CORE-2204 Add workflow examples for Python

[baksetercx]

No description provided.

[3lvia-core-admin]

📝 Starter Workflow Templates Update

The starter workflow templates have been updated. Please review the changes below.

Files changed:

workflow-templates/build-deploy-python-google.properties.json
workflow-templates/build-deploy-python-google.yml
workflow-templates/build-deploy-python.properties.json
workflow-templates/build-deploy-python.yml

Full diff:

diff --git a/workflow-templates/build-deploy-python-google.properties.json b/workflow-templates/build-deploy-python-google.properties.json
new file mode 100644
index 0000000..06698d7
--- /dev/null
+++ b/workflow-templates/build-deploy-python-google.properties.json
@@ -0,0 +1,4 @@
+  {
+    "name": "Build and Deploy Python to Kubernetes on Google Cloud",
+    "description": "Build and Deploy Python to Kubernetes on Google Cloud"
+  }
diff --git a/workflow-templates/build-deploy-python-google.yml b/workflow-templates/build-deploy-python-google.yml
new file mode 100644
index 0000000..6e3b409
--- /dev/null
+++ b/workflow-templates/build-deploy-python-google.yml
@@ -0,0 +1,148 @@
+name: Build and Deploy Python to Kubernetes on Google Cloud
+
+on:
+  push:
+    branches: [$default-branch]
+##  Adding a path filter will only trigger the workflow if the files in the path are modified.
+##  This is very useful if you have a monorepo structure.
+##  See https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#onpushpull_requestpull_request_targetpathspaths-ignore for more information.
+##
+#    paths:
+#     - 'applications/my-app/**'
+##
+  pull_request:
+    branches: [$default-branch]
+
+env:
+  SYSTEM_NAME: '<your system name here>'
+  APPLICATION_NAME: '<your application name here>'
+  PROJECT_FILE: '<your project file path here>'
+  HELM_VALUES_FILE: '.github/deploy/values.yml'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: elvia-runner
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    # Limits the number of concurrent runs of this job to one, and cancels any in progress.
+    concurrency:
+      group: '${{ github.workflow }}-${{ github.ref }}-analyze'
+      cancel-in-progress: true
+    steps:
+      - uses: 3lvia/core-github-actions-templates/analyze@trunk
+        with:
+          # This can be set to a more specific path if you want to analyze only a part of the repository.
+          working-directory: '.'
+          language: 'python'
+
+  build-scan:
+    name: Build and Scan
+    runs-on: elvia-runner
+    permissions:
+      actions: read
+      contents: write
+      id-token: write
+      pull-requests: write
+      security-events: write
+    # Limits the number of concurrent runs of this job to one, and cancels any in progress.
+    concurrency:
+      group: '${{ github.workflow }}-${{ github.ref }}-build-scan'
+      cancel-in-progress: true
+    environment: build
+    steps:
+      - uses: 3lvia/core-github-actions-templates/build@trunk
+        with:
+          name: ${{ env.APPLICATION_NAME }}
+          namespace: ${{ env.SYSTEM_NAME }}
+          project-file: ${{ env.PROJECT_FILE }}
+          trivy-upload-report: 'true'
+          trivy-post-comment: 'true'
+          AZURE_CLIENT_ID: ${{ vars.ACR_CLIENT_ID }}
+
+  deploy-dev:
+    name: Deploy Dev
+    # Require all jobs below to be successful before running this job.
+    # Any of these can be commented out or removed if you want to deploy anyway.
+    needs:
+      - build-scan
+      - analyze
+    runs-on: elvia-runner
+    permissions:
+      contents: read
+      id-token: write
+    # Limits the number of concurrent runs of this job to one, but DOES NOT cancel any in progress.
+    concurrency:
+      group: '${{ github.workflow }}-${{ github.ref }}-deploy-dev'
+    environment: dev
+    steps:
+      - uses: 3lvia/core-github-actions-templates/deploy@trunk
+        with:
+          name: ${{ env.APPLICATION_NAME }}
+          namespace: ${{ env.SYSTEM_NAME }}
+          environment: 'dev'
+          helm-values-file: ${{ env.HELM_VALUES_FILE }}
+          runtime-cloud-provider: 'GKE'
+          # Will post to the Slack channel of your system if the deployment fails.
+          # Can be commented out if you don't want this.
+          slack-channel: '#team-${{ env.SYSTEM_NAME }}-alerts'
+          GC_SERVICE_ACCOUNT: ${{ vars.GC_SERVICE_ACCOUNT }}
+          GC_WORKLOAD_IDENTITY_PROVIDER: ${{ vars.GC_WORKLOAD_IDENTITY_PROVIDER }}
+
+  deploy-test:
+    name: Deploy Test
+    # Only deploy to test after dev
+    needs: [deploy-dev]
+    runs-on: elvia-runner
+    permissions:
+      contents: read
+      id-token: write
+    # Limits the number of concurrent runs of this job to one, but DOES NOT cancel any in progress.
+    concurrency:
+      group: '${{ github.workflow }}-${{ github.ref }}-deploy-test'
+    environment: test
+    # Only on push to trunk
+    if: github.ref == 'refs/heads/trunk'
+    steps:
+      - uses: 3lvia/core-github-actions-templates/deploy@trunk
+        with:
+          name: ${{ env.APPLICATION_NAME }}
+          namespace: ${{ env.SYSTEM_NAME }}
+          environment: 'test'
+          helm-values-file: ${{ env.HELM_VALUES_FILE }}
+          runtime-cloud-provider: 'GKE'
+          # Will post to the Slack channel of your system if the deployment fails.
+          # Can be commented out if you don't want this.
+          slack-channel: '#team-${{ env.SYSTEM_NAME }}-alerts'
+          GC_SERVICE_ACCOUNT: ${{ vars.GC_SERVICE_ACCOUNT }}
+          GC_WORKLOAD_IDENTITY_PROVIDER: ${{ vars.GC_WORKLOAD_IDENTITY_PROVIDER }}
+
+  deploy-prod:
+    name: Deploy Prod
+    # Only deploy to prod after test
+    needs: [deploy-test]
+    runs-on: elvia-runner
+    permissions:
+      contents: read
+      id-token: write
+    # Limits the number of concurrent runs of this job to one, but DOES NOT cancel any in progress.
+    concurrency:
+      group: '${{ github.workflow }}-${{ github.ref }}-deploy-prod'
+    environment: prod
+    # Only on push to trunk
+    if: github.ref == 'refs/heads/trunk'
+    steps:
+      - uses: 3lvia/core-github-actions-templates/deploy@trunk
+        with:
+          name: ${{ env.APPLICATION_NAME }}
+          namespace: ${{ env.SYSTEM_NAME }}
+          environment: 'prod'
+          helm-values-file: ${{ env.HELM_VALUES_FILE }}
+          runtime-cloud-provider: 'GKE'
+          # Will post to the Slack channel of your system if the deployment fails.
+          # Can be commented out if you don't want this.
+          slack-channel: '#team-${{ env.SYSTEM_NAME }}-alerts'
+          GC_SERVICE_ACCOUNT: ${{ vars.GC_SERVICE_ACCOUNT }}
+          GC_WORKLOAD_IDENTITY_PROVIDER: ${{ vars.GC_WORKLOAD_IDENTITY_PROVIDER }}
diff --git a/workflow-templates/build-deploy-python.properties.json b/workflow-templates/build-deploy-python.properties.json
new file mode 100644
index 0000000..bc47b90
--- /dev/null
+++ b/workflow-templates/build-deploy-python.properties.json
@@ -0,0 +1,4 @@
+  {
+    "name": "Build and Deploy Python to Kubernetes",
+    "description": "Build and Deploy Python to Kubernetes"
+  }
diff --git a/workflow-templates/build-deploy-python.yml b/workflow-templates/build-deploy-python.yml
new file mode 100644
index 0000000..d387dfb
--- /dev/null
+++ b/workflow-templates/build-deploy-python.yml
@@ -0,0 +1,142 @@
+name: Build and Deploy Python to Kubernetes
+
+on:
+  push:
+    branches: [$default-branch]
+##  Adding a path filter will only trigger the workflow if the files in the path are modified.
+##  This is very useful if you have a monorepo structure.
+##  See https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#onpushpull_requestpull_request_targetpathspaths-ignore for more information.
+##
+#    paths:
+#     - 'applications/my-app/**'
+##
+  pull_request:
+    branches: [$default-branch]
+
+env:
+  SYSTEM_NAME: '<your system name here>'
+  APPLICATION_NAME: '<your application name here>'
+  PROJECT_FILE: '<your project file path here>'
+  HELM_VALUES_FILE: '.github/deploy/values.yml'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: elvia-runner
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    # Limits the number of concurrent runs of this job to one, and cancels any in progress.
+    concurrency:
+      group: '${{ github.workflow }}-${{ github.ref }}-analyze'
+      cancel-in-progress: true
+    steps:
+      - uses: 3lvia/core-github-actions-templates/analyze@trunk
+        with:
+          # This can be set to a more specific path if you want to analyze only a part of the repository.
+          working-directory: '.'
+          language: 'python'
+
+  build-scan:
+    name: Build and Scan
+    runs-on: elvia-runner
+    permissions:
+      actions: read
+      contents: write
+      id-token: write
+      pull-requests: write
+      security-events: write
+    # Limits the number of concurrent runs of this job to one, and cancels any in progress.
+    concurrency:
+      group: '${{ github.workflow }}-${{ github.ref }}-build-scan'
+      cancel-in-progress: true
+    environment: build
+    steps:
+      - uses: 3lvia/core-github-actions-templates/build@trunk
+        with:
+          name: ${{ env.APPLICATION_NAME }}
+          namespace: ${{ env.SYSTEM_NAME }}
+          project-file: ${{ env.PROJECT_FILE }}
+          trivy-upload-report: 'true'
+          trivy-post-comment: 'true'
+          AZURE_CLIENT_ID: ${{ vars.ACR_CLIENT_ID }}
+
+  deploy-dev:
+    name: Deploy Dev
+    # Require all jobs below to be successful before running this job.
+    # Any of these can be commented out or removed if you want to deploy anyway.
+    needs:
+      - build-scan
+      - analyze
+    runs-on: elvia-runner
+    permissions:
+      contents: read
+      id-token: write
+    # Limits the number of concurrent runs of this job to one, but DOES NOT cancel any in progress.
+    concurrency:
+      group: '${{ github.workflow }}-${{ github.ref }}-deploy-dev'
+    environment: dev
+    steps:
+      - uses: 3lvia/core-github-actions-templates/deploy@trunk
+        with:
+          name: ${{ env.APPLICATION_NAME }}
+          namespace: ${{ env.SYSTEM_NAME }}
+          environment: 'dev'
+          helm-values-file: ${{ env.HELM_VALUES_FILE }}
+          # Will post to the Slack channel of your system if the deployment fails.
+          # Can be commented out if you don't want this.
+          slack-channel: '#team-${{ env.SYSTEM_NAME }}-alerts'
+          AZURE_CLIENT_ID: ${{ vars.AKS_CLIENT_ID }}
+
+  deploy-test:
+    name: Deploy Test
+    # Only deploy to test after dev
+    needs: [deploy-dev]
+    runs-on: elvia-runner
+    permissions:
+      contents: read
+      id-token: write
+    # Limits the number of concurrent runs of this job to one, but DOES NOT cancel any in progress.
+    concurrency:
+      group: '${{ github.workflow }}-${{ github.ref }}-deploy-test'
+    environment: test
+    # Only on push to trunk
+    if: github.ref == 'refs/heads/trunk'
+    steps:
+      - uses: 3lvia/core-github-actions-templates/deploy@trunk
+        with:
+          name: ${{ env.APPLICATION_NAME }}
+          namespace: ${{ env.SYSTEM_NAME }}
+          environment: 'test'
+          helm-values-file: ${{ env.HELM_VALUES_FILE }}
+          # Will post to the Slack channel of your system if the deployment fails.
+          # Can be commented out if you don't want this.
+          slack-channel: '#team-${{ env.SYSTEM_NAME }}-alerts'
+          AZURE_CLIENT_ID: ${{ vars.AKS_CLIENT_ID }}
+
+  deploy-prod:
+    name: Deploy Prod
+    # Only deploy to prod after test
+    needs: [deploy-test]
+    runs-on: elvia-runner
+    permissions:
+      contents: read
+      id-token: write
+    # Limits the number of concurrent runs of this job to one, but DOES NOT cancel any in progress.
+    concurrency:
+      group: '${{ github.workflow }}-${{ github.ref }}-deploy-prod'
+    environment: prod
+    # Only on push to trunk
+    if: github.ref == 'refs/heads/trunk'
+    steps:
+      - uses: 3lvia/core-github-actions-templates/deploy@trunk
+        with:
+          name: ${{ env.APPLICATION_NAME }}
+          namespace: ${{ env.SYSTEM_NAME }}
+          environment: 'prod'
+          helm-values-file: ${{ env.HELM_VALUES_FILE }}
+          # Will post to the Slack channel of your system if the deployment fails.
+          # Can be commented out if you don't want this.
+          slack-channel: '#team-${{ env.SYSTEM_NAME }}-alerts'
+          AZURE_CLIENT_ID: ${{ vars.AKS_CLIENT_ID }}