Deploy refs/heads/master to testing by @francois-pass-culture #209
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "0 [on_dispatch/CD] Deploy release or hotfix" | |
run-name: "Deploy ${{ github.ref }} to ${{ github.event.inputs.target_environment }} by @${{ github.actor }}" | |
on: | |
workflow_dispatch: | |
inputs: | |
target_environment: | |
type: choice | |
description: "Environnement cible" | |
required: true | |
options: | |
- staging | |
- production | |
- testing | |
permissions: write-all | |
jobs: | |
check-worflow-ref: | |
name: "Check worflow ref" | |
runs-on: ubuntu-latest | |
steps: | |
- name: "Check worflow ref" | |
run: | | |
echo "Deploying to ${{ github.event.inputs.target_environment }} from ref: ${{ github.ref }}" | |
if ! [[ ${{ github.ref }} == refs\/tags\/v* ]]; then | |
echo "This workflow can only be triggered from a tag (starting with a 'v')" | |
exit 1 | |
fi | |
ask-for-review-on-slack: | |
name: "Ask for deployment review on Slack" | |
runs-on: ubuntu-latest | |
needs: check-worflow-ref | |
continue-on-error: true | |
steps: | |
- name: "Authentification to Google" | |
uses: 'google-github-actions/auth@v2' | |
with: | |
workload_identity_provider: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }} | |
service_account: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }} | |
- name: "Get Slackbot token Secret" | |
id: 'slackbot-token-secret' | |
uses: 'google-github-actions/get-secretmanager-secrets@v2' | |
with: | |
secrets: |- | |
SLACK_BOT_TOKEN:passculture-metier-ehp/passculture-ci-slack-bot-token | |
- name: "Post a link to Slack for the deployment review" | |
uses: slackapi/[email protected] | |
with: | |
channel-id: "CU0SQ8Y58" | |
payload: | | |
{ | |
"blocks": [ | |
{ | |
"type": "section", | |
"text": { | |
"type": "mrkdwn", | |
"text": ":rocket: Un déploiement de '${{ github.ref }}' a été demandé sur `${{ github.event.inputs.target_environment }}`: https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}" | |
} | |
} | |
] | |
} | |
env: | |
SLACK_BOT_TOKEN: ${{ steps.secrets.outputs.SLACK_BOT_TOKEN }} | |
version: | |
name: "Version" | |
needs: check-worflow-ref | |
environment: ${{ fromJSON('["deploy", "testing"]')[github.event.inputs.target_environment == 'testing'] }} | |
runs-on: ubuntu-latest | |
outputs: | |
APP_VERSION: ${{ steps.app-version.outputs.APP_VERSION }} | |
steps: | |
- name: "Checkout Release" | |
uses: actions/[email protected] | |
with: | |
ref: "${{ github.ref }}" | |
fetch-depth: 0 | |
- name: "Get app version" | |
id: "app-version" | |
run: echo APP_VERSION="$(cat ./api/version.txt)" | tee -a $GITHUB_OUTPUT | |
deploy-ehp: | |
name: "Deploy on EHP environnement" | |
needs: version | |
if: github.event.inputs.target_environment != 'production' | |
uses: ./.github/workflows/dev_on_workflow_deploy.yml | |
with: | |
environment: ${{ github.event.inputs.target_environment }} | |
app_version: ${{ needs.version.outputs.APP_VERSION }} | |
teleport_version: 15.2.5 | |
teleport_proxy: teleport.ehp.passculture.team:443 | |
teleport_kubernetes_cluster: passculture-metier-ehp | |
deploy_api: true | |
deploy_pro: true | |
doc-api-entrypoint: 'api/documentation' | |
secrets: | |
GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }} | |
GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }} | |
deploy-integration: | |
name: "Deploy on integration environnement" | |
needs: version | |
if: github.event.inputs.target_environment == 'production' | |
uses: ./.github/workflows/dev_on_workflow_deploy.yml | |
with: | |
environment: integration | |
app_version: ${{ needs.version.outputs.APP_VERSION }} | |
teleport_version: 15.2.5 | |
teleport_proxy: teleport.ehp.passculture.team:443 | |
teleport_kubernetes_cluster: passculture-metier-ehp | |
deploy_api: true | |
deploy_pro: true | |
doc-api-entrypoint: 'api/documentation' | |
secrets: | |
GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }} | |
GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }} | |
deploy-prod: | |
name: "Deploy on production environnement" | |
needs: version | |
if: github.event.inputs.target_environment == 'production' | |
uses: ./.github/workflows/dev_on_workflow_deploy.yml | |
with: | |
environment: ${{ github.event.inputs.target_environment }} | |
app_version: ${{ needs.version.outputs.APP_VERSION }} | |
teleport_version: 15.2.5 | |
teleport_proxy: teleport.passculture.team:443 | |
teleport_kubernetes_cluster: passculture-metier-prod | |
deploy_api: true | |
deploy_pro: true | |
secrets: | |
GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }} | |
GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }} | |
slack-notification: | |
name: "Send Slack notification" | |
runs-on: ubuntu-latest | |
if: always() | |
needs: | |
- version | |
- deploy-prod | |
- deploy-ehp | |
steps: | |
- uses: technote-space/workflow-conclusion-action@v3 | |
- name: "Authentification to Google" | |
uses: 'google-github-actions/auth@v2' | |
with: | |
workload_identity_provider: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }} | |
service_account: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }} | |
- name: "Get Secret" | |
id: 'secrets' | |
uses: 'google-github-actions/get-secretmanager-secrets@v2' | |
with: | |
secrets: |- | |
SLACK_BOT_TOKEN:passculture-metier-ehp/passculture-ci-slack-bot-token | |
- name: "Post outcome on #alertes-deploiement" | |
if: always() | |
uses: slackapi/[email protected] | |
with: | |
channel-id: "CQAMNFVPS" | |
payload: | | |
{ | |
"attachments": [ | |
{ | |
"mrkdwn_in": ["text"], | |
"color": "${{ fromJSON('["#36a64f", "#A30002"]')[ env.WORKFLOW_CONCLUSION == 'failure'] }}", | |
"author_name": "${{github.actor}}", | |
"author_link": "https://github.com/${{github.actor}}", | |
"author_icon": "https://github.com/${{github.actor}}.png", | |
"title": "PCAPI Deployment", | |
"title_link": "https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}", | |
"text": "Le déploiement de la version `v${{ needs.version.outputs.APP_VERSION }}` a ${{ fromJSON('["réussi", "échoué"]')[env.WORKFLOW_CONCLUSION != 'success'] }} sur `${{ github.event.inputs.target_environment }}` ${{ fromJSON('[":muscle:", ":boom:"]')[env.WORKFLOW_CONCLUSION != 'success'] }}" | |
} | |
], | |
"unfurl_links": false, | |
"unfurl_media": false | |
} | |
env: | |
SLACK_BOT_TOKEN: ${{ steps.secrets.outputs.SLACK_BOT_TOKEN }} | |
- name: "Post success on #shérif" | |
if: env.WORKFLOW_CONCLUSION == 'success' | |
uses: slackapi/[email protected] | |
with: | |
channel-id: "CU0SQ8Y58" | |
payload: | | |
{ | |
"blocks": [ | |
{ | |
"type": "section", | |
"text": { | |
"type": "mrkdwn", | |
"text": ":white_check_mark: La version `v${{ needs.version.outputs.APP_VERSION }}` a été déployée sur `${{ github.event.inputs.target_environment }}`" | |
} | |
} | |
] | |
} | |
env: | |
SLACK_BOT_TOKEN: ${{ steps.secrets.outputs.SLACK_BOT_TOKEN }} |