Deploy refs/tags/v275.0.2 to staging by @mageoffray #20
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "0 [on_dispatch/CD] Deploy release or hotfix" | |
run-name: "Deploy ${{ github.ref }} to ${{ github.event.inputs.target_environment }} by @${{ github.actor }}" | |
on: | |
workflow_dispatch: | |
inputs: | |
target_environment: | |
type: choice | |
description: "Environnement cible" | |
required: true | |
options: | |
- staging | |
- production | |
- testing | |
permissions: write-all | |
jobs: | |
check-worflow-ref: | |
name: "Check worflow ref" | |
runs-on: ubuntu-latest | |
steps: | |
- name: "Check worflow ref" | |
run: | | |
echo "Deploying to ${{ github.event.inputs.target_environment }} from ref: ${{ github.ref }}" | |
if ! [[ ${{ github.ref }} == refs\/tags\/v* ]]; then | |
echo "This workflow can only be triggered from a tag (starting with a 'v')" | |
exit 1 | |
fi | |
version: | |
name: "Version" | |
needs: check-worflow-ref | |
environment: ${{ fromJSON('["deploy", "testing"]')[github.event.inputs.target_environment == 'testing'] }} | |
runs-on: ubuntu-latest | |
outputs: | |
APP_VERSION: ${{ steps.app-version.outputs.APP_VERSION }} | |
steps: | |
- name: "Checkout Release" | |
uses: actions/checkout@v4.1.1 | |
with: | |
ref: "${{ github.ref }}" | |
fetch-depth: 0 | |
- name: "Get app version" | |
id: "app-version" | |
run: echo APP_VERSION="$(cat ./api/version.txt)" | tee -a $GITHUB_OUTPUT | |
deploy-ehp: | |
name: "Deploy on EHP environnement" | |
needs: version | |
if: github.event.inputs.target_environment != 'production' | |
uses: ./.github/workflows/dev_on_workflow_deploy.yml | |
with: | |
environment: ${{ github.event.inputs.target_environment }} | |
app_version: ${{ needs.version.outputs.APP_VERSION }} | |
teleport_version: 11.1.1 | |
teleport_proxy: teleport.ehp.passculture.team:443 | |
teleport_kubernetes_cluster: passculture-metier-ehp | |
deploy_api: true | |
deploy_pro: true | |
secrets: | |
GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }} | |
GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }} | |
deploy-integration: | |
name: "Deploy on integration environnement" | |
needs: version | |
if: github.event.inputs.target_environment == 'production' | |
uses: ./.github/workflows/dev_on_workflow_deploy.yml | |
with: | |
environment: integration | |
app_version: ${{ needs.version.outputs.APP_VERSION }} | |
teleport_version: 11.1.1 | |
teleport_proxy: teleport.ehp.passculture.team:443 | |
teleport_kubernetes_cluster: passculture-metier-ehp | |
deploy_api: true | |
deploy_pro: true | |
secrets: | |
GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }} | |
GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }} | |
deploy-prod: | |
name: "Deploy on production environnement" | |
needs: version | |
if: github.event.inputs.target_environment == 'production' | |
uses: ./.github/workflows/dev_on_workflow_deploy.yml | |
with: | |
environment: ${{ github.event.inputs.target_environment }} | |
app_version: ${{ needs.version.outputs.APP_VERSION }} | |
teleport_version: 11.1.1 | |
teleport_proxy: teleport.passculture.team:443 | |
teleport_kubernetes_cluster: passculture-metier-prod | |
deploy_api: true | |
deploy_pro: true | |
secrets: | |
GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }} | |
GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }} | |
slack-notification: | |
name: "Send Slack notification" | |
runs-on: ubuntu-latest | |
if: always() | |
needs: | |
- version | |
- deploy-prod | |
- deploy-ehp | |
steps: | |
- uses: technote-space/workflow-conclusion-action@v3 | |
- name: "Authentification to Google" | |
uses: 'google-github-actions/auth@v2' | |
with: | |
workload_identity_provider: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }} | |
service_account: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }} | |
- name: "Get Secret" | |
id: 'secrets' | |
uses: 'google-github-actions/get-secretmanager-secrets@v2' | |
with: | |
secrets: |- | |
SLACK_BOT_TOKEN:passculture-metier-ehp/passculture-ci-slack-bot-token | |
- name: "Post to a Slack channel" | |
if: always() | |
uses: slackapi/slack-github-action@v1.24.0 | |
with: | |
channel-id: ${{ fromJSON('["C037KSSG38D", "CQAMNFVPS"]')[github.event.inputs.target_environment != 'testing'] }} | |
payload: | | |
{ | |
"attachments": [ | |
{ | |
"mrkdwn_in": ["text"], | |
"color": "${{ fromJSON('["#36a64f", "#A30002"]')[ env.WORKFLOW_CONCLUSION == 'failure'] }}", | |
"author_name": "${{github.actor}}", | |
"author_link": "https://github.com/${{github.actor}}", | |
"author_icon": "https://github.com/${{github.actor}}.png", | |
"title": "PCAPI Deployment", | |
"title_link": "https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}", | |
"text": "Le déploiement de la version `v${{ needs.version.outputs.APP_VERSION }}` a ${{ fromJSON('["réussi", "échoué"]')[env.WORKFLOW_CONCLUSION == 'failure'] }} sur `${{ github.event.inputs.target_environment }}` ${{ fromJSON('[":muscle:", ":boom:"]')[env.WORKFLOW_CONCLUSION == 'failure'] }}" | |
} | |
], | |
"unfurl_links": false, | |
"unfurl_media": false | |
} | |
env: | |
SLACK_BOT_TOKEN: ${{ steps.secrets.outputs.SLACK_BOT_TOKEN }} |