-
Notifications
You must be signed in to change notification settings - Fork 55
141 lines (130 loc) · 4.99 KB
/
deployProd.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
name: Deploy Prod
on:
workflow_run:
workflows: [ "Deploy Stg" ]
types:
- completed
env:
DEPLOY_ENV: prod
NODE_VERSION: 22
concurrency:
group: prod-deploy
cancel-in-progress: false
jobs:
build_docker:
runs-on: ubuntu-latest
if: ${{ github.event.workflow_run.conclusion == 'success' }}
steps:
- uses: actions/checkout@v4
- name: Build and Push backend
uses: ./.github/actions/build-and-push
with:
acr_registry: ${{ secrets.ACR_REPO_URL }}
acr_username: ${{ secrets.ACR_ADMIN_USERNAME }}
acr_password: ${{ secrets.ACR_ADMIN_PASWORD }}
build_frontend:
runs-on: ubuntu-latest
if: ${{ github.event.workflow_run.conclusion == 'success' }}
environment: Production
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/build-frontend
name: Build front-end application
with:
azure_creds: ${{ secrets.AZURE_CREDENTIALS }}
client_tarball: ./client.tgz
deploy_env: ${{env.DEPLOY_ENV}}
smarty_streets_key: ${{ secrets.SMARTY_STREETS_KEY }}
okta_enabled: true
okta_url: https://hhs-prime.okta.com
okta_client_id: 0oa5ahrdfSpxmNZO74h6
base_domain_name: ${{ vars.BASE_DOMAIN_NAME }}
prerelease_backend:
runs-on: ubuntu-latest
needs: [ build_frontend, build_docker ]
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/tf-deploy
name: Deploy with Terraform
with:
azure_creds: ${{ secrets.AZURE_CREDENTIALS }}
deploy_env: ${{ env.DEPLOY_ENV }}
terraform_arm_client_id: ${{ secrets.TERRAFORM_ARM_CLIENT_ID }}
terraform_arm_client_secret: ${{ secrets.TERRAFORM_ARM_CLIENT_SECRET }}
terraform_arm_subscription_id: ${{ secrets.TERRAFORM_ARM_SUBSCRIPTION_ID }}
terraform_arm_tenant_id: ${{ secrets.TERRAFORM_ARM_TENANT_ID }}
okta_api_token: ${{ secrets.OKTA_API_TOKEN }}
- uses: ./.github/actions/stg-wait-for-slot-commit
name: Wait for correct commit to be deployed in staging slot
timeout-minutes: 5
with:
deploy_env: ${{ env.DEPLOY_ENV }}
- uses: ./.github/actions/stg-wait-for-slot-readiness
name: Wait for staging deploy to be ready
timeout-minutes: 1
with:
deploy_env: ${{ env.DEPLOY_ENV }}
deploy:
runs-on: ubuntu-latest
environment:
name: Production
url: https://simplereport.gov
needs: [ prerelease_backend ]
steps:
- uses: actions/checkout@v4
- name: Promote and deploy
uses: ./.github/actions/deploy-application
with:
azure_creds: ${{ secrets.AZURE_CREDENTIALS }}
client_tarball: client.tgz
deploy_env: ${{ env.DEPLOY_ENV }}
slack_alert:
runs-on: ubuntu-latest
if: failure()
needs: [ deploy ]
steps:
- uses: actions/checkout@v4
- name: Send alert to Slack
uses: ./.github/actions/slack-message
with:
username: ${{ github.actor }}
description: |
:siren-gif: Deploy to ${{ env.DEPLOY_ENV }} failed. ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} :siren-gif:
webhook_url: ${{ secrets.SR_ALERTS_SLACK_WEBHOOK_URL }}
user_map: $${{ secrets.SR_ALERTS_GITHUB_SLACK_MAP }}
failed_deploy_pagerduty_alert:
runs-on: ubuntu-latest
if: ${{ always() && needs.deploy.result != 'success' && github.event.workflow_run.conclusion == 'success' }}
needs: [ deploy ]
steps:
- uses: actions/checkout@v4
- name: Trigger PagerDuty alert
uses: ./.github/actions/pagerduty-alert
with:
summary: ":siren-gif: Deploy to ${{ env.DEPLOY_ENV }} failed. ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} :siren-gif:"
severity: error
routing_key: ${{ secrets.pagerduty_prod_integration_key }}
# See the Alert response wiki page for more details on post-deploy smoke test
smoke_test_front_and_back_end:
runs-on: ubuntu-latest
needs: [ deploy ]
if: ${{ always() }}
environment: Production
steps:
- uses: actions/checkout@v4
- name: Smoke test the env
uses: ./.github/actions/post-deploy-smoke-test
with:
base_domain_name: ${{ vars.BASE_DOMAIN_NAME }}
failed_smoke_test_pagerduty_alert:
runs-on: ubuntu-latest
if: ${{ always() && needs.smoke_test_front_and_back_end.result == 'failure' }}
needs: [ smoke_test_front_and_back_end ]
steps:
- uses: actions/checkout@v4
- name: Trigger PagerDuty alert
uses: ./.github/actions/pagerduty-alert
with:
summary: ":siren-gif: Post-deploy smoke test for ${{ env.DEPLOY_ENV }} could not verify that the frontend is talking to the backend. ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} :siren-gif:"
severity: critical
routing_key: ${{ secrets.pagerduty_prod_integration_key }}