-
Notifications
You must be signed in to change notification settings - Fork 4
123 lines (112 loc) · 3.99 KB
/
_deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
name: Deployment
on:
workflow_dispatch:
inputs:
environment:
description: The environment to deploy to
type: choice
required: true
options:
- production
- recette
- preprod
app_version:
description: app version
type: string
required: true
default: latest
workflow_call:
inputs:
environment:
description: The environment to deploy to
type: string
default: latest
required: false
app_version:
description: app version
type: string
required: false
default: latest
secrets:
DEPLOY_SSH_PRIVATE_KEY:
description: SSH private key
required: true
DEPLOY_PASS:
description: SSH PWD TO DEPLOY
required: true
SLACK_WEBHOOK:
description: Slack webhook URL
required: true
VAULT_PWD:
description: Vault Password
required: true
jobs:
deploy:
name: Deploy ${{ inputs.app_version }} on ${{ inputs.environment }}
runs-on: ubuntu-latest
steps:
- name: Notify new deployment on Slack
uses: ravsamhq/notify-slack-action@v2
if: always()
with:
status: ${{ job.status }}
notification_title: "Déploiement ${{ inputs.app_version }} en ${{ inputs.environment }} initié..."
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
- name: Checkout project
uses: actions/checkout@v4
- name: Install SSH key
uses: shimataro/ssh-key-action@v2
with:
name: github_actions
key: ${{ secrets.DEPLOY_SSH_PRIVATE_KEY }}
known_hosts: ${{ vars.SSH_KNOWN_HOSTS }}
config: |
Host *
IdentityFile ~/.ssh/github_actions
- name: Create vault pwd file
run: echo ${{ secrets.VAULT_PWD }} > .infra/.vault_pwd.txt
- name: Run playbook
run: .bin/mna-tdb deploy ${{ inputs.environment }} --extra-vars "app_version=${{ inputs.app_version }}"
env:
ANSIBLE_VAULT_PASSWORD_FILE: .infra/.vault_pwd.txt
ANSIBLE_REMOTE_USER: deploy
ANSIBLE_BECOME_PASS: ${{ secrets.DEPLOY_PASS }}
- name: Notify sentry deployment
run: .bin/mna-tdb sentry:deploy "${{ inputs.app_version }}" "${{ inputs.environment }}"
env:
ANSIBLE_VAULT_PASSWORD_FILE: .infra/.vault_pwd.txt
- name: Encrypt logs
run: .bin/mna-tdb deploy:log:encrypt
if: always()
env:
ANSIBLE_VAULT_PASSWORD_FILE: .infra/.vault_pwd.txt
- name: Upload logs artifacts
if: always()
uses: actions/upload-artifact@v4
with:
name: logs-${{ inputs.environment }}
path: /tmp/deploy.log.gpg
- name: Add Job summary
if: always()
run: echo 'You can get logs using `.bin/mna-tdb deploy:log:decrypt ${{ github.run_id }} ${{ inputs.environment }}`' >> $GITHUB_STEP_SUMMARY
- name: Notify failure on Slack
uses: ravsamhq/notify-slack-action@v2
if: always()
with:
status: ${{ job.status }}
notification_title: "Le déploiement ${{ inputs.app_version }} en ${{ inputs.environment }} a échoué"
message_format: "{emoji} *[${{ inputs.environment }}]* *{workflow}* {status_message} in <{repo_url}|{branch}> on <{commit_url}|{commit_sha}>. You can get error logs using `.bin/mna-tdb deploy:log:decrypt ${{ github.run_id }} ${{ inputs.environment }}`"
notify_when: "failure"
mention_groups: "!channel"
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
- name: Notify success on Slack
uses: ravsamhq/notify-slack-action@v2
if: always()
with:
status: ${{ job.status }}
notification_title: "Déploiement ${{ inputs.app_version }} en ${{ inputs.environment }} terminé avec succès"
notify_when: "success"
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}