feat: add "release and deploy" GitHub Action

pagopa · Sep 15, 2023 · 7923da2 · 7923da2
1 parent a1bd2de
commit 7923da2
Show file tree

Hide file tree

Showing 3 changed files with 254 additions and 107 deletions.
diff --git a/.github/workflows/code_review.yml b/.github/workflows/code_review.yml
@@ -1,49 +1,49 @@
-#name: Code Review
-#
-## Controls when the workflow will run
-#on:
-#  pull_request:
-#    branches:
-#      - main
-#    types:
-#      - opened
-#      - synchronize
-#      - reopened
-#  push:
-#    branches:
-#      - main
-#
-#
-#  # Allows you to run this workflow manually from the Actions tab
-#  workflow_dispatch:
-#
-#env:
-#  PROJECT_KEY: pagopa_pagopa-platform-authorizer
-#
-#
-#permissions:
-#  id-token: write
-#  contents: read
-#
-## A workflow run is made up of one or more jobs that can run sequentially or in parallel
-#jobs:
-#  code-review:
-#    name: Code Review
-#    # The type of runner that the job will run on
-#    runs-on: ubuntu-latest
-#
-#    # Steps represent a sequence of tasks that will be executed as part of the job
-#    steps:
-#      - name: Set up JDK 11
-#        uses: actions/setup-java@v1
-#        with:
-#          java-version: 11
-#
-#      - name: Code Review
-#        uses: pagopa/github-actions-template/maven-code-review@main
-#        with:
-#          github_token: ${{ secrets.GITHUB_TOKEN }}
-#          sonar_token: ${{ secrets.SONAR_TOKEN }}
-#          project_key: ${{ env.PROJECT_KEY }}
-#          coverage_exclusions: "**/config/*,**/*Mock*,**/model/**,**/entity/*"
-#          cpd_exclusions: "**/model/**,**/entity/*"
+name: Code Review
+
+# Controls when the workflow will run
+on:
+  pull_request:
+    branches:
+      - main
+    types:
+      - opened
+      - synchronize
+      - reopened
+  push:
+    branches:
+      - main
+
+
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+env:
+  PROJECT_KEY: pagopa_pagopa-platform-authorizer
+
+
+permissions:
+  id-token: write
+  contents: read
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  code-review:
+    name: Code Review
+    # The type of runner that the job will run on
+    runs-on: ubuntu-latest
+
+    # Steps represent a sequence of tasks that will be executed as part of the job
+    steps:
+      - name: Set up JDK 11
+        uses: actions/setup-java@v1
+        with:
+          java-version: 11
+
+      - name: Code Review
+        uses: pagopa/github-actions-template/maven-code-review@main
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          sonar_token: ${{ secrets.SONAR_TOKEN }}
+          project_key: ${{ env.PROJECT_KEY }}
+          coverage_exclusions: "**/config/*,**/*Mock*,**/model/**,**/entity/*"
+          cpd_exclusions: "**/model/**,**/entity/*"
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
diff --git a/.github/workflows/release_deploy.yml b/.github/workflows/release_deploy.yml
@@ -0,0 +1,205 @@
+name: Release And Deploy
+
+# Controls when the workflow will run
+on:
+  pull_request:
+    branches:
+      - main
+    types: [ closed ]
+
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+    inputs:
+      environment:
+        required: true
+        type: choice
+        description: Select the Environment
+        options:
+          - dev
+          - uat
+          - prod
+          - all
+      semver:
+        required: true
+        type: choice
+        description: Select the new Semantic Version
+        options:
+          - major
+          - minor
+          - patch
+          - buildNumber
+          - skip
+        default: skip
+      beta:
+        required: false
+        type: boolean
+        description: deploy beta version
+        default: false
+
+  workflow_call:
+    inputs:
+      environment:
+        required: true
+        type: string
+      semver:
+        required: true
+        type: string
+        default: skip
+      beta:
+        required: false
+        type: boolean
+        description: deploy beta version
+        default: false
+
+permissions:
+  packages: write
+  contents: write
+  issues: write
+  id-token: write
+  actions: read
+
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  setup:
+    name: Setup
+    runs-on: ubuntu-latest
+    outputs:
+      semver: ${{ steps.get_semver.outputs.semver }}
+      environment: ${{ steps.output.outputs.environment }}
+    steps:
+      - name: Get semver
+        id: get_semver
+        uses: pagopa/github-actions-template/semver-setup@v1.3.0
+
+      - if: ${{ github.event.inputs.environment == null || github.event.inputs.environment == 'dev' }}
+        run: echo "ENVIRNOMENT=dev" >> $GITHUB_ENV
+
+      - if: ${{ github.event.inputs.environment == 'uat' }}
+        run: echo "ENVIRNOMENT=uat" >> $GITHUB_ENV
+
+      - if: ${{ github.event.inputs.environment == 'prod' }}
+        run: echo "ENVIRNOMENT=prod" >> $GITHUB_ENV
+
+      - if: ${{ github.event.inputs.environment == 'all' }}
+        run: echo "ENVIRNOMENT=all" >> $GITHUB_ENV
+
+      - id: output
+        name: Set Output
+        run: |
+          echo "environment=${{env.ENVIRNOMENT}}" >> $GITHUB_OUTPUT
+
+
+  release:
+    name: Create a New Release
+    runs-on: ubuntu-latest
+    needs: [setup]
+    outputs:
+      version: ${{ steps.release.outputs.version }}
+    steps:
+      - name: Make Release
+        id: release
+        uses: pagopa/github-actions-template/maven-release@main
+        with:
+          semver: ${{ needs.setup.outputs.semver }}
+          github_token: ${{ secrets.BOT_TOKEN_GITHUB }}
+          beta: ${{ inputs.beta }}
+          skip_ci: ${{ inputs.beta }}
+
+  image:
+    needs: [ setup, release ]
+    name: Build and Push Docker Image
+    runs-on: ubuntu-latest
+    if: ${{ inputs.semver != 'skip' }}
+    steps:
+      - name: Build and Push
+        id: semver
+        uses: pagopa/github-actions-template/ghcr-build-push@v1.4.1
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          tag: ${{ needs.release.outputs.version }}
+
+  deploy_azure_fn:
+    name: Deploy Azure function
+    needs: [ setup, release, build-and-push ]
+    if: ${{ always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') }}
+    env:
+      ENV_SHORT: ${{ (contains(github.event.inputs.environment,'dev') && 'd') || (contains(github.event.inputs.environment, 'uat') && 'u') || (contains(github.event.inputs.environment,'prod') && 'p') }}
+      RESOURCE_GROUP: 'pagopa-${{ env.ENV_SHORT }}-weu-shared-rg'
+      APP_NAME: 'pagopa-${{ env.ENV_SHORT }}-weu-shared-authorizer-fn'
+      REGISTRY_IMAGE: 'ghcr.io/pagopa/pagopa-platform-authorizer:${{needs.release.outputs.version}}'
+
+    steps:
+      - name: 'Checkout GitHub Action'
+        uses: actions/checkout@v3
+
+      - name: 'Login via Azure CLI'
+        uses: azure/login@v1
+        with:
+          client-id: ${{ secrets.CLIENT_ID }}
+          tenant-id: ${{ secrets.TENANT_ID }}
+          subscription-id: ${{ secrets.SUBSCRIPTION_ID }}
+
+      - name: 'Azure CLI script: start staging slot'
+        uses: azure/CLI@v1
+        if: ${{ contains(github.event.inputs.environment, 'prod') }}
+        with:
+          inlineScript: |
+            az functionapp start --name ${{ env.APP_NAME }} --resource-group ${{ env.RESOURCE_GROUP }} --slot staging
+
+      - name: 'Run Azure Functions Container Action: staging slot'
+        uses: Azure/functions-container-action@v1.2.1
+        if: ${{ contains(github.event.inputs.environment, 'prod')}}
+        with:
+          app-name: ${{ env.APP_NAME }}
+          image: ${{ env.REGISTRY_IMAGE }}
+          slot-name: staging
+
+      - name: 'Deploy Approval'
+        uses: trstringer/manual-approval@v1
+        if: ${{ contains(github.event.inputs.environment, 'prod')}}
+        with:
+          secret: ${{ secrets.BOT_TOKEN_GITHUB }}
+          approvers: pagopa-team-core
+          minimum-approvals: 1
+          issue-title: "Deploying ${{ env.TAG }} to prod from staging"
+          issue-body: "Please approve or deny the deployment of version ${{ env.TAG }}."
+          exclude-workflow-initiator-as-approver: false
+          timeout-minutes: 360
+
+      - name: 'Run Azure Functions Container Action'
+        uses: Azure/functions-container-action@v1.2.1
+        with:
+          app-name: ${{ env.APP_NAME }}
+          image: ${{ env.REGISTRY_IMAGE }}
+          slot-name: production
+
+      - name: 'Azure CLI script: end staging slot'
+        uses: azure/CLI@v1
+        if: ${{ contains(github.event.inputs.environment, 'prod') }}
+        with:
+          inlineScript: |
+            az functionapp stop --name ${{ env.APP_NAME }} --resource-group ${{ env.RESOURCE_GROUP }} --slot staging
+
+      - name: Azure logout
+        run: |
+          az logout
+
+#  notify:
+#    needs: [ deploy ]
+#    runs-on: ubuntu-latest
+#    name: Notify
+#    if: always()
+#    steps:
+#      - name: Report Status
+#        if: always()
+#        uses: ravsamhq/notify-slack-action@v2
+#        with:
+#          status: ${{ needs.deploy.result }}
+#          token: ${{ secrets.GITHUB_TOKEN }}
+#          notify_when: 'failure,skipped'
+#          notification_title: '{workflow} has {status_message}'
+#          message_format: '{emoji} <{workflow_url}|{workflow}> {status_message} in <{repo_url}|{repo}>'
+#          footer: 'Linked to Repo <{repo_url}|{repo}>'
+#        env:
+#          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}