Skip to content

Commit

Permalink
chore(ci) : Deploy to staging through a PR label
Browse files Browse the repository at this point in the history
It is annoying to be competing with each other when pushing code, so I
feel like it's going to help if we decide to deploy through adding a
non-mandatory label than "all the time unless draft".

Also, drafts mean something different IMHO. They should be used as
"please do not review yet, this is a work in progress, open for
discussion".

This commit also splits the jobs in two:

- one job will be responsible of building and deploying images to
  staging
- another one will deploy to prod, the 'release' branch only.

Reusable actions have been used to ensure DRYness.
  • Loading branch information
vperron committed Oct 8, 2024
1 parent e7112aa commit 5dbe0a2
Show file tree
Hide file tree
Showing 5 changed files with 177 additions and 149 deletions.
78 changes: 78 additions & 0 deletions .github/workflows/_build_images.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
name: Build docker images

on:
workflow_call:

jobs:
build:
runs-on: ubuntu-latest

strategy:
matrix:
service: ["api", "datawarehouse", "pipeline"]

env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}-${{ matrix.service }}

permissions:
contents: read
packages: write

defaults:
run:
working-directory: ${{ matrix.service }}

steps:
- uses: actions/checkout@v4

- name: Log in to the Container registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=ref,event=branch
type=ref,event=tag
type=ref,event=pr
type=sha,format=long,prefix=
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Build and export to Docker
uses: docker/build-push-action@v5
with:
context: ./${{ matrix.service }}
load: true
tags: ${{ steps.meta.outputs.tags }}
cache-from: type=gha
cache-to: type=gha,mode=max
labels: ${{ steps.meta.outputs.labels }}

- name: Run tests
if: matrix.service == 'api'
env:
API_ENV: test
run: |
docker compose run --entrypoint pytest api -p no:cacheprovider -vv
- name: Run tests
if: matrix.service == 'pipeline'
run: |
echo #TODO
- name: Push image to GitHub registry
uses: docker/build-push-action@v5
with:
context: ./${{ matrix.service }}
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
62 changes: 62 additions & 0 deletions .github/workflows/_terraform_deploy.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
name: Build docker images

on:
workflow_call:
inputs:
environment:
type: string
description: 'Github environment to use'
required: true

jobs:
deploy:
runs-on: ubuntu-latest

environment: ${{ inputs.environment }}

env:
ENV: ${{ vars.ENVIRONMENT }}
AWS_ACCESS_KEY_ID: ${{ vars.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
TF_VARS_BASE64: ${{ secrets.TF_VARS_BASE64 }}
TF_VAR_stack_version: ${{ github.sha }}

defaults:
run:
working-directory: deployment

steps:
- uses: actions/checkout@v4

- uses: hashicorp/setup-terraform@v3
with:
terraform_version: "1.9.7"

- name: mask tf variables
run: |
echo "${TF_VARS_BASE64}" \
| base64 --decode \
| jq 'to_entries | map(.value // empty) | .[]' \
| xargs -I{} echo '::add-mask::{}'
- name: tf init
run: |
terraform init \
-backend-config "bucket=data-inclusion-tf-states" \
-backend-config "key=${ENV}"
- name: tf validate
run: |
terraform validate
- name: tf plan
run: |
trap "rm -f terraform.tfvars.json" EXIT
echo "${TF_VARS_BASE64}" | base64 --decode > terraform.tfvars.json
terraform plan -input=false
- name: tf apply
run: |
trap "rm -f terraform.tfvars.json" EXIT
echo "${TF_VARS_BASE64}" | base64 --decode > terraform.tfvars.json
terraform apply -input=false -auto-approve
149 changes: 0 additions & 149 deletions .github/workflows/build_deploy.yml

This file was deleted.

16 changes: 16 additions & 0 deletions .github/workflows/deploy_prod.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
name: deploy_prod

on:
push:
branches: [release]

jobs:
build:
uses: ./.github/workflows/_build_images.yml

deploy_prod:
needs: build
uses: ./.github/workflows/_terraform_deploy.yml
secrets: inherit
with:
environment: prod
21 changes: 21 additions & 0 deletions .github/workflows/deploy_staging.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
name: build_deploy_staging

on:
push:
branches: [main]
pull_request:
branches: [main]
types: [opened, synchronize, reopened, ready_for_review, labeled]

jobs:
build:
if: contains(github.event.pull_request.labels.*.name, 'deploy-to-staging')
uses: ./.github/workflows/_build_images.yml

deploy_staging:
needs: build
if: contains(github.event.pull_request.labels.*.name, 'deploy-to-staging')
uses: ./.github/workflows/_terraform_deploy.yml
secrets: inherit
with:
environment: staging

0 comments on commit 5dbe0a2

Please sign in to comment.