This repository has been archived by the owner on Jun 29, 2023. It is now read-only.
Add tags for prototype code (#33) #132
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Pipeline | |
on: | |
push: | |
branches: [main] | |
pull_request: | |
branches: [main] | |
workflow_dispatch: | |
env: | |
CONTAINER_REGISTRY: ghcr.io | |
CONTAINER_IMAGE_NAME: ${{ github.repository }} | |
CONTAINER_IMAGE_VERSION: ${{ github.sha }} | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
packages: write | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Build an image from Dockerfile | |
run: docker build -t ${{ env.CONTAINER_IMAGE_NAME }}:${{ env.CONTAINER_IMAGE_VERSION }} . | |
- name: Login to container registry | |
uses: docker/login-action@v2 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Push image | |
run: | | |
docker tag ${{ env.CONTAINER_IMAGE_NAME }}:${{ env.CONTAINER_IMAGE_VERSION }} ${{ env.CONTAINER_REGISTRY }}/${{ env.CONTAINER_IMAGE_NAME }} | |
docker tag ${{ env.CONTAINER_IMAGE_NAME }}:${{ env.CONTAINER_IMAGE_VERSION }} ${{ env.CONTAINER_REGISTRY }}/${{ env.CONTAINER_IMAGE_NAME }}:${{ env.CONTAINER_IMAGE_VERSION }} | |
docker push --all-tags ${{ env.CONTAINER_REGISTRY }}/${{ env.CONTAINER_IMAGE_NAME }} | |
deploy-staging: | |
runs-on: ubuntu-latest | |
if: ${{ github.ref == 'refs/heads/main' }} | |
concurrency: deploy-staging | |
environment: staging | |
needs: [ build ] | |
permissions: | |
id-token: write # Enable OIDC for gitsign | |
steps: | |
- uses: chainguard-dev/actions/setup-gitsign@ac42db4c9c2e2bd9f66aadf3290c5995891d91a3 | |
- name: Deploy new image | |
uses: digitalservicebund/github-actions/argocd-deploy@9b15fba0ce0e874d9af5be33ebeea7d476f808d0 | |
with: | |
environment: staging | |
version: ${{ env.CONTAINER_IMAGE_VERSION }} | |
deploying_repo: useid-eservice-example | |
infra_repo: useid-provider-infra | |
deploy_key: ${{ secrets.DEPLOY_KEY }} | |
app: useid-provider-staging | |
argocd_pipeline_password: ${{ secrets.ARGOCD_PIPELINE_PASSWORD }} | |
argocd_server: ${{ secrets.ARGOCD_SERVER }} | |
argocd_sync_timeout: 300 | |
- name: Track deploy | |
uses: digitalservicebund/github-actions/track-deployment@34a48d29a9c4cc2fd6710b8eb37e13618a08fa88 | |
with: | |
project: UseId eService Example | |
environment: staging | |
metrics_deployment_webhook_url: ${{ secrets.METRICS_DEPLOYMENT_WEBHOOK_URL }} | |
metrics_webhook_token: ${{ secrets.METRICS_WEBHOOK_TOKEN }} | |
deploy-staging-verify: | |
runs-on: ubuntu-latest | |
if: ${{ github.ref == 'refs/heads/main' }} | |
concurrency: deploy-staging | |
needs: [ deploy-staging ] | |
steps: | |
- name: Check health | |
shell: bash | |
run: | | |
status_code=$(curl -o /dev/null -s -w "%{http_code}\n" -X GET ${{ secrets.STAGING_URL }}) | |
if [[ "$status_code" -ne 200 ]] ; then | |
exit 1; | |
fi | |
- name: Send status to Slack | |
# Third-party action, pin to commit SHA! | |
# See https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions | |
uses: lazy-actions/slatify@c4847b8c84e3e8076fd3c42cc00517a10426ed65 | |
if: ${{ failure() && env.SLACK_WEBHOOK_URL }} | |
env: | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
with: | |
type: ${{ job.status }} | |
job_name: "Staging verify :point_right:" | |
mention: "here" | |
mention_if: "failure" | |
commit: true | |
url: ${{ secrets.SLACK_WEBHOOK_URL }} | |
token: ${{ secrets.GITHUB_TOKEN }} | |
deploy-production: | |
runs-on: ubuntu-latest | |
if: ${{ github.ref == 'refs/heads/main' }} | |
concurrency: deploy-production | |
environment: production | |
needs: [ build, deploy-staging-verify ] | |
permissions: | |
id-token: write # Enable OIDC for gitsign | |
steps: | |
- uses: chainguard-dev/actions/setup-gitsign@ac42db4c9c2e2bd9f66aadf3290c5995891d91a3 | |
- name: Deploy new image | |
uses: digitalservicebund/github-actions/argocd-deploy@9b15fba0ce0e874d9af5be33ebeea7d476f808d0 | |
with: | |
environment: production | |
version: ${{ env.CONTAINER_IMAGE_VERSION }} | |
deploying_repo: useid-eservice-example | |
infra_repo: useid-provider-infra | |
deploy_key: ${{ secrets.DEPLOY_KEY }} | |
app: useid-provider-production | |
argocd_pipeline_password: ${{ secrets.ARGOCD_PIPELINE_PASSWORD }} | |
argocd_server: ${{ secrets.ARGOCD_SERVER }} | |
argocd_sync_timeout: 300 | |
- name: Track deploy | |
uses: digitalservicebund/github-actions/track-deployment@34a48d29a9c4cc2fd6710b8eb37e13618a08fa88 | |
with: | |
project: UseId eService Example | |
environment: production | |
metrics_deployment_webhook_url: ${{ secrets.METRICS_DEPLOYMENT_WEBHOOK_URL }} | |
metrics_webhook_token: ${{ secrets.METRICS_WEBHOOK_TOKEN }} |