forked from cds-snc/notification-api
-
Notifications
You must be signed in to change notification settings - Fork 9
137 lines (120 loc) · 4.26 KB
/
cd-pipeline.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
name: Continuous Deployment Pipeline
# note:
# It's useful to recognize that this workflow is designed to be triggered by a merge to the default branch.
# Therefore, ${{ github.sha }} will always be in reference to the SHA that originally triggered this workflow.
# $GITHUB_SHA, on the other hand, is created whenever actions/checkout@v4 is run
# note:
# environment:
# name:
# is keyword for using the environment protections.
# with:
# environment:
# is simply using a variable named environment
on:
push:
branches:
- main
jobs:
prepare-deployment:
runs-on: ${{ vars.RUNS_ON }}
steps:
- name: Checkout code
uses: actions/checkout@v4
pr-label-summary:
needs: prepare-deployment
uses: ./.github/workflows/pr-label-semver.yml
secrets: inherit
approval-deploy-perf:
needs: prepare-deployment
environment:
name: perf-deploy
runs-on: ${{ vars.RUNS_ON }}
steps:
- name: Pause for manual approval
run: |
echo "Deploying commit SHA ${{ github.sha }}, the latest merge to main"
echo "Deployment paused for manual approval."
pre-tag-summary:
needs: approval-deploy-perf
uses: ./.github/workflows/pre-tag-summary.yml
secrets: inherit
create-and-post-tag:
needs: pre-tag-summary
uses: ./.github/workflows/create-and-post-tag.yml
secrets: inherit
build-push-artifacts:
needs: create-and-post-tag
runs-on: ${{ vars.RUNS_ON }}
steps:
- name: Checkout Repo
uses: actions/checkout@v4
with:
ref: ${{ needs.create-and-post-tag.outputs.newVersion }}
- name: Build and Push Artifacts
uses: ./.github/actions/build-push-artifacts
with:
ref: ${{ needs.create-and-post-tag.outputs.newVersion }}
aws-access-key-id: ${{ secrets.VAEC_AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.VAEC_AWS_SECRET_ACCESS_KEY }}
role-to-assume: ${{ secrets.VAEC_DEPLOY_ROLE }}
deploy-to-perf:
needs: [create-and-post-tag, build-push-artifacts]
uses: ./.github/workflows/deploy-release.yml
secrets: inherit
with:
environment: perf
ref: ${{ needs.create-and-post-tag.outputs.newVersion }}
lambdaDeploy: true
approval-deploy:
needs: deploy-to-perf
environment:
name: staging-deploy
runs-on: ${{ vars.RUNS_ON }}
steps:
- name: Pause for manual approval
run: echo "Deployment paused for manual approval to staging and production."
create-release-notes:
needs: [create-and-post-tag, approval-deploy]
uses: ./.github/workflows/create-release-notes.yml
secrets: inherit
with:
previousVersion: ${{ needs.create-and-post-tag.outputs.previousVersion }}
deploy-to-staging:
needs: [create-release-notes, create-and-post-tag]
uses: ./.github/workflows/deploy-release.yml
secrets: inherit
with:
environment: staging
ref: ${{ needs.create-and-post-tag.outputs.newVersion }}
lambdaDeploy: true
publish-release-notes:
needs: [create-release-notes, deploy-to-staging]
uses: ./.github/workflows/publish-release-notes.yml
secrets: inherit
with:
draftReleaseReference: ${{ needs.create-release-notes.outputs.draftReleaseReference }}
deploy-to-prod:
if: vars.CODE_FREEZE == 'false'
needs: [publish-release-notes, create-and-post-tag]
uses: ./.github/workflows/deploy-release.yml
secrets: inherit
with:
environment: prod
ref: ${{ needs.create-and-post-tag.outputs.newVersion }}
lambdaDeploy: true
send-slack-notifications:
needs: [deploy-to-prod, create-and-post-tag]
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Post to VA Slack
env:
SLACK_WEBHOOK_URL: ${{ secrets.VA_NOTIFY_PUBLIC_SLACK_URL }}
TAG: ${{ needs.create-and-post-tag.outputs.newVersion }}
run: |
curl -X POST -H 'Content-type: application/json' \
--data "{
\"text\": \":llama: Production Release Alert :llama:\n*Notification-API* \`${TAG}\` was released to production.\n:rocket: *<https://github.com/department-of-veterans-affairs/notification-api/releases/tag/${TAG}|Release notes are here>*\"
}" \
"$SLACK_WEBHOOK_URL"