Skip to content

Add gcp wif cpd sandbox prod #3883

Add gcp wif cpd sandbox prod

Add gcp wif cpd sandbox prod #3883

Workflow file for this run

name: "Deploy"
concurrency:
group: ${{ github.head_ref || github.run_id }}
cancel-in-progress: true
on:
workflow_dispatch:
inputs:
environment:
description: "Deploy environment"
required: true
default: review
type: environment
options:
- review
push:
branches:
- main
pull_request:
merge_group:
permissions:
id-token: write
pull-requests: write
packages: write
security-events: write
jobs:
lint:
name: Lint
uses: ./.github/workflows/lint.yml
rspec:
name: Run the RSpec tests
uses: ./.github/workflows/rspec.yml
permit-merge:
name: Permit merge
needs: [lint, rspec]
runs-on: ubuntu-latest
steps:
- run: "echo 'Linting and tests passed, this branch is ready to be merged'"
docker:
name: Build and push Docker image
runs-on: ubuntu-latest
if: github.actor != 'dependabot[bot]' && github.event_name != 'merge_group'
outputs:
docker-image: ${{ steps.build-docker-image.outputs.image }}
steps:
- uses: actions/checkout@v3
- uses: DFE-Digital/github-actions/build-docker-image@master
id: build-docker-image
with:
docker-repository: ghcr.io/dfe-digital/early-careers-framework
github-token: ${{ secrets.GITHUB_TOKEN }}
snyk-token: ${{ secrets.SNYK_TOKEN }}
brakeman:
name: Run Brakeman vulnerability scanner
uses: ./.github/workflows/brakeman.yml
with:
ruby-version: "3.2.4"
deploy_review:
name: Deploy review
concurrency: deploy_review_${{ github.event.pull_request.number }}
if: github.actor != 'dependabot[bot]' && github.event_name == 'pull_request'
needs: [docker, brakeman]
runs-on: ubuntu-latest
environment:
name: review
steps:
- uses: actions/checkout@v3
- uses: ./.github/actions/deploy-environment-to-aks
id: deploy
with:
environment: review
docker-image: ${{ needs.docker.outputs.docker-image }}
azure-credentials: ${{ secrets.AZURE_CREDENTIALS }}
pull-request-number: ${{ github.event.pull_request.number }}
current-commit-sha: ${{ github.event.pull_request.head.sha }}
statuscake-api-token: ${{ secrets.STATUSCAKE_API_TOKEN }}
- name: Post sticky pull request comment
uses: marocchino/sticky-pull-request-comment@v2
with:
message: |
Review app deployed to ${{ steps.deploy.outputs.url }}
run_smoke_tests:
name: Run Smoke tests
needs: [ docker ]
runs-on: ubuntu-latest
if: github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'test-performance')
concurrency: run_smoke_tests_${{ github.event.pull_request.number }}
environment:
name: production
steps:
- name: Checkout code
uses: actions/checkout@v3
- uses: ./.github/actions/test-performance
id: smoke-test
with:
scenario: smoke-test
docker-image: ${{ needs.docker.outputs.docker-image }}
azure-credentials: ${{ secrets.AZURE_CREDENTIALS }}
deploy_staging:
name: Deploy staging
needs: [docker, rspec, lint, brakeman]
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/main'
environment:
name: staging
outputs:
docker-image: ${{ needs.docker.outputs.docker-image }}
steps:
- uses: actions/checkout@v3
- uses: ./.github/actions/deploy-environment-to-aks
id: deploy
with:
environment: staging
docker-image: ${{ needs.docker.outputs.docker-image }}
azure-credentials: ${{ secrets.AZURE_CREDENTIALS }}
current-commit-sha: ${{ github.sha }}
statuscake-api-token: ${{ secrets.STATUSCAKE_API_TOKEN }}
deploy_sandbox:
name: Deploy sandbox
needs: [deploy_staging]
runs-on: ubuntu-latest
environment:
name: sandbox
steps:
- uses: actions/checkout@v3
- uses: ./.github/actions/deploy-environment-to-aks
id: deploy
with:
environment: sandbox
docker-image: ${{ needs.deploy_staging.outputs.docker-image }}
azure-credentials: ${{ secrets.AZURE_CREDENTIALS }}
current-commit-sha: ${{ github.sha }}
statuscake-api-token: ${{ secrets.STATUSCAKE_API_TOKEN }}
# Temporarily disabled while we manually deploy and test on the migration environment.
#
# deploy_migration:
# name: Deploy migration
# needs: [deploy_staging]
# runs-on: ubuntu-latest
# environment:
# name: migration
# steps:
# - uses: actions/checkout@v3
# - uses: ./.github/actions/deploy-environment-to-aks
# id: deploy
# with:
# environment: migration
# docker-image: ${{ needs.deploy_staging.outputs.docker-image }}
# azure-credentials: ${{ secrets.AZURE_CREDENTIALS }}
# current-commit-sha: ${{ github.sha }}
# statuscake-api-token: ${{ secrets.STATUSCAKE_API_TOKEN }}
deploy_production:
name: Deploy production
needs: [deploy_staging]
runs-on: ubuntu-latest
environment:
name: production
steps:
- uses: actions/checkout@v3
- uses: ./.github/actions/deploy-environment-to-aks
id: deploy
with:
environment: production
docker-image: ${{ needs.deploy_staging.outputs.docker-image }}
azure-credentials: ${{ secrets.AZURE_CREDENTIALS }}
current-commit-sha: ${{ github.sha }}
statuscake-api-token: ${{ secrets.STATUSCAKE_API_TOKEN }}