-
Notifications
You must be signed in to change notification settings - Fork 11
131 lines (110 loc) · 3.84 KB
/
deploy.yml
File metadata and controls
131 lines (110 loc) · 3.84 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
name: Deploy
on:
workflow_dispatch:
push:
branches:
- main
tags:
# pre-release tag
- "202[3-9].[0-9][0-9].[0-9]+-rc[0-9]+"
# release tags
- "202[3-9].[0-9][0-9].[0-9]+"
defaults:
run:
shell: bash
concurrency:
# this ternary operator like expression gives us the name of the deployment environment (see https://docs.github.com/en/actions/learn-github-actions/expressions#example)
group: ${{ github.ref_type != 'tag' && github.ref_name || contains(github.ref, '-rc') && 'test' || 'prod' }}
cancel-in-progress: true
jobs:
tests-ui:
uses: ./.github/workflows/tests-ui.yml
if: github.ref_type == 'tag'
tests-pytest:
uses: ./.github/workflows/tests-pytest.yml
if: github.ref_type == 'tag'
check-migrations-and-messages:
uses: ./.github/workflows/check-migrations-and-messages.yml
if: github.ref_type == 'tag'
check-dynamic-version:
uses: ./.github/workflows/check-dynamic-version.yml
if: github.ref_type == 'tag'
deploy:
runs-on: ubuntu-latest
needs:
[
tests-ui,
tests-pytest,
check-migrations-and-messages,
check-dynamic-version,
]
if: (!cancelled())
environment: ${{ github.ref_type != 'tag' && github.ref_name || contains(github.ref, '-rc') && 'test' || 'prod' }}
steps:
- name: Checkout
uses: actions/checkout@v6
- uses: actions/setup-python@v6
with:
python-version-file: .github/workflows/.python-version
cache: pip
cache-dependency-path: "**/pyproject.toml"
- name: Write python packages to file
run: |
python -m venv .venv
source .venv/bin/activate
pip install pipdeptree
pip install -e .
pipdeptree
pipdeptree >> benefits/static/requirements.txt
- name: Write commit SHA to file
run: echo "${{ github.sha }}" >> benefits/static/sha.txt
- name: Docker Login to GitHub Container Registry
uses: docker/login-action@v4
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v4
- name: Cache Parameters
id: cache_params
run: |
CACHE_SCOPE="cal-itp"
MAIN_BRANCH_REF="refs/heads/main"
echo "cache_from_args=type=gha,scope=${CACHE_SCOPE},ref=${MAIN_BRANCH_REF}" >> $GITHUB_OUTPUT
echo "cache_to_args=type=gha,scope=${CACHE_SCOPE},mode=max,ref=${MAIN_BRANCH_REF}" >> $GITHUB_OUTPUT
- name: Build, tag, and push image to GitHub Container Registry
uses: docker/build-push-action@v7
with:
builder: ${{ steps.buildx.outputs.name }}
build-args: GIT-SHA=${{ github.sha }}
cache-from: ${{ steps.cache_params.outputs.cache_from_args }}
cache-to: ${{ steps.cache_params.outputs.cache_to_args }}
context: .
file: appcontainer/Dockerfile
push: true
tags: ghcr.io/${{ github.repository }}:${{ github.sha }}
- name: Deploy to Azure Web App
uses: azure/webapps-deploy@v2
with:
app-name: ${{ vars.AZURE_WEBAPP_NAME }}
images: ghcr.io/${{ github.repository }}:${{ github.sha }}
publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}
release:
needs: deploy
if: ${{ github.ref_type == 'tag' && !contains(github.ref, '-rc') }}
runs-on: ubuntu-latest
permissions:
# https://github.com/softprops/action-gh-release#permissions
contents: write
steps:
- name: Checkout
uses: actions/checkout@v6
with:
fetch-depth: 0
- name: Release
uses: softprops/action-gh-release@v3
with:
prerelease: false
generate_release_notes: true