CI/CD deploy #5
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "CI/CD deploy" | |
on: | |
workflow_dispatch: | |
inputs: | |
tag: | |
description: "This is the tag that is going to be deployed" | |
required: true | |
default: "latest" | |
environment: | |
description: "The environment you want to deploy to" | |
type: environment | |
required: true | |
jobs: | |
metadata: | |
name: "Set CI/CD metadata" | |
runs-on: ubuntu-latest | |
timeout-minutes: 1 | |
outputs: | |
build_datetime: ${{ steps.variables.outputs.build_datetime }} | |
build_timestamp: ${{ steps.variables.outputs.build_timestamp }} | |
build_epoch: ${{ steps.variables.outputs.build_epoch }} | |
nodejs_version: ${{ steps.variables.outputs.nodejs_version }} | |
python_version: ${{ steps.variables.outputs.python_version }} | |
terraform_version: ${{ steps.variables.outputs.terraform_version }} | |
version: ${{ steps.variables.outputs.version }} | |
tag: ${{ steps.variables.outputs.tag }} | |
steps: | |
- name: "Checkout code" | |
uses: actions/checkout@v4 | |
- name: "Set CI/CD variables" | |
id: variables | |
run: | | |
datetime=$(date -u +'%Y-%m-%dT%H:%M:%S%z') | |
echo "build_datetime=$datetime" >> $GITHUB_OUTPUT | |
echo "build_timestamp=$(date --date=$datetime -u +'%Y%m%d%H%M%S')" >> $GITHUB_OUTPUT | |
echo "build_epoch=$(date --date=$datetime -u +'%s')" >> $GITHUB_OUTPUT | |
echo "nodejs_version=$(grep "^nodejs" .tool-versions | cut -f2 -d' ')" >> $GITHUB_OUTPUT | |
echo "python_version=$(grep "^nodejs" .tool-versions | cut -f2 -d' ')" >> $GITHUB_OUTPUT | |
echo "terraform_version=$(grep "^terraform" .tool-versions | cut -f2 -d' ')" >> $GITHUB_OUTPUT | |
# TODO: Get the version, but it may not be the .version file as this should come from the CI/CD Pull Request Workflow | |
echo "version=$(head -n 1 .version 2> /dev/null || echo unknown)" >> $GITHUB_OUTPUT | |
echo "tag=${{ github.event.inputs.tag }}" >> $GITHUB_OUTPUT | |
- name: "List variables" | |
run: | | |
export BUILD_DATETIME="${{ steps.variables.outputs.build_datetime }}" | |
export BUILD_TIMESTAMP="${{ steps.variables.outputs.build_timestamp }}" | |
export BUILD_EPOCH="${{ steps.variables.outputs.build_epoch }}" | |
export NODEJS_VERSION="${{ steps.variables.outputs.nodejs_version }}" | |
export PYTHON_VERSION="${{ steps.variables.outputs.python_version }}" | |
export TERRAFORM_VERSION="${{ steps.variables.outputs.terraform_version }}" | |
export VERSION="${{ steps.variables.outputs.version }}" | |
export TAG="${{ steps.variables.outputs.tag }}" | |
make list-variables | |
deploy: | |
name: "Deploy to an environment" | |
runs-on: ubuntu-latest | |
needs: [metadata] | |
timeout-minutes: 10 | |
environment: ${{ inputs.environment }} | |
permissions: | |
id-token: write | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v3 | |
with: | |
role-to-assume: ${{ secrets.AWS_DEPLOY_ROLE }} | |
role-session-name: deploy_${{ env.environment }} | |
aws-region: ${{ vars.AWS_REGION }} | |
- name: List S3 buckets | |
run: | | |
echo "Deploying to ${environment}" | |
echo "TODO Run terraform here" | |
# TODO: More jobs or/and steps here | |
# success: | |
# name: "Success notification" | |
# runs-on: ubuntu-latest | |
# needs: [deploy] | |
# steps: | |
# - name: "Check prerequisites for notification" | |
# id: check | |
# run: echo "secret_exist=${{ secrets.TEAMS_NOTIFICATION_WEBHOOK_URL != '' }}" >> $GITHUB_OUTPUT | |
# - name: "Notify on deployment to an environment" | |
# if: steps.check.outputs.secret_exist == 'true' | |
# uses: nhs-england-tools/[email protected] | |
# with: | |
# github-token: ${{ secrets.GITHUB_TOKEN }} | |
# teams-webhook-url: ${{ secrets.TEAMS_NOTIFICATION_WEBHOOK_URL }} | |
# message-title: "Notification title" | |
# message-text: "This is a notification body" | |
# link: ${{ github.event.pull_request.html_url }} |