Merge pull request #113 from developer-overheid-nl/jsonld-detail #26
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy to Production | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - main | |
| env: | |
| IMAGE_NAME: ghcr.io/${{ github.repository }} | |
| INFRA_REPO: ${{ vars.INFRA_REPO }} | |
| KUSTOMIZE_PATH: ${{ vars.KUSTOMIZE_PATH }} | |
| DEPLOY_ENV: prod | |
| jobs: | |
| build-and-push: | |
| name: Build & Push Docker Image | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build & Push Docker image | |
| uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f | |
| with: | |
| context: . | |
| push: true | |
| tags: | | |
| ${{ env.IMAGE_NAME }}:latest | |
| ${{ env.IMAGE_NAME }}:${{ github.sha }} | |
| create-infra-pr: | |
| needs: build-and-push | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Parse infra repository | |
| id: infra-repo | |
| run: | | |
| INFRA_REPO="${{ env.INFRA_REPO }}" | |
| if [[ -z "$INFRA_REPO" || "$INFRA_REPO" != */* ]]; then | |
| echo "INFRA_REPO moet de vorm owner/repo hebben, huidige waarde: '$INFRA_REPO'" >&2 | |
| exit 1 | |
| fi | |
| echo "owner=${INFRA_REPO%%/*}" >> "$GITHUB_OUTPUT" | |
| echo "repo=${INFRA_REPO#*/}" >> "$GITHUB_OUTPUT" | |
| - name: Genereer app token (Release proces app) | |
| id: app-token | |
| uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 | |
| with: | |
| app-id: ${{ secrets.RELEASE_PROCES_APP_ID }} | |
| private-key: ${{ secrets.RELEASE_PROCES_APP_PRIVATE_KEY }} | |
| owner: ${{ steps.infra-repo.outputs.owner }} | |
| repositories: ${{ steps.infra-repo.outputs.repo }} | |
| - name: Checkout don-infra | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd | |
| with: | |
| repository: ${{ env.INFRA_REPO }} | |
| token: ${{ steps.app-token.outputs.token }} | |
| - name: Maak release branch aan in don-infra | |
| id: branch | |
| run: | | |
| BRANCH="release/don-api-register-${{ github.sha }}" | |
| echo "branch=$BRANCH" >> $GITHUB_OUTPUT | |
| git checkout -b "$BRANCH" | |
| - name: Update image tag in prod overlay | |
| run: | | |
| KUSTOMIZATION_FILE="${{ env.KUSTOMIZE_PATH }}${{ env.DEPLOY_ENV }}/kustomization.yaml" | |
| yq e '(.images[] | select(.newName == "${{ env.IMAGE_NAME }}")).newTag = "${{ github.sha }}"' \ | |
| -i "$KUSTOMIZATION_FILE" | |
| - name: Commit en push release branch | |
| run: | | |
| KUSTOMIZATION_FILE="${{ env.KUSTOMIZE_PATH }}${{ env.DEPLOY_ENV }}/kustomization.yaml" | |
| git config user.name "${{ github.actor }}" | |
| git config user.email "${{ github.actor_id }}+${{ github.actor }}@users.noreply.github.com" | |
| git add "$KUSTOMIZATION_FILE" | |
| git commit -m "release: don-api-register → ${{ github.sha }} | |
| Commit: ${{ github.server_url }}/${{ github.repository }}/commit/${{ github.sha }}" | |
| git push origin "${{ steps.branch.outputs.branch }}" | |
| - name: Maak PR aan in don-infra | |
| env: | |
| GH_TOKEN: ${{ steps.app-token.outputs.token }} | |
| run: | | |
| gh pr create \ | |
| --repo "${{ env.INFRA_REPO }}" \ | |
| --base main \ | |
| --head "${{ steps.branch.outputs.branch }}" \ | |
| --title "Release: don-api-register → ${GITHUB_SHA::7}" \ | |
| --body "## don-api-register productie deploy | |
| **Image:** \`${{ env.IMAGE_NAME }}:${{ github.sha }}\` | |
| **Branch:** \`${{ github.ref_name }}\` | |
| **Commit:** ${{ github.server_url }}/${{ github.repository }}/commit/${{ github.sha }} | |
| Merge deze PR om de nieuwe versie naar productie te deployen." |