Deploy Prod #2344
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deploy Prod | |
on: | |
workflow_run: | |
workflows: [ "Deploy Stg" ] | |
types: | |
- completed | |
env: | |
DEPLOY_ENV: prod | |
NODE_VERSION: 22 | |
concurrency: | |
group: prod-deploy | |
cancel-in-progress: false | |
jobs: | |
build_docker: | |
runs-on: ubuntu-latest | |
if: ${{ github.event.workflow_run.conclusion == 'success' }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Build and Push backend | |
uses: ./.github/actions/build-and-push | |
with: | |
acr_registry: ${{ secrets.ACR_REPO_URL }} | |
acr_username: ${{ secrets.ACR_ADMIN_USERNAME }} | |
acr_password: ${{ secrets.ACR_ADMIN_PASWORD }} | |
build_frontend: | |
runs-on: ubuntu-latest | |
if: ${{ github.event.workflow_run.conclusion == 'success' }} | |
environment: Production | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/actions/build-frontend | |
name: Build front-end application | |
with: | |
azure_creds: ${{ secrets.AZURE_CREDENTIALS }} | |
client_tarball: ./client.tgz | |
deploy_env: ${{env.DEPLOY_ENV}} | |
smarty_streets_key: ${{ secrets.SMARTY_STREETS_KEY }} | |
okta_enabled: true | |
okta_url: https://hhs-prime.okta.com | |
okta_client_id: 0oa5ahrdfSpxmNZO74h6 | |
base_domain_name: ${{ vars.BASE_DOMAIN_NAME }} | |
prerelease_backend: | |
runs-on: ubuntu-latest | |
needs: [ build_frontend, build_docker ] | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/actions/tf-deploy | |
name: Deploy with Terraform | |
with: | |
azure_creds: ${{ secrets.AZURE_CREDENTIALS }} | |
deploy_env: ${{ env.DEPLOY_ENV }} | |
terraform_arm_client_id: ${{ secrets.TERRAFORM_ARM_CLIENT_ID }} | |
terraform_arm_client_secret: ${{ secrets.TERRAFORM_ARM_CLIENT_SECRET }} | |
terraform_arm_subscription_id: ${{ secrets.TERRAFORM_ARM_SUBSCRIPTION_ID }} | |
terraform_arm_tenant_id: ${{ secrets.TERRAFORM_ARM_TENANT_ID }} | |
okta_api_token: ${{ secrets.OKTA_API_TOKEN }} | |
- uses: ./.github/actions/stg-wait-for-slot-commit | |
name: Wait for correct commit to be deployed in staging slot | |
timeout-minutes: 5 | |
with: | |
deploy_env: ${{ env.DEPLOY_ENV }} | |
- uses: ./.github/actions/stg-wait-for-slot-readiness | |
name: Wait for staging deploy to be ready | |
timeout-minutes: 1 | |
with: | |
deploy_env: ${{ env.DEPLOY_ENV }} | |
deploy: | |
runs-on: ubuntu-latest | |
environment: | |
name: Production | |
url: https://simplereport.gov | |
needs: [ prerelease_backend ] | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Promote and deploy | |
uses: ./.github/actions/deploy-application | |
with: | |
azure_creds: ${{ secrets.AZURE_CREDENTIALS }} | |
client_tarball: client.tgz | |
deploy_env: ${{ env.DEPLOY_ENV }} | |
slack_alert: | |
runs-on: ubuntu-latest | |
if: failure() | |
needs: [ deploy ] | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Send alert to Slack | |
uses: ./.github/actions/slack-message | |
with: | |
username: ${{ github.actor }} | |
description: | | |
:siren-gif: Deploy to ${{ env.DEPLOY_ENV }} failed. ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} :siren-gif: | |
webhook_url: ${{ secrets.SR_ALERTS_SLACK_WEBHOOK_URL }} | |
user_map: $${{ secrets.SR_ALERTS_GITHUB_SLACK_MAP }} | |
failed_deploy_pagerduty_alert: | |
runs-on: ubuntu-latest | |
if: ${{ always() && needs.deploy.result != 'success' && github.event.workflow_run.conclusion == 'success' }} | |
needs: [ deploy ] | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Trigger PagerDuty alert | |
uses: ./.github/actions/pagerduty-alert | |
with: | |
summary: ":siren-gif: Deploy to ${{ env.DEPLOY_ENV }} failed. ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} :siren-gif:" | |
severity: error | |
routing_key: ${{ secrets.pagerduty_prod_integration_key }} | |
# See the Alert response wiki page for more details on post-deploy smoke test | |
smoke_test_front_and_back_end: | |
runs-on: ubuntu-latest | |
needs: [ deploy ] | |
if: ${{ always() }} | |
environment: Production | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Smoke test the env | |
uses: ./.github/actions/post-deploy-smoke-test | |
with: | |
base_domain_name: ${{ vars.BASE_DOMAIN_NAME }} | |
failed_smoke_test_pagerduty_alert: | |
runs-on: ubuntu-latest | |
if: ${{ always() && needs.smoke_test_front_and_back_end.result == 'failure' }} | |
needs: [ smoke_test_front_and_back_end ] | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Trigger PagerDuty alert | |
uses: ./.github/actions/pagerduty-alert | |
with: | |
summary: ":siren-gif: Post-deploy smoke test for ${{ env.DEPLOY_ENV }} could not verify that the frontend is talking to the backend. ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} :siren-gif:" | |
severity: critical | |
routing_key: ${{ secrets.pagerduty_prod_integration_key }} |