead of many | |
environment: ${{ fromJSON('["deploy", "testing"]')[github.event.inputs.target_environment == 'testing'] }} | |
runs-on: ubuntu-latest | |
outputs: | |
APP_VERSION: ${{ steps.app-version.outputs.APP_VERSION }} | |
steps: | |
- name: "Checkout Release" | |
uses: actions/[email protected] | |
with: | |
ref: "${{ github.ref }}" | |
fetch-depth: 0 | |
- name: "Get app version" | |
id: "app-version" | |
run: echo APP_VERSION="$(cat ./api/version.txt)" | tee -a $GITHUB_OUTPUT | |
deploy-ehp: | |
name: "Deploy on EHP environnement" | |
needs: version | |
if: github.event.inputs.target_environment != 'production' | |
uses: ./.github/workflows/dev_on_workflow_deploy.yml | |
with: | |
environment: ${{ github.event.inputs.target_environment }} | |
app_version: ${{ needs.version.outputs.APP_VERSION }} | |
teleport_proxy: teleport.ehp.passculture.team:443 | |
teleport_kubernetes_cluster: passculture-metier-ehp | |
deploy_api: true | |
deploy_pro: true | |
doc-api-entrypoint: 'api/documentation' | |
secrets: | |
GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }} | |
GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }} | |
deploy-integration: | |
name: "Deploy on integration environnement" | |
needs: version | |
if: github.event.inputs.target_environment == 'production' | |
uses: ./.github/workflows/dev_on_workflow_deploy.yml | |
with: | |
environment: integration | |
app_version: ${{ needs.version.outputs.APP_VERSION }} | |
teleport_proxy: teleport.ehp.passculture.team:443 | |
teleport_kubernetes_cluster: passculture-metier-ehp | |
deploy_api: true | |
deploy_pro: true | |
doc-api-entrypoint: 'api/documentation' | |
secrets: | |
GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }} | |
GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }} | |
deploy-prod: | |
name: "Deploy on production environnement" | |
needs: version | |
if: github.event.inputs.target_environment == 'production' | |
uses: ./.github/workflows/dev_on_workflow_deploy.yml | |
with: | |
environment: ${{ github.event.inputs.target_environment }} | |
app_version: ${{ needs.version.outputs.APP_VERSION }} | |
teleport_proxy: teleport.passculture.team:443 | |
teleport_kubernetes_cluster: passculture-metier-prod | |
deploy_api: true | |
deploy_pro: true | |
secrets: | |
GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }} | |
GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }} | |
slack-notification: | |
name: "Send Slack notification" | |
runs-on: ubuntu-latest | |
if: always() | |
needs: | |
- version | |
- deploy-prod | |
- deploy-ehp | |
steps: | |
- uses: technote-space/workflow-conclusion-action@v3 | |
- name: "Authentification to Google" | |
uses: 'google-github-actions/auth@v2' | |
with: | |
workload_identity_provider: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }} | |
service_account: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }} | |
- name: "Get Secret" | |
id: 'secrets' | |
uses: 'google-github-actions/get-secretmanager-secrets@v2' | |
with: | |
secrets: |- | |
SLACK_BOT_TOKEN:passculture-metier-ehp/passculture-ci-slack-bot-token | |
- name: "Post outcome on #alertes-deploiement" | |
if: always() | |
uses: slackapi/[email protected] | |
with: | |
channel-id: "CQAMNFVPS" | |
payload: | | |
{ | |
"attachments": [ | |
{ | |
"mrkdwn_in": ["text"], | |
"color": "${{ fromJSON('["#36a64f", "#A30002"]')[ env.WORKFLOW_CONCLUSION == 'failure'] }}", | |
"author_name": "${{github.actor}}", | |
"author_link": "https://github.com/${{github.actor}}", | |
"author_icon": "https://github.com/${{github.actor}}.png", | |
"title": "PCAPI Deployment", | |
"title_link": "https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}", | |
"text": "Le déploiement de la version `v${{ needs.version.outputs.APP_VERSION }}` a ${{ fromJSON('["réussi", "échoué"]')[env.WORKFLOW_CONCLUSION != 'success'] }} sur `${{ github.event.inputs.target_environment }}` ${{ fromJSON('[":muscle:", ":boom:"]')[env.WORKFLOW_CONCLUSION != 'success'] }}" | |
} | |
], | |
"unfurl_links": false, | |
"unfurl_media": false | |
} | |
env: | |
SLACK_BOT_TOKEN: ${{ steps.secrets.outputs.SLACK_BOT_TOKEN }} | |
- name: "Post success on #shérif" | |
if: env.WORKFLOW_CONCLUSION == 'success' | |
uses: slackapi/[email protected] | |
with: | |
channel-id: "CU0SQ8Y58" | |
payload: | | |
{ | |
"blocks": [ | |
{ | |
"type": "section", | |
"text": { | |
"type": "mrkdwn", | |
"text": ":white_check_mark: La version `v${{ needs.version.outputs.APP_VERSION }}` a été déployée sur `${{ github.event.inputs.target_environment }}`" | |
} | |
} | |
] | |
} | |
env: | |
SLACK_BOT_TOKEN: ${{ steps.secrets.outputs.SLACK_BOT_TOKEN }} |