-
Notifications
You must be signed in to change notification settings - Fork 5
143 lines (130 loc) · 5.75 KB
/
prod_cd_citizen-auth.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
name: Continuous Delivery on prod citizen-auth
on:
workflow_dispatch:
# Trigger the workflow on push on the main branch
push:
branches:
- main
paths:
- "src/domains/citizen-auth**"
- ".github/workflows/prod**citizen-auth.yml"
permissions:
id-token: write
contents: read
env:
DIR: "src/domains/citizen-auth"
AZURE_ENVIRONMENT: prod
jobs:
create_runner:
name: Create Runner
runs-on: ubuntu-22.04
environment: prod-runner
outputs:
runner_name: ${{ steps.create_github_runner.outputs.runner_name }}
steps:
- name: Create GitHub Runner
id: create_github_runner
# from https://github.com/pagopa/eng-github-actions-iac-template/tree/main/azure/github-self-hosted-runner-azure-create-action
uses: pagopa/eng-github-actions-iac-template/azure/github-self-hosted-runner-azure-create-action@main
with:
client_id: ${{ secrets.AZURE_CLIENT_ID }}
tenant_id: ${{ secrets.AZURE_TENANT_ID }}
subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
container_app_environment_name: ${{ secrets.AZURE_CONTAINER_APP_ENVIRONMENT_NAME }}
resource_group_name: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }}
pat_token: ${{ secrets.BOT_TOKEN }}
terraform_preapply_job:
name: Terraform Pre Apply
runs-on: [self-hosted, "${{ needs.create_runner.outputs.runner_name }}"]
environment: prod-ci
needs: create_runner
steps:
- name: Checkout
id: checkout
# from https://github.com/actions/checkout/commits/main
uses: actions/checkout@1f9a0c22da41e6ebfa534300ef656657ea2c6707
with:
persist-credentials: false
fetch-depth: 0
- name: Setup terraform
id: setup-version
# https://github.com/pagopa/terraform-install-action/commits/main
uses: pagopa/terraform-install-action@1f76f593176e58c423b88d72273a612ba7ba430b
- name: Terraform pre apply common
# from https://github.com/pagopa/terraform-preapply-azure-action/commits/main
uses: pagopa/terraform-preapply-azure-action@54ded8cda3437c3f6a9f46baf69cb321ce82f5cd
with:
client_id: ${{ secrets.AZURE_CLIENT_ID }}
tenant_id: ${{ secrets.AZURE_TENANT_ID }}
subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
dir: ${{ env.DIR }}-common
azure_environment: prod
- name: Terraform pre apply weu-beta
# from https://github.com/pagopa/terraform-preapply-azure-action/commits/main
uses: pagopa/terraform-preapply-azure-action@54ded8cda3437c3f6a9f46baf69cb321ce82f5cd
with:
client_id: ${{ secrets.AZURE_CLIENT_ID }}
tenant_id: ${{ secrets.AZURE_TENANT_ID }}
subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
dir: ${{ env.DIR }}-app
azure_environment: weu-beta
- name: Terraform pre apply weu-prod01
# from https://github.com/pagopa/terraform-preapply-azure-action/commits/main
uses: pagopa/terraform-preapply-azure-action@54ded8cda3437c3f6a9f46baf69cb321ce82f5cd
with:
client_id: ${{ secrets.AZURE_CLIENT_ID }}
tenant_id: ${{ secrets.AZURE_TENANT_ID }}
subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
dir: ${{ env.DIR }}-app
azure_environment: weu-prod01
terraform_apply_job:
name: Terraform Apply
runs-on: [self-hosted, "${{ needs.create_runner.outputs.runner_name }}"]
environment: prod-cd
needs: [create_runner, terraform_preapply_job]
steps:
- name: Terraform apply common
# from https://github.com/pagopa/terraform-apply-azure-action/commits/main
uses: pagopa/terraform-apply-azure-action@87efc4aa9b093b99ae5fd1915977e29cd80861ab
with:
client_id: ${{ secrets.AZURE_CLIENT_ID }}
tenant_id: ${{ secrets.AZURE_TENANT_ID }}
subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
dir: ${{ env.DIR }}-common
azure_environment: prod
- name: Terraform apply weu-beta
# from https://github.com/pagopa/terraform-apply-azure-action/commits/main
uses: pagopa/terraform-apply-azure-action@87efc4aa9b093b99ae5fd1915977e29cd80861ab
with:
client_id: ${{ secrets.AZURE_CLIENT_ID }}
tenant_id: ${{ secrets.AZURE_TENANT_ID }}
subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
dir: ${{ env.DIR }}-app
azure_environment: weu-beta
- name: Terraform apply weu-prod01
# from https://github.com/pagopa/terraform-apply-azure-action/commits/main
uses: pagopa/terraform-apply-azure-action@87efc4aa9b093b99ae5fd1915977e29cd80861ab
with:
client_id: ${{ secrets.AZURE_CLIENT_ID }}
tenant_id: ${{ secrets.AZURE_TENANT_ID }}
subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
dir: ${{ env.DIR }}-app
azure_environment: weu-prod01
cleanup_runner:
name: Cleanup Runner
if: always()
runs-on: ubuntu-22.04
environment: prod-runner
needs: [create_runner, terraform_preapply_job, terraform_apply_job]
steps:
- name: Cleanup GitHub Runner
id: cleanup_github_runner
# from https://github.com/pagopa/eng-github-actions-iac-template/tree/main/azure/github-self-hosted-runner-azure-cleanup-action
uses: pagopa/eng-github-actions-iac-template/azure/github-self-hosted-runner-azure-cleanup-action@main
with:
client_id: ${{ secrets.AZURE_CLIENT_ID }}
tenant_id: ${{ secrets.AZURE_TENANT_ID }}
subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
resource_group_name: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }}
runner_name: ${{ needs.create_runner.outputs.runner_name }}
pat_token: ${{ secrets.BOT_TOKEN }}