Bump shoulda-matchers from 5.3.0 to 6.4.0 #3273
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deploy | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
branches: | |
- main | |
types: | |
- labeled | |
- synchronize | |
- reopened | |
- opened | |
- converted_to_draft | |
workflow_dispatch: | |
inputs: | |
environment: | |
description: "Environment" | |
required: true | |
type: choice | |
options: | |
- development | |
- test | |
- preproduction | |
- production | |
env: | |
CONTAINER_REGISTRY: ghcr.io | |
jobs: | |
docker: | |
name: Docker build and push | |
if: contains(github.event.pull_request.labels.*.name, 'deploy') || github.event_name != 'pull_request' | |
runs-on: ubuntu-latest | |
outputs: | |
docker_image: ${{ steps.dockerimage.outputs.docker_image_tag }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/workflows/actions/build-docker | |
id: dockerimage | |
with: | |
github_username: ${{ github.actor }} | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
deploy_review: | |
name: Deploy to review environment | |
concurrency: deploy_review_${{ github.event.pull_request.number }} | |
needs: [docker] | |
runs-on: ubuntu-latest | |
if: contains(github.event.pull_request.labels.*.name, 'deploy') | |
environment: | |
name: review | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/workflows/actions/deploy | |
id: deploy | |
with: | |
environment: review | |
docker_image: ${{ needs.docker.outputs.docker_image }} | |
azure-credentials: ${{ secrets.AZURE_CREDENTIALS }} | |
arm-access-key: ${{ secrets.ARM_ACCESS_KEY }} | |
pr-id: ${{ github.event.pull_request.number }} | |
- name: Post sticky pull request comment | |
if: github.event_name == 'pull_request' | |
uses: marocchino/sticky-pull-request-comment@v2 | |
with: | |
message: | | |
AKS review app deployed to https://find-a-lost-trn-review-pr-${{ github.event.pull_request.number }}.test.teacherservices.cloud | |
set_matrix: | |
name: Set deployment matrix | |
runs-on: ubuntu-latest | |
needs: [docker] | |
outputs: | |
deployment_matrix: ${{ steps.set_matrix.outputs.deployment_matrix }} | |
steps: | |
- id: set_matrix | |
run: | | |
if [ "${{ github.event_name }}" == "workflow_dispatch" ]; then | |
DEPLOYMENT_MATRIX="{ 'environment': ['${{ github.event.inputs.environment }}'] }" | |
else | |
DEPLOYMENT_MATRIX="{ 'environment': ['development', 'test', 'preproduction'] }" | |
fi | |
echo "deployment_matrix=$DEPLOYMENT_MATRIX" >> $GITHUB_OUTPUT | |
deploy_nonprod: | |
name: Deploy to ${{ matrix.environment }} environment | |
runs-on: ubuntu-latest | |
if: github.ref == 'refs/heads/main' && github.event_name == 'push' | |
concurrency: deploy_${{ matrix.environment }} | |
needs: [docker, set_matrix] | |
strategy: | |
fail-fast: false # this is necessary to prevent early terminiation of terraform deployments that will result in tfstate locks | |
max-parallel: 3 | |
matrix: ${{ fromJson(needs.set_matrix.outputs.deployment_matrix) }} | |
environment: | |
name: ${{ matrix.environment }} | |
url: ${{ steps.deploy.outputs.environment_url }} | |
outputs: | |
environment_url: ${{ steps.deploy.outputs.environment_url }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: azure/login@v2 | |
with: | |
creds: ${{ secrets.AZURE_CREDENTIALS }} | |
- name: Fetch secrets from key vault | |
uses: azure/CLI@v2 | |
id: keyvault-yaml-secret | |
with: | |
inlineScript: | | |
SLACK_WEBHOOK=$(az keyvault secret show --name "SLACK-WEBHOOK" --vault-name "${{ secrets.INF_KEY_VAULT }}" --query "value" -o tsv) | |
echo "::add-mask::$SLACK_WEBHOOK" | |
echo "SLACK_WEBHOOK=$SLACK_WEBHOOK" >> $GITHUB_OUTPUT | |
- uses: ./.github/workflows/actions/deploy | |
id: deploy | |
with: | |
environment: ${{ matrix.environment }} | |
docker_image: ${{ needs.docker.outputs.docker_image }} | |
azure-credentials: ${{ secrets.AZURE_CREDENTIALS }} | |
arm-access-key: ${{ secrets.ARM_ACCESS_KEY }} | |
- uses: ./.github/workflows/actions/smoke-test | |
id: smoke-test | |
with: | |
environment: ${{ matrix.environment }} | |
azure_credentials: ${{ secrets.AZURE_CREDENTIALS }} | |
- name: Slack Notification | |
if: failure() | |
uses: rtCamp/action-slack-notify@master | |
env: | |
SLACK_COLOR: failure | |
SLACK_TITLE: Failure deploying release to ${{ matrix.environment }} | |
SLACK_MESSAGE: Failure deploying release to ${{ matrix.environment }} - Docker tag ${{ needs.docker.outputs.docker_image }} | |
SLACK_WEBHOOK: ${{ steps.keyvault-yaml-secret.outputs.SLACK_WEBHOOK }} | |
deploy_production: | |
name: Deploy to production environment | |
runs-on: ubuntu-latest | |
if: github.ref == 'refs/heads/main' && github.event_name == 'push' | |
environment: | |
name: production | |
url: ${{ steps.deploy.outputs.environment_url }} | |
concurrency: deploy_production | |
needs: [docker, deploy_nonprod] | |
outputs: | |
environment_url: ${{ steps.deploy.outputs.environment_url }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: azure/login@v2 | |
with: | |
creds: ${{ secrets.AZURE_CREDENTIALS }} | |
- name: Fetch secrets from key vault | |
uses: azure/CLI@v2 | |
id: keyvault-yaml-secret | |
with: | |
inlineScript: | | |
SLACK_WEBHOOK=$(az keyvault secret show --name "SLACK-WEBHOOK" --vault-name "${{ secrets.INF_KEY_VAULT }}" --query "value" -o tsv) | |
echo "::add-mask::$SLACK_WEBHOOK" | |
echo "SLACK_WEBHOOK=$SLACK_WEBHOOK" >> $GITHUB_OUTPUT | |
- uses: ./.github/workflows/actions/deploy | |
id: deploy | |
with: | |
environment: production | |
docker_image: ${{ needs.docker.outputs.docker_image }} | |
azure-credentials: ${{ secrets.AZURE_CREDENTIALS }} | |
arm-access-key: ${{ secrets.ARM_ACCESS_KEY }} | |
- name: Slack Notification | |
if: failure() | |
uses: rtCamp/action-slack-notify@master | |
env: | |
SLACK_COLOR: failure | |
SLACK_TITLE: Failure deploying release to production | |
SLACK_MESSAGE: Failure deploying release to production - Docker tag ${{ needs.docker.outputs.docker_image }} | |
SLACK_WEBHOOK: ${{ steps.keyvault-yaml-secret.outputs.SLACK_WEBHOOK }} |