-
Notifications
You must be signed in to change notification settings - Fork 241
85 lines (72 loc) · 3.08 KB
/
deploy.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
name: Deploy
on:
push:
branches:
- main
workflow_dispatch:
concurrency: production
jobs:
build:
uses: ./.github/workflows/test.yaml
with:
upload-artifact: true
# Deploy the Design System to production when the main branch is changed
# Github Actions is not involved in deploying PR or branch previews – these are handled by Netlify
# Only runs if the production environment protection rules are fulfilled
deploy:
environment: production
name: Deploy
needs: build
runs-on: ubuntu-latest
env:
CF_API: 'https://api.cloud.service.gov.uk'
CF_ORG: 'govuk-design-system'
CF_SPACE: 'design-system'
steps:
- name: Pre-deploy checks
uses: actions/github-script@v6.4.1
with:
script: |
// Check that the code to be deployed is the latest code on the branch on GitHub
// If you want to rollback changes to prod, consider using a revert commit to main
//
const response = await github.rest.repos.getCommit({
owner: context.repo.owner,
repo: context.repo.repo,
ref: 'refs/heads/main',
});
const mainBranchCommitSha = response.data.sha
if (context.sha !== mainBranchCommitSha) {
core.info(`Workflow run GITHUB_SHA ${context.sha} does not match main branch commit sha ${mainBranchCommitSha}`)
core.error('Code to deploy does not match code in main branch')
core.setFailed('Refusing to deploy, please do not re-run this workflow run')
}
- name: Download build artifact
uses: actions/download-artifact@v3.0.2
with:
name: build
- name: Install the CF CLI
run: |
wget https://s3-us-west-1.amazonaws.com/v7-cf-cli-releases/releases/v7.2.0/cf7-cli-installer_7.2.0_x86-64.deb
sudo dpkg -i cf7-cli-installer_7.2.0_x86-64.deb
- name: Authenticate
env:
# CF_USERNAME and CF_PASSWORD are used by the `cf auth` command to login
# We use an environment variable instead of passing the details as options using -u / -p to reduce the risk of them being recorded in logs
# https://cli.cloudfoundry.org/en-US/v6/auth.html
CF_USERNAME: 'design-system-deploy+design-system@digital.cabinet-office.gov.uk'
CF_PASSWORD: ${{ secrets.CF_PASSWORD }}
run: |
echo "Logging into $CF_ORG/$CF_SPACE..."
cf api "${CF_API}"
cf auth
cf target -o "${CF_ORG}" -s "${CF_SPACE}"
# Parse app name from manifest to ensure it matches up
- name: Fetch app name from manifest
run: echo "APP_NAME=$(ruby -e "require 'yaml'; config = YAML.load_file('manifest.yml'); puts config['applications'][0]['name']")" >> $GITHUB_ENV
- name: Deploy to PaaS
# Deploy app and set up app healthcheck https://docs.cloudfoundry.org/devguide/deploy-apps/healthchecks.html
run: |
echo "Deploying $APP_NAME to $CF_ORG/$CF_SPACE..."
cf push $APP_NAME --strategy rolling
cf logout