.github/workflows/deploy.yml

---
name: Deploy to Google Cloud
concurrency: production

on:
  release:
    types:
      - created
  push:
    branches:
      - 'releases/*'
    tags:
      - '*-rc'
  workflow_dispatch:
    inputs:
      containerTag:
        required: true
        description: 'The docker tag for a container already in GCP'

env:
  GCP_REGION: us-west1
  GKE_CLUSTER_NAME: fnf-apps-cluster-west1

jobs:
  deploy:
    name: TicketBoothDeploy
    runs-on: ubuntu-latest
    environment: ${{ vars.ENVIRONMENT }}
    permissions:
      contents: 'read'
      id-token: 'write'
    steps:
      # This step is only required because the Helm chart is in this repo
      - id: checkout
        name: TicketBooth checkout
        uses: actions/checkout@v4
        with:
          ref: ${{ github.event_name == 'workflow_dispatch' && 'main' || github.ref }}
          fetch-depth: 1

      - id: gcpAuth
        uses: google-github-actions/auth@v2
        with:
          workload_identity_provider: "projects/${{ vars.GCP_PROJECT_ID }}/locations/global/workloadIdentityPools"
          service_account: ${{ vars.GCP_SERVICE_ACCOUNT_ID }}

      - id: gkeLogin
        name: GKE Login
        uses: google-github-actions/get-gke-credentials@v2
        with:
          cluster_name: ${{ env.GKE_CLUSTER_NAME }}
          location: ${{ env.GCP_REGION }}

      - id: runHelm
        name: Helm Update
        uses: deliverybot/helm@v1
        with:
          release: ${{ vars.HELM_RELEASE }}
          namespace: default
          chart: deployment/chart
          token: ${{ github.token }}
          values: |
            image.tag: ${{ github.event_name == 'workflow_dispatch' && inputs.containerTag || github.ref_name }}
          value-files: >-
            [
              "deployment/env/base.yaml",
              "deployment/${{ environment }}.yaml"
            ]
          atomic: ${{ github.event_name == 'workflow_dispatch' && false || true }}