Release - main #135
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| run-name: Release - ${{ github.ref_name }} | |
| on: | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| test: | |
| name: Test | |
| uses: ./.github/workflows/test.yml | |
| with: | |
| ACCESS_ECR_REGION: ${{vars.ACCESS_ECR_REGION}} | |
| CLA_BACKEND_ECR_REPOSITORY: ${{vars.CLA_BACKEND_ECR_REPOSITORY}} | |
| secrets: | |
| ECR_ROLE_TO_ASSUME: ${{secrets.CLA_BACKEND_ECR_ROLE_TO_ASSUME}} | |
| static-analysis: | |
| name: Static Analysis | |
| needs: test | |
| uses: ./.github/workflows/static-analysis.yml | |
| secrets: | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| build-and-push: | |
| name: Build | |
| uses: ./.github/workflows/build.yml | |
| needs: [static-analysis, test] | |
| with: | |
| ACCESS_ECR_REGION: ${{vars.ACCESS_ECR_REGION}} | |
| ACCESS_ECR_REPOSITORY: ${{vars.ACCESS_ECR_REPOSITORY}} | |
| secrets: | |
| ACCESS_ECR_ROLE_TO_ASSUME: ${{ secrets.ACCESS_ECR_ROLE_TO_ASSUME }} | |
| scan-image: | |
| uses: ./.github/workflows/trivy-image-scan.yml | |
| needs: build-and-push | |
| with: | |
| ACCESS_ECR_REPOSITORY: ${{vars.ACCESS_ECR_REPOSITORY}} | |
| ACCESS_ECR_REGION: ${{vars.ACCESS_ECR_REGION}} | |
| secrets: | |
| ECR_REGISTRY: ${{ secrets.ECR_REGISTRY }} | |
| ACCESS_ECR_ROLE_TO_ASSUME: ${{ secrets.ACCESS_ECR_ROLE_TO_ASSUME }} | |
| deploy-uat: | |
| name: UAT | |
| uses: ./.github/workflows/deploy.yml | |
| needs: build-and-push | |
| with: | |
| environment: uat | |
| ACCESS_ECR_REGION: ${{vars.ACCESS_ECR_REGION}} | |
| ACCESS_ECR_REPOSITORY: ${{vars.ACCESS_ECR_REPOSITORY}} | |
| secrets: | |
| ECR_REGISTRY: ${{ secrets.ECR_REGISTRY }} | |
| ACCESS_ECR_ROLE_TO_ASSUME: ${{ secrets.ACCESS_ECR_ROLE_TO_ASSUME }} | |
| KUBE_CERT: ${{ secrets.KUBE_CERT }} | |
| KUBE_CLUSTER: ${{ secrets.KUBE_CLUSTER }} | |
| KUBE_NAMESPACE: ${{ secrets.KUBE_NAMESPACE }} | |
| KUBE_TOKEN: ${{ secrets.KUBE_TOKEN }} | |
| deploy-staging: | |
| name: Staging | |
| uses: ./.github/workflows/deploy.yml | |
| needs: build-and-push | |
| with: | |
| environment: staging | |
| ACCESS_ECR_REGION: ${{vars.ACCESS_ECR_REGION}} | |
| ACCESS_ECR_REPOSITORY: ${{vars.ACCESS_ECR_REPOSITORY}} | |
| secrets: | |
| ECR_REGISTRY: ${{ secrets.ECR_REGISTRY }} | |
| ACCESS_ECR_ROLE_TO_ASSUME: ${{ secrets.ACCESS_ECR_ROLE_TO_ASSUME }} | |
| KUBE_CERT: ${{ secrets.KUBE_CERT }} | |
| KUBE_CLUSTER: ${{ secrets.KUBE_CLUSTER }} | |
| KUBE_NAMESPACE: ${{ secrets.KUBE_NAMESPACE }} | |
| KUBE_TOKEN: ${{ secrets.KUBE_TOKEN }} | |
| deploy-production: | |
| name: Production | |
| uses: ./.github/workflows/deploy.yml | |
| needs: deploy-staging | |
| with: | |
| environment: production | |
| ACCESS_ECR_REGION: ${{vars.ACCESS_ECR_REGION}} | |
| ACCESS_ECR_REPOSITORY: ${{vars.ACCESS_ECR_REPOSITORY}} | |
| secrets: | |
| ECR_REGISTRY: ${{ secrets.ECR_REGISTRY }} | |
| ACCESS_ECR_ROLE_TO_ASSUME: ${{ secrets.ACCESS_ECR_ROLE_TO_ASSUME }} | |
| KUBE_CERT: ${{ secrets.KUBE_CERT }} | |
| KUBE_CLUSTER: ${{ secrets.KUBE_CLUSTER }} | |
| KUBE_NAMESPACE: ${{ secrets.KUBE_NAMESPACE }} | |
| KUBE_TOKEN: ${{ secrets.KUBE_TOKEN }} |