Skip to content

Commit 99ae1b9

Browse files
vertismvertism
authored
Enable build and deploy from PR (#324)
1 parent 14445fd commit 99ae1b9

File tree

3 files changed

+76
-121
lines changed

3 files changed

+76
-121
lines changed

.github/workflows/deploy.yml

+32-119
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,15 @@
11
name: Deploy Workflow
22

33
on:
4-
workflow_dispatch:
54
workflow_call:
65

76
env:
87
PREFIX: "fum"
98
SHA: ${{ github.event.pull_request.head.sha || github.sha }}
9+
KUBE_NAMESPACE: ${{ secrets.KUBE_NAMESPACE }}
10+
KUBE_CERT: ${{ secrets.KUBE_CERT }}
11+
KUBE_TOKEN: ${{ secrets.KUBE_TOKEN }}
12+
KUBE_CLUSTER: ${{ secrets.KUBE_CLUSTER }}
1013

1114
concurrency:
1215
group: deploy-${{ github.ref }}
@@ -16,6 +19,9 @@ jobs:
1619
build:
1720
runs-on: ubuntu-latest
1821

22+
outputs:
23+
build_tag: ${{ steps.vars.outputs.build_tag }}
24+
1925
permissions:
2026
id-token: write # This is required for requesting the JWT
2127
contents: read # This is required for actions/checkout
@@ -65,9 +71,6 @@ jobs:
6571
id-token: write # This is required for requesting the JWT
6672
contents: read # This is required for actions/checkout
6773

68-
env:
69-
KUBE_NAMESPACE: ${{ secrets.KUBE_NAMESPACE }}
70-
7174
steps:
7275
- name: Checkout
7376
uses: actions/checkout@v4
@@ -82,14 +85,6 @@ jobs:
8285
uses: aws-actions/amazon-ecr-login@v2
8386
id: login-ec
8487

85-
- name: Store build tag
86-
id: vars
87-
run: |
88-
branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}
89-
short_sha=$(git rev-parse --short $SHA)
90-
build_tag=$PREFIX-$branch-$short_sha
91-
echo "build_tag=$build_tag" >> $GITHUB_OUTPUT
92-
9388
- name: Update image tag
9489
env:
9590
ECR_URL: ${{ vars.ECR_URL }}
@@ -105,10 +100,6 @@ jobs:
105100
docker push ${{ vars.ECR_URL }}:staging.latest
106101
107102
- name: Authenticate to the cluster
108-
env:
109-
KUBE_CERT: ${{ secrets.KUBE_CERT }}
110-
KUBE_TOKEN: ${{ secrets.KUBE_TOKEN }}
111-
KUBE_CLUSTER: ${{ secrets.KUBE_CLUSTER }}
112103
run: |
113104
echo "${KUBE_CERT}" > ca.crt
114105
kubectl config set-cluster ${KUBE_CLUSTER} --certificate-authority=./ca.crt --server=https://${KUBE_CLUSTER}
@@ -120,35 +111,14 @@ jobs:
120111
run: |
121112
kubectl -n ${KUBE_NAMESPACE} apply -f config/kubernetes/staging
122113
123-
- name: Send deploy notification to product Slack channel
124-
uses: slackapi/slack-github-action@v1.27.0
125-
with:
126-
payload: |
127-
{
128-
"attachments": [
129-
{
130-
"color": "#1d990c",
131-
"text": "${{ github.actor }} deployed *${{ steps.vars.outputs.build_tag }}* to *Staging*",
132-
"fields": [
133-
{
134-
"title": "Project",
135-
"value": "Find Unclaimed Court Money",
136-
"short": true
137-
}
138-
],
139-
"actions": [
140-
{
141-
"text": "Visit Job",
142-
"type": "button",
143-
"url": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
144-
}
145-
]
146-
}
147-
]
148-
}
149-
env:
150-
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
151-
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
114+
notify-staging:
115+
needs: [build, deploy-staging]
116+
uses: ./.github/workflows/notification.yml
117+
secrets:
118+
webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }}
119+
with:
120+
build_tag: ${{ needs.build.outputs.build_tag }}
121+
environment: Staging
152122

153123
deploy-production:
154124
runs-on: ubuntu-latest
@@ -160,9 +130,6 @@ jobs:
160130
id-token: write # This is required for requesting the JWT
161131
contents: read # This is required for actions/checkout
162132

163-
env:
164-
KUBE_NAMESPACE: ${{ secrets.KUBE_NAMESPACE }}
165-
166133
steps:
167134
- name: Checkout
168135
uses: actions/checkout@v4
@@ -177,14 +144,6 @@ jobs:
177144
uses: aws-actions/amazon-ecr-login@v2
178145
id: login-ecr
179146

180-
- name: Store build tag
181-
id: vars
182-
run: |
183-
branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}
184-
short_sha=$(git rev-parse --short $SHA)
185-
build_tag=$PREFIX-$branch-$short_sha
186-
echo "build_tag=$build_tag" >> $GITHUB_OUTPUT
187-
188147
- name: Update image tag
189148
env:
190149
ECR_URL: ${{ vars.ECR_URL }}
@@ -200,10 +159,6 @@ jobs:
200159
docker push ${{ vars.ECR_URL }}:production.latest
201160
202161
- name: Authenticate to the cluster
203-
env:
204-
KUBE_CERT: ${{ secrets.KUBE_CERT }}
205-
KUBE_TOKEN: ${{ secrets.KUBE_TOKEN }}
206-
KUBE_CLUSTER: ${{ secrets.KUBE_CLUSTER }}
207162
run: |
208163
echo "${KUBE_CERT}" > ca.crt
209164
kubectl config set-cluster ${KUBE_CLUSTER} --certificate-authority=./ca.crt --server=https://${KUBE_CLUSTER}
@@ -215,62 +170,20 @@ jobs:
215170
run: |
216171
kubectl -n ${KUBE_NAMESPACE} apply -f config/kubernetes/production
217172
218-
- name: Send deploy notification to product Slack channel
219-
uses: slackapi/slack-github-action@v1.27.0
220-
with:
221-
payload: |
222-
{
223-
"attachments": [
224-
{
225-
"color": "#1d990c",
226-
"text": "${{ github.actor }} deployed *${{ steps.vars.outputs.build_tag }}* to *Production*",
227-
"fields": [
228-
{
229-
"title": "Project",
230-
"value": "Find Unclaimed Court Money",
231-
"short": true
232-
}
233-
],
234-
"actions": [
235-
{
236-
"text": "Visit Job",
237-
"type": "button",
238-
"url": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
239-
}
240-
]
241-
}
242-
]
243-
}
244-
env:
245-
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
246-
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
247-
248-
- name: Send deploy notification to product Slack channel
249-
uses: slackapi/slack-github-action@v1.27.0
250-
with:
251-
payload: |
252-
{
253-
"attachments": [
254-
{
255-
"color": "#1d990c",
256-
"text": "${{ github.actor }} deployed *${{ steps.vars.outputs.build_tag }}* to *Production*",
257-
"fields": [
258-
{
259-
"title": "Project",
260-
"value": "Find Unclaimed Court Money",
261-
"short": true
262-
}
263-
],
264-
"actions": [
265-
{
266-
"text": "Visit Job",
267-
"type": "button",
268-
"url": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
269-
}
270-
]
271-
}
272-
]
273-
}
274-
env:
275-
SLACK_WEBHOOK_URL: ${{ secrets.PROD_SLACK_WEBHOOK_URL }}
276-
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
173+
notify-production:
174+
needs: [build, deploy-production]
175+
uses: ./.github/workflows/notification.yml
176+
secrets:
177+
webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }}
178+
with:
179+
build_tag: ${{ needs.build.outputs.build_tag }}
180+
environment: Production
181+
182+
notify-production-2:
183+
needs: [build, deploy-production]
184+
uses: ./.github/workflows/notification.yml
185+
secrets:
186+
webhook_url: ${{ secrets.PROD_SLACK_WEBHOOK_URL }}
187+
with:
188+
build_tag: ${{ needs.build.outputs.build_tag }}
189+
environment: Production

.github/workflows/notification.yml

+43
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,43 @@
1+
name: Notification Workflow
2+
3+
on:
4+
workflow_call:
5+
secrets:
6+
webhook_url:
7+
required: true
8+
inputs:
9+
build_tag:
10+
required: true
11+
type: string
12+
environment:
13+
required: true
14+
type: string
15+
16+
jobs:
17+
notify:
18+
runs-on: ubuntu-latest
19+
name: "notify-${{ inputs.environment }}"
20+
21+
steps:
22+
- name: Slack notification
23+
uses: slackapi/slack-github-action@v2.0.0
24+
with:
25+
webhook: ${{ secrets.webhook_url }}
26+
webhook-type: incoming-webhook
27+
payload: |
28+
{
29+
"attachments": [
30+
{
31+
"color": "#1d990c",
32+
"text": "${{ github.actor }} deployed *${{ inputs.build_tag }}* to *${{ inputs.environment }}*",
33+
"fields": [
34+
{
35+
"title": "Project",
36+
"value": "Find Unclaimed Court Money",
37+
"short": true
38+
}
39+
],
40+
"footer": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
41+
}
42+
]
43+
}

.github/workflows/test.yml

+1-2
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
name: Test Workflow
1+
name: CI Workflow
22
on:
33
pull_request:
44
push:
@@ -69,7 +69,6 @@ jobs:
6969
minimum_file_coverage: 100
7070

7171
build-and-deploy:
72-
if: ${{ github.ref == 'refs/heads/main' }}
7372
needs: test
7473
uses: ./.github/workflows/deploy.yml
7574
secrets: inherit

0 commit comments

Comments
 (0)