Staging and production deployment workflows

[rbadillap]

Description

This Pull Requests separates the workflow that deploys to staging should take comparing with production.
In the case of STAGING we want the deployment to be executed when a pull request is merged to the main branch, or when there is a direct commit to that branch.
The tags that must be applied for that environment are those related to the last commit (short sha) and also the tag: latest.

For PRODUCTION, the tag latest shouldn't be applied, instead of that, the word stable is the one to be applied.

Testing Instructions

• Merge a Pull Request into main branch (deploy to STAGING)
• Create a new release (deploy to PRODUCTION)

Checklist

• My pull request has a descriptive title (not a vague title like Update index.md).
• My pull request targets the default branch of the repository (main) or a parent feature branch.
• My commit messages follow best practices.
• My code follows the established code style of the repository.
• I added or updated tests for the changes I made (if applicable).
• I added or updated documentation (if applicable).
• I tried running the project locally and verified that there are no visible errors.

Developer Certificate of Origin

Developer Certificate of Origin

Developer Certificate of Origin
Version 1.1

Copyright (C) 2004, 2006 The Linux Foundation and its contributors.
1 Letterman Drive
Suite D4700
San Francisco, CA, 94129

Everyone is permitted to copy and distribute verbatim copies of this
license document, but changing it is not allowed.


Developer's Certificate of Origin 1.1

By making a contribution to this project, I certify that:

(a) The contribution was created in whole or in part by me and I
    have the right to submit it under the open source license
    indicated in the file; or

(b) The contribution is based upon previous work that, to the best
    of my knowledge, is covered under an appropriate open source
    license and I have the right under that license to submit that
    work with modifications, whether created in whole or in part
    by me, under the same open source license (unless I am
    permitted to submit under a different license), as indicated
    in the file; or

(c) The contribution was provided directly to me by some other
    person who certified (a), (b) or (c) and I have not modified
    it.

(d) I understand and agree that this project and the contribution
    are public and that a record of the contribution (including all
    personal information I submit with it, including my sign-off) is
    maintained indefinitely and may be redistributed consistent with
    this project or the open source license(s) involved.

[obulat]

I am not sure I can really comment on this PR due to my lack of knowledge in this area, but I love the automation!

We have only one staging env, right? It could probably be nice if it was possible to also stage the feature branches (audio integration, redesign) before merging them into main.

[zackkrida]

I like how you've separated the work here, it makes sense to me. I think if we ever needed more environments we'd just refactor how this works completely and perhaps not even use GitHub actions.

[zackkrida]

Feel free to undraft this so you can test it!

[AetherUnbound]

A few thoughts/questions!

[AetherUnbound]

There are a lot of similarities between this and the staging step. I wonder if we might be able to combine the logic and add conditions in certain places for each deployment case.

[rbadillap]

That's a good point, and that's what I mentioned when I officially announced this PR.

This is something that will be improved in the future based on what we are going to see when deploying this on the real infrastructure.

By now, I'm separating the logic between staging and production, but I'm planning to send a PR to the official action project (owned by Docker) that allows me to manipulate the tags without the need to duplicate the whole step.

cc @zackkrida

[AetherUnbound]

Does this push trigger a deployment of our AWS infrastructure? Is that encapsulated in this workflow or will that be future work?

[rbadillap]

The deployment is made by CodePipeline in our AWS. I just push the image to ECR and the event will automatically be triggered internally.

That's why I opened a discussion a few days ago, because I would need to change this part and build some communication between CodePipeline and ghcr.io events.

[zackkrida]

Seeing an issue, it appears the run failed with an error: https://github.com/WordPress/openverse-frontend/actions/runs/1785344194

Can't find 'action.yml', 'action.yaml' or 'Dockerfile' under '/home/runner/work/openverse-frontend/openverse-frontend/.github/workflows/build.yaml@v1'. Did you forget to run actions/checkout before running your local action?

[rbadillap]

The pipeline has been fixed and you can consider it ready for review.

[rbadillap]

The build workflow was moved as an action, in order to be called by other workflows in the following way:

- name: docker build
  uses: ./.github/actions/build

[zackkrida]

Looks good, I left a few suggestions!

[AetherUnbound]

Looks good!