Skip to content

Enable gcp in preprod #5286

Enable gcp in preprod

Enable gcp in preprod #5286

name: Build and Deploy
on:
push:
branches:
- main
pull_request:
branches:
- main
types:
- labeled
- synchronize
- reopened
- opened
- converted_to_draft
jobs:
build_image:
name: Image build and push
if: contains(github.event.pull_request.labels.*.name, 'deploy-aks') || github.event_name != 'pull_request'
runs-on: ubuntu-latest
outputs:
image_name_tag: ${{ steps.build_image.outputs.ghcr_image_name_tag }}
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/build-image
id: build_image
with:
github_username: ${{ github.actor }}
github_token: ${{ secrets.GITHUB_TOKEN }}
registry: ghcr.io
deploy_review_app_aks:
name: Deploy to review environment to AKS
runs-on: ubuntu-latest
if: contains(github.event.pull_request.labels.*.name, 'deploy-aks')
concurrency: deploy_review_${{ github.event.pull_request.number }}
needs: [build_image]
environment:
name: aks-review
permissions:
pull-requests: write
id-token: write
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/deploy-environment-aks
id: deploy_aks
with:
environment: aks-review
image-tag: ${{ github.sha }}
azure-credentials: ${{ secrets.AZURE_CREDENTIALS }}
pull-request-number: ${{ github.event.pull_request.number }}
- name: Post comment to Pull Request ${{ github.event.pull_request.number }}
uses: marocchino/sticky-pull-request-comment@v2
with:
header: aks
message: |
### Deployments
| App | URL |
| ----------------- | ------------------------------------------------------------------------------------------------------------------------------------------|
| Refer Serious Misconduct | <https://refer-serious-misconduct-pr-${{ github.event.pull_request.number }}.test.teacherservices.cloud> |
deploy_aks:
name: Deploy to ${{ matrix.environment }} environment for AKS
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/main' && github.event_name == 'push'
concurrency: deploy_${{ matrix.environment }}
needs: [build_image]
strategy:
max-parallel: 1
matrix:
environment: [aks-test, aks-preprod, aks-production]
environment:
name: ${{ matrix.environment }}
url: ${{ steps.deploy.outputs.environment_url }}
outputs:
environment_name: ${{ matrix.environment }}
permissions:
id-token: write
steps:
- uses: actions/checkout@v4
- name: Deploy to AKS
uses: ./.github/actions/deploy-environment-aks
id: deploy
with:
environment: ${{ matrix.environment }}
image-tag: ${{ github.sha }}
azure-credentials: ${{ secrets.AZURE_CREDENTIALS }}
notify_slack_of_failures:
name: Notify Slack of failures
runs-on: ubuntu-latest
needs: [build_image, deploy_review_app_aks, deploy_aks]
environment: aks-test
env:
ENVIRONMENT_NAME: ${{ needs.deploy_aks.outputs.environment_name || 'dev' }}
if: failure()
steps:
- uses: actions/checkout@v4
- name: Set Environment variables
shell: bash
working-directory: terraform
run: |
if ${{ needs.build_image.result == 'failure' }}
then
job=build_image
elif ${{ needs.deploy_review_app_aks.result == 'failure' }}
then
job=deploy_review_app_aks
review=true
elif ${{ needs.deploy_aks.result == 'failure' }}
then
job=deploy_aks
fi
echo "JOB=${job}" >> $GITHUB_ENV
echo "REVIEW=${review}" >> $GITHUB_ENV
- uses: Azure/login@v2
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Fetch secrets from key vault
uses: azure/CLI@v2
id: key-vault-secrets
with:
inlineScript: |
SLACK_WEBHOOK=$(az keyvault secret show --name "SLACK-WEBHOOK" --vault-name s189t01-rsm-ts-inf-kv --query "value" -o tsv)
echo "::add-mask::$SLACK_WEBHOOK"
echo "SLACK_WEBHOOK=$SLACK_WEBHOOK" >> $GITHUB_OUTPUT
- name: Notify Slack channel on job failure
uses: rtCamp/action-slack-notify@v2
env:
SLACK_USERNAME: CI Deployment
SLACK_TITLE: Deployment of refer-serious-misconduct ${{ env.REVIEW && 'review' }} failed
SLACK_MESSAGE: Job ${{ env.JOB }} failed
SLACK_WEBHOOK: ${{ steps.key-vault-secrets.outputs.SLACK_WEBHOOK }}
SLACK_COLOR: failure
SLACK_FOOTER: Sent from Build and Deploy workflow