#1726 - Deploy to Prod from CD Pipeline (#1828)

Co-authored-by: Kyle MacMillan <[email protected]>
department-of-veterans-affairs · Jun 3, 2024 · 411f7e1 · 411f7e1
1 parent b2fc7b3
commit 411f7e1
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 2 deletions.
diff --git a/.github/workflows/cd-pipeline.yml b/.github/workflows/cd-pipeline.yml
@@ -105,7 +105,7 @@ jobs:
       previousVersion: ${{ needs.create-and-post-tag.outputs.previousVersion }}
 
   deploy-to-staging:
-    needs: create-release-notes
+    needs: [create-release-notes, create-and-post-tag]
     uses: ./.github/workflows/deploy-release.yml
     secrets: inherit
     with:
@@ -129,3 +129,12 @@ jobs:
     with:
       draftReleaseReference: ${{ needs.create-release-notes.outputs.draftReleaseReference }}
 
+  deploy-to-prod:
+    needs: [publish-release-notes, create-and-post-tag]
+    uses: ./.github/workflows/deploy-release.yml
+    secrets: inherit
+    with:
+      environment: prod
+      ref: ${{ needs.create-and-post-tag.outputs.newVersion }}
+      lambdaDeploy: true
+
diff --git a/Makefile b/Makefile
@@ -32,8 +32,10 @@ install-safety:
 
 check-dependencies: install-safety ## Scan dependencies for security vulnerabilities
 	# 12 Dec 2023: 51668 is fixed with >= 2.0.0b1 of SQLAlchemy. Ongoing refactor to upgrade.
+	# 6 June 2024: 70624 will be resolved with ticket #1794
+	# 6 June 2024: 70612 vulnerability found with jinja2 version 3.1.3
 
-	safety check -r poetry.lock --full-report -i 51668
+	safety check -r poetry.lock --full-report -i 51668,70624,70612
 
 .PHONY:
 	help \