From 29b81573224d5da4d5a3d0287d3ac6d195fd7f3b Mon Sep 17 00:00:00 2001
From: Andrei Stefanie <andrei.stefanie@cyscale.com>
Date: Wed, 30 Nov 2022 09:28:01 +0200
Subject: [PATCH] feat: split dev and prod workflows

---
 .github/workflows/{main.yml => dev.yml} | 40 ++++++------------------
 .github/workflows/prod.yml              | 41 +++++++++++++++++++++++++
 2 files changed, 50 insertions(+), 31 deletions(-)
 rename .github/workflows/{main.yml => dev.yml} (58%)
 create mode 100644 .github/workflows/prod.yml

diff --git a/.github/workflows/main.yml b/.github/workflows/dev.yml
similarity index 58%
rename from .github/workflows/main.yml
rename to .github/workflows/dev.yml
index f0b036e9..92f3e603 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/dev.yml
@@ -1,4 +1,4 @@
-name: Main
+name: Deploy to dev
 
 on:
   # push:
@@ -17,43 +17,21 @@ permissions:
 jobs:
   release:
     runs-on: ubuntu-latest
+    name: Semantic Release
     environment: development
     steps:
       - name: Checkout
         uses: actions/checkout@v3
-      - name: Get changed files
-        id: changed-files
-        uses: tj-actions/changed-files@v32
-      - name: List all changed files
-        run: |
-          for file in ${{ steps.changed-files.outputs.all_changed_files }}; do
-            echo "$file was changed"
-          done
-      - name: Copy
-        env:
-          AZ_ST_CONN_STRING: ${{ secrets.DEV_AZ_ST_CONN_STRING }}
-        uses: azure/CLI@v1
-        with:
-          azcliversion: 2.37.0
-          inlineScript: |
-            az storage blob upload-batch --connection-string $(echo "$AZ_ST_CONN_STRING" | base64 -d) --destination grc/queries --source ./queries --overwrite
-            az storage blob upload-batch --connection-string $(echo "$AZ_ST_CONN_STRING" | base64 -d) --destination grc/controls --source ./controls --overwrite
-      - name: Update
-        shell: bash
-        env:
-          BAPI_GRC_UPDATE_ENDPOINT: ${{ secrets.DEV_BAPI_GRC_UPDATE_ENDPOINT }}
-          INTERNAL_API_KEY: ${{ secrets.DEV_INTERNAL_API_KEY }}
-        run: |
-          curl --silent --show-error --fail -X POST $BAPI_GRC_UPDATE_ENDPOINT -H "Content-Type:application/json" -H "x-api-key:$(echo "$INTERNAL_API_KEY" | base64 -d)" -d '{"accounts":"all"}'
-      - name: 'Tag Release'
+      - name: 'Semantic Release'
         uses: go-semantic-release/action@v1
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           allow-initial-development-versions: true
           force-bump-patch-version: true
-  prod:
+  deploy:
     runs-on: ubuntu-latest
-    environment: production
+    name: Deploy GRC to dev
+    environment: development
     steps:
       - name: Checkout
         uses: actions/checkout@v3
@@ -67,7 +45,7 @@ jobs:
           done
       - name: Copy
         env:
-          AZ_ST_CONN_STRING: ${{ secrets.PROD_AZ_ST_CONN_STRING }}
+          AZ_ST_CONN_STRING: ${{ secrets.DEV_AZ_ST_CONN_STRING }}
         uses: azure/CLI@v1
         with:
           azcliversion: 2.37.0
@@ -77,7 +55,7 @@ jobs:
       - name: Update
         shell: bash
         env:
-          BAPI_GRC_UPDATE_ENDPOINT: ${{ secrets.PROD_BAPI_GRC_UPDATE_ENDPOINT }}
-          INTERNAL_API_KEY: ${{ secrets.PROD_INTERNAL_API_KEY }}
+          BAPI_GRC_UPDATE_ENDPOINT: ${{ secrets.DEV_BAPI_GRC_UPDATE_ENDPOINT }}
+          INTERNAL_API_KEY: ${{ secrets.DEV_INTERNAL_API_KEY }}
         run: |
           curl --silent --show-error --fail -X POST $BAPI_GRC_UPDATE_ENDPOINT -H "Content-Type:application/json" -H "x-api-key:$(echo "$INTERNAL_API_KEY" | base64 -d)" -d '{"accounts":"all"}'
diff --git a/.github/workflows/prod.yml b/.github/workflows/prod.yml
new file mode 100644
index 00000000..6abae631
--- /dev/null
+++ b/.github/workflows/prod.yml
@@ -0,0 +1,41 @@
+name: Deploy to prod
+
+on:
+  workflow_dispatch:
+
+permissions:
+  id-token: write
+  contents: write
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    name: Deploy GRC to prod
+    environment: production
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Get changed files
+        id: changed-files
+        uses: tj-actions/changed-files@v32
+      - name: List all changed files
+        run: |
+          for file in ${{ steps.changed-files.outputs.all_changed_files }}; do
+            echo "$file was changed"
+          done
+      - name: Copy
+        env:
+          AZ_ST_CONN_STRING: ${{ secrets.PROD_AZ_ST_CONN_STRING }}
+        uses: azure/CLI@v1
+        with:
+          azcliversion: 2.37.0
+          inlineScript: |
+            az storage blob upload-batch --connection-string $(echo "$AZ_ST_CONN_STRING" | base64 -d) --destination grc/queries --source ./queries --overwrite
+            az storage blob upload-batch --connection-string $(echo "$AZ_ST_CONN_STRING" | base64 -d) --destination grc/controls --source ./controls --overwrite
+      - name: Update
+        shell: bash
+        env:
+          BAPI_GRC_UPDATE_ENDPOINT: ${{ secrets.PROD_BAPI_GRC_UPDATE_ENDPOINT }}
+          INTERNAL_API_KEY: ${{ secrets.PROD_INTERNAL_API_KEY }}
+        run: |
+          curl --silent --show-error --fail -X POST $BAPI_GRC_UPDATE_ENDPOINT -H "Content-Type:application/json" -H "x-api-key:$(echo "$INTERNAL_API_KEY" | base64 -d)" -d '{"accounts":"all"}'