name: Deploy to prototype environment on: workflow_run: workflows: [Run checks] types: - completed branches: [main] # Redundant, workflow_run events are only triggered on default branch (`main`) permissions: contents: read jobs: deploy: runs-on: ubuntu-latest if: ${{ github.event.workflow_run.conclusion == 'success' }} steps: - name: Install container dependencies run: | sudo apt-get update \ && sudo apt-get install -y --no-install-recommends \ libcurl4-openssl-dev - uses: actions/checkout@v3 - name: Set up Python 3.9 uses: actions/setup-python@v3 with: python-version: "3.9" - name: Install application dependencies run: make bootstrap - name: Deploy to cloud.gov uses: 18f/cg-deploy-action@main env: DANGEROUS_SALT: ${{ secrets.DANGEROUS_SALT }} SECRET_KEY: ${{ secrets.SECRET_KEY }} AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} ADMIN_CLIENT_SECRET: ${{ secrets.ADMIN_CLIENT_SECRET }} BASIC_AUTH_PASSWORD: ${{ secrets.BASIC_AUTH_PASSWORD }} REDIS_ENABLED: ${{ secrets.REDIS_ENABLED }} with: cf_username: ${{ secrets.CLOUDGOV_USERNAME }} cf_password: ${{ secrets.CLOUDGOV_PASSWORD }} cf_org: gsa-10x-prototyping cf_space: 10x-notifications push_arguments: >- --var DANGEROUS_SALT="$DANGEROUS_SALT" --var SECRET_KEY="$SECRET_KEY" --var AWS_ACCESS_KEY_ID="$AWS_ACCESS_KEY_ID" --var AWS_SECRET_ACCESS_KEY="$AWS_SECRET_ACCESS_KEY" --var REDIS_ENABLED="$REDIS_ENABLED" --var ADMIN_CLIENT_USERNAME="notify-admin" --var ADMIN_CLIENT_SECRET="$ADMIN_CLIENT_SECRET" --var BASIC_AUTH_USERNAME="curiousabout" --var BASIC_AUTH_PASSWORD="$BASIC_AUTH_PASSWORD" bail: runs-on: ubuntu-latest if: ${{ github.event.workflow_run.conclusion == 'failure' }} steps: - run: echo 'Checks failed, not deploying'