From e56c63676ed4a445fbfb132226e80194eaa3282a Mon Sep 17 00:00:00 2001 From: Anthony LC Date: Mon, 3 Jun 2024 15:37:14 +0200 Subject: [PATCH] =?UTF-8?q?=F0=9F=91=B7(CI)=20add=20deploy=20workflow?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add the deploy workflow, this workflow will deploy the application to the selected tag. --- .github/workflows/deploy.yml | 51 ++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 .github/workflows/deploy.yml diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml new file mode 100644 index 0000000..7f45b29 --- /dev/null +++ b/.github/workflows/deploy.yml @@ -0,0 +1,51 @@ +name: Deploy + +on: + push: + tags: + - 'preprod' + + +jobs: + notify-argocd: + runs-on: ubuntu-latest + steps: + - + uses: actions/create-github-app-token@v1 + id: app-token + with: + app-id: ${{ secrets.APP_ID }} + private-key: ${{ secrets.PRIVATE_KEY }} + owner: ${{ github.repository_owner }} + repositories: "people,secrets" + - + name: Checkout repository + uses: actions/checkout@v2 + with: + submodules: recursive + token: ${{ steps.app-token.outputs.token }} + - + name: Load sops secrets + uses: rouja/actions-sops@main + with: + secret-file: secrets/numerique-gouv/people/secrets.enc.env + age-key: ${{ secrets.SOPS_PRIVATE }} + - + name: Call argocd github webhook + run: | + data='{"ref": "'$GITHUB_REF'","repository": {"html_url":"'$GITHUB_SERVER_URL'/'$GITHUB_REPOSITORY'"}}' + sig=$(echo -n ${data} | openssl dgst -sha1 -hmac ''${ARGOCD_WEBHOOK_SECRET}'' | awk '{print "X-Hub-Signature: sha1="$2}') + curl -X POST -H 'X-GitHub-Event:push' -H "Content-Type: application/json" -H "${sig}" --data "${data}" $ARGOCD_WEBHOOK_URL + sig=$(echo -n ${data} | openssl dgst -sha1 -hmac ''${ARGOCD_PRODUCTION_WEBHOOK_SECRET}'' | awk '{print "X-Hub-Signature: sha1="$2}') + curl -X POST -H 'X-GitHub-Event:push' -H "Content-Type: application/json" -H "${sig}" --data "${data}" $ARGOCD_PRODUCTION_WEBHOOK_URL + + start-test-on-preprod: + needs: + - notify-argocd + runs-on: ubuntu-latest + if: startsWith(github.event.ref, 'refs/tags/preprod') + steps: + - + name: Debug + run: | + echo "Start test when preprod is ready"