-
Notifications
You must be signed in to change notification settings - Fork 0
101 lines (91 loc) · 4.03 KB
/
ci-cd-staging.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
name: Infra apply staging
on:
workflow_dispatch:
inputs:
initialDeploy:
type: boolean
description: Force database migration
push:
branches: [main]
paths-ignore:
- "Test/**" # ignore changes to tests
env:
name: broker
deployment_environment: staging
permissions:
contents: write
pull-requests: write
packages: write
id-token: write
jobs:
generate-git-short-sha:
name: Generate git short sha
uses: ./.github/workflows/action-generate-git-short-sha.yml
get-current-version:
name: Get current version
uses: ./.github/workflows/action-get-current-version.yml
check-for-changes:
name: Check for changes
uses: ./.github/workflows/action-check-for-changes.yml
build-and-test:
name: Build and test
uses: ./.github/workflows/action-build-and-analyze.yml
needs: [check-for-changes]
if: ${{ needs.check-for-changes.outputs.hasBackendChanges == 'true' }}
publish:
name: Build and publish docker images
uses: ./.github/workflows/action-build-and-push.yml
needs: [ generate-git-short-sha, check-for-changes, get-current-version, deploy-infra, build-and-test]
if: ${{ inputs.initialDeploy || needs.check-for-changes.outputs.hasBackendChanges == 'true' }}
with:
dockerImageBaseName: ghcr.io/altinn/altinn-broker
version: ${{ needs.get-current-version.outputs.version }}-${{ needs.generate-git-short-sha.outputs.gitShortSha }}
deploy-infra:
name: Deploy infrastructure
if: ${{ inputs.initialDeploy || needs.check-for-changes.outputs.hasAzureChanges == 'true' }}
needs: [check-for-changes]
uses: ./.github/workflows/action-deploy-infra.yml
secrets:
AZURE_CLIENT_ID: ${{ secrets.AZURE_OIDC_STAGING_CLIENT_ID }}
AZURE_TENANT_ID: ${{ secrets.AZURE_OIDC_STAGING_TENANT_ID }}
AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_OIDC_STAGING_SUBSCRIPTION_ID }}
AZURE_OBJECT_ID: ${{ secrets.AZURE_STAGING_PRINCIPAL_ID}}
AZURE_NAME_PREFIX: ${{ secrets.AZURE_STAGING_NAME_PREFIX }}
AZURE_SOURCE_KEY_VAULT_NAME: ${{ secrets.AZURE_SOURCE_STAGING_KEY_VAULT_NAME }}
AZURE_MIGRATION_STORAGE_ACCOUNT_NAME: ${{ secrets.AZURE_STAGING_MIGRATION_STORAGE_ACCOUNT_NAME }}
AZURE_CLIENT_SECRET: ${{ secrets.AZURE_STAGING_CLIENT_SECRET }}
AZURE_TEST_ACCESS_CLIENT_ID : ${{ secrets.AZURE_TEST_ACCESS_CLIENT_ID }}
MASKINPORTEN_JWK: ${{ secrets.MASKINPORTEN_JWK }}
MASKINPORTEN_CLIENT_ID: ${{ secrets.MASKINPORTEN_CLIENT_ID }}
PLATFORM_SUBSCRIPTION_KEY: ${{ secrets.PLATFORM_SUBSCRIPTION_KEY }}
NOTIFICATION_EMAIL: ${{ secrets.STAGING_NOTIFICATION_EMAIL }}
with:
region: norwayeast
environment: staging
version: "1.1.0"
ref: ${{ github.ref }}
deploy-app:
name: Deploy app to staging
needs:
[
get-current-version,
check-for-changes,
generate-git-short-sha,
publish,
deploy-infra, # we want deployment of app to be dependent on deployment of infrastructure, but if infrastructure is skipped, we still want to deploy the app
]
if: ${{ always() && !failure() && !cancelled() && (inputs.initialDeploy || needs.check-for-changes.outputs.hasBackendChanges == 'true') }}
uses: ./.github/workflows/action-deploy-app.yml
secrets:
AZURE_CLIENT_ID: ${{ secrets.AZURE_OIDC_STAGING_CLIENT_ID }}
AZURE_TENANT_ID: ${{ secrets.AZURE_OIDC_STAGING_TENANT_ID }}
AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_OIDC_STAGING_SUBSCRIPTION_ID }}
AZURE_ENVIRONMENT_KEY_VAULT_NAME: ${{ secrets.AZURE_SOURCE_STAGING_KEY_VAULT_NAME }}
AZURE_NAME_PREFIX: ${{ secrets.AZURE_STAGING_NAME_PREFIX }}
AZURE_MIGRATION_STORAGE_ACCOUNT_NAME: ${{ secrets.AZURE_STAGING_MIGRATION_STORAGE_ACCOUNT_NAME }}
with:
environment: staging
region: norwayeast
ref: ${{ github.ref }}
version: ${{ needs.get-current-version.outputs.version }}-${{ needs.generate-git-short-sha.outputs.gitShortSha }}
migrate: ${{ needs.check-for-changes.outputs.hasMigrationChanges == 'true' || github.event.inputs.initialDeploy }}