Deploy github workflow

These workflow setups seem pretty much identical across projects. So, as standard, this: 1. builds the container image 2. pushes it to ECR 3. updates the image tag in govuk-helm-charts The cronjob (that we're planning to add to govuk-helm-charts) will then pull the released image the next time it runs. Until we're ready to put this into production, we'll test this by deploying to integration. After that, we might choose to still keep integration available for testing. (But note the promotion from one environment to the next won't be needed for this project.)
alphagov · Nov 28, 2023 · 3ebb831 · 3ebb831
1 parent f9434ad
commit 3ebb831
Showing 1 changed file with 44 additions and 0 deletions.
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -0,0 +1,44 @@
+name: Deploy
+
+run-name: Deploy ${{ inputs.gitRef || github.ref_name  }} to ${{ inputs.environment || 'integration' }}
+
+on:
+  workflow_dispatch:
+    inputs:
+      gitRef:
+        description: 'Commit, tag or branch name to deploy'
+        required: true
+        type: string
+      environment:
+        description: 'Environment to deploy to'
+        required: true
+        type: choice
+        options:
+        - integration
+        - staging
+        - production
+        default: 'integration'
+  release:
+    types: [released]
+
+jobs:
+  build-and-publish-image:
+    if: github.event_name == 'workflow_dispatch' || startsWith(github.ref_name, 'v')
+    name: Build and publish image
+    uses: alphagov/govuk-infrastructure/.github/workflows/build-and-push-image.yml@main
+    with:
+      gitRef: ${{ inputs.gitRef || github.ref_name }}
+    secrets:
+      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_GOVUK_ECR_ACCESS_KEY_ID }}
+      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_GOVUK_ECR_SECRET_ACCESS_KEY }}
+  trigger-deploy:
+    name: Trigger deploy to ${{ inputs.environment || 'integration' }}
+    needs: build-and-publish-image
+    uses: alphagov/govuk-infrastructure/.github/workflows/deploy.yml@main
+    with:
+      imageTag: ${{ needs.build-and-publish-image.outputs.imageTag }}
+      environment: ${{ inputs.environment || 'integration' }}
+    secrets:
+      WEBHOOK_TOKEN: ${{ secrets.GOVUK_ARGO_EVENTS_WEBHOOK_TOKEN }}
+      WEBHOOK_URL: ${{ secrets.GOVUK_ARGO_EVENTS_WEBHOOK_URL }}
+      GH_TOKEN: ${{ secrets.GOVUK_CI_GITHUB_API_TOKEN }}