Skip to content

Deploy Prod

Deploy Prod #2344

Workflow file for this run

name: Deploy Prod
on:
workflow_run:
workflows: [ "Deploy Stg" ]
types:
- completed
env:
DEPLOY_ENV: prod
NODE_VERSION: 22
concurrency:
group: prod-deploy
cancel-in-progress: false
jobs:
build_docker:
runs-on: ubuntu-latest
if: ${{ github.event.workflow_run.conclusion == 'success' }}
steps:
- uses: actions/checkout@v4
- name: Build and Push backend
uses: ./.github/actions/build-and-push
with:
acr_registry: ${{ secrets.ACR_REPO_URL }}
acr_username: ${{ secrets.ACR_ADMIN_USERNAME }}
acr_password: ${{ secrets.ACR_ADMIN_PASWORD }}
build_frontend:
runs-on: ubuntu-latest
if: ${{ github.event.workflow_run.conclusion == 'success' }}
environment: Production
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/build-frontend
name: Build front-end application
with:
azure_creds: ${{ secrets.AZURE_CREDENTIALS }}
client_tarball: ./client.tgz
deploy_env: ${{env.DEPLOY_ENV}}
smarty_streets_key: ${{ secrets.SMARTY_STREETS_KEY }}
okta_enabled: true
okta_url: https://hhs-prime.okta.com
okta_client_id: 0oa5ahrdfSpxmNZO74h6
base_domain_name: ${{ vars.BASE_DOMAIN_NAME }}
prerelease_backend:
runs-on: ubuntu-latest
needs: [ build_frontend, build_docker ]
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/tf-deploy
name: Deploy with Terraform
with:
azure_creds: ${{ secrets.AZURE_CREDENTIALS }}
deploy_env: ${{ env.DEPLOY_ENV }}
terraform_arm_client_id: ${{ secrets.TERRAFORM_ARM_CLIENT_ID }}
terraform_arm_client_secret: ${{ secrets.TERRAFORM_ARM_CLIENT_SECRET }}
terraform_arm_subscription_id: ${{ secrets.TERRAFORM_ARM_SUBSCRIPTION_ID }}
terraform_arm_tenant_id: ${{ secrets.TERRAFORM_ARM_TENANT_ID }}
okta_api_token: ${{ secrets.OKTA_API_TOKEN }}
- uses: ./.github/actions/stg-wait-for-slot-commit
name: Wait for correct commit to be deployed in staging slot
timeout-minutes: 5
with:
deploy_env: ${{ env.DEPLOY_ENV }}
- uses: ./.github/actions/stg-wait-for-slot-readiness
name: Wait for staging deploy to be ready
timeout-minutes: 1
with:
deploy_env: ${{ env.DEPLOY_ENV }}
deploy:
runs-on: ubuntu-latest
environment:
name: Production
url: https://simplereport.gov
needs: [ prerelease_backend ]
steps:
- uses: actions/checkout@v4
- name: Promote and deploy
uses: ./.github/actions/deploy-application
with:
azure_creds: ${{ secrets.AZURE_CREDENTIALS }}
client_tarball: client.tgz
deploy_env: ${{ env.DEPLOY_ENV }}
slack_alert:
runs-on: ubuntu-latest
if: failure()
needs: [ deploy ]
steps:
- uses: actions/checkout@v4
- name: Send alert to Slack
uses: ./.github/actions/slack-message
with:
username: ${{ github.actor }}
description: |
:siren-gif: Deploy to ${{ env.DEPLOY_ENV }} failed. ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} :siren-gif:
webhook_url: ${{ secrets.SR_ALERTS_SLACK_WEBHOOK_URL }}
user_map: $${{ secrets.SR_ALERTS_GITHUB_SLACK_MAP }}
failed_deploy_pagerduty_alert:
runs-on: ubuntu-latest
if: ${{ always() && needs.deploy.result != 'success' && github.event.workflow_run.conclusion == 'success' }}
needs: [ deploy ]
steps:
- uses: actions/checkout@v4
- name: Trigger PagerDuty alert
uses: ./.github/actions/pagerduty-alert
with:
summary: ":siren-gif: Deploy to ${{ env.DEPLOY_ENV }} failed. ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} :siren-gif:"
severity: error
routing_key: ${{ secrets.pagerduty_prod_integration_key }}
# See the Alert response wiki page for more details on post-deploy smoke test
smoke_test_front_and_back_end:
runs-on: ubuntu-latest
needs: [ deploy ]
if: ${{ always() }}
environment: Production
steps:
- uses: actions/checkout@v4
- name: Smoke test the env
uses: ./.github/actions/post-deploy-smoke-test
with:
base_domain_name: ${{ vars.BASE_DOMAIN_NAME }}
failed_smoke_test_pagerduty_alert:
runs-on: ubuntu-latest
if: ${{ always() && needs.smoke_test_front_and_back_end.result == 'failure' }}
needs: [ smoke_test_front_and_back_end ]
steps:
- uses: actions/checkout@v4
- name: Trigger PagerDuty alert
uses: ./.github/actions/pagerduty-alert
with:
summary: ":siren-gif: Post-deploy smoke test for ${{ env.DEPLOY_ENV }} could not verify that the frontend is talking to the backend. ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} :siren-gif:"
severity: critical
routing_key: ${{ secrets.pagerduty_prod_integration_key }}