ci: enable release-please (#494)

- Adding [release please](https://github.com/googleapis/release-please) to ensure that we generate changelogs and versions - When merging a pull request to `main`, the following happens: - Code is deployed to the `Test` environment - A `Release-PR`, if not already created, will be created and sum up all the changes that have happened since last this PR was merged. - When merging the `Release-PR`, the following happens: - A release is created along with entries in `CHANGELOG.md` that summarize the changes since last release. - The code is deployed to the `Staging` environment - (later) A dry-run of deployment to the `Prod` environment All commits merged into `main` must now follow [Conventional commit guidelines](https://www.conventionalcommits.org/). Related to [492](#492)
digdir · Feb 28, 2024 · c85bb1d · c85bb1d
1 parent 74940ab
commit c85bb1d
Show file tree

Hide file tree

Showing 13 changed files with 268 additions and 111 deletions.
diff --git a/.github/pr-title-checker-config.json b/.github/pr-title-checker-config.json
@@ -0,0 +1,14 @@
+{
+    "LABEL": {
+      "name": "title needs formatting",
+      "color": "EEEEEE"
+    },
+    "CHECKS": {
+      "regexp": "^(feat|fix|docs|test|ci|chore)!?(\\(.*\\))?!?:.*"
+    },
+    "MESSAGES": {
+      "success": "PR title is valid",
+      "failure": "PR title is invalid",
+      "notice": "PR Title needs to pass regex '^(feat|fix|docs|test|ci|chore)!?(\\(.*\\))?!?:.*"
+    }
+  }
diff --git a/.github/workflows/action-check-for-changes.yml b/.github/workflows/action-check-for-changes.yml
@@ -17,18 +17,21 @@ jobs:
     name: Filter
     runs-on: ubuntu-latest
     outputs:
-      hasBackendChanges: ${{ steps.paths-filter.outputs.backend == 'true' }}
-      hasAzureChanges: ${{ steps.paths-filter.outputs.azure == 'true' }}
-      hasSlackNotifierChanges: ${{ steps.paths-filter.outputs.slackNotifier == 'true' }}
+      hasBackendChanges: ${{ steps.filter.outputs.backend_any_changed == 'true' }}
+      hasAzureChanges: ${{ steps.filter.outputs.azure_any_changed == 'true' }}
+      hasSlackNotifierChanges: ${{ steps.paths-filter.outputs.slackNotifier_any_changed == 'true'}}
 
     steps:
-      - uses: actions/checkout@v4
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          # fetch-depth needs to be 0 in cases where we want to fetch changes since previous tag for example
+          fetch-depth: 0
 
-      - uses: dorny/paths-filter@v3
-        id: paths-filter
+      - uses: tj-actions/changed-files@v42
+        id: filter
         with:
-          base: ${{ github.ref }}
-          filters: |
+          files_yaml: |
             backend:
               - '.github/**/*'
               - 'src/**/*'

diff --git a/.github/workflows/action-deploy-apps.yml b/.github/workflows/action-deploy-apps.yml
@@ -35,8 +35,8 @@ on:
         required: false
         type: boolean
         default: false
-      gitShortSha:
-        description: "Short SHA of the commit"
+      version:
+        description: "Current version to use as tag"
         required: true
         type: string
 concurrency:
@@ -141,7 +141,7 @@ jobs:
         id: deploy
         env:
           # parameters
-          IMAGE_TAG: ${{ inputs.gitShortSha }}
+          IMAGE_TAG: ${{ inputs.version }}
           # secrets
           CONTAINER_APP_ENVIRONMENT_NAME: ${{ secrets.AZURE_CONTAINER_APP_ENVIRONMENT_NAME }}
           APP_INSIGHTS_CONNECTION_STRING: ${{ secrets.AZURE_APP_INSIGHTS_CONNECTION_STRING }}
@@ -152,7 +152,7 @@ jobs:
           template: ./.azure/applications/${{ matrix.name }}/main.bicep
           resourceGroupName: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }}
           deploymentMode: Incremental
-          deploymentName: dp-be-${{ inputs.environment }}-${{ matrix.name }}-${{ inputs.gitShortSha }}
+          deploymentName: dp-be-${{ inputs.environment }}-${{ matrix.name }}-${{ inputs.version }}
           region: ${{ inputs.region }}
           failOnStdErr: false
           additionalArguments: "${{inputs.dryRun && '--what-if'}}"

diff --git a/.github/workflows/action-deploy-infra.yml b/.github/workflows/action-deploy-infra.yml
@@ -31,8 +31,8 @@ on:
         required: false
         type: boolean
         default: false
-      gitShortSha:
-        description: "Short SHA of the commit"
+      version:
+        description: "Current version to use as tag"
         required: true
         type: string
 
@@ -95,7 +95,7 @@ jobs:
           template: ./.azure/infrastructure/main.bicep
           subscriptionId: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
           deploymentMode: Incremental
-          deploymentName: dp-be-${{ inputs.environment }}-${{ inputs.gitShortSha }}
+          deploymentName: dp-be-${{ inputs.environment }}-${{ inputs.version }}
           region: ${{ inputs.region }}
           failOnStdErr: false
           additionalArguments: "${{ inputs.dryRun && '--what-if' }}"

diff --git a/.github/workflows/action-get-current-version.yml b/.github/workflows/action-get-current-version.yml
@@ -0,0 +1,21 @@
+name: "Get current version"
+# might use previous tag as a version instead of the current version in file
+# https://github.com/WyriHaximus/github-action-get-previous-tag
+on:
+  workflow_call:
+    outputs:
+      version:
+        description: "Version"
+        value: ${{ jobs.get-current-version.outputs.version }}
+jobs:
+  get-current-version:
+    name: Filter
+    runs-on: ubuntu-latest
+    outputs:
+      version: ${{ steps.set-current-version.outputs.version }}
+    steps:
+      - name: "Checkout GitHub Action"
+        uses: actions/checkout@v4
+      - name: Set current version
+        id: set-current-version
+        run: echo "version=$(cat version.txt)" >> $GITHUB_OUTPUT
diff --git a/.github/workflows/action-publish.yml b/.github/workflows/action-publish.yml
@@ -11,8 +11,8 @@ on:
         description: "Base image name for docker images"
         required: true
         type: string
-      gitShortSha:
-        description: "Short SHA of the commit"
+      version:
+        description: "Version to tag"
         required: true
         type: string
 
@@ -64,7 +64,7 @@ jobs:
           push: true
           tags: |
             ${{ steps.meta.outputs.tags }},
-            ${{ env.DOCKER_IMAGE_BASE_NAME }}${{ matrix.imageName }}:${{ inputs.gitShortSha }}
+            ${{ env.DOCKER_IMAGE_BASE_NAME }}${{ matrix.imageName }}:${{ inputs.version }}
           labels: ${{ steps.meta.outputs.labels }}
           cache-from: type=gha,scope=${{ matrix.imageName }}
           cache-to: type=gha,mode=max,scope=${{ matrix.imageName }}
diff --git a/.github/workflows/ci-cd-main.yml b/.github/workflows/ci-cd-main.yml
@@ -5,15 +5,31 @@ on:
   push:
     branches: [main]
     paths-ignore:
-      - "tests/k6/**"
+      - "tests/k6/**" # ignore changes to k6 tests
+      - "CHANGELOG.md" # ignore changes to changelog. This will effectively skip the workflow if a release is made
+
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref_name }}
 
 jobs:
+  release-please:
+    name: Release please
+    runs-on: ubuntu-latest
+    steps:
+      - uses: google-github-actions/release-please-action@v4
+        id: release
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          release-type: simple
+
   generate-git-short-sha:
     name: Generate git short sha
     uses: ./.github/workflows/action-generate-git-short-sha.yml
 
+  get-current-version:
+    name: Get current version
+    uses: ./.github/workflows/action-get-current-version.yml
+
   check-for-changes:
     name: Check for changes
     uses: ./.github/workflows/action-check-for-changes.yml
@@ -27,17 +43,24 @@ jobs:
   publish:
     name: Build and publish docker images
     uses: ./.github/workflows/action-publish.yml
-    needs: [generate-git-short-sha, check-for-changes, build-and-test]
+    needs:
+      [
+        get-current-version,
+        check-for-changes,
+        generate-git-short-sha,
+        build-and-test,
+      ]
     if: ${{ always() && !failure() && !cancelled() && needs.check-for-changes.outputs.hasBackendChanges == 'true' }}
     secrets:
       GCR_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
     with:
       dockerImageBaseName: ghcr.io/digdir/dialogporten-
-      gitShortSha: ${{ needs.generate-git-short-sha.outputs.gitShortSha }}
+      version: ${{ needs.get-current-version.outputs.version }}-${{ needs.generate-git-short-sha.outputs.gitShortSha }}
 
   deploy-infra-test:
     name: Deploy infra to test
-    needs: [generate-git-short-sha, check-for-changes, publish]
+    needs:
+      [get-current-version, check-for-changes, generate-git-short-sha, publish]
     if: ${{ always() && !failure() && !cancelled() && needs.check-for-changes.outputs.hasAzureChanges == 'true' }}
     uses: ./.github/workflows/action-deploy-infra.yml
     secrets:
@@ -50,11 +73,17 @@ jobs:
     with:
       environment: test
       region: norwayeast
-      gitShortSha: ${{ needs.generate-git-short-sha.outputs.gitShortSha }}
+      version: ${{ needs.get-current-version.outputs.version }}-${{ needs.generate-git-short-sha.outputs.gitShortSha }}
 
   deploy-apps-test:
     name: Deploy apps to test
-    needs: [generate-git-short-sha, check-for-changes, deploy-infra-test]
+    needs:
+      [
+        get-current-version,
+        check-for-changes,
+        generate-git-short-sha,
+        deploy-infra-test,
+      ]
     if: ${{ always() && !failure() && !cancelled() && needs.check-for-changes.outputs.hasBackendChanges == 'true' }}
     uses: ./.github/workflows/action-deploy-apps.yml
     secrets:
@@ -71,7 +100,7 @@ jobs:
     with:
       environment: test
       region: norwayeast
-      gitShortSha: ${{ needs.generate-git-short-sha.outputs.gitShortSha }}
+      version: ${{ needs.get-current-version.outputs.version }}-${{ needs.generate-git-short-sha.outputs.gitShortSha }}
 
   deploy-slack-notifier-test:
     name: Deploy slack notifier (test)
@@ -86,84 +115,3 @@ jobs:
       function-app-name: "dp-be-test-slacknotifier-fa"
       function-project-path: "./src/Digdir.Tool.Dialogporten.SlackNotifier"
       environment: test
-
-  # todo: figure out a way to run this and skipping environment gates on dry-run
-  # might go for a solution such as this?: https://github.com/orgs/community/discussions/27600
-  dry-run-deploy-infra-staging:
-    name: Deploy infra to staging (dry run)
-    needs: [generate-git-short-sha, check-for-changes, deploy-infra-test]
-    # todo: we want to figure out whether we have changes in the infra since last time we deployed to staging, not whether we have changes in the repo
-    # maybe use another trigger here? An action to create a tag, and then use that tag as a trigger for the staging deployment?
-    # or we could always try to run deployments in staging after review is approved...(!)
-    uses: ./.github/workflows/action-deploy-infra.yml
-    secrets:
-      AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
-      AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
-      AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
-      AZURE_SOURCE_KEY_VAULT_NAME: ${{ secrets.AZURE_SOURCE_KEY_VAULT_NAME }}
-      AZURE_SOURCE_KEY_VAULT_SUBSCRIPTION_ID: ${{ secrets.AZURE_SOURCE_KEY_VAULT_SUBSCRIPTION_ID }}
-      AZURE_SOURCE_KEY_VAULT_RESOURCE_GROUP: ${{ secrets.AZURE_SOURCE_KEY_VAULT_RESOURCE_GROUP }}
-    with:
-      environment: staging
-      region: norwayeast
-      dryRun: true
-      gitShortSha: ${{ needs.generate-git-short-sha.outputs.gitShortSha }}
-
-  deploy-infra-staging:
-    name: Deploy infra to staging
-    needs:
-      [generate-git-short-sha, check-for-changes, dry-run-deploy-infra-staging]
-    uses: ./.github/workflows/action-deploy-infra.yml
-    secrets:
-      AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
-      AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
-      AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
-      AZURE_SOURCE_KEY_VAULT_NAME: ${{ secrets.AZURE_SOURCE_KEY_VAULT_NAME }}
-      AZURE_SOURCE_KEY_VAULT_SUBSCRIPTION_ID: ${{ secrets.AZURE_SOURCE_KEY_VAULT_SUBSCRIPTION_ID }}
-      AZURE_SOURCE_KEY_VAULT_RESOURCE_GROUP: ${{ secrets.AZURE_SOURCE_KEY_VAULT_RESOURCE_GROUP }}
-    with:
-      environment: staging
-      region: norwayeast
-      gitShortSha: ${{ needs.generate-git-short-sha.outputs.gitShortSha }}
-
-  dry-run-deploy-apps-staging:
-    name: Deploy apps to staging (dry run)
-    needs: [generate-git-short-sha, check-for-changes, deploy-apps-test]
-    uses: ./.github/workflows/action-deploy-apps.yml
-    secrets:
-      AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
-      AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
-      AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
-      # todo: consider resolving these in another way since they are created in the infra-step
-      AZURE_RESOURCE_GROUP_NAME: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }}
-      AZURE_ADO_CONNECTION_STRING_SECRET_URI: ${{ secrets.AZURE_ADO_CONNECTION_STRING_SECRET_URI }}
-      AZURE_ENVIRONMENT_KEY_VAULT_NAME: ${{ secrets.AZURE_ENVIRONMENT_KEY_VAULT_NAME }}
-      AZURE_CONTAINER_APP_ENVIRONMENT_NAME: ${{ secrets.AZURE_CONTAINER_APP_ENVIRONMENT_NAME }}
-      AZURE_APP_INSIGHTS_CONNECTION_STRING: ${{ secrets.AZURE_APP_INSIGHTS_CONNECTION_STRING }}
-      AZURE_APP_CONFIGURATION_NAME: ${{ secrets.AZURE_APP_CONFIGURATION_NAME }}
-    with:
-      environment: staging
-      region: norwayeast
-      dryRun: true
-      gitShortSha: ${{ needs.generate-git-short-sha.outputs.gitShortSha }}
-
-  deploy-apps-staging:
-    name: Deploy apps to staging
-    needs:
-      [generate-git-short-sha, check-for-changes, dry-run-deploy-apps-staging]
-    uses: ./.github/workflows/action-deploy-apps.yml
-    secrets:
-      AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
-      AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
-      AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
-      # todo: consider resolving these in another way since they are created in the infra-step
-      AZURE_RESOURCE_GROUP_NAME: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }}
-      AZURE_ADO_CONNECTION_STRING_SECRET_URI: ${{ secrets.AZURE_ADO_CONNECTION_STRING_SECRET_URI }}
-      AZURE_ENVIRONMENT_KEY_VAULT_NAME: ${{ secrets.AZURE_ENVIRONMENT_KEY_VAULT_NAME }}
-      AZURE_CONTAINER_APP_ENVIRONMENT_NAME: ${{ secrets.AZURE_CONTAINER_APP_ENVIRONMENT_NAME }}
-      AZURE_APP_INSIGHTS_CONNECTION_STRING: ${{ secrets.AZURE_APP_INSIGHTS_CONNECTION_STRING }}
-      AZURE_APP_CONFIGURATION_NAME: ${{ secrets.AZURE_APP_CONFIGURATION_NAME }}
-    with:
-      environment: staging
-      region: norwayeast
-      gitShortSha: ${{ needs.generate-git-short-sha.outputs.gitShortSha }}
diff --git a/.github/workflows/ci-cd-pull-request-release-please.yml b/.github/workflows/ci-cd-pull-request-release-please.yml
@@ -0,0 +1,67 @@
+name: CI/CD Pull Request Release Please
+
+on:
+  pull_request:
+    branches: [main]
+    paths-ignore:
+      - "tests/k6/**"
+
+jobs:
+  verify-release-please-branch:
+    if: startsWith(github.head_ref, 'release-please-')
+    runs-on: ubuntu-latest
+    steps:
+      - run: echo "Confirmed to be a release please branch"
+
+  get-current-version:
+    name: Get current version
+    uses: ./.github/workflows/action-get-current-version.yml
+
+  check-for-changes:
+    name: Check for changes
+    uses: ./.github/workflows/action-check-for-changes.yml
+
+  generate-git-short-sha:
+    name: Generate git short sha
+    needs: [verify-release-please-branch]
+    uses: ./.github/workflows/action-generate-git-short-sha.yml
+
+  dry-run-deploy-infra-staging:
+    name: Deploy infra to staging (dry run)
+    needs: [generate-git-short-sha, get-current-version, check-for-changes]
+    if: ${{ needs.check-for-changes.outputs.hasAzureChanges == 'true' }}
+    uses: ./.github/workflows/action-deploy-infra.yml
+    secrets:
+      AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
+      AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+      AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+      AZURE_SOURCE_KEY_VAULT_NAME: ${{ secrets.AZURE_SOURCE_KEY_VAULT_NAME }}
+      AZURE_SOURCE_KEY_VAULT_SUBSCRIPTION_ID: ${{ secrets.AZURE_SOURCE_KEY_VAULT_SUBSCRIPTION_ID }}
+      AZURE_SOURCE_KEY_VAULT_RESOURCE_GROUP: ${{ secrets.AZURE_SOURCE_KEY_VAULT_RESOURCE_GROUP }}
+    with:
+      environment: staging
+      region: norwayeast
+      dryRun: true
+      version: ${{ needs.get-current-version.outputs.version }}-${{ needs.generate-git-short-sha.outputs.gitShortSha }}
+
+  dry-run-deploy-apps-staging:
+    name: Deploy apps to staging (dry run)
+    needs: [generate-git-short-sha, get-current-version, check-for-changes]
+    if: ${{ needs.check-for-changes.outputs.hasBackendChanges == 'true' }}
+    uses: ./.github/workflows/action-deploy-apps.yml
+    secrets:
+      AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
+      AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+      AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+      # todo: consider resolving these in another way since they are created in the infra-step
+      AZURE_RESOURCE_GROUP_NAME: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }}
+      AZURE_ADO_CONNECTION_STRING_SECRET_URI: ${{ secrets.AZURE_ADO_CONNECTION_STRING_SECRET_URI }}
+      AZURE_ENVIRONMENT_KEY_VAULT_NAME: ${{ secrets.AZURE_ENVIRONMENT_KEY_VAULT_NAME }}
+      AZURE_CONTAINER_APP_ENVIRONMENT_NAME: ${{ secrets.AZURE_CONTAINER_APP_ENVIRONMENT_NAME }}
+      AZURE_APP_INSIGHTS_CONNECTION_STRING: ${{ secrets.AZURE_APP_INSIGHTS_CONNECTION_STRING }}
+      AZURE_APP_CONFIGURATION_NAME: ${{ secrets.AZURE_APP_CONFIGURATION_NAME }}
+    with:
+      environment: staging
+      region: norwayeast
+      dryRun: true
+      version: ${{ needs.get-current-version.outputs.version }}-${{ needs.generate-git-short-sha.outputs.gitShortSha }}