update

.github/workflows/connect-button-ci.yml

@@ -4,7 +4,6 @@ on:
   pull_request:
     # branches:
     #   - develop
-    #   - main
   push:
     branches:
       - develop
@@ -151,8 +150,8 @@ jobs:
           job_timeout: "3600"
           fetch_logs: "false"
 
-  deploy-prod:
-    if: github.ref == 'refs/heads/main' && github.event_name == 'push'
+  deploy_prod:
+    if: ${{ github.event.pull_request }}
     name: Deploy PROD
     runs-on: ubuntu-latest
     needs:
@@ -162,34 +161,41 @@ jobs:
       contents: read
       pull-requests: read
     steps:
-      - uses: RDXWorks-actions/checkout@main
-      - uses: RDXWorks-actions/install-aws-cli-action@master
+      - uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main
         with:
-          version: 2
-      - name: Setup helmfile and helm
-        uses: RDXWorks-actions/setup-helmfile@master
-
-      - name: Configure AWS credentials for deployment
-        uses: RDXWorks-actions/configure-aws-credentials@main
+          role_name: 'arn:aws:iam::${{ secrets.SECRETS_ACCOUNT_ID }}:role/gh-common-secrets-read-access'
+          app_name: 'connect-button'
+          step_name: 'deploy-prod'
+          secret_prefix: 'GH'
+          secret_name: 'arn:aws:secretsmanager:eu-west-2:${{ secrets.SECRETS_ACCOUNT_ID }}:secret:github-actions/common/jenkins-credentials-RTHKoO'
+          parse_json: true
+      - name: Connect to tailnet
+        uses: radixdlt/public-iac-resuable-artifacts/tailnet@main
         with:
-          role-to-assume: ${{ secrets.DEPLOY_PROD_IAM_ROLE }}
-          aws-region: eu-west-2
-      - name: Deploy application
-        working-directory: deploy/helm
-        run: |
-          aws eks update-kubeconfig --name ${{ secrets.CLUSTER_NAME }} \
-                                    --alias ${{ secrets.CLUSTER_NAME }} \
-                                    --region eu-west-2
-
-          HELM_DIFF_COLOR=true helmfile --environment prod --namespace connect-button-prod \
-                    --state-values-set "ci.tag=${{ env.CI_TAG }}" \
-                    --state-values-set "ci.ingressDomain=${{ env.INGRESS_DOMAIN }}" \
-                    apply
-        env:
-          CI_TAG: ${{ fromJSON(needs.build_push_container.outputs.json).labels['org.opencontainers.image.version'] }}
-          INGRESS_DOMAIN: ${{ secrets.PROD_INGRESS_DOMAIN }}
-          HELM_GH_USER: ${{ secrets.HELM_GH_USER }}
-          HELM_GH_PASS: ${{ secrets.HELM_GH_PASS }}
+          role_name: "arn:aws:iam::${{ secrets.SECRETS_ACCOUNT_ID }}:role/gh-common-secrets-read-access"
+          region: "eu-west-2"
+          secret_name: "arn:aws:secretsmanager:eu-west-2:${{ secrets.SECRETS_ACCOUNT_ID }}:secret:github-actions/common/tailscale-public-workflows-DpiE80"
+      - name: Trigger jenkins job to deploy DEV
+        uses: RDXWorks-actions/jenkins-job-trigger-action@master
+        with:
+          jenkins_url: ${{ env.GH_JENKINS_URL }}
+          jenkins_user: ${{ env.GH_JENKINS_USER }}
+          jenkins_token: ${{ env.GH_JENKINS_API_TOKEN }}
+          job_name: ${{ env.jenkins_job_name }}
+          job_params: |
+            {
+              "git_repo" : "${{ github.repository }}",
+              "git_branch" : "${{ github.head_ref }}",
+              "helmfile_environment": "prod",
+              "namespace" : "connect-button-prod",
+              "aws_region" : "eu-west-2",
+              "aws_iam_role": "arn:aws:iam::${{ secrets.SECRETS_ACCOUNT_ID }}:role/jenkins-connect-button-prod-deployer",
+              "aws_eks_cluster" : "${{ env.dev_eks_cluster }}",
+              "helm_folder" : "${{ env.helm_dir }}",
+              "helmfile_extra_vars" : "ci.tag=${{ fromJSON(needs.build_push_container.outputs.json).labels['org.opencontainers.image.version'] }}"
+            }
+          job_timeout: "3600"
+          fetch_logs: "false"
 
   snyk_container_monitor:
     runs-on: ubuntu-latest