-
Notifications
You must be signed in to change notification settings - Fork 0
101 lines (99 loc) · 4.08 KB
/
deploy.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
name: Deploy
on:
workflow_call:
inputs:
environment:
required: true
type: string
tag:
required: true
type: string
register_deployment:
required: false
type: boolean
default: false
secrets:
GOOGLE_WORKLOAD_IDENTITY_PROVIDER:
required: true
GOOGLE_SERVICE_ACCOUNT_EMAIL:
required: true
GOOGLE_PROJECT_ID:
required: true
GOOGLE_REGION:
required: true
SENTRY_DSN:
required: true
CLOUDFLARE_API_TOKEN:
required: true
CLOUDFLARE_ACCOUNT_ID:
required: true
MONGODB_ATLAS_PUBLIC_KEY:
required: true
MONGODB_ATLAS_PRIVATE_KEY:
required: true
MONGODB_ATLAS_PROJECT_ID:
required: true
AUTH0_DOMAIN:
required: true
AUTH0_CLIENT_ID:
required: true
AUTH0_CLIENT_SECRET:
required: true
YNAB_CLIENT_ID:
required: true
YNAB_CLIENT_SECRET:
required: true
jobs:
deploy:
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
deployments: write
steps:
- uses: actions/checkout@v3
- uses: haya14busa/action-cond@v1
id: environment_url
with:
cond: ${{ inputs.environment == 'main' }}
# When urls change also change App.Lib.Configuration.DevEnvConfigurationProvider.GetFrontendUrl
if_true: "https://${{ secrets.GOOGLE_PROJECT_ID }}.pages.dev"
if_false: "https://${{ inputs.environment }}.${{ secrets.GOOGLE_PROJECT_ID }}.pages.dev"
- uses: bobheadxi/deployments@v1
if: ${{ inputs.register_deployment }}
id: deployment
with:
step: start
token: ${{ secrets.GITHUB_TOKEN }}
env: ${{ inputs.environment }}
- uses: ./.github/actions/config_cli_tools
with:
google_workload_identity_provider: ${{ secrets.GOOGLE_WORKLOAD_IDENTITY_PROVIDER }}
google_service_account: ${{ secrets.GOOGLE_SERVICE_ACCOUNT_EMAIL }}
- run: ./deploy/run-ansible.sh src/deploy.yml
env:
APP_TAG: ${{ inputs.tag }}
APP_ENVIRONMENT: ${{ inputs.environment }}
APP_FRONTEND: ${{ steps.environment_url.outputs.value }}
SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
GOOGLE_REGION: ${{ secrets.GOOGLE_REGION }}
GOOGLE_PROJECT_ID: ${{ secrets.GOOGLE_PROJECT_ID }}
MONGODB_ATLAS_PUBLIC_KEY: ${{ secrets.MONGODB_ATLAS_PUBLIC_KEY }}
MONGODB_ATLAS_PRIVATE_KEY: ${{ secrets.MONGODB_ATLAS_PRIVATE_KEY }}
MONGODB_ATLAS_PROJECT_ID: ${{ secrets.MONGODB_ATLAS_PROJECT_ID }}
CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
AUTH0_DOMAIN: ${{ secrets.AUTH0_DOMAIN }}
AUTH0_CLIENT_ID: ${{ secrets.AUTH0_CLIENT_ID }}
AUTH0_CLIENT_SECRET: ${{ secrets.AUTH0_CLIENT_SECRET }}
YNAB_CLIENT_ID: ${{ secrets.YNAB_CLIENT_ID }}
YNAB_CLIENT_SECRET: ${{ secrets.YNAB_CLIENT_SECRET }}
- uses: bobheadxi/deployments@v1
if: ${{ inputs.register_deployment }}
with:
step: finish
token: ${{ secrets.GITHUB_TOKEN }}
status: ${{ job.status }}
deployment_id: ${{ steps.deployment.outputs.deployment_id }}
env: ${{ inputs.environment }}
env_url: ${{ steps.environment_url.outputs.value }}