diff --git a/.github/workflows/connect-button-ci.yml b/.github/workflows/connect-button-ci.yml index b2f9db37..eca787ca 100644 --- a/.github/workflows/connect-button-ci.yml +++ b/.github/workflows/connect-button-ci.yml @@ -60,7 +60,7 @@ jobs: contents: read needs: - build_push_container - uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/jenkins-deployment.yml@DO-2133-reusable-trigger-jenkins-action + uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/jenkins-deployment.yml@main with: jenkins_job_name: "kubernetes-deployments/job/connect-button" application_name: "connect-button" @@ -87,11 +87,12 @@ jobs: contents: read needs: - build_push_container - uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/jenkins-deployment.yml@DO-2133-reusable-trigger-jenkins-action + uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/jenkins-deployment.yml@main with: + github_environment: "dev" jenkins_job_name: "kubernetes-deployments/job/connect-button" application_name: "connect-button" - kubernetes_namespace: "connect-button" + kubernetes_namespace: "connect-button-dev" aws_eks_cluster: "rdx-works-main-dev" aws_iam_role_name: "jenkins-connect-button-dev-deployer" helmfile_environment: "dev" @@ -104,49 +105,28 @@ jobs: deploy_prod: if: github.ref == 'refs/heads/main' && github.event_name == 'push' name: Deploy PROD - runs-on: ubuntu-latest - needs: - - build_push_container permissions: id-token: write + deployments: write + packages: write + pull-requests: write contents: read - pull-requests: read - steps: - - uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main - with: - role_name: 'arn:aws:iam::${{ secrets.SECRETS_ACCOUNT_ID }}:role/gh-common-secrets-read-access' - app_name: 'connect-button' - step_name: 'deploy-prod' - secret_prefix: 'GH' - secret_name: 'arn:aws:secretsmanager:eu-west-2:${{ secrets.SECRETS_ACCOUNT_ID }}:secret:github-actions/common/jenkins-credentials-RTHKoO' - parse_json: true - - name: Connect to tailnet - uses: radixdlt/public-iac-resuable-artifacts/tailnet@main - with: - role_name: "arn:aws:iam::${{ secrets.SECRETS_ACCOUNT_ID }}:role/gh-common-secrets-read-access" - region: "eu-west-2" - secret_name: "arn:aws:secretsmanager:eu-west-2:${{ secrets.SECRETS_ACCOUNT_ID }}:secret:github-actions/common/tailscale-public-workflows-DpiE80" - - name: Trigger jenkins job to deploy DEV - uses: RDXWorks-actions/jenkins-job-trigger-action@master - with: - jenkins_url: ${{ env.GH_JENKINS_URL }} - jenkins_user: ${{ env.GH_JENKINS_USER }} - jenkins_token: ${{ env.GH_JENKINS_API_TOKEN }} - job_name: ${{ env.jenkins_job_name }} - job_params: | - { - "git_repo" : "${{ github.repository }}", - "git_branch" : "${{ github.head_ref }}", - "helmfile_environment": "prod", - "namespace" : "connect-button-prod", - "aws_region" : "eu-west-2", - "aws_iam_role": "arn:aws:iam::${{ secrets.SECRETS_ACCOUNT_ID }}:role/jenkins-connect-button-prod-deployer", - "aws_eks_cluster" : "${{ env.dev_eks_cluster }}", - "helm_folder" : "${{ env.helm_dir }}", - "helmfile_extra_vars" : "ci.tag=${{ fromJSON(needs.build_push_container.outputs.json).labels['org.opencontainers.image.version'] }}" - } - job_timeout: "3600" - fetch_logs: "false" + needs: + - build_push_container + uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/jenkins-deployment.yml@main + with: + github_environment: "prod" + jenkins_job_name: "kubernetes-deployments/job/connect-button" + application_name: "connect-button" + kubernetes_namespace: "connect-button-prod" + aws_eks_cluster: "rdx-works-main-dev" + aws_iam_role_name: "jenkins-connect-button-prod-deployer" + helmfile_environment: "prod" + helm_dir: "deploy/helm/connect-button" + helmfile_extra_vars: "ci.tag=${{ fromJSON(needs.build_push_container.outputs.json).labels['org.opencontainers.image.version'] }}" + secrets: + aws_deployment_account_id: ${{ secrets.AWS_DEV_ACCOUNT_ID }} + secrets_account_id: ${{ secrets.SECRETS_ACCOUNT_ID }} snyk_container_monitor: runs-on: ubuntu-latest