-
Notifications
You must be signed in to change notification settings - Fork 1
124 lines (114 loc) · 3.61 KB
/
app-ci-cd.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
name: Application CI/CD
on:
# trigger when branch is created
create:
# Triggers the workflow on push or pull request events but only for the master or release branch
push:
paths-ignore:
- docs/**
- .idea/**
- .run/**
- .vscode/**
- .github/workflows/__infra-*
- .github/workflows/infra-*
- .github/workflows/__github-*
- .github/workflows/github-*
- .github/workflows/__okta-*
- .github/workflows/okta-*
- tools/db-scripts/**
- tools/dev-scripts/**
- tools/infrastructure/**
- '!tools/infrastructure/get-product-conventions.ps1'
- '!tools/infrastructure/ps-functions/Get-ResourceConvention.ps1'
- tools/okta/**
branches:
- master
- release/**
pull_request:
paths-ignore:
- docs/**
- .idea/**
- .run/**
- .vscode/**
- .github/workflows/__infra-*
- .github/workflows/infra-*
- .github/workflows/__github-*
- .github/workflows/github-*
- .github/workflows/__okta-*
- .github/workflows/okta-*
- tools/db-scripts/**
- tools/dev-scripts/**
- tools/infrastructure/**
- tools/okta/**
branches:
- master
- release/**
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
permissions:
actions: read
contents: read
jobs:
globalvars:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4 # need to checkout so that custom action is available!
- uses: ./.github/actions/set-global-build-vars
id: vars
with:
git-tag-suffix: app
outputs:
buildNumber: ${{ steps.vars.outputs.buildNumber }}
buildTag: ${{ steps.vars.outputs.buildTag }}
buildVersion: ${{ steps.vars.outputs.buildVersion }}
createRelease: ${{ steps.vars.outputs.createRelease }}
gitTag: ${{ steps.vars.outputs.gitTag }}
runBuild: ${{ steps.vars.outputs.runBuild }}
acrEnvironment: ${{ steps.vars.outputs.acrEnvironment }}
acrName: ${{ steps.vars.outputs.acrName }}
build:
needs: globalvars
if: needs.globalvars.outputs.runBuild == 'true'
uses: ./.github/workflows/__app-ci.yml
with:
build-tag: ${{ needs.globalvars.outputs.buildTag }}
build-version: ${{ needs.globalvars.outputs.buildVersion }}
environment-name: ${{ needs.globalvars.outputs.acrEnvironment }}
azure-container-registry: ${{ needs.globalvars.outputs.acrName }}
git-tag: ${{ needs.globalvars.outputs.gitTag }}
create-release: ${{ fromJSON(needs.globalvars.outputs.createRelease) }}
secrets: inherit
permissions:
actions: read
contents: write
id-token: write
issues: read
checks: write
pull-requests: write
deploy-dev:
needs: [globalvars, build]
if: needs.globalvars.outputs.createRelease == 'true'
uses: ./.github/workflows/__app-deploy.yml
with:
docker-image-tag: ${{ needs.globalvars.outputs.buildTag }}
docker-registry: ${{ needs.globalvars.outputs.acrName }}
environment-name: dev
git-tag: ${{ needs.globalvars.outputs.gitTag }}
secrets: inherit
permissions:
actions: read
contents: read
id-token: write
deploy-qa:
needs: [globalvars, deploy-dev]
uses: ./.github/workflows/__app-deploy.yml
with:
docker-image-tag: ${{ needs.globalvars.outputs.buildTag }}
docker-registry: ${{ needs.globalvars.outputs.acrName }}
environment-name: qa
git-tag: ${{ needs.globalvars.outputs.gitTag }}
secrets: inherit
permissions:
actions: read
contents: read
id-token: write