azure_pipelines.yml

# OGCIO

trigger:
  - dev
  - uat
  - sta

pr:
  autoCancel: true
  branches:
    include:
      - "*"

parameters:
  - name: buildBranches
    type: object
    default: ["dev", "sta", "uat"]

  - name: validEnvironments
    type: object
    displayName: List of valid environments to deploy (do not change)
    default: ['dev','sta', 'uat', 'prd']

variables:
  - name: pushArtefacts
    value: ${{ containsValue(parameters.buildBranches, variables['Build.SourceBranchName']) }}
  - ${{ if containsValue(parameters.validEnvironments ,variables['Build.SourceBranchName']) }}:
    - template: pipeline-variables/${{ coalesce(variables['Build.SourceBranchName'], 'fallback') }}.yml
  - ${{ else }}:
    - template: pipeline-variables/dev.yml

resources:
  repositories:
    - repository: pipeline-templates
      type: github
      name: ogcio/building-blocks-pipelines
      ref: refs/tags/v0.5.1
      endpoint: ogcio
    - repository: logto-k8s-apps
      type: github
      name: ogcio/logto-k8s-apps
      ref: main
      endpoint: ogcio
    - repository: mygovid-mock-k8s-apps
      type: github
      name: ogcio/mygovid-mock-k8s-apps
      ref: main
      endpoint: ogcio

stages:
  - stage: securityScan
    displayName: Security Scans
    jobs:
      - template: security/gitleaks.yml@pipeline-templates
  - stage: Build_Logto
    displayName: Build Logto
    dependsOn: 
      - securityScan
    jobs:  
    - template: pipeline-templates/build_service.yml
      parameters:
        serviceName: logto
        pushArtefacts: ${{ variables.pushArtefacts }}
        buildArguments: $(buildArguments)
  - stage: EnvApproval
    displayName: Approvals for deployments - ${{ upper(variables.environment) }}
    dependsOn:
      - Build_Logto
    condition: ${{ variables.pushArtefacts }}
    jobs:
    - deployment: VerifyDeployment
      displayName: Verify conditions for deployment
      environment: ${{ variables.environment }}
      strategy:
        runOnce:
          deploy:
            steps:
            - script: |
                date
              displayName: Show current date
  - stage: Push_Logto
    displayName: Push logto to ECR
    dependsOn: EnvApproval
    condition: and(${{ variables.pushArtefacts }}, succeeded())
    jobs:
    - template: build/push_image_ecr.yml@pipeline-templates
      parameters:
        awsServiceConnection: ${{ variables.awsServiceConnection }}
        awsRegion: ${{ variables.awsRegion }}
        serviceName: logto
        repositoryName: bb-logto
        pushTag: $(Build.BuildId)
  - stage: Deploy_Openshift_Logto
    displayName: GitOps deploy Logto
    dependsOn:
      - EnvApproval
      - Push_Logto
    condition: succeeded()
    jobs:
    - template: deploy/gitops.yml@pipeline-templates
      parameters:
        serviceName: logto
        newName: ${{ variables.ecrEndpoint }}/bb-logto
        newTag: $(Build.BuildId)
        ${{ if containsValue(parameters.validEnvironments ,variables['Build.SourceBranchName']) }}:
          environment: ${{ variables['Build.SourceBranchName'] }}
        ${{ else }}:
          environment: dev
  - stage: Build_MyGovId_Mock
    displayName: Build MyGovId Mock
    dependsOn: 
      - securityScan
    condition: or(eq(variables['Build.SourceBranchName'], 'dev'),eq(variables['Build.Reason'], 'PullRequest'))
    jobs:
    - template: pipeline-templates/build_service.yml
      parameters:
        serviceName: mygovid-mock-service
        pushArtefacts: true
        buildArguments: $(buildArguments)
        dockerfile: ./mygovid-mock-service/Dockerfile
  - stage: Push_MyGovId_Mock
    displayName: Push MyGovId Mock to ECR
    dependsOn: 
      - EnvApproval
      - Build_MyGovId_Mock
    condition: and(eq(variables['Build.SourceBranchName'], 'dev'), succeeded())
    jobs:
    - template: build/push_image_ecr.yml@pipeline-templates
      parameters:
        awsServiceConnection: ${{ variables.awsServiceConnection }}
        awsRegion: ${{ variables.awsRegion }}
        serviceName: mygovid-mock-service
        repositoryName: bb-mygovid-mock
        pushTag: $(Build.BuildId)
  - stage: Deploy_Openshift_MyGovId_Mock
    displayName: GitOps deploy MyGovId Mock
    dependsOn:
      - Push_MyGovId_Mock
    condition: succeeded()
    jobs:
    - template: deploy/gitops.yml@pipeline-templates
      parameters:
        serviceName: mygovid-mock
        newName: ${{ variables.ecrEndpoint }}/bb-mygovid-mock
        newTag: $(Build.BuildId)
        environment: dev