Skip to content

Merge pull request #16784 from CDCgov/deployment/2024-12-12 #3895

Merge pull request #16784 from CDCgov/deployment/2024-12-12

Merge pull request #16784 from CDCgov/deployment/2024-12-12 #3895

name: Release to Azure
on:
push:
branches:
- main
- production
- test
- demo1
- demo2
- demo3
defaults:
run:
working-directory: prime-router
env:
AZURE_CREDENTIALS: '{"clientId":"${{ secrets.AZURE_CLIENT_ID }}","clientSecret":"${{ secrets.AZURE_CLIENT_SECRET }}","subscriptionId":"${{ secrets.AZURE_SUBSCRIPTION_ID }}","tenantId":"${{ secrets.AZURE_TENANT_ID }}"}'
jobs:
pre_job:
name: "Set Build Environment"
runs-on: ubuntu-latest
outputs:
env_name: ${{ steps.build_vars.outputs.env_name }}
version: ${{ steps.build_vars.outputs.version }}
has_router_change: ${{ steps.build_vars.outputs.has_router_change }}
has_frontend_change: ${{ steps.build_vars.outputs.has_frontend_change }}
dns_ip: ${{ steps.build_vars.outputs.dns_ip }}
steps:
- name: Check out changes
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
- name: Build vars
id: build_vars
uses: ./.github/actions/build-vars
with:
sp-creds: ${{ env.AZURE_CREDENTIALS }}
build_router_release:
name: "Release: Build Router"
needs:
- pre_job
if: needs.pre_job.outputs.has_router_change == 'true'
runs-on: ubuntu-latest
steps:
- name: Check out changes
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
- name: Build backend
uses: ./.github/actions/build-backend
with:
version: ${{ needs.pre_job.outputs.version }}
build_frontend_react_release:
name: "Release: Build Frontend (React)"
needs:
- pre_job
if: needs.pre_job.outputs.has_frontend_change == 'true'
runs-on: ubuntu-latest
defaults:
run:
working-directory: frontend-react
steps:
- name: Check out changes
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
- name: Build frontend
uses: ./.github/actions/build-frontend
with:
env-name: ${{ needs.pre_job.outputs.env_name }}
appinsights-staging-key: ${{ secrets.APPINSIGHTS_STAGING_KEY }}
appinsights-prod-key: ${{ secrets.APPINSIGHTS_PROD_KEY }}
version: ${{ needs.pre_job.outputs.version }}
test-admin-user: ${{ secrets.TEST_ADMIN_USERNAME }}
test-admin-password: ${{ secrets.TEST_ADMIN_PASSWORD }}
test-sender-user: ${{ secrets.TEST_SENDER_USERNAME }}
test-sender-password: ${{ secrets.TEST_SENDER_PASSWORD }}
test-receiver-user: ${{ secrets.TEST_RECEIVER_USERNAME }}
test-receiver-password: ${{ secrets.TEST_RECEIVER_PASSWORD }}
deploy_infrastructure:
name: "Deploy Infrastructure: ${{ needs.pre_job.outputs.env_name }}"
needs:
- pre_job
if: |
needs.pre_job.outputs.env_name == 'demo1' ||
needs.pre_job.outputs.env_name == 'demo2' ||
needs.pre_job.outputs.env_name == 'demo3'
environment: ${{ needs.pre_job.outputs.env_name }}
concurrency: demo
runs-on: ubuntu-latest
steps:
- name: Check out changes
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
- name: Use specific version of Terraform
uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd
with:
terraform_version: 1.7.4
terraform_wrapper: false
- name: Connect to VPN and login to Azure
uses: ./.github/actions/vpn-azure
with:
env-name: ${{ needs.pre_job.outputs.env_name }}
sp-creds: ${{ env.AZURE_CREDENTIALS }}
tf-auth: true
- name: Provision demo environment
uses: ./.github/actions/demo-env
with:
env-name: ${{ needs.pre_job.outputs.env_name }}
github-token: ${{ secrets.DEMO_ENV }}
backup-age-limit: 7200
backup-from: staging
approve_router_release:
name: "Approve Router Release: ${{ needs.pre_job.outputs.env_name }}"
needs:
- pre_job
- build_router_release
- deploy_infrastructure
if: |
always() &&
!cancelled() &&
!failure() &&
needs.pre_job.outputs.has_router_change == 'true'
environment: ${{ needs.pre_job.outputs.env_name }}-router
concurrency: ${{ needs.pre_job.outputs.env_name }}-router
runs-on: ubuntu-latest
steps:
- name: Check out changes
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
- name: Login to Azure
if: |
needs.pre_job.outputs.has_router_change == 'true' ||
needs.pre_job.outputs.has_frontend_change == 'true'
uses: ./.github/actions/vpn-azure
with:
env-name: ${{ needs.pre_job.outputs.env_name }}
sp-creds: ${{ env.AZURE_CREDENTIALS }}
- name: Get function app checksum
env:
checksum_validation: ${{ vars.CHECKSUM_VALIDATION }}
if: needs.pre_job.outputs.has_router_change == 'true' && env.checksum_validation == 'true'
uses: ./.github/actions/checksum-validate
with:
key: backend
input: $(az functionapp config appsettings list -g prime-data-hub-${{ needs.pre_job.outputs.env_name }} -n pdh${{ needs.pre_job.outputs.env_name }}-functionapp -o tsv | sort)
approve_frontend_release:
name: "Approve Frontend Release: ${{ needs.pre_job.outputs.env_name }}"
needs:
- pre_job
- build_frontend_react_release
if: |
always() &&
!cancelled() &&
!failure() &&
needs.pre_job.outputs.has_frontend_change == 'true'
environment: ${{ needs.pre_job.outputs.env_name }}-frontend
concurrency: ${{ needs.pre_job.outputs.env_name }}-frontend
runs-on: ubuntu-latest
steps:
- name: Check out changes
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
deploy_router_release:
name: "Deploy Router Release: ${{ needs.pre_job.outputs.env_name }}"
needs:
- pre_job
- approve_router_release
if: |
always() &&
!cancelled() &&
!failure() &&
needs.pre_job.outputs.has_router_change == 'true'
environment: ${{ needs.pre_job.outputs.env_name }}
concurrency: ${{ needs.pre_job.outputs.env_name }}
runs-on: ubuntu-latest
steps:
- name: Check out changes
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
- name: Connect to VPN and login to Azure
uses: ./.github/actions/vpn-azure
with:
env-name: ${{ needs.pre_job.outputs.env_name }}
tls-key: ${{ secrets.TLS_KEY }}
ca-cert: ${{ secrets.CA_CRT}}
user-crt: ${{ secrets.USER_CRT }}
user-key: ${{ secrets.USER_KEY }}
sp-creds: ${{ env.AZURE_CREDENTIALS }}
dns-ip: ${{ needs.pre_job.outputs.dns_ip }}
- name: Deploy backend
env:
checksum_validation: ${{ vars.CHECKSUM_VALIDATION }}
uses: ./.github/actions/deploy-backend
with:
env-name: ${{ needs.pre_job.outputs.env_name }}
dct-root-pass: ${{ secrets.DCT_ROOT_PASS }}
dct-repo-pass: ${{ secrets.DCT_REPO_PASS }}
version: ${{ needs.pre_job.outputs.version }}
checksum-validation: ${{ env.checksum_validation }}
deploy_frontend_release:
name: "Deploy Frontend Release: ${{ needs.pre_job.outputs.env_name }}"
needs:
- pre_job
- approve_frontend_release
if: |
always() &&
!cancelled() &&
!failure() &&
needs.pre_job.outputs.has_frontend_change == 'true'
environment: ${{ needs.pre_job.outputs.env_name }}
concurrency: ${{ needs.pre_job.outputs.env_name }}
runs-on: ubuntu-latest
steps:
- name: Check out changes
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
- name: Connect to VPN and login to Azure
uses: ./.github/actions/vpn-azure
with:
env-name: ${{ needs.pre_job.outputs.env_name }}
tls-key: ${{ secrets.TLS_KEY }}
ca-cert: ${{ secrets.CA_CRT}}
user-crt: ${{ secrets.USER_CRT }}
user-key: ${{ secrets.USER_KEY }}
sp-creds: ${{ env.AZURE_CREDENTIALS }}
dns-ip: ${{ needs.pre_job.outputs.dns_ip }}
- name: Deploy frontend
uses: ./.github/actions/deploy-frontend
with:
env-name: ${{ needs.pre_job.outputs.env_name }}
version: ${{ needs.pre_job.outputs.version }}