This repository has been archived by the owner on Mar 20, 2024. It is now read-only.
Issue/193 prod deploy docs #786
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "CICD Pipeline" | |
| on: | |
| push: | |
| pull_request: | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref_name }} | |
| jobs: | |
| changes: | |
| name: "Check for changes" | |
| runs-on: ubuntu-latest | |
| outputs: | |
| terraform: ${{ steps.changes.outputs.terraform }} | |
| app: ${{ steps.changes.outputs.app }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dorny/paths-filter@v3 | |
| id: changes | |
| with: | |
| filters: | | |
| terraform: | |
| - 'tf/**/*.tf' | |
| - 'tf/**/*.tfvars' | |
| - 'tf/**/*.tfbackend' | |
| app: | |
| - 'packages.json' | |
| - '.eslintrc.yaml' | |
| - '.codeclimate.yml' | |
| - 'src/app/**/*' | |
| - '**/*.ts' | |
| call-tf-validation: | |
| uses: ./.github/workflows/terraform-validate.yml | |
| needs: changes | |
| ## Skip if no changes in terraform files, but not if PR | |
| if: | | |
| needs.changes.outputs.terraform == 'true' || | |
| github.event_name == 'pull_request' | |
| strategy: | |
| matrix: | |
| project: [application,data] | |
| with: | |
| project: ${{ matrix.project }} | |
| name: Calling TF Validate | |
| call-app-lint: | |
| name: "Calling Application Lint Stage" | |
| uses: ./.github/workflows/app-lint.yml | |
| needs: changes | |
| ## Skip if no changes in application files, but not if PR | |
| if: | | |
| needs.changes.outputs.app == 'true' || | |
| github.event_name == 'pull_request' | |
| call-tf-plan: | |
| name: "Calling TF Plan Stage" | |
| uses: ./.github/workflows/terraform-plan.yml | |
| needs: changes | |
| ## Call terraform plan if pull request | |
| if: | | |
| github.event_name == 'pull_request' | |
| strategy: | |
| matrix: | |
| target: [stage, prod] | |
| project: [application,data] | |
| with: | |
| target: ${{ matrix.target }} | |
| project: ${{ matrix.project }} | |
| secrets: | |
| TERRAFORM_ROLE: ${{ secrets.TERRAFORM_ROLE }} | |
| permissions: | |
| id-token: write | |
| contents: read | |
| call-app-unit-testing: | |
| name: "Calling Unit Testing" | |
| uses: ./.github/workflows/app-unit-test.yml | |
| needs: changes | |
| ## Skip if not changes, but not if PR | |
| if: | | |
| needs.changes.outputs.app == 'true' || | |
| github.event_name == 'pull_request' | |
| secrets: | |
| CODE_CLIMATE_ID: ${{ secrets.CODE_CLIMATE_ID }} | |
| permissions: | |
| id-token: write | |
| contents: read | |
| actions: read | |
| call-app-build: | |
| name: "Calling App Build Stage" | |
| uses: ./.github/workflows/app-build.yml | |
| needs: changes | |
| ## Always build on main && PR. Build on others if changes | |
| if: | | |
| needs.changes.outputs.app == 'true' || | |
| (github.ref == 'refs/heads/main' && github.event_name == 'push') || | |
| github.event_name == 'pull_request' | |
| secrets: | |
| UPLOAD_ROLE: ${{ secrets.UPLOAD_ROLE }} | |
| ## If running on a protected branch, upload artifact with role in stage environment | |
| with: | |
| upload: ${{ github.ref_protected }} | |
| environment: ${{ github.ref_protected == true && 'stage' || '' }} | |
| permissions: | |
| id-token: write | |
| contents: read | |
| call-tf-deploy: | |
| name: "Calling TF Deploy Stage" | |
| needs: call-tf-validation | |
| ## Run if on main branch and no previous steps have failed | |
| if: | | |
| always() && | |
| !cancelled() && | |
| !contains(needs.*.result, 'failure') && | |
| github.ref == 'refs/heads/main' && | |
| github.event_name == 'push' | |
| uses: ./.github/workflows/terraform-deploy.yml | |
| strategy: | |
| matrix: | |
| project: [application,data] | |
| with: | |
| target: stage | |
| project: ${{ matrix.project }} | |
| secrets: | |
| TERRAFORM_ROLE: ${{ secrets.TERRAFORM_ROLE }} | |
| permissions: | |
| id-token: write | |
| contents: read | |
| call-app-deploy: | |
| name: "Calling App Deploy (Stage)" | |
| uses: ./.github/workflows/app-deploy.yml | |
| ## Run after terraform deploy and app build | |
| needs: | |
| - call-app-build | |
| - call-tf-deploy | |
| ## Needed to fix issue in github where needs dependency tree evaluates skip condition incorrectly | |
| ## Always runs on deploy to main, unless failure in previous step | |
| if: | | |
| always() && | |
| !cancelled() && | |
| !contains(needs.*.result, 'failure') && | |
| github.ref == 'refs/heads/main' && | |
| github.event_name == 'push' | |
| concurrency: | |
| group: stage-deployment | |
| with: | |
| target: stage | |
| secrets: | |
| DEPLOY_ROLE: ${{ secrets.DEPLOY_ROLE }} | |
| permissions: | |
| id-token: write | |
| contents: read | |
| call-integration-testing: | |
| name: "Calling Application Integration Testing" | |
| uses: ./.github/workflows/app-int-test.yml | |
| ## Run after TF and Application deployments have finished | |
| needs: | |
| - call-app-deploy | |
| - call-tf-deploy | |
| ## Needed to fix issue in github where needs dependency tree evaluates skip condition incorrectly | |
| ## Always runs on deploy to main, unless failure in previous step | |
| if: | | |
| always() && | |
| !cancelled() && | |
| !contains(needs.*.result, 'failure') && | |
| github.ref == 'refs/heads/main' && | |
| github.event_name == 'push' | |
| concurrency: | |
| group: stage-deployment | |
| with: | |
| target: stage | |
| secrets: | |
| TERRAFORM_ROLE: ${{ secrets.TERRAFORM_ROLE }} |