Send FHIR message in prod (#6124) #1647
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy Stg | |
| on: | |
| push: | |
| branches: | |
| - main | |
| # on: | |
| # workflow_run: | |
| # workflows: ["Deploy Test"] | |
| # types: | |
| # - completed | |
| env: | |
| DEPLOY_ENV: stg | |
| NODE_VERSION: 18 | |
| concurrency: | |
| group: stg-deploy | |
| jobs: | |
| build-docker: | |
| # if: ${{ github.event.workflow_run.conclusion == 'success' }} | |
| runs-on: ubuntu-latest | |
| defaults: | |
| run: | |
| working-directory: ./backend | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Login to ACR | |
| run: docker login ${{ secrets.ACR_REPO_URL }} -u ${{ secrets.ACR_ADMIN_USERNAME }} -p ${{ secrets.ACR_ADMIN_PASWORD }} | |
| - name: Build and push Docker images | |
| run: ./build_and_push.sh | |
| build-db-client-docker: | |
| runs-on: ubuntu-latest | |
| defaults: | |
| run: | |
| working-directory: ./ops/services/container_instances/db_client/image | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Login to ACR | |
| run: docker login ${{ secrets.ACR_REPO_URL }} -u ${{ secrets.ACR_ADMIN_USERNAME }} -p ${{ secrets.ACR_ADMIN_PASWORD }} | |
| - name: Build and push Docker images | |
| run: ./build_and_push.sh | |
| prerelease-backend: | |
| # if: ${{ github.event.workflow_run.conclusion == 'success' }} | |
| runs-on: ubuntu-latest | |
| needs: [build-docker, build-db-client-docker] | |
| defaults: | |
| run: | |
| working-directory: ./ops | |
| env: # all Azure interaction is through terraform | |
| ARM_CLIENT_ID: ${{ secrets.TERRAFORM_ARM_CLIENT_ID }} | |
| ARM_CLIENT_SECRET: ${{ secrets.TERRAFORM_ARM_CLIENT_SECRET }} | |
| ARM_SUBSCRIPTION_ID: ${{ secrets.TERRAFORM_ARM_SUBSCRIPTION_ID }} | |
| ARM_TENANT_ID: ${{ secrets.TERRAFORM_ARM_TENANT_ID }} | |
| OKTA_API_TOKEN: ${{ secrets.OKTA_API_TOKEN }} | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: azure/login@v1 | |
| with: | |
| creds: ${{ secrets.AZURE_CREDENTIALS }} | |
| - uses: hashicorp/setup-terraform@v2.0.3 | |
| with: | |
| terraform_version: 1.3.3 | |
| - name: Build ReportStream function app | |
| uses: ./.github/actions/build-reportstream-functions | |
| with: | |
| deploy-env: ${{env.DEPLOY_ENV}} | |
| - name: Terraform Init | |
| run: make init-${{ env.DEPLOY_ENV }} | |
| - name: Terraform deploy (infrastructure and staging slot) | |
| run: make deploy-${{ env.DEPLOY_ENV }} | |
| - name: Wait for correct release to be deployed in staging slot | |
| timeout-minutes: 5 | |
| run: make wait-for-${{ env.DEPLOY_ENV }}-slot-commit | |
| - name: Wait for staging deploy to be ready | |
| timeout-minutes: 1 | |
| run: make wait-for-${{ env.DEPLOY_ENV }}-slot-readiness | |
| build-frontend: | |
| # if: ${{ github.event.workflow_run.conclusion == 'success' }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: actions/setup-node@v3.7.0 | |
| with: | |
| node-version: ${{env.NODE_VERSION}} | |
| - name: Use cache for node_modules | |
| uses: actions/cache@v3.3.1 | |
| with: | |
| path: | | |
| ./frontend/node_modules | |
| key: npm-${{env.NODE_VERSION}}-${{ hashFiles('frontend/yarn.lock', 'frontend/package.json') }} | |
| - uses: azure/login@v1 | |
| with: | |
| creds: ${{ secrets.AZURE_CREDENTIALS }} | |
| - uses: ./.github/actions/build-frontend | |
| name: Build front-end application | |
| with: | |
| deploy-env: ${{env.DEPLOY_ENV}} | |
| smarty-streets-key: ${{ secrets.SMARTY_STREETS_KEY }} | |
| client-tarball: ./client.tgz | |
| okta-enabled: true | |
| okta-url: https://hhs-prime.okta.com | |
| okta-client-id: 0oa62qncijWSeQMuc4h6 | |
| - name: Save compiled frontend application | |
| uses: actions/upload-artifact@v3 | |
| if: success() | |
| with: | |
| name: frontend-tarball | |
| path: client.tgz | |
| retention-days: 1 | |
| deploy: | |
| # if: ${{ github.event.workflow_run.conclusion == 'success' }} | |
| runs-on: ubuntu-latest | |
| environment: | |
| name: Staging | |
| url: https://stg.simplereport.gov | |
| needs: [build-frontend, prerelease-backend] | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: azure/login@v1 | |
| with: | |
| creds: ${{ secrets.AZURE_CREDENTIALS }} | |
| - name: Retrieve frontend build | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: frontend-tarball | |
| - name: Promote and deploy | |
| uses: ./.github/actions/deploy-application | |
| with: | |
| client-tarball: client.tgz | |
| deploy-env: ${{env.DEPLOY_ENV}} | |
| slack_alert: | |
| runs-on: ubuntu-latest | |
| if: failure() | |
| needs: [deploy] | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Send alert to Slack | |
| uses: ./.github/actions/slack-message | |
| with: | |
| username: ${{ github.actor }} | |
| description: | | |
| :siren-gif: Deploy to ${{ env.DEPLOY_ENV }} failed. ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} :siren-gif: | |
| webhook_url: ${{ secrets.SR_ALERTS_SLACK_WEBHOOK_URL }} | |
| user_map: $${{ secrets.SR_ALERTS_GITHUB_SLACK_MAP }} |