Merge pull request #1512 from GSA/snyk-fix-jinja #642
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: 2 - Publish & Deploy | |
on: | |
push: | |
branches: | |
- main | |
jobs: | |
ghcr_publish: | |
name: Publish Images on GHCR | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
image: [ckan, solr, postgresql] | |
include: | |
- image: ckan | |
name: catalog.data.gov | |
tag: ghcr.io/gsa/catalog.data.gov:latest | |
- image: solr | |
name: catalog.data.gov.solr | |
tag: ghcr.io/gsa/catalog.data.gov.solr:latest | |
- image: postgresql | |
name: catalog.data.gov.db | |
tag: ghcr.io/gsa/catalog.data.gov.db:latest | |
steps: | |
- name: checkout | |
uses: actions/checkout@v4 | |
- name: login to ghcr | |
uses: docker/login-action@v2 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: publish ${{ matrix.name }} | |
uses: docker/build-push-action@v3 | |
with: | |
context: ${{ matrix.image }} | |
push: true | |
tags: ${{ matrix.tag }} | |
create-cloudgov-services-staging: | |
name: create services (staging) | |
uses: gsa/data.gov/.github/workflows/create-services-template.yml@main | |
with: | |
environ: staging | |
secrets: inherit | |
create-cloudgov-services-prod: | |
name: create services (prod) | |
uses: gsa/data.gov/.github/workflows/create-services-template.yml@main | |
with: | |
environ: prod | |
secrets: inherit | |
deploy-staging: | |
name: deploy (staging) | |
needs: | |
- create-cloudgov-services-staging | |
uses: gsa/data.gov/.github/workflows/deploy-template.yml@main | |
with: | |
environ: staging | |
app_url: https://catalog-stage-datagov.app.cloud.gov | |
app_names: "{\"include\":[{\"app\":\"catalog-web\",\"smoketest\":true},{\"app\":\"catalog-admin\"},{\"app\":\"catalog-fetch\"},{\"app\":\"catalog-gather\"},{\"app\":\"catalog-proxy\"}]}" | |
secrets: inherit | |
deploy-prod: | |
name: deploy (prod) | |
needs: | |
- create-cloudgov-services-prod | |
- deploy-staging | |
uses: gsa/data.gov/.github/workflows/deploy-template.yml@main | |
with: | |
environ: prod | |
app_url: https://catalog.data.gov | |
app_names: "{\"include\":[{\"app\":\"catalog-web\",\"smoketest\":true},{\"app\":\"catalog-admin\"},{\"app\":\"catalog-fetch\"},{\"app\":\"catalog-gather\"},{\"app\":\"catalog-proxy\"}]}" | |
secrets: inherit | |
network-policies: | |
name: Add network-policies | |
needs: | |
- deploy-staging | |
- deploy-prod | |
runs-on: ubuntu-latest | |
environment: ${{ matrix.environ }} | |
strategy: | |
fail-fast: false | |
matrix: | |
command: [ | |
"cf add-network-policy catalog-proxy catalog-web --protocol tcp --port 61443", | |
"cf add-network-policy catalog-proxy catalog-admin --protocol tcp --port 61443" | |
] | |
environ: ["staging", "prod"] | |
steps: | |
- name: proxy to web | |
uses: cloud-gov/cg-cli-tools@main | |
with: | |
command: ${{ matrix.command }} | |
cf_org: gsa-datagov | |
cf_space: ${{ matrix.environ }} | |
cf_username: ${{secrets.CF_SERVICE_USER}} | |
cf_password: ${{secrets.CF_SERVICE_AUTH}} |