mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-01-27 18:18:55 +00:00
d99508ead5
This moves our current GCP infra to a new firezone/environments repo. The existing Git history is preserved, and CI config is updated to clone this submodule before running any terraform jobs.
100 lines
3.7 KiB
YAML
100 lines
3.7 KiB
YAML
name: Continuous Delivery
|
|
on:
|
|
# Used for debugging the workflow by manually calling it
|
|
workflow_dispatch:
|
|
inputs:
|
|
deploy-staging:
|
|
description: "Also deploy to staging. By default the deploy is not executed when triggering this workflow manually."
|
|
type: boolean
|
|
default: false
|
|
required: false
|
|
push:
|
|
branches:
|
|
- main
|
|
|
|
jobs:
|
|
# Builds images that match what's default in docker-compose.yml for
|
|
# local development.
|
|
build-dev-images:
|
|
uses: ./.github/workflows/_build_artifacts.yml
|
|
secrets: inherit
|
|
with:
|
|
image_prefix: "dev"
|
|
stage: "debug"
|
|
profile: "debug"
|
|
|
|
# Builds debug images with release binaries for compatibility tests in case the merge_group was skipped.
|
|
build-test-images:
|
|
uses: ./.github/workflows/_build_artifacts.yml
|
|
secrets: inherit
|
|
with:
|
|
image_prefix: "debug"
|
|
stage: "debug"
|
|
profile: "release"
|
|
|
|
# Re-run CI checks to make sure everything's green, since "Merging as administrator"
|
|
# won't trigger these in the merge group.
|
|
ci:
|
|
uses: ./.github/workflows/ci.yml
|
|
secrets: inherit
|
|
with:
|
|
profile: "release"
|
|
stage: "release"
|
|
|
|
deploy-staging:
|
|
if: ${{ github.event_name != 'workflow_dispatch' || inputs.deploy-staging }}
|
|
runs-on: ubuntu-22.04
|
|
environment: gcp_staging
|
|
permissions:
|
|
contents: write
|
|
# Cancel old workflow runs if new code is pushed
|
|
concurrency:
|
|
group: "staging-deploy-${{ github.workflow }}-${{ github.ref }}"
|
|
cancel-in-progress: false
|
|
needs: ci
|
|
env:
|
|
TF_CLOUD_ORGANIZATION: "firezone"
|
|
TF_API_TOKEN: "${{ secrets.TF_API_TOKEN }}"
|
|
TF_WORKSPACE: "staging"
|
|
steps:
|
|
# First, checkout the main ref for setting up Terraform
|
|
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
with:
|
|
submodules: true
|
|
ssh-key: ${{ secrets.ENVIRONMENTS_REPO_DEPLOY_KEY }}
|
|
- name: Tool Versions
|
|
id: versions
|
|
uses: marocchino/tool-versions-action@18a164fa2b0db1cc1edf7305fcb17ace36d1c306 # v1.2.0
|
|
- uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2
|
|
with:
|
|
terraform_version: ${{ steps.versions.outputs.terraform }}
|
|
# Then, checkout the ref specified in the workflow run
|
|
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
with:
|
|
ref: ${{ github.event.workflow_run.head_branch }}
|
|
submodules: true
|
|
ssh-key: ${{ secrets.ENVIRONMENTS_REPO_DEPLOY_KEY }}
|
|
- name: Upload Configuration
|
|
uses: hashicorp/tfc-workflows-github/actions/upload-configuration@8e08d1ba957673f5fbf971a22b3219639dc45661 # v1.3.2
|
|
id: apply-upload
|
|
with:
|
|
workspace: ${{ env.TF_WORKSPACE }}
|
|
# Subdirectory is set in the project settings:
|
|
# https://app.terraform.io/app/firezone/workspaces/staging/settings/general
|
|
directory: "./"
|
|
- name: Create Plan Run
|
|
uses: hashicorp/tfc-workflows-github/actions/create-run@8e08d1ba957673f5fbf971a22b3219639dc45661 # v1.3.2
|
|
id: apply-run
|
|
env:
|
|
TF_VAR_image_tag: '"${{ github.sha }}"'
|
|
with:
|
|
workspace: ${{ env.TF_WORKSPACE }}
|
|
configuration_version: ${{ steps.apply-upload.outputs.configuration_version_id }}
|
|
- name: Apply
|
|
uses: hashicorp/tfc-workflows-github/actions/apply-run@8e08d1ba957673f5fbf971a22b3219639dc45661 # v1.3.2
|
|
if: fromJSON(steps.apply-run.outputs.payload).data.attributes.actions.IsConfirmable
|
|
id: apply
|
|
with:
|
|
run: ${{ steps.apply-run.outputs.run_id }}
|
|
comment: "Apply Run from GitHub Actions CI ${{ github.sha }}"
|