Skip to content

Deploy refs/tags/v275.0.2 to staging by @mageoffray #20

Deploy refs/tags/v275.0.2 to staging by @mageoffray

Deploy refs/tags/v275.0.2 to staging by @mageoffray #20

name: "0 [on_dispatch/CD] Deploy release or hotfix"
run-name: "Deploy ${{ github.ref }} to ${{ github.event.inputs.target_environment }} by @${{ github.actor }}"
on:
workflow_dispatch:
inputs:
target_environment:
type: choice
description: "Environnement cible"
required: true
options:
- staging
- production
- testing
permissions: write-all
jobs:
check-worflow-ref:
name: "Check worflow ref"
runs-on: ubuntu-latest
steps:
- name: "Check worflow ref"
run: |
echo "Deploying to ${{ github.event.inputs.target_environment }} from ref: ${{ github.ref }}"
if ! [[ ${{ github.ref }} == refs\/tags\/v* ]]; then
echo "This workflow can only be triggered from a tag (starting with a 'v')"
exit 1
fi
version:
name: "Version"
needs: check-worflow-ref
environment: ${{ fromJSON('["deploy", "testing"]')[github.event.inputs.target_environment == 'testing'] }}
runs-on: ubuntu-latest
outputs:
APP_VERSION: ${{ steps.app-version.outputs.APP_VERSION }}
steps:
- name: "Checkout Release"
uses: actions/checkout@v4.1.1
with:
ref: "${{ github.ref }}"
fetch-depth: 0
- name: "Get app version"
id: "app-version"
run: echo APP_VERSION="$(cat ./api/version.txt)" | tee -a $GITHUB_OUTPUT
deploy-ehp:
name: "Deploy on EHP environnement"
needs: version
if: github.event.inputs.target_environment != 'production'
uses: ./.github/workflows/dev_on_workflow_deploy.yml
with:
environment: ${{ github.event.inputs.target_environment }}
app_version: ${{ needs.version.outputs.APP_VERSION }}
teleport_version: 11.1.1
teleport_proxy: teleport.ehp.passculture.team:443
teleport_kubernetes_cluster: passculture-metier-ehp
deploy_api: true
deploy_pro: true
secrets:
GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }}
GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }}
deploy-integration:
name: "Deploy on integration environnement"
needs: version
if: github.event.inputs.target_environment == 'production'
uses: ./.github/workflows/dev_on_workflow_deploy.yml
with:
environment: integration
app_version: ${{ needs.version.outputs.APP_VERSION }}
teleport_version: 11.1.1
teleport_proxy: teleport.ehp.passculture.team:443
teleport_kubernetes_cluster: passculture-metier-ehp
deploy_api: true
deploy_pro: true
secrets:
GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }}
GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }}
deploy-prod:
name: "Deploy on production environnement"
needs: version
if: github.event.inputs.target_environment == 'production'
uses: ./.github/workflows/dev_on_workflow_deploy.yml
with:
environment: ${{ github.event.inputs.target_environment }}
app_version: ${{ needs.version.outputs.APP_VERSION }}
teleport_version: 11.1.1
teleport_proxy: teleport.passculture.team:443
teleport_kubernetes_cluster: passculture-metier-prod
deploy_api: true
deploy_pro: true
secrets:
GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }}
GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }}
slack-notification:
name: "Send Slack notification"
runs-on: ubuntu-latest
if: always()
needs:
- version
- deploy-prod
- deploy-ehp
steps:
- uses: technote-space/workflow-conclusion-action@v3
- name: "Authentification to Google"
uses: 'google-github-actions/auth@v2'
with:
workload_identity_provider: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }}
- name: "Get Secret"
id: 'secrets'
uses: 'google-github-actions/get-secretmanager-secrets@v2'
with:
secrets: |-
SLACK_BOT_TOKEN:passculture-metier-ehp/passculture-ci-slack-bot-token
- name: "Post to a Slack channel"
if: always()
uses: slackapi/slack-github-action@v1.24.0
with:
channel-id: ${{ fromJSON('["C037KSSG38D", "CQAMNFVPS"]')[github.event.inputs.target_environment != 'testing'] }}
payload: |
{
"attachments": [
{
"mrkdwn_in": ["text"],
"color": "${{ fromJSON('["#36a64f", "#A30002"]')[ env.WORKFLOW_CONCLUSION == 'failure'] }}",
"author_name": "${{github.actor}}",
"author_link": "https://github.com/${{github.actor}}",
"author_icon": "https://github.com/${{github.actor}}.png",
"title": "PCAPI Deployment",
"title_link": "https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}",
"text": "Le déploiement de la version `v${{ needs.version.outputs.APP_VERSION }}` a ${{ fromJSON('["réussi", "échoué"]')[env.WORKFLOW_CONCLUSION == 'failure'] }} sur `${{ github.event.inputs.target_environment }}` ${{ fromJSON('[":muscle:", ":boom:"]')[env.WORKFLOW_CONCLUSION == 'failure'] }}"
}
],
"unfurl_links": false,
"unfurl_media": false
}
env:
SLACK_BOT_TOKEN: ${{ steps.secrets.outputs.SLACK_BOT_TOKEN }}