Skip to content
Deployment

Deployment #199

Sign in to view logs

Deployment

Deployment #199

Workflow file for this run

.github/workflows/_deploy.yml at 5abc02d
name: Deployment
on:
workflow_dispatch:
inputs:
environment:
description: The environment to deploy to
type: choice
required: true
options:
- production
- recette
- pentest
app_version:
description: app version
type: string
required: true
default: latest
workflow_call:
inputs:
environment:
description: The environment to deploy to
type: string
default: latest
required: false
app_version:
description: app version
type: string
required: false
default: latest
secrets:
DEPLOY_SSH_PRIVATE_KEY:
description: SSH private key
required: true
DEPLOY_PASS:
description: SSH PWD TO DEPLOY
required: true
SLACK_WEBHOOK:
description: Slack webhook URL
required: true
VAULT_PWD:
description: Vault Password
required: true
jobs:
version:
name: Get Version
runs-on: ubuntu-latest
outputs:
VERSION: ${{ steps.get-version.outputs.VERSION }}
steps:
- name: Checkout project
if: ${{ inputs.app_version == 'latest' }}
uses: actions/checkout@v4
with:
fetch-depth: 0
fetch-tags: true
- name: Get Version
id: get-version
shell: bash
run: |
if [[ "${APP_VERSION}" == "latest" ]]; then
echo "VERSION=$(git describe --tags --abbrev=0 --candidates 100 --always | cut -c 2-)" >> "$GITHUB_OUTPUT"
else
echo "VERSION=${APP_VERSION}" >> "$GITHUB_OUTPUT"
fi
env:
APP_VERSION: ${{ inputs.app_version }}
deploy:
needs: version
name: Deploy ${{ needs.version.outputs.VERSION }} on ${{ inputs.environment }}
runs-on: ubuntu-latest
steps:
- name: Notify new deployment on Slack
uses: ravsamhq/notify-slack-action@v2
if: always()
with:
status: ${{ job.status }}
notification_title: "Déploiement ${{ needs.version.outputs.VERSION }} en ${{ inputs.environment }} initié..."
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
- name: Get Action IP
run: curl -4 ifconfig.me
- name: Checkout project
uses: actions/checkout@v4
- name: Install SSH key
uses: shimataro/ssh-key-action@v2
with:
name: github_actions
key: ${{ secrets.DEPLOY_SSH_PRIVATE_KEY }}
known_hosts: ${{ vars.SSH_KNOWN_HOSTS }}
config: |
Host *
IdentityFile ~/.ssh/github_actions
- name: Create vault pwd file
run: echo ${{ secrets.VAULT_PWD }} > .infra/.vault_pwd.txt
- name: Run playbook
run: .bin/mna-lba deploy ${{ inputs.environment }} --extra-vars "app_version=${{ needs.version.outputs.VERSION }}"
env:
ANSIBLE_VAULT_PASSWORD_FILE: .infra/.vault_pwd.txt
ANSIBLE_REMOTE_USER: deploy
ANSIBLE_BECOME_PASS: ${{ secrets.DEPLOY_PASS }}
- name: Encrypt logs
run: .bin/mna-lba deploy:log:encrypt
if: always()
env:
ANSIBLE_VAULT_PASSWORD_FILE: .infra/.vault_pwd.txt
- name: Upload logs artifacts
if: always()
uses: actions/upload-artifact@v3
with:
name: logs-${{ inputs.environment }}
path: /tmp/deploy.log.gpg
- name: Add Job summary
if: always()
run: echo 'You can get logs using `.bin/mna deploy:log:decrypt ${{ github.run_id }} ${{ inputs.environment }}`' >> $GITHUB_STEP_SUMMARY
- name: Notify failure on Slack
uses: ravsamhq/notify-slack-action@v2
if: always()
with:
status: ${{ job.status }}
notification_title: "Le déploiement ${{ needs.version.outputs.VERSION }} en ${{ inputs.environment }} a échoué"
message_format: "{emoji} *[${{ inputs.environment }}]* *{workflow}* {status_message} in <{repo_url}|{branch}> on <{commit_url}|{commit_sha}>. You can get error logs using `.bin/mna-lba deploy:log:decrypt ${{ github.run_id }} ${{ inputs.environment }}`"
notify_when: "failure"
mention_groups: "S0693U59FCK"
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
- name: Notify success on Slack
uses: ravsamhq/notify-slack-action@v2
if: always()
with:
status: ${{ job.status }}
notification_title: "Déploiement ${{ needs.version.outputs.VERSION }} en ${{ inputs.environment }} terminé avec succès"
notify_when: "success"
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}