generated from pagopa/pagopa-functions-template
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: add "release and deploy" GitHub Action
- Loading branch information
1 parent
a1bd2de
commit 7923da2
Showing
3 changed files
with
254 additions
and
107 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,49 +1,49 @@ | ||
#name: Code Review | ||
# | ||
## Controls when the workflow will run | ||
#on: | ||
# pull_request: | ||
# branches: | ||
# - main | ||
# types: | ||
# - opened | ||
# - synchronize | ||
# - reopened | ||
# push: | ||
# branches: | ||
# - main | ||
# | ||
# | ||
# # Allows you to run this workflow manually from the Actions tab | ||
# workflow_dispatch: | ||
# | ||
#env: | ||
# PROJECT_KEY: pagopa_pagopa-platform-authorizer | ||
# | ||
# | ||
#permissions: | ||
# id-token: write | ||
# contents: read | ||
# | ||
## A workflow run is made up of one or more jobs that can run sequentially or in parallel | ||
#jobs: | ||
# code-review: | ||
# name: Code Review | ||
# # The type of runner that the job will run on | ||
# runs-on: ubuntu-latest | ||
# | ||
# # Steps represent a sequence of tasks that will be executed as part of the job | ||
# steps: | ||
# - name: Set up JDK 11 | ||
# uses: actions/setup-java@v1 | ||
# with: | ||
# java-version: 11 | ||
# | ||
# - name: Code Review | ||
# uses: pagopa/github-actions-template/maven-code-review@main | ||
# with: | ||
# github_token: ${{ secrets.GITHUB_TOKEN }} | ||
# sonar_token: ${{ secrets.SONAR_TOKEN }} | ||
# project_key: ${{ env.PROJECT_KEY }} | ||
# coverage_exclusions: "**/config/*,**/*Mock*,**/model/**,**/entity/*" | ||
# cpd_exclusions: "**/model/**,**/entity/*" | ||
name: Code Review | ||
|
||
# Controls when the workflow will run | ||
on: | ||
pull_request: | ||
branches: | ||
- main | ||
types: | ||
- opened | ||
- synchronize | ||
- reopened | ||
push: | ||
branches: | ||
- main | ||
|
||
|
||
# Allows you to run this workflow manually from the Actions tab | ||
workflow_dispatch: | ||
|
||
env: | ||
PROJECT_KEY: pagopa_pagopa-platform-authorizer | ||
|
||
|
||
permissions: | ||
id-token: write | ||
contents: read | ||
|
||
# A workflow run is made up of one or more jobs that can run sequentially or in parallel | ||
jobs: | ||
code-review: | ||
name: Code Review | ||
# The type of runner that the job will run on | ||
runs-on: ubuntu-latest | ||
|
||
# Steps represent a sequence of tasks that will be executed as part of the job | ||
steps: | ||
- name: Set up JDK 11 | ||
uses: actions/setup-java@v1 | ||
with: | ||
java-version: 11 | ||
|
||
- name: Code Review | ||
uses: pagopa/github-actions-template/maven-code-review@main | ||
with: | ||
github_token: ${{ secrets.GITHUB_TOKEN }} | ||
sonar_token: ${{ secrets.SONAR_TOKEN }} | ||
project_key: ${{ env.PROJECT_KEY }} | ||
coverage_exclusions: "**/config/*,**/*Mock*,**/model/**,**/entity/*" | ||
cpd_exclusions: "**/model/**,**/entity/*" |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,205 @@ | ||
name: Release And Deploy | ||
|
||
# Controls when the workflow will run | ||
on: | ||
pull_request: | ||
branches: | ||
- main | ||
types: [ closed ] | ||
|
||
# Allows you to run this workflow manually from the Actions tab | ||
workflow_dispatch: | ||
inputs: | ||
environment: | ||
required: true | ||
type: choice | ||
description: Select the Environment | ||
options: | ||
- dev | ||
- uat | ||
- prod | ||
- all | ||
semver: | ||
required: true | ||
type: choice | ||
description: Select the new Semantic Version | ||
options: | ||
- major | ||
- minor | ||
- patch | ||
- buildNumber | ||
- skip | ||
default: skip | ||
beta: | ||
required: false | ||
type: boolean | ||
description: deploy beta version | ||
default: false | ||
|
||
workflow_call: | ||
inputs: | ||
environment: | ||
required: true | ||
type: string | ||
semver: | ||
required: true | ||
type: string | ||
default: skip | ||
beta: | ||
required: false | ||
type: boolean | ||
description: deploy beta version | ||
default: false | ||
|
||
permissions: | ||
packages: write | ||
contents: write | ||
issues: write | ||
id-token: write | ||
actions: read | ||
|
||
|
||
# A workflow run is made up of one or more jobs that can run sequentially or in parallel | ||
jobs: | ||
setup: | ||
name: Setup | ||
runs-on: ubuntu-latest | ||
outputs: | ||
semver: ${{ steps.get_semver.outputs.semver }} | ||
environment: ${{ steps.output.outputs.environment }} | ||
steps: | ||
- name: Get semver | ||
id: get_semver | ||
uses: pagopa/github-actions-template/semver-setup@v1.3.0 | ||
|
||
- if: ${{ github.event.inputs.environment == null || github.event.inputs.environment == 'dev' }} | ||
run: echo "ENVIRNOMENT=dev" >> $GITHUB_ENV | ||
|
||
- if: ${{ github.event.inputs.environment == 'uat' }} | ||
run: echo "ENVIRNOMENT=uat" >> $GITHUB_ENV | ||
|
||
- if: ${{ github.event.inputs.environment == 'prod' }} | ||
run: echo "ENVIRNOMENT=prod" >> $GITHUB_ENV | ||
|
||
- if: ${{ github.event.inputs.environment == 'all' }} | ||
run: echo "ENVIRNOMENT=all" >> $GITHUB_ENV | ||
|
||
- id: output | ||
name: Set Output | ||
run: | | ||
echo "environment=${{env.ENVIRNOMENT}}" >> $GITHUB_OUTPUT | ||
release: | ||
name: Create a New Release | ||
runs-on: ubuntu-latest | ||
needs: [setup] | ||
outputs: | ||
version: ${{ steps.release.outputs.version }} | ||
steps: | ||
- name: Make Release | ||
id: release | ||
uses: pagopa/github-actions-template/maven-release@main | ||
with: | ||
semver: ${{ needs.setup.outputs.semver }} | ||
github_token: ${{ secrets.BOT_TOKEN_GITHUB }} | ||
beta: ${{ inputs.beta }} | ||
skip_ci: ${{ inputs.beta }} | ||
|
||
image: | ||
needs: [ setup, release ] | ||
name: Build and Push Docker Image | ||
runs-on: ubuntu-latest | ||
if: ${{ inputs.semver != 'skip' }} | ||
steps: | ||
- name: Build and Push | ||
id: semver | ||
uses: pagopa/github-actions-template/ghcr-build-push@v1.4.1 | ||
with: | ||
github_token: ${{ secrets.GITHUB_TOKEN }} | ||
tag: ${{ needs.release.outputs.version }} | ||
|
||
deploy_azure_fn: | ||
name: Deploy Azure function | ||
needs: [ setup, release, build-and-push ] | ||
if: ${{ always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') }} | ||
env: | ||
ENV_SHORT: ${{ (contains(github.event.inputs.environment,'dev') && 'd') || (contains(github.event.inputs.environment, 'uat') && 'u') || (contains(github.event.inputs.environment,'prod') && 'p') }} | ||
RESOURCE_GROUP: 'pagopa-${{ env.ENV_SHORT }}-weu-shared-rg' | ||
APP_NAME: 'pagopa-${{ env.ENV_SHORT }}-weu-shared-authorizer-fn' | ||
REGISTRY_IMAGE: 'ghcr.io/pagopa/pagopa-platform-authorizer:${{needs.release.outputs.version}}' | ||
|
||
steps: | ||
- name: 'Checkout GitHub Action' | ||
uses: actions/checkout@v3 | ||
|
||
- name: 'Login via Azure CLI' | ||
uses: azure/login@v1 | ||
with: | ||
client-id: ${{ secrets.CLIENT_ID }} | ||
tenant-id: ${{ secrets.TENANT_ID }} | ||
subscription-id: ${{ secrets.SUBSCRIPTION_ID }} | ||
|
||
- name: 'Azure CLI script: start staging slot' | ||
uses: azure/CLI@v1 | ||
if: ${{ contains(github.event.inputs.environment, 'prod') }} | ||
with: | ||
inlineScript: | | ||
az functionapp start --name ${{ env.APP_NAME }} --resource-group ${{ env.RESOURCE_GROUP }} --slot staging | ||
- name: 'Run Azure Functions Container Action: staging slot' | ||
uses: Azure/functions-container-action@v1.2.1 | ||
if: ${{ contains(github.event.inputs.environment, 'prod')}} | ||
with: | ||
app-name: ${{ env.APP_NAME }} | ||
image: ${{ env.REGISTRY_IMAGE }} | ||
slot-name: staging | ||
|
||
- name: 'Deploy Approval' | ||
uses: trstringer/manual-approval@v1 | ||
if: ${{ contains(github.event.inputs.environment, 'prod')}} | ||
with: | ||
secret: ${{ secrets.BOT_TOKEN_GITHUB }} | ||
approvers: pagopa-team-core | ||
minimum-approvals: 1 | ||
issue-title: "Deploying ${{ env.TAG }} to prod from staging" | ||
issue-body: "Please approve or deny the deployment of version ${{ env.TAG }}." | ||
exclude-workflow-initiator-as-approver: false | ||
timeout-minutes: 360 | ||
|
||
- name: 'Run Azure Functions Container Action' | ||
uses: Azure/functions-container-action@v1.2.1 | ||
with: | ||
app-name: ${{ env.APP_NAME }} | ||
image: ${{ env.REGISTRY_IMAGE }} | ||
slot-name: production | ||
|
||
- name: 'Azure CLI script: end staging slot' | ||
uses: azure/CLI@v1 | ||
if: ${{ contains(github.event.inputs.environment, 'prod') }} | ||
with: | ||
inlineScript: | | ||
az functionapp stop --name ${{ env.APP_NAME }} --resource-group ${{ env.RESOURCE_GROUP }} --slot staging | ||
- name: Azure logout | ||
run: | | ||
az logout | ||
# notify: | ||
# needs: [ deploy ] | ||
# runs-on: ubuntu-latest | ||
# name: Notify | ||
# if: always() | ||
# steps: | ||
# - name: Report Status | ||
# if: always() | ||
# uses: ravsamhq/notify-slack-action@v2 | ||
# with: | ||
# status: ${{ needs.deploy.result }} | ||
# token: ${{ secrets.GITHUB_TOKEN }} | ||
# notify_when: 'failure,skipped' | ||
# notification_title: '{workflow} has {status_message}' | ||
# message_format: '{emoji} <{workflow_url}|{workflow}> {status_message} in <{repo_url}|{repo}>' | ||
# footer: 'Linked to Repo <{repo_url}|{repo}>' | ||
# env: | ||
# SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} |