mirror of
https://github.com/GSA/notifications-api.git
synced 2025-12-30 12:23:04 -05:00
1de2c8081b
This changeset updates the Terraform user configuration in several environments to factor in team member changes, and reverts the previous change to the staging deploy to see if there was an issue with the last update which is preventing the workflow from running now. Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
121 lines
4.5 KiB
YAML
121 lines
4.5 KiB
YAML
name: Deploy to staging environment
|
|
|
|
on:
|
|
workflow_run:
|
|
workflows: [ Run checks ]
|
|
types:
|
|
- completed
|
|
branches: [ main ] # Redundant, workflow_run events are only triggered on default branch (`main`)
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
|
|
deploy:
|
|
runs-on: ubuntu-latest
|
|
if: ${{ github.event.workflow_run.conclusion == 'success' }}
|
|
|
|
environment: staging
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 2
|
|
|
|
- name: Check for changes to Terraform
|
|
id: changed-terraform-files
|
|
uses: tj-actions/changed-files@v44
|
|
with:
|
|
files: |
|
|
terraform/staging/**
|
|
terraform/shared/**
|
|
.github/workflows/deploy.yml
|
|
- name: Terraform init
|
|
if: steps.changed-terraform-files.outputs.any_changed == 'true'
|
|
working-directory: terraform/staging
|
|
env:
|
|
AWS_ACCESS_KEY_ID: ${{ secrets.TERRAFORM_STATE_ACCESS_KEY }}
|
|
AWS_SECRET_ACCESS_KEY: ${{ secrets.TERRAFORM_STATE_SECRET_ACCESS_KEY }}
|
|
run: terraform init
|
|
- name: Terraform apply
|
|
if: steps.changed-terraform-files.outputs.any_changed == 'true'
|
|
working-directory: terraform/staging
|
|
env:
|
|
AWS_ACCESS_KEY_ID: ${{ secrets.TERRAFORM_STATE_ACCESS_KEY }}
|
|
AWS_SECRET_ACCESS_KEY: ${{ secrets.TERRAFORM_STATE_SECRET_ACCESS_KEY }}
|
|
TF_VAR_cf_user: ${{ secrets.CLOUDGOV_USERNAME }}
|
|
TF_VAR_cf_password: ${{ secrets.CLOUDGOV_PASSWORD }}
|
|
run: terraform apply -auto-approve -input=false
|
|
|
|
- uses: ./.github/actions/setup-project
|
|
- name: Install application dependencies
|
|
run: make bootstrap
|
|
|
|
- name: Create requirements.txt
|
|
run: poetry export --without-hashes --format=requirements.txt > requirements.txt
|
|
|
|
- name: Deploy to cloud.gov
|
|
uses: cloud-gov/cg-cli-tools@main
|
|
env:
|
|
DANGEROUS_SALT: ${{ secrets.DANGEROUS_SALT }}
|
|
SECRET_KEY: ${{ secrets.SECRET_KEY }}
|
|
ADMIN_CLIENT_SECRET: ${{ secrets.ADMIN_CLIENT_SECRET }}
|
|
NEW_RELIC_LICENSE_KEY: ${{ secrets.NEW_RELIC_LICENSE_KEY }}
|
|
NOTIFY_E2E_TEST_EMAIL: ${{ secrets.NOTIFY_E2E_TEST_EMAIL }}
|
|
NOTIFY_E2E_TEST_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_PASSWORD }}
|
|
LOGIN_DOT_GOV_REGISTRATION_URL: "https://secure.login.gov/openid_connect/authorize?acr_values=http%3A%2F%2Fidmanagement.gov%2Fns%2Fassurance%2Fial%2F1&client_id=urn:gov:gsa:openidconnect.profiles:sp:sso:gsa:notify-gov&nonce=NONCE&prompt=select_account&redirect_uri=https://notify-staging.app.cloud.gov/set-up-your-profile&response_type=code&scope=openid+email&state=STATE"
|
|
|
|
with:
|
|
cf_username: ${{ secrets.CLOUDGOV_USERNAME }}
|
|
cf_password: ${{ secrets.CLOUDGOV_PASSWORD }}
|
|
cf_org: gsa-tts-benefits-studio
|
|
cf_space: notify-staging
|
|
cf_command: >-
|
|
push -f manifest.yml
|
|
--vars-file deploy-config/staging.yml
|
|
--var DANGEROUS_SALT="$DANGEROUS_SALT"
|
|
--var SECRET_KEY="$SECRET_KEY"
|
|
--var ADMIN_CLIENT_SECRET="$ADMIN_CLIENT_SECRET"
|
|
--var NEW_RELIC_LICENSE_KEY="$NEW_RELIC_LICENSE_KEY"
|
|
--var NOTIFY_E2E_TEST_EMAIL="$NOTIFY_E2E_TEST_EMAIL"
|
|
--var NOTIFY_E2E_TEST_PASSWORD="$NOTIFY_E2E_TEST_PASSWORD"
|
|
--var LOGIN_DOT_GOV_REGISTRATION_URL="$LOGIN_DOT_GOV_REGISTRATION_URL"
|
|
--strategy rolling
|
|
|
|
- name: Check for changes to templates.json
|
|
id: changed-templates
|
|
uses: tj-actions/changed-files@v44
|
|
with:
|
|
files: |
|
|
app/config_files/templates.json
|
|
- name: Update templates
|
|
if: steps.changed-templates.outputs.any_changed == 'true'
|
|
run: cf run-task notify-api-staging --command "flask command update-templates"
|
|
|
|
- name: Check for changes to egress config
|
|
id: changed-egress-config
|
|
uses: tj-actions/changed-files@v45
|
|
with:
|
|
files: |
|
|
deploy-config/egress_proxy/notify-api-staging.*.acl
|
|
.github/actions/deploy-proxy/action.yml
|
|
.github/workflows/deploy.yml
|
|
- name: Deploy egress proxy
|
|
if: steps.changed-egress-config.outputs.any_changed == 'true'
|
|
uses: ./.github/actions/deploy-proxy
|
|
env:
|
|
CF_USERNAME: ${{ secrets.CLOUDGOV_USERNAME }}
|
|
CF_PASSWORD: ${{ secrets.CLOUDGOV_PASSWORD }}
|
|
with:
|
|
cf_org: gsa-tts-benefits-studio
|
|
cf_space: notify-staging
|
|
app: notify-api-staging
|
|
|
|
bail:
|
|
runs-on: ubuntu-latest
|
|
if: ${{ github.event.workflow_run.conclusion == 'failure' }}
|
|
steps:
|
|
- uses: actions/github-script@v6
|
|
with:
|
|
script: core.setFailed('Checks failed, not deploying')
|