Skip to content

[SELC-349] Enhanced onboarding flow with admin approval in FOR_APPROVE workflows #109

[SELC-349] Enhanced onboarding flow with admin approval in FOR_APPROVE workflows

[SELC-349] Enhanced onboarding flow with admin approval in FOR_APPROVE workflows #109

name: Deploy onboarding ms
on:
pull_request:
branches:
- develop
- main
types: [closed]
paths:
- "apps/onboarding-ms/**"
- "apps/pom.xml"
workflow_dispatch:
inputs:
environment:
required: true
type: choice
description: Select the Environment
options:
- dev
- uat
- prod
env:
DIR: "./.container_apps/onboarding-ms"
# This condition (that unfortunately must be replicated for the first job)
# sets the environment depending on the current context for manually
# started workflows, it picks up the value coming from the UI; otherwise,
# it sets prod or uat depending on the current branch.
# Ternary operator is not supported
ENV_NAME: "${{ inputs.environment != null && inputs.environment || (github.base_ref == 'main' && 'prod' || (github.base_ref == 'develop' && 'uat' || 'dev')) }}"
jobs:
build:
name: Build Onboarding Microservice
runs-on: ubuntu-latest
if: ${{ (github.event_name == 'workflow_dispatch' || github.event.pull_request.merged == true) }}
environment: "${{ inputs.environment != null && inputs.environment || (github.base_ref == 'main' && 'prod' || (github.base_ref == 'develop' && 'uat' || 'dev')) }}-ci"
outputs:
environment: ${{ steps.setenv.outputs.environment }}
short_sha: ${{ steps.setsha.outputs.short_sha }}
permissions:
packages: write
contents: write
id-token: write
steps:
- uses: actions/checkout@v4
name: Checkout
with:
ref: ${{ github.ref_name }}
# this workaround is necessary to pass the environment value to the next job
# unexpectly, global env vars cannot be read to set the environment and I don't
# want to repeat that complex expression (already repeated twice)
- name: Read Environment
id: setenv
shell: bash
run: |
echo "environment=$ENV_NAME" >> $GITHUB_OUTPUT
# github doesn't provide a short sha anymore
- name: Set Short Git Commit SHA
id: setsha
run: |
calculatedSha=$(git rev-parse --short ${{ github.sha }})
echo "short_sha=sha-$calculatedSha" >> $GITHUB_OUTPUT
- name: Setup Docker buildx
uses: docker/[email protected]
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Docker Meta
id: meta
uses: docker/[email protected]
with:
images: ghcr.io/${{ github.repository }}-ms
tags: |
type=raw,value=latest,enable={{is_default_branch}}
type=ref,event=branch
type=sha
labels:
org.opencontainers.image.title=${{ github.repository }}-ms
org.opencontainers.image.description=SelfCare onboarding microservice
org.opencontainers.image.authors=PagoPA
org.opencontainers.image.url=github.com/pagopa/${{ github.repository }}
org.opencontainers.image.source=https://github.com/${{ github.repository }}
- name: Build and Push Image
uses: docker/build-push-action@v5
with:
context: .
file: ./apps/onboarding-ms/Dockerfile
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
secrets: |
GH_TOKEN=${{ secrets.READ_PACKAGES_TOKEN }}
cache-from: type=gha
cache-to: type=gha,mode=min
- name: Set Terraform Version
id: set-terraform-version
run: |
echo "terraform_version=$(cat .terraform-version)" >> $GITHUB_OUTPUT
- uses: hashicorp/setup-terraform@v2
name: Setup Terraform
with:
terraform_version: ${{ steps.set-terraform-version.outputs.terraform_version}}
- name: Terraform Plan
uses: pagopa/terraform-preapply-azure-action@54ded8cda3437c3f6a9f46baf69cb321ce82f5cd
with:
client_id: ${{ secrets.AZURE_CLIENT_ID_CI }}
tenant_id: ${{ secrets.AZURE_TENANT_ID }}
subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
dir: ${{ env.DIR }}
azure_environment: ${{ steps.setenv.outputs.environment }}
env:
TF_VAR_image_tag: ${{ steps.setsha.outputs.short_sha }}
- name: "Upload Terraform Plan as Artifact"
uses: actions/upload-artifact@v3
with:
name: tfplan
path: ${{ env.DIR }}/tfplan-${{ steps.setenv.outputs.environment }}-${{ github.sha }}
if-no-files-found: error
retention-days: 1
deploy:
name: Deploy microservice
runs-on: ubuntu-latest
needs: [build]
environment: ${{ needs.build.outputs.environment }}-cd
permissions:
id-token: write
steps:
- uses: actions/checkout@v4
name: Checkout
with:
ref: ${{ github.ref_name }}
- name: Download Terraform Plan as Artifact
uses: actions/download-artifact@v3
with:
name: tfplan
path: ${{ env.DIR }}
- name: Retrieve Terraform Modules from Cache
id: cache-terraform-modules
uses: actions/cache@6fd2d4538ca777f67fccddb233cf1a8ff1339012
with:
path: ${{ env.DIR }}/.terraform
key: terraform-${{ env.DIR }}-${{ github.sha }}
restore-keys: |
terraform-${{ env.DIR }}
- name: Set Terraform Version
id: set-terraform-version
run: |
echo "terraform_version=$(cat .terraform-version)" >> $GITHUB_OUTPUT
- uses: hashicorp/setup-terraform@v2
name: Setup Terraform
with:
terraform_version: ${{ steps.set-terraform-version.outputs.terraform_version}}
- name: Terraform Apply
uses: pagopa/terraform-apply-azure-action@87efc4aa9b093b99ae5fd1915977e29cd80861ab
with:
client_id: ${{ secrets.AZURE_CLIENT_ID_CD }}
tenant_id: ${{ secrets.AZURE_TENANT_ID }}
subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
dir: ${{ env.DIR }}
azure_environment: ${{ needs.build.outputs.environment }}
env:
TF_VAR_image_tag: ${{ needs.build.outputs.short_sha }}