forked from cds-snc/notification-api
-
Notifications
You must be signed in to change notification settings - Fork 9
140 lines (121 loc) · 4 KB
/
cd-pipeline.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
name: Continuous Deployment Pipeline
# note:
# It's useful to recognize that this workflow is designed to be triggered by a merge to the default branch.
# Therefore, ${{ github.sha }} will always be in reference to the SHA that originally triggered this workflow.
# $GITHUB_SHA, on the other hand, is created whenever actions/checkout@v4 is run
# note:
# environment:
# name:
# is keyword for using the environment protections.
# with:
# environment:
# is simply using a variable named environment
on:
push:
branches:
- master
jobs:
prepare-deployment:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
pr-label-summary:
needs: prepare-deployment
uses: ./.github/workflows/pr-label-semver.yml
secrets: inherit
approval-deploy-perf:
needs: pr-label-summary
environment:
name: perf-deploy
runs-on: ubuntu-latest
steps:
- name: Pause for manual approval
run: |
echo "Deploying commit SHA ${{ github.sha }}, the latest merge to master"
echo "Deployment paused for manual approval."
# this job deploys the SHA that triggered this workflow
deploy-to-perf:
needs: approval-deploy-perf
uses: ./.github/workflows/dev_deploy.yml
secrets: inherit
with:
environment: perf
ref: ${{ github.sha }}
lambdaDeploy: true
pre-tag-summary:
needs: deploy-to-perf
uses: ./.github/workflows/pre-tag-summary.yml
secrets: inherit
approval-deploy-staging:
needs: pre-tag-summary
environment:
name: staging-deploy
runs-on: ubuntu-latest
steps:
- name: Pause for manual approval
run: echo "Deployment paused for manual approval."
merge-to-release:
needs: approval-deploy-staging
# These permissions are needed to write to the release branch
permissions:
contents: write
runs-on: ubuntu-latest
steps:
- name: Checkout release branch
uses: actions/checkout@v4
with:
ref: release
fetch-depth: 0
# Fine-grained PAT with contents:write and workflows:write
# scopes
token: ${{ secrets.CD_PAT }}
- name: Setup git user
# The following is taken from https://github.com/actions/checkout/issues/13 as a common work-around
run: |
git config --global user.name "$(git --no-pager log --format=format:'%an' -n 1)"
git config --global user.email "$(git --no-pager log --format=format:'%ae' -n 1)"
- name: Merge commit SHA to release
run: |
git merge ${{ github.sha }} --no-squash -X theirs
git push
create-and-post-tag:
needs: merge-to-release
uses: ./.github/workflows/create-and-post-tag.yml
secrets: inherit
create-release-notes:
needs: create-and-post-tag
uses: ./.github/workflows/create-release-notes.yml
secrets: inherit
with:
previousVersion: ${{ needs.create-and-post-tag.outputs.previousVersion }}
deploy-to-staging:
needs: [create-release-notes, create-and-post-tag]
uses: ./.github/workflows/deploy-release.yml
secrets: inherit
with:
environment: staging
ref: ${{ needs.create-and-post-tag.outputs.newVersion }}
lambdaDeploy: true
approval-deploy-prod:
needs: deploy-to-staging
environment:
name: prod-deploy
runs-on: ubuntu-latest
steps:
- name: Pause for manual approval
run: echo "Pipeline paused for pending approval of staging by QA"
publish-release-notes:
needs: [create-release-notes, approval-deploy-prod]
uses: ./.github/workflows/publish-release-notes.yml
secrets: inherit
with:
draftReleaseReference: ${{ needs.create-release-notes.outputs.draftReleaseReference }}
deploy-to-prod:
needs: [publish-release-notes, create-and-post-tag]
uses: ./.github/workflows/deploy-release.yml
secrets: inherit
with:
environment: prod
ref: ${{ needs.create-and-post-tag.outputs.newVersion }}
lambdaDeploy: true