firezone/.github/workflows/cd.yml

name: Continuous Delivery
on:
  # Used for debugging the workflow by manually calling it
  workflow_dispatch:
  push:
    branches:
      - main

jobs:
  # Builds images that match what's default in docker-compose.yml for
  # local development.
  build-data-plane-dev-images:
    uses: ./.github/workflows/_data-plane.yml
    secrets: inherit
    with:
      image_prefix: "dev"
      stage: "debug"
      profile: "debug"

  # Builds debug images with release binaries for compatibility tests in case the merge_group was skipped.
  build-data-plane-test-images:
    uses: ./.github/workflows/_data-plane.yml
    secrets: inherit
    with:
      image_prefix: "debug"
      stage: "debug"
      profile: "release"

  build-control-plane-images:
    uses: ./.github/workflows/_control-plane.yml
    secrets: inherit

  # Re-run CI checks to make sure everything's green, since "Merging as administrator"
  # won't trigger these in the merge group.
  ci:
    uses: ./.github/workflows/ci.yml
    secrets: inherit
    with:
      profile: "release"
      stage: "release"

  notify:
    needs: ci
    runs-on: ubuntu-24.04
    steps:
      - name: Send 'checks-passed' event
        env:
          GH_TOKEN: ${{ secrets.INFRA_REPOSITORY_TOKEN }}
        run: |
          gh api \
            --method POST \
            --header "Accept: application/vnd.github+json" \
            --header "X-GitHub-Api-Version: 2022-11-28" \
            /repos/firezone/infra/dispatches \
            --raw-field "event_type=checks-passed" \
            --field "client_payload[sha]=${{ github.sha }}"