forked from cds-snc/notification-api
-
Notifications
You must be signed in to change notification settings - Fork 9
119 lines (104 loc) · 3.52 KB
/
cd-pipeline.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
name: Continuous Deployment Pipeline
# note:
# It's useful to recognize that this workflow is designed to be triggered by a merge to the default branch.
# Therefore, ${{ github.sha }} will always be in reference to the SHA that originally triggered this workflow.
# $GITHUB_SHA, on the other hand, is created whenever actions/checkout@v4 is run
# note:
# environment:
# name:
# is keyword for using the environment protections.
# with:
# environment:
# is simply using a variable named environment
on:
push:
branches:
- main
jobs:
prepare-deployment:
runs-on: ${{ vars.RUNS_ON }}
steps:
- name: Checkout code
uses: actions/checkout@v4
pr-label-summary:
needs: prepare-deployment
uses: ./.github/workflows/pr-label-semver.yml
secrets: inherit
approval-deploy-perf:
needs: prepare-deployment
environment:
name: perf-deploy
runs-on: ${{ vars.RUNS_ON }}
steps:
- name: Pause for manual approval
run: |
echo "Deploying commit SHA ${{ github.sha }}, the latest merge to main"
echo "Deployment paused for manual approval."
pre-tag-summary:
needs: approval-deploy-perf
uses: ./.github/workflows/pre-tag-summary.yml
secrets: inherit
create-and-post-tag:
needs: pre-tag-summary
uses: ./.github/workflows/create-and-post-tag.yml
secrets: inherit
build-push-artifacts:
needs: create-and-post-tag
runs-on: ${{ vars.RUNS_ON }}
steps:
- name: Checkout Repo
uses: actions/checkout@v4
with:
ref: ${{ needs.create-and-post-tag.outputs.newVersion }}
- name: Build and Push Artifacts
uses: ./.github/actions/build-push-artifacts
with:
ref: ${{ needs.create-and-post-tag.outputs.newVersion }}
aws-access-key-id: ${{ secrets.VAEC_AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.VAEC_AWS_SECRET_ACCESS_KEY }}
role-to-assume: ${{ secrets.VAEC_DEPLOY_ROLE }}
deploy-to-perf:
needs: [create-and-post-tag, build-push-artifacts]
uses: ./.github/workflows/deploy-release.yml
secrets: inherit
with:
environment: perf
ref: ${{ needs.create-and-post-tag.outputs.newVersion }}
lambdaDeploy: true
approval-deploy:
needs: deploy-to-perf
environment:
name: staging-deploy
runs-on: ${{ vars.RUNS_ON }}
steps:
- name: Pause for manual approval
run: echo "Deployment paused for manual approval to staging and production."
create-release-notes:
needs: [create-and-post-tag, approval-deploy]
uses: ./.github/workflows/create-release-notes.yml
secrets: inherit
with:
previousVersion: ${{ needs.create-and-post-tag.outputs.previousVersion }}
deploy-to-staging:
needs: [create-release-notes, create-and-post-tag]
uses: ./.github/workflows/deploy-release.yml
secrets: inherit
with:
environment: staging
ref: ${{ needs.create-and-post-tag.outputs.newVersion }}
lambdaDeploy: true
publish-release-notes:
needs: [create-release-notes, deploy-to-staging]
uses: ./.github/workflows/publish-release-notes.yml
secrets: inherit
with:
draftReleaseReference: ${{ needs.create-release-notes.outputs.draftReleaseReference }}
deploy-to-prod:
if: vars.CODE_FREEZE == 'false'
needs: [publish-release-notes, create-and-post-tag]
uses: ./.github/workflows/deploy-release.yml
secrets: inherit
with:
environment: prod
ref: ${{ needs.create-and-post-tag.outputs.newVersion }}
lambdaDeploy: true