Skip to content

Commit

Permalink
Merge pull request #246 from im-practices/github-deployments
Browse files Browse the repository at this point in the history 
create-github-deployment
  • Loading branch information
@hpractv
hpractv authored Feb 6, 2024
2 parents 84731ef + cae5072 commit 86ac665
Show file tree
Hide file tree
Showing 13 changed files with 146 additions and 207 deletions.
55 changes: 27 additions & 28 deletions .github/workflows/im-reusable-finish-deployment-workflow.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,10 +28,9 @@
# { "name": "Version", "value": "${{ inputs.tag }}" }
# ]
# secrets:
# MS_TEAMS_URI: ${{ vars.MS_TEAMS_URI }}
# MS_TEAMS_URI: ${{ vars.MS_TEAMS_URI }}
# DEPLOY_NOTIFICATIONS_CHANNEL: ${{ vars.DEPLOY_NOTIFICATIONS_CHANNEL}}


on:
workflow_call:
inputs:
Expand Down Expand Up @@ -68,11 +67,6 @@ on:
required: false
type: string
default: 'america/denver'
deployment-board-number:
description: 'The number of the deployment board that should be updated. Defaults to 1.'
required: false
type: number
default: 1
deployable-type:
description: 'Identifier if there are multiple deployables in the repo, like MFE, DB, API. Defaults to an empty string for single deployables.'
required: false
Expand All @@ -83,6 +77,11 @@ on:
required: false
type: string
default: null
entity:
description: 'The catalog-info.yml metadata.name value for mapping in Tech Hub.'
required: false
type: string
default: null
enable-deployment-slot-tracking:
description: 'Enable App Service deployment slot tracking on deployment board? [true|false]'
required: false
Expand All @@ -103,6 +102,11 @@ on:
type: string
required: false
default: 'production'
instance:
description: 'The instance of the deployment. This is used to create a deployment instance name in the GitHub deployment API.'
required: false
type: string
default: null
custom-facts-for-team-channel:
description: The custom facts that will be included in the post in the team's channel. By default Workflow, Run, Actor and Version are included.
required: false
Expand All @@ -129,23 +133,18 @@ jobs:
with:
github-token: ${{ secrets.GITHUB_TOKEN }}

- name: Update deployment board
if: always()
uses: im-open/[email protected]
# Only run this step if Tech Hub metadata.name value is passed in
- name: Create GitHub Deployment
if: ${{ inputs.entity != null }}
uses: im-open/[email protected]
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
workflow-actor: ${{ github.actor }} # This will add the user who kicked off the workflow to the deployment payload
token: ${{ secrets.GITHUB_TOKEN }} # Special per-job token generated by GH for interacting with the repo
environment: ${{ inputs.deployment-environment }}
board-number: ${{ inputs.deployment-board-number }}
ref: ${{ inputs.release-tag }}
ref-type: 'tag'
deployable-type: ${{ inputs.deployable-type }}
deploy-label: ${{ inputs.deployable-label }}
deploy-status: ${{ steps.conclusion.outputs.workflow_conclusion }}
enable-deployment-slot-tracking: ${{ inputs.enable-deployment-slot-tracking }}
slot-swapped-with-production-slot: ${{ inputs.slot-swapped-with-production-slot }}
target-slot: ${{ inputs.target-slot }}
source-slot: ${{ inputs.source-slot }}
timezone: ${{ inputs.timezone }}
release-ref: ${{ inputs.release-tag }}
deployment-status: ${{ steps.conclusion.outputs.workflow_conclusion }}
entity: ${{ inputs.entity }}
instance: ${{ inputs.instance || inputs.target-slot }}

- name: Configure facts for team's notification channel
if: always()
Expand All @@ -156,7 +155,7 @@ jobs:
const rawFacts = process.env.FACTS;
console.log(`"${rawFacts}"`);
let facts = rawFacts && rawFacts.trim().length > 0 ? JSON.parse(rawFacts) : null;
if (!facts || facts.length === 0){
console.log(`Custom facts were not provided for the Team's Notification channel, use the default facts:`);
facts = [
Expand All @@ -174,7 +173,7 @@ jobs:
core.setOutput('facts', facts);
env:
FACTS: ${{ inputs.custom-facts-for-team-channel }}

- name: Send status to team's notification channel
if: always()
uses: im-open/[email protected]
Expand All @@ -195,9 +194,9 @@ jobs:
const postInProd = ${{ inputs.post-status-in-deployment-notifications-channel }};
const deployEnv = '${{ inputs.deployment-environment }}';
const workflowConclusion = '${{ steps.conclusion.outputs.workflow_conclusion }}';
const isProdEnv = deployEnv === 'prod' || deployEnv === 'prod-secondary';
const post = postInProd && isProdEnv && workflowConclusion === 'success';
core.setOutput('post', post);
Expand All @@ -221,7 +220,7 @@ jobs:
script: |
const rawFacts = process.env.FACTS;
let facts = rawFacts && rawFacts.trim().length > 0 ? JSON.parse(rawFacts) : null;
if (!facts || facts.length === 0){
console.log('Custom facts were not provided for the Deployment Notifications channel, use the default facts:');
facts = [
Expand All @@ -237,7 +236,7 @@ jobs:
core.setOutput('facts', facts);
env:
FACTS: ${{ inputs.custom-facts-for-deployment-notifications-channel }}

- name: Send Status to Deployment Notifications Channel for Prod Deploys
if: always() && steps.post-to-deployment-channel.outputs.post == 'true'
uses: im-open/[email protected]
Expand Down
25 changes: 13 additions & 12 deletions workflow-templates/im-deploy-az-app-manually.yml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Workflow Code: AmbitiousLizard_v46 DO NOT REMOVE
# Workflow Code: AmbitiousLizard_v47 DO NOT REMOVE
# Purpose:
# Gathers various stakeholder and attestor approvals, downloads artifacts from a release
# with the specified tags, makes changes to any configuration files for the specified
Expand Down Expand Up @@ -66,18 +66,16 @@ permissions:
# Required for secretless azure access and deploys
id-token: write
contents: read
# Required for update-deployment-board
repository-projects: write
issues: write
actions: read
# Required for create-github-deployment
deployments: write

env:
RELEASE_TAG: ${{ inputs.tag }} # This is the tag that we'll be deploying

jobs:
# This job utilizes a reusable workflow which will:
# 1 - Verify the tag provided is a valid ref.
# 2 - If deploying to a production environment, verify the tag is reachable from the default branch
# 2 - If deploying to a production environment, verify the tag is reachable from the default branch
# and that the corresponding release is production ready (not pre-release or a draft).
setup-deployment-workflow:
uses: im-practices/.github/.github/workflows/im-reusable-setup-deployment-workflow.yml@v2
Expand Down Expand Up @@ -187,7 +185,7 @@ jobs:

# Each env has their own stakeholder approval environment. If no required reviewers are set for
# that environment, the workflow will continue without requiring anyone to approve the deployment.

stakeholder-approval:
needs: [set-vars]
runs-on: ubuntu-latest # Force this to run on github-hosted runner by using a tag that does not exist on self-hosted runners
Expand Down Expand Up @@ -238,7 +236,7 @@ jobs:

# TODO: Use this for any variables that change per environment
# With the Variables feature available now in GitHub this action may not be necessary. If values are populated
# as env-level variables, they can be used directly inside of subsequent actions (octostache and var-substitution)
# as env-level variables, they can be used directly inside of subsequent actions (octostache and var-substitution)
# like secrets are. The choice of which to use is up to the team and what works best for the project.
# Variables - pros & cons
# - Pros: streamlined workflow, ability to change values without creating a new release/build (helpful for values that change a lot)
Expand Down Expand Up @@ -454,17 +452,20 @@ jobs:
# 1 - Update the deployment board based on the workflow conclusion
# 2 - Post a deployment status in the repo owner's Teams channel (connected to the MS_TEAMS_URI secret)
# 3 - Post a deployment status in the Deployment Notifications Teams channel if the deploy is for prod, is successful and the flag to do so is not set to false
update-deployment-board-and-send-teams-notification:
update-github-deployments-and-send-teams-notification:
needs: [set-vars, deploy-code]
if: always()
uses: im-practices/.github/.github/workflows/im-reusable-finish-deployment-workflow.yml@v2
with:
# Required Inputs
deployment-environment: ${{ inputs.environment-or-target }} # The environment/target that was deployed to (dev, qa, stage, stage-secondary, uat, demo, prod, prod-secondary)
deployment-environment: ${{ inputs.environment-or-target }} # The environment/target that was deployed to (dev, qa, stage, stage-secondary, uat, demo, prod, prod-secondary)
gh-secrets-environment: ${{ needs.set-vars.outputs.GITHUB_SECRETS_ENVIRONMENT}} # The GitHub environment that secrets are pulled from
release-tag: ${{ inputs.tag }}
title-of-teams-post: 'Deploy ${{ needs.set-vars.outputs.AZ_APP_NAME }} ${{ inputs.tag }} to ${{ inputs.environment-or-target }}' # TODO: Verify title to ensure it is descriptive/readable.

# Inputs for Tech Hub deployment tracking
# entity: '' # TODO: This the catalog-info.yml value in metadata.name value
# instance: '' # TODO: This the specific target deployment location, i.e., testing-slot-1, primary-app-service, failover-slot-2, NA26-production-slot

# Optional Inputs with their default values. These items can be removed if the default value does not need to be adjusted.
# post-status-in-deployment-notifications-channel: true # TODO: Include this arg and set to false if you do not want a status post in the Deployment Notifications channel for prod deploys
# timezone: 'america/denver' # TODO: Include this argument and update if your timezone is not america/denver
Expand All @@ -485,4 +486,4 @@ jobs:
# ]
secrets:
MS_TEAMS_URI: ${{ vars.MS_TEAMS_URI }}
DEPLOY_NOTIFICATIONS_CHANNEL: ${{ vars.DEPLOY_NOTIFICATIONS_CHANNEL }}
DEPLOY_NOTIFICATIONS_CHANNEL: ${{ vars.DEPLOY_NOTIFICATIONS_CHANNEL }}
21 changes: 11 additions & 10 deletions workflow-templates/im-deploy-az-database.yml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Workflow Code: BetrayedCod_v31 DO NOT REMOVE
# Workflow Code: BetrayedCod_v32 DO NOT REMOVE
# Purpose:
# Gathers the required approvals from stakeholders and attestors, ensures
# tags are valid for production deployments and runs the migrations against
Expand Down Expand Up @@ -53,18 +53,16 @@ on:
# 6. Delete the 'attestor-approval' job
# 7. Delete the 'setup-deployment-workflow' job
# 8. Under the 'deploy-az-db' job, delete the needs property
# 9. Under the 'update-deployment-board-and-send-teams-notification' job, update the needs property to be: "needs: [deploy-az-db]"
# 9. Under the 'update-github-deployments-and-send-teams-notification' job, update the needs property to be: "needs: [deploy-az-db]"
# repository_dispatch:
# types: [<deployable_name>_deploy] # TODO: Replace <deployable_name>. This will be used in the 'Deploy Multiple Items' workflow to target this deployment workflow.

permissions:
# Required for secretless azure access and deploys
id-token: write
contents: read
# Required for update-deployment-board
repository-projects: write
issues: write
actions: read
# Required for create-github-deployment
deployments: write

env:
RELEASE_TAG: ${{ inputs.tag == 0 && github.ref_name || inputs.tag }} # This is the tag that we'll be deploying
Expand Down Expand Up @@ -270,17 +268,20 @@ jobs:
# 1 - Update the deployment board based on the workflow conclusion
# 2 - Post a deployment status in the repo owner's Teams channel (connected to the MS_TEAMS_URI secret)
# 3 - Post a deployment status in the Deployment Notifications Teams channel if the deploy is for prod, is successful and the flag to do so is not set to false
update-deployment-board-and-send-teams-notification:
update-github-deployments-and-send-teams-notification:
needs: [set-vars, deploy-az-db]
if: always()
uses: im-practices/.github/.github/workflows/im-reusable-finish-deployment-workflow.yml@v2
with:
# Required Inputs
deployment-environment: ${{ inputs.environment-or-target }} # The environment/target that was deployed to (dev, qa, stage, stage-secondary, uat, demo, prod, prod-secondary)
deployment-environment: ${{ inputs.environment-or-target }} # The environment/target that was deployed to (dev, qa, stage, stage-secondary, uat, demo, prod, prod-secondary)
gh-secrets-environment: ${{ needs.set-vars.outputs.GITHUB_SECRETS_ENVIRONMENT }} # The GitHub environment that secrets are pulled from
release-tag: ${{ inputs.tag == 0 && github.ref_name || inputs.tag }}
title-of-teams-post: 'Deploy ${{ needs.deploy-az-db.outputs.DB_NAME }} ${{ inputs.tag == 0 && github.ref_name || inputs.tag }} to ${{ inputs.environment-or-target }}' # TODO: Verify title to ensure it is descriptive/readable.

# Inputs for Tech Hub deployment tracking
# entity: '' # TODO: This the catalog-info.yml value in metadata.name value
# instance: '' # TODO: This the specific target deployment location, i.e., testing-slot-1, primary-app-service, failover-slot-2, NA26-production-slot

# Optional Inputs with their default values. These items can be removed if the default value does not need to be adjusted.
# post-status-in-deployment-notifications-channel: true # TODO: Include this arg and set to false if you do not want a status post in the Deployment Notifications channel for prod deploys
# timezone: 'america/denver' # TODO: Include this argument and update if your timezone is not america/denver
Expand All @@ -301,4 +302,4 @@ jobs:
# ]
secrets:
MS_TEAMS_URI: ${{ vars.MS_TEAMS_URI }}
DEPLOY_NOTIFICATIONS_CHANNEL: ${{ vars.DEPLOY_NOTIFICATIONS_CHANNEL }}
DEPLOY_NOTIFICATIONS_CHANNEL: ${{ vars.DEPLOY_NOTIFICATIONS_CHANNEL }}
5 changes: 0 additions & 5 deletions workflow-templates/im-deploy-cleanup-automated-board.properties.json
View file

This file was deleted.

71 changes: 0 additions & 71 deletions workflow-templates/im-deploy-cleanup-automated-board.yml
View file

This file was deleted.

Loading

0 comments on commit 86ac665

Please sign in to comment.