don-tools-api/.github/workflows/deploy-prod.yml at 76e77c119ea6604efd247eaaa9d04c62e0a48a1c · developer-overheid-nl/don-tools-api · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
name: Deploy to Production

on:
  workflow_dispatch:
  push:
    branches:
      - main

env:
  IMAGE_NAME: ghcr.io/${{ github.repository }}
  INFRA_REPO: ${{ vars.INFRA_REPO }}
  KUSTOMIZE_PATH: ${{ vars.KUSTOMIZE_PATH }}
  DEPLOY_ENV: prod

jobs:
  create-infra-pr:
    runs-on: ubuntu-latest
    steps:
      - name: Parse infra repository
        id: infra-repo
        run: |
          INFRA_REPO="${{ env.INFRA_REPO }}"

          if [[ -z "$INFRA_REPO" || "$INFRA_REPO" != */* ]]; then
            echo "INFRA_REPO moet de vorm owner/repo hebben, huidige waarde: '$INFRA_REPO'" >&2
            exit 1
          fi

          echo "owner=${INFRA_REPO%%/*}" >> "$GITHUB_OUTPUT"
          echo "repo=${INFRA_REPO#*/}" >> "$GITHUB_OUTPUT"

      - name: Genereer app token (Release proces app)
        id: app-token
        uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859
        with:
          app-id: ${{ secrets.RELEASE_PROCES_APP_ID }}
          private-key: ${{ secrets.RELEASE_PROCES_APP_PRIVATE_KEY }}
          owner: ${{ steps.infra-repo.outputs.owner }}
          repositories: ${{ steps.infra-repo.outputs.repo }}

      - name: Checkout don-infra
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
        with:
          repository: ${{ env.INFRA_REPO }}
          token: ${{ steps.app-token.outputs.token }}

      - name: Maak release branch aan in don-infra
        id: branch
        run: |
          BRANCH="release/don-site-${{ github.sha }}"
          echo "branch=$BRANCH" >> $GITHUB_OUTPUT
          git checkout -b "$BRANCH"

      - name: Update image tag in prod overlay
        run: |
          KUSTOMIZATION_FILE="${{ env.KUSTOMIZE_PATH }}${{ env.DEPLOY_ENV }}/kustomization.yaml"

          yq e '(.images[] | select(.newName == "${{ env.IMAGE_NAME }}")).newTag = "${{ github.sha }}"' -i "$KUSTOMIZATION_FILE"

      - name: Commit en push release branch
        run: |
          KUSTOMIZATION_FILE="${{ env.KUSTOMIZE_PATH }}${{ env.DEPLOY_ENV }}/kustomization.yaml"

          git config user.name "${{ github.actor }}"
          git config user.email "${{ github.actor_id }}+${{ github.actor }}@users.noreply.github.com"
          git add "$KUSTOMIZATION_FILE"
          git commit -m "release: don-tools-api → ${{ github.sha }}

          Commit: ${{ github.server_url }}/${{ github.repository }}/commit/${{ github.sha }}"
          git push origin "${{ steps.branch.outputs.branch }}"

      - name: Maak PR aan in don-infra
        env:
          GH_TOKEN: ${{ steps.app-token.outputs.token }}
        run: |
          gh pr create \
            --repo "${{ env.INFRA_REPO }}" \
            --base main \
            --head "${{ steps.branch.outputs.branch }}" \
            --title "Release: don-tools-api → ${GITHUB_SHA::7}" \
            --body "## don-tools-api productie deploy

          **Image:** \`${{ env.IMAGE_NAME }}:${{ github.sha }}\`
          **Branch:** \`${{ github.ref_name }}\`
          **Commit:** ${{ github.server_url }}/${{ github.repository }}/commit/${{ github.sha }}

          Merge deze PR om de nieuwe versie naar productie te deployen."