From c85bb1dbe2e5f32b43c1ecfec5568d419e238d15 Mon Sep 17 00:00:00 2001 From: Are Almaas Date: Wed, 28 Feb 2024 10:16:57 +0100 Subject: [PATCH] ci: enable release-please (#494) - Adding [release please](https://github.com/googleapis/release-please) to ensure that we generate changelogs and versions - When merging a pull request to `main`, the following happens: - Code is deployed to the `Test` environment - A `Release-PR`, if not already created, will be created and sum up all the changes that have happened since last this PR was merged. - When merging the `Release-PR`, the following happens: - A release is created along with entries in `CHANGELOG.md` that summarize the changes since last release. - The code is deployed to the `Staging` environment - (later) A dry-run of deployment to the `Prod` environment All commits merged into `main` must now follow [Conventional commit guidelines](https://www.conventionalcommits.org/). Related to [492](https://github.com/digdir/dialogporten/issues/492) --- .github/pr-title-checker-config.json | 14 ++ .../workflows/action-check-for-changes.yml | 19 +-- .github/workflows/action-deploy-apps.yml | 8 +- .github/workflows/action-deploy-infra.yml | 6 +- .../workflows/action-get-current-version.yml | 21 +++ .github/workflows/action-publish.yml | 6 +- .github/workflows/ci-cd-main.yml | 124 +++++------------- .../ci-cd-pull-request-release-please.yml | 67 ++++++++++ .../workflows/ci-cd-pull-request-title.yml | 20 +++ .github/workflows/ci-cd-pull-request.yml | 14 +- .github/workflows/ci-cd-staging.yml | 69 ++++++++++ .github/workflows/dispatch-infrastructure.yml | 10 +- version.txt | 1 + 13 files changed, 268 insertions(+), 111 deletions(-) create mode 100644 .github/pr-title-checker-config.json create mode 100644 .github/workflows/action-get-current-version.yml create mode 100644 .github/workflows/ci-cd-pull-request-release-please.yml create mode 100644 .github/workflows/ci-cd-pull-request-title.yml create mode 100644 .github/workflows/ci-cd-staging.yml create mode 100644 version.txt diff --git a/.github/pr-title-checker-config.json b/.github/pr-title-checker-config.json new file mode 100644 index 000000000..5c12b16ac --- /dev/null +++ b/.github/pr-title-checker-config.json @@ -0,0 +1,14 @@ +{ + "LABEL": { + "name": "title needs formatting", + "color": "EEEEEE" + }, + "CHECKS": { + "regexp": "^(feat|fix|docs|test|ci|chore)!?(\\(.*\\))?!?:.*" + }, + "MESSAGES": { + "success": "PR title is valid", + "failure": "PR title is invalid", + "notice": "PR Title needs to pass regex '^(feat|fix|docs|test|ci|chore)!?(\\(.*\\))?!?:.*" + } + } \ No newline at end of file diff --git a/.github/workflows/action-check-for-changes.yml b/.github/workflows/action-check-for-changes.yml index 121ac3809..3f8567f69 100644 --- a/.github/workflows/action-check-for-changes.yml +++ b/.github/workflows/action-check-for-changes.yml @@ -17,18 +17,21 @@ jobs: name: Filter runs-on: ubuntu-latest outputs: - hasBackendChanges: ${{ steps.paths-filter.outputs.backend == 'true' }} - hasAzureChanges: ${{ steps.paths-filter.outputs.azure == 'true' }} - hasSlackNotifierChanges: ${{ steps.paths-filter.outputs.slackNotifier == 'true' }} + hasBackendChanges: ${{ steps.filter.outputs.backend_any_changed == 'true' }} + hasAzureChanges: ${{ steps.filter.outputs.azure_any_changed == 'true' }} + hasSlackNotifierChanges: ${{ steps.paths-filter.outputs.slackNotifier_any_changed == 'true'}} steps: - - uses: actions/checkout@v4 + - name: Checkout + uses: actions/checkout@v4 + with: + # fetch-depth needs to be 0 in cases where we want to fetch changes since previous tag for example + fetch-depth: 0 - - uses: dorny/paths-filter@v3 - id: paths-filter + - uses: tj-actions/changed-files@v42 + id: filter with: - base: ${{ github.ref }} - filters: | + files_yaml: | backend: - '.github/**/*' - 'src/**/*' diff --git a/.github/workflows/action-deploy-apps.yml b/.github/workflows/action-deploy-apps.yml index 2617906a5..5673d5a4a 100644 --- a/.github/workflows/action-deploy-apps.yml +++ b/.github/workflows/action-deploy-apps.yml @@ -35,8 +35,8 @@ on: required: false type: boolean default: false - gitShortSha: - description: "Short SHA of the commit" + version: + description: "Current version to use as tag" required: true type: string concurrency: @@ -141,7 +141,7 @@ jobs: id: deploy env: # parameters - IMAGE_TAG: ${{ inputs.gitShortSha }} + IMAGE_TAG: ${{ inputs.version }} # secrets CONTAINER_APP_ENVIRONMENT_NAME: ${{ secrets.AZURE_CONTAINER_APP_ENVIRONMENT_NAME }} APP_INSIGHTS_CONNECTION_STRING: ${{ secrets.AZURE_APP_INSIGHTS_CONNECTION_STRING }} @@ -152,7 +152,7 @@ jobs: template: ./.azure/applications/${{ matrix.name }}/main.bicep resourceGroupName: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }} deploymentMode: Incremental - deploymentName: dp-be-${{ inputs.environment }}-${{ matrix.name }}-${{ inputs.gitShortSha }} + deploymentName: dp-be-${{ inputs.environment }}-${{ matrix.name }}-${{ inputs.version }} region: ${{ inputs.region }} failOnStdErr: false additionalArguments: "${{inputs.dryRun && '--what-if'}}" diff --git a/.github/workflows/action-deploy-infra.yml b/.github/workflows/action-deploy-infra.yml index 27548db10..01ddd4883 100644 --- a/.github/workflows/action-deploy-infra.yml +++ b/.github/workflows/action-deploy-infra.yml @@ -31,8 +31,8 @@ on: required: false type: boolean default: false - gitShortSha: - description: "Short SHA of the commit" + version: + description: "Current version to use as tag" required: true type: string @@ -95,7 +95,7 @@ jobs: template: ./.azure/infrastructure/main.bicep subscriptionId: ${{ secrets.AZURE_SUBSCRIPTION_ID }} deploymentMode: Incremental - deploymentName: dp-be-${{ inputs.environment }}-${{ inputs.gitShortSha }} + deploymentName: dp-be-${{ inputs.environment }}-${{ inputs.version }} region: ${{ inputs.region }} failOnStdErr: false additionalArguments: "${{ inputs.dryRun && '--what-if' }}" diff --git a/.github/workflows/action-get-current-version.yml b/.github/workflows/action-get-current-version.yml new file mode 100644 index 000000000..a16a0206b --- /dev/null +++ b/.github/workflows/action-get-current-version.yml @@ -0,0 +1,21 @@ +name: "Get current version" +# might use previous tag as a version instead of the current version in file +# https://github.com/WyriHaximus/github-action-get-previous-tag +on: + workflow_call: + outputs: + version: + description: "Version" + value: ${{ jobs.get-current-version.outputs.version }} +jobs: + get-current-version: + name: Filter + runs-on: ubuntu-latest + outputs: + version: ${{ steps.set-current-version.outputs.version }} + steps: + - name: "Checkout GitHub Action" + uses: actions/checkout@v4 + - name: Set current version + id: set-current-version + run: echo "version=$(cat version.txt)" >> $GITHUB_OUTPUT diff --git a/.github/workflows/action-publish.yml b/.github/workflows/action-publish.yml index 3678b29f1..b12954b82 100644 --- a/.github/workflows/action-publish.yml +++ b/.github/workflows/action-publish.yml @@ -11,8 +11,8 @@ on: description: "Base image name for docker images" required: true type: string - gitShortSha: - description: "Short SHA of the commit" + version: + description: "Version to tag" required: true type: string @@ -64,7 +64,7 @@ jobs: push: true tags: | ${{ steps.meta.outputs.tags }}, - ${{ env.DOCKER_IMAGE_BASE_NAME }}${{ matrix.imageName }}:${{ inputs.gitShortSha }} + ${{ env.DOCKER_IMAGE_BASE_NAME }}${{ matrix.imageName }}:${{ inputs.version }} labels: ${{ steps.meta.outputs.labels }} cache-from: type=gha,scope=${{ matrix.imageName }} cache-to: type=gha,mode=max,scope=${{ matrix.imageName }} diff --git a/.github/workflows/ci-cd-main.yml b/.github/workflows/ci-cd-main.yml index 3b5450c76..c35c4f34a 100644 --- a/.github/workflows/ci-cd-main.yml +++ b/.github/workflows/ci-cd-main.yml @@ -5,15 +5,31 @@ on: push: branches: [main] paths-ignore: - - "tests/k6/**" + - "tests/k6/**" # ignore changes to k6 tests + - "CHANGELOG.md" # ignore changes to changelog. This will effectively skip the workflow if a release is made + concurrency: group: ${{ github.workflow }}-${{ github.ref_name }} jobs: + release-please: + name: Release please + runs-on: ubuntu-latest + steps: + - uses: google-github-actions/release-please-action@v4 + id: release + with: + token: ${{ secrets.GITHUB_TOKEN }} + release-type: simple + generate-git-short-sha: name: Generate git short sha uses: ./.github/workflows/action-generate-git-short-sha.yml + get-current-version: + name: Get current version + uses: ./.github/workflows/action-get-current-version.yml + check-for-changes: name: Check for changes uses: ./.github/workflows/action-check-for-changes.yml @@ -27,17 +43,24 @@ jobs: publish: name: Build and publish docker images uses: ./.github/workflows/action-publish.yml - needs: [generate-git-short-sha, check-for-changes, build-and-test] + needs: + [ + get-current-version, + check-for-changes, + generate-git-short-sha, + build-and-test, + ] if: ${{ always() && !failure() && !cancelled() && needs.check-for-changes.outputs.hasBackendChanges == 'true' }} secrets: GCR_PASSWORD: ${{ secrets.GITHUB_TOKEN }} with: dockerImageBaseName: ghcr.io/digdir/dialogporten- - gitShortSha: ${{ needs.generate-git-short-sha.outputs.gitShortSha }} + version: ${{ needs.get-current-version.outputs.version }}-${{ needs.generate-git-short-sha.outputs.gitShortSha }} deploy-infra-test: name: Deploy infra to test - needs: [generate-git-short-sha, check-for-changes, publish] + needs: + [get-current-version, check-for-changes, generate-git-short-sha, publish] if: ${{ always() && !failure() && !cancelled() && needs.check-for-changes.outputs.hasAzureChanges == 'true' }} uses: ./.github/workflows/action-deploy-infra.yml secrets: @@ -50,11 +73,17 @@ jobs: with: environment: test region: norwayeast - gitShortSha: ${{ needs.generate-git-short-sha.outputs.gitShortSha }} + version: ${{ needs.get-current-version.outputs.version }}-${{ needs.generate-git-short-sha.outputs.gitShortSha }} deploy-apps-test: name: Deploy apps to test - needs: [generate-git-short-sha, check-for-changes, deploy-infra-test] + needs: + [ + get-current-version, + check-for-changes, + generate-git-short-sha, + deploy-infra-test, + ] if: ${{ always() && !failure() && !cancelled() && needs.check-for-changes.outputs.hasBackendChanges == 'true' }} uses: ./.github/workflows/action-deploy-apps.yml secrets: @@ -71,7 +100,7 @@ jobs: with: environment: test region: norwayeast - gitShortSha: ${{ needs.generate-git-short-sha.outputs.gitShortSha }} + version: ${{ needs.get-current-version.outputs.version }}-${{ needs.generate-git-short-sha.outputs.gitShortSha }} deploy-slack-notifier-test: name: Deploy slack notifier (test) @@ -86,84 +115,3 @@ jobs: function-app-name: "dp-be-test-slacknotifier-fa" function-project-path: "./src/Digdir.Tool.Dialogporten.SlackNotifier" environment: test - - # todo: figure out a way to run this and skipping environment gates on dry-run - # might go for a solution such as this?: https://github.com/orgs/community/discussions/27600 - dry-run-deploy-infra-staging: - name: Deploy infra to staging (dry run) - needs: [generate-git-short-sha, check-for-changes, deploy-infra-test] - # todo: we want to figure out whether we have changes in the infra since last time we deployed to staging, not whether we have changes in the repo - # maybe use another trigger here? An action to create a tag, and then use that tag as a trigger for the staging deployment? - # or we could always try to run deployments in staging after review is approved...(!) - uses: ./.github/workflows/action-deploy-infra.yml - secrets: - AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} - AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} - AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - AZURE_SOURCE_KEY_VAULT_NAME: ${{ secrets.AZURE_SOURCE_KEY_VAULT_NAME }} - AZURE_SOURCE_KEY_VAULT_SUBSCRIPTION_ID: ${{ secrets.AZURE_SOURCE_KEY_VAULT_SUBSCRIPTION_ID }} - AZURE_SOURCE_KEY_VAULT_RESOURCE_GROUP: ${{ secrets.AZURE_SOURCE_KEY_VAULT_RESOURCE_GROUP }} - with: - environment: staging - region: norwayeast - dryRun: true - gitShortSha: ${{ needs.generate-git-short-sha.outputs.gitShortSha }} - - deploy-infra-staging: - name: Deploy infra to staging - needs: - [generate-git-short-sha, check-for-changes, dry-run-deploy-infra-staging] - uses: ./.github/workflows/action-deploy-infra.yml - secrets: - AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} - AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} - AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - AZURE_SOURCE_KEY_VAULT_NAME: ${{ secrets.AZURE_SOURCE_KEY_VAULT_NAME }} - AZURE_SOURCE_KEY_VAULT_SUBSCRIPTION_ID: ${{ secrets.AZURE_SOURCE_KEY_VAULT_SUBSCRIPTION_ID }} - AZURE_SOURCE_KEY_VAULT_RESOURCE_GROUP: ${{ secrets.AZURE_SOURCE_KEY_VAULT_RESOURCE_GROUP }} - with: - environment: staging - region: norwayeast - gitShortSha: ${{ needs.generate-git-short-sha.outputs.gitShortSha }} - - dry-run-deploy-apps-staging: - name: Deploy apps to staging (dry run) - needs: [generate-git-short-sha, check-for-changes, deploy-apps-test] - uses: ./.github/workflows/action-deploy-apps.yml - secrets: - AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} - AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} - AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - # todo: consider resolving these in another way since they are created in the infra-step - AZURE_RESOURCE_GROUP_NAME: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }} - AZURE_ADO_CONNECTION_STRING_SECRET_URI: ${{ secrets.AZURE_ADO_CONNECTION_STRING_SECRET_URI }} - AZURE_ENVIRONMENT_KEY_VAULT_NAME: ${{ secrets.AZURE_ENVIRONMENT_KEY_VAULT_NAME }} - AZURE_CONTAINER_APP_ENVIRONMENT_NAME: ${{ secrets.AZURE_CONTAINER_APP_ENVIRONMENT_NAME }} - AZURE_APP_INSIGHTS_CONNECTION_STRING: ${{ secrets.AZURE_APP_INSIGHTS_CONNECTION_STRING }} - AZURE_APP_CONFIGURATION_NAME: ${{ secrets.AZURE_APP_CONFIGURATION_NAME }} - with: - environment: staging - region: norwayeast - dryRun: true - gitShortSha: ${{ needs.generate-git-short-sha.outputs.gitShortSha }} - - deploy-apps-staging: - name: Deploy apps to staging - needs: - [generate-git-short-sha, check-for-changes, dry-run-deploy-apps-staging] - uses: ./.github/workflows/action-deploy-apps.yml - secrets: - AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} - AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} - AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - # todo: consider resolving these in another way since they are created in the infra-step - AZURE_RESOURCE_GROUP_NAME: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }} - AZURE_ADO_CONNECTION_STRING_SECRET_URI: ${{ secrets.AZURE_ADO_CONNECTION_STRING_SECRET_URI }} - AZURE_ENVIRONMENT_KEY_VAULT_NAME: ${{ secrets.AZURE_ENVIRONMENT_KEY_VAULT_NAME }} - AZURE_CONTAINER_APP_ENVIRONMENT_NAME: ${{ secrets.AZURE_CONTAINER_APP_ENVIRONMENT_NAME }} - AZURE_APP_INSIGHTS_CONNECTION_STRING: ${{ secrets.AZURE_APP_INSIGHTS_CONNECTION_STRING }} - AZURE_APP_CONFIGURATION_NAME: ${{ secrets.AZURE_APP_CONFIGURATION_NAME }} - with: - environment: staging - region: norwayeast - gitShortSha: ${{ needs.generate-git-short-sha.outputs.gitShortSha }} diff --git a/.github/workflows/ci-cd-pull-request-release-please.yml b/.github/workflows/ci-cd-pull-request-release-please.yml new file mode 100644 index 000000000..a80b2a9ce --- /dev/null +++ b/.github/workflows/ci-cd-pull-request-release-please.yml @@ -0,0 +1,67 @@ +name: CI/CD Pull Request Release Please + +on: + pull_request: + branches: [main] + paths-ignore: + - "tests/k6/**" + +jobs: + verify-release-please-branch: + if: startsWith(github.head_ref, 'release-please-') + runs-on: ubuntu-latest + steps: + - run: echo "Confirmed to be a release please branch" + + get-current-version: + name: Get current version + uses: ./.github/workflows/action-get-current-version.yml + + check-for-changes: + name: Check for changes + uses: ./.github/workflows/action-check-for-changes.yml + + generate-git-short-sha: + name: Generate git short sha + needs: [verify-release-please-branch] + uses: ./.github/workflows/action-generate-git-short-sha.yml + + dry-run-deploy-infra-staging: + name: Deploy infra to staging (dry run) + needs: [generate-git-short-sha, get-current-version, check-for-changes] + if: ${{ needs.check-for-changes.outputs.hasAzureChanges == 'true' }} + uses: ./.github/workflows/action-deploy-infra.yml + secrets: + AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} + AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} + AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + AZURE_SOURCE_KEY_VAULT_NAME: ${{ secrets.AZURE_SOURCE_KEY_VAULT_NAME }} + AZURE_SOURCE_KEY_VAULT_SUBSCRIPTION_ID: ${{ secrets.AZURE_SOURCE_KEY_VAULT_SUBSCRIPTION_ID }} + AZURE_SOURCE_KEY_VAULT_RESOURCE_GROUP: ${{ secrets.AZURE_SOURCE_KEY_VAULT_RESOURCE_GROUP }} + with: + environment: staging + region: norwayeast + dryRun: true + version: ${{ needs.get-current-version.outputs.version }}-${{ needs.generate-git-short-sha.outputs.gitShortSha }} + + dry-run-deploy-apps-staging: + name: Deploy apps to staging (dry run) + needs: [generate-git-short-sha, get-current-version, check-for-changes] + if: ${{ needs.check-for-changes.outputs.hasBackendChanges == 'true' }} + uses: ./.github/workflows/action-deploy-apps.yml + secrets: + AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} + AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} + AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + # todo: consider resolving these in another way since they are created in the infra-step + AZURE_RESOURCE_GROUP_NAME: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }} + AZURE_ADO_CONNECTION_STRING_SECRET_URI: ${{ secrets.AZURE_ADO_CONNECTION_STRING_SECRET_URI }} + AZURE_ENVIRONMENT_KEY_VAULT_NAME: ${{ secrets.AZURE_ENVIRONMENT_KEY_VAULT_NAME }} + AZURE_CONTAINER_APP_ENVIRONMENT_NAME: ${{ secrets.AZURE_CONTAINER_APP_ENVIRONMENT_NAME }} + AZURE_APP_INSIGHTS_CONNECTION_STRING: ${{ secrets.AZURE_APP_INSIGHTS_CONNECTION_STRING }} + AZURE_APP_CONFIGURATION_NAME: ${{ secrets.AZURE_APP_CONFIGURATION_NAME }} + with: + environment: staging + region: norwayeast + dryRun: true + version: ${{ needs.get-current-version.outputs.version }}-${{ needs.generate-git-short-sha.outputs.gitShortSha }} diff --git a/.github/workflows/ci-cd-pull-request-title.yml b/.github/workflows/ci-cd-pull-request-title.yml new file mode 100644 index 000000000..6efe9e82b --- /dev/null +++ b/.github/workflows/ci-cd-pull-request-title.yml @@ -0,0 +1,20 @@ +name: "PR Title Checker" +on: + pull_request_target: + types: [opened, edited, reopened, synchronize] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + +jobs: + validate: + permissions: + contents: read + pull-requests: read + name: Validate PR Title + runs-on: ubuntu-latest + steps: + - uses: thehanimo/pr-title-checker@v1.4.1 + with: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + configuration_path: ".github/pr-title-checker-config.json" diff --git a/.github/workflows/ci-cd-pull-request.yml b/.github/workflows/ci-cd-pull-request.yml index 462910caf..3669ed1a0 100644 --- a/.github/workflows/ci-cd-pull-request.yml +++ b/.github/workflows/ci-cd-pull-request.yml @@ -11,6 +11,10 @@ jobs: name: Generate git short sha uses: ./.github/workflows/action-generate-git-short-sha.yml + get-current-version: + name: Get current version + uses: ./.github/workflows/action-get-current-version.yml + check-for-changes: name: Check for changes uses: ./.github/workflows/action-check-for-changes.yml @@ -33,7 +37,13 @@ jobs: dry-run-deploy-infra: uses: ./.github/workflows/action-deploy-infra.yml - needs: [generate-git-short-sha, check-for-changes, build-infrastructure] + needs: + [ + generate-git-short-sha, + check-for-changes, + get-current-version, + build-infrastructure, + ] if: ${{ always() && needs.check-for-changes.outputs.hasAzureChanges == 'true' }} secrets: AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} @@ -46,4 +56,4 @@ jobs: environment: test region: norwayeast dryRun: true - gitShortSha: ${{ needs.generate-git-short-sha.outputs.gitShortSha }} + version: ${{ needs.get-current-version.outputs.version }}-${{ needs.generate-git-short-sha.outputs.gitShortSha }} diff --git a/.github/workflows/ci-cd-staging.yml b/.github/workflows/ci-cd-staging.yml new file mode 100644 index 000000000..9569ca7f8 --- /dev/null +++ b/.github/workflows/ci-cd-staging.yml @@ -0,0 +1,69 @@ +name: CI/CD Staging + +on: + push: + tags: + - "v*.*.*" + paths-ignore: + - "tests/k6/**" + +concurrency: + group: ${{ github.workflow }}-${{ github.ref_name }} + +jobs: + # Get changed files between previous tag and current tag: https://github.com/marketplace/actions/changed-files + check-for-changes: + name: Check for changes + uses: ./.github/workflows/action-check-for-changes.yml + + get-current-version: + name: Get current version + uses: ./.github/workflows/action-get-current-version.yml + + publish: + name: Build and publish docker images + uses: ./.github/workflows/action-publish.yml + if: ${{ needs.check-for-changes.outputs.hasBackendChanges == 'true' }} + needs: [get-current-version, check-for-changes] + secrets: + GCR_PASSWORD: ${{ secrets.GITHUB_TOKEN }} + with: + dockerImageBaseName: ghcr.io/digdir/dialogporten- + version: ${{ needs.get-current-version.outputs.version }} + + deploy-infra-staging: + name: Deploy infra to staging + if: ${{ needs.check-for-changes.outputs.hasAzureChanges == 'true' }} + needs: [get-current-version, check-for-changes] + uses: ./.github/workflows/action-deploy-infra.yml + secrets: + AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} + AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} + AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + AZURE_SOURCE_KEY_VAULT_NAME: ${{ secrets.AZURE_SOURCE_KEY_VAULT_NAME }} + AZURE_SOURCE_KEY_VAULT_SUBSCRIPTION_ID: ${{ secrets.AZURE_SOURCE_KEY_VAULT_SUBSCRIPTION_ID }} + AZURE_SOURCE_KEY_VAULT_RESOURCE_GROUP: ${{ secrets.AZURE_SOURCE_KEY_VAULT_RESOURCE_GROUP }} + with: + environment: staging + region: norwayeast + version: ${{ needs.get-current-version.outputs.version }} + + deploy-apps-staging: + name: Deploy apps to staging + needs: [get-current-version, publish] + uses: ./.github/workflows/action-deploy-apps.yml + secrets: + AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} + AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} + AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + # todo: consider resolving these in another way since they are created in the infra-step + AZURE_RESOURCE_GROUP_NAME: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }} + AZURE_ADO_CONNECTION_STRING_SECRET_URI: ${{ secrets.AZURE_ADO_CONNECTION_STRING_SECRET_URI }} + AZURE_ENVIRONMENT_KEY_VAULT_NAME: ${{ secrets.AZURE_ENVIRONMENT_KEY_VAULT_NAME }} + AZURE_CONTAINER_APP_ENVIRONMENT_NAME: ${{ secrets.AZURE_CONTAINER_APP_ENVIRONMENT_NAME }} + AZURE_APP_INSIGHTS_CONNECTION_STRING: ${{ secrets.AZURE_APP_INSIGHTS_CONNECTION_STRING }} + AZURE_APP_CONFIGURATION_NAME: ${{ secrets.AZURE_APP_CONFIGURATION_NAME }} + with: + environment: staging + region: norwayeast + version: ${{ needs.get-current-version.outputs.version }} diff --git a/.github/workflows/dispatch-infrastructure.yml b/.github/workflows/dispatch-infrastructure.yml index 4fdfa71f1..f0d7ba4c4 100644 --- a/.github/workflows/dispatch-infrastructure.yml +++ b/.github/workflows/dispatch-infrastructure.yml @@ -12,7 +12,7 @@ on: - test - staging - prod - +# todo: take version as param? concurrency: group: ${{ github.workflow }}-${{ github.ref_name }} @@ -21,9 +21,13 @@ jobs: name: Generate git short sha uses: ./.github/workflows/action-generate-git-short-sha.yml + get-current-version: + name: Get current version + uses: ./.github/workflows/action-get-current-version.yml + deploy-infra-test: name: Deploy infra to test - needs: [generate-git-short-sha] + needs: [generate-git-short-sha, get-current-version] uses: ./.github/workflows/action-deploy-infra.yml secrets: AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} @@ -35,4 +39,4 @@ jobs: with: environment: ${{ inputs.environment }} region: norwayeast - gitShortSha: ${{ needs.generate-git-short-sha.outputs.gitShortSha }} + version: ${{ needs.get-current-version.outputs.version }}-${{ needs.generate-git-short-sha.outputs.gitShortSha }} diff --git a/version.txt b/version.txt new file mode 100644 index 000000000..afaf360d3 --- /dev/null +++ b/version.txt @@ -0,0 +1 @@ +1.0.0 \ No newline at end of file