mirror of
https://github.com/GSA/notifications-api.git
synced 2025-12-09 23:02:13 -05:00
e92f235624
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 34 to 41. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](https://github.com/tj-actions/changed-files/compare/v34...v41) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
101 lines
3.5 KiB
YAML
101 lines
3.5 KiB
YAML
name: Deploy to staging environment
|
|
|
|
on:
|
|
workflow_run:
|
|
workflows: [ Run checks ]
|
|
types:
|
|
- completed
|
|
branches: [ main ] # Redundant, workflow_run events are only triggered on default branch (`main`)
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
deploy:
|
|
runs-on: ubuntu-latest
|
|
if: ${{ github.event.workflow_run.conclusion == 'success' }}
|
|
|
|
environment: staging
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
with:
|
|
fetch-depth: 2
|
|
|
|
- name: Check for changes to Terraform
|
|
id: changed-terraform-files
|
|
uses: tj-actions/changed-files@v41
|
|
with:
|
|
files: |
|
|
terraform/staging
|
|
terraform/shared
|
|
.github/workflows/deploy.yml
|
|
- name: Terraform init
|
|
if: steps.changed-terraform-files.outputs.any_changed == 'true'
|
|
working-directory: terraform/staging
|
|
env:
|
|
AWS_ACCESS_KEY_ID: ${{ secrets.TERRAFORM_STATE_ACCESS_KEY }}
|
|
AWS_SECRET_ACCESS_KEY: ${{ secrets.TERRAFORM_STATE_SECRET_ACCESS_KEY }}
|
|
run: terraform init
|
|
- name: Terraform apply
|
|
if: steps.changed-terraform-files.outputs.any_changed == 'true'
|
|
working-directory: terraform/staging
|
|
env:
|
|
AWS_ACCESS_KEY_ID: ${{ secrets.TERRAFORM_STATE_ACCESS_KEY }}
|
|
AWS_SECRET_ACCESS_KEY: ${{ secrets.TERRAFORM_STATE_SECRET_ACCESS_KEY }}
|
|
TF_VAR_cf_user: ${{ secrets.CLOUDGOV_USERNAME }}
|
|
TF_VAR_cf_password: ${{ secrets.CLOUDGOV_PASSWORD }}
|
|
run: terraform apply -auto-approve -input=false
|
|
|
|
- uses: ./.github/actions/setup-project
|
|
- name: Install application dependencies
|
|
run: make bootstrap
|
|
|
|
- name: Create requirements.txt
|
|
run: poetry export --without-hashes --format=requirements.txt > requirements.txt
|
|
|
|
- name: Deploy to cloud.gov
|
|
uses: 18f/cg-deploy-action@main
|
|
env:
|
|
DANGEROUS_SALT: ${{ secrets.DANGEROUS_SALT }}
|
|
SECRET_KEY: ${{ secrets.SECRET_KEY }}
|
|
ADMIN_CLIENT_SECRET: ${{ secrets.ADMIN_CLIENT_SECRET }}
|
|
NEW_RELIC_LICENSE_KEY: ${{ secrets.NEW_RELIC_LICENSE_KEY }}
|
|
NOTIFY_E2E_TEST_EMAIL: ${{ secrets.NOTIFY_E2E_TEST_EMAIL }}
|
|
NOTIFY_E2E_TEST_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_PASSWORD }}
|
|
with:
|
|
cf_username: ${{ secrets.CLOUDGOV_USERNAME }}
|
|
cf_password: ${{ secrets.CLOUDGOV_PASSWORD }}
|
|
cf_org: gsa-tts-benefits-studio
|
|
cf_space: notify-staging
|
|
push_arguments: >-
|
|
--vars-file deploy-config/staging.yml
|
|
--var DANGEROUS_SALT="$DANGEROUS_SALT"
|
|
--var SECRET_KEY="$SECRET_KEY"
|
|
--var ADMIN_CLIENT_SECRET="$ADMIN_CLIENT_SECRET"
|
|
--var NEW_RELIC_LICENSE_KEY="$NEW_RELIC_LICENSE_KEY"
|
|
--var NOTIFY_E2E_TEST_EMAIL="$NOTIFY_E2E_TEST_EMAIL"
|
|
--var NOTIFY_E2E_TEST_PASSWORD="$NOTIFY_E2E_TEST_PASSWORD"
|
|
|
|
- name: Check for changes to egress config
|
|
id: changed-egress-config
|
|
uses: tj-actions/changed-files@v41
|
|
with:
|
|
files: |
|
|
deploy-config/egress_proxy/notify-api-staging.*.acl
|
|
.github/actions/deploy-proxy/action.yml
|
|
.github/workflows/deploy.yml
|
|
- name: Deploy egress proxy
|
|
if: steps.changed-egress-config.outputs.any_changed == 'true'
|
|
uses: ./.github/actions/deploy-proxy
|
|
with:
|
|
cf_space: notify-staging
|
|
app: notify-api-staging
|
|
|
|
bail:
|
|
runs-on: ubuntu-latest
|
|
if: ${{ github.event.workflow_run.conclusion == 'failure' }}
|
|
steps:
|
|
- uses: actions/github-script@v6
|
|
with:
|
|
script: core.setFailed('Checks failed, not deploying')
|