Skip to content

updates

updates #138

name: Deploy Alfresco Content Services
on:
push:
paths:
- .github/workflows/cloud-platform-deploy-release.yml
- kustomize/**
workflow_dispatch:
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
jobs:
release:
strategy:
matrix:
environment: [poc, dev, test, stage]
ref:
- ${{ contains(github.ref, 'main') || startsWith(github.ref, 'refs/heads/v') }}
exclude:
- ref: false
environment: test
- ref: false
environment: stage
name: Deploy to ${{ matrix.environment }}
# Get this GitHub environment populated with action secrets by raising a CP pull request. See docs at:
# https://github.com/ministryofjustice/cloud-platform-terraform-serviceaccount?tab=readme-ov-file#input_github_environments
environment:
name: ${{ matrix.environment }}
runs-on: ubuntu-latest
steps:
- name: Checkout current repo
uses: actions/checkout@v3
- name: Install Kubernetes
uses: azure/[email protected]
with:
version: 'v1.26.0' # default is latest stable
id: kubectl_install
- name: Install Helm
uses: azure/[email protected]
with:
version: 'v3.9.0'
id: helm_install
- name: ${{ matrix.environment }} release
env:
KUBE_NAMESPACE: ${{ secrets.KUBE_NAMESPACE }}
KUBE_CLUSTER: ${{ secrets.KUBE_CLUSTER }}
run: |
# See this link how github action secrets are created: https://github.com/ministryofjustice/cloud-platform-terraform-serviceaccount
# See this example on how to use github secrets: https://github.com/ministryofjustice/cloud-platform-example-application/blob/main/.github/workflows/deploy.yml#L38
echo "${{ secrets.KUBE_CERT }}" > ca.crt
kubectl config set-cluster ${KUBE_CLUSTER} --certificate-authority=./ca.crt --server=https://${KUBE_CLUSTER}
kubectl config set-credentials deploy-user --token=${{ secrets.KUBE_TOKEN }}
kubectl config set-context ${KUBE_CLUSTER} --cluster=${KUBE_CLUSTER} --user=deploy-user --namespace=${KUBE_NAMESPACE}
kubectl config use-context ${KUBE_CLUSTER}
# For Alfresco, a k8s namespace will be an environment
kubectl config set-context --current --namespace=${KUBE_NAMESPACE}
- name: Install Task
uses: arduino/setup-task@v2
with:
version: 3.x
- name: Run Task
run: task helm_upgrade ENV=${{ matrix.environment }}
- name: Alert Slack failure
if: "${{ failure() && github.ref == 'refs/heads/main' }}"
run: |
curl --silent -X POST -H 'Content-type: application/json' --data '{"blocks":[{"type":"header","text":{"type":"plain_text","text":":fail: Deployment Failed"}},{"type":"divider"},{"type":"section","text":{"type":"mrkdwn","text":"Deployment to Alfresco `${{ matrix.environment }}` failed"}, "accessory": {"type": "button","text": {"type": "plain_text","text": ":github: View Job","emoji": true}, "value": "view-job", "url":"${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", "action_id": "button-action"}}]}' ${{ secrets.SLACK_WEBHOOK_URL }}
- name: Alert Slack Success
if: "${{ success() && github.ref == 'refs/heads/main' }}"
run: |
curl --silent -X POST -H 'Content-type: application/json' --data '{"blocks":[{"type":"header","text":{"type":"plain_text","text":":white_check_mark: Deployment Succeeded"}},{"type":"divider"},{"type":"section","text":{"type":"mrkdwn","text":"Deployment to Alfresco `${{ matrix.environment }}` succeeded."}, "accessory": {"type": "button","text": {"type": "plain_text","text": ":github: View Job","emoji": true}, "value": "view-job", "url":"${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", "action_id": "button-action"}}]}' ${{ secrets.SLACK_WEBHOOK_URL }}