Skip to content

#2205 - Comp and Pen Batches (#2206) #371

#2205 - Comp and Pen Batches (#2206)

#2205 - Comp and Pen Batches (#2206) #371

Workflow file for this run

name: Continuous Deployment Pipeline
# note:
# It's useful to recognize that this workflow is designed to be triggered by a merge to the default branch.
# Therefore, ${{ github.sha }} will always be in reference to the SHA that originally triggered this workflow.
# $GITHUB_SHA, on the other hand, is created whenever actions/checkout@v4 is run
# note:
# environment:
# name:
# is keyword for using the environment protections.
# with:
# environment:
# is simply using a variable named environment
on:
push:
branches:
- main
jobs:
prepare-deployment:
runs-on: ${{ vars.RUNS_ON }}
steps:
- name: Checkout code
uses: actions/checkout@v4
pr-label-summary:
needs: prepare-deployment
uses: ./.github/workflows/pr-label-semver.yml
secrets: inherit
approval-deploy-perf:
needs: prepare-deployment
environment:
name: perf-deploy
runs-on: ${{ vars.RUNS_ON }}
steps:
- name: Pause for manual approval
run: |
echo "Deploying commit SHA ${{ github.sha }}, the latest merge to main"
echo "Deployment paused for manual approval."
pre-tag-summary:
needs: approval-deploy-perf
uses: ./.github/workflows/pre-tag-summary.yml
secrets: inherit
create-and-post-tag:
needs: pre-tag-summary
uses: ./.github/workflows/create-and-post-tag.yml
secrets: inherit
build-push-artifacts:
needs: create-and-post-tag
runs-on: ${{ vars.RUNS_ON }}
steps:
- name: Checkout Repo
uses: actions/checkout@v4
with:
ref: ${{ needs.create-and-post-tag.outputs.newVersion }}
- name: Build and Push Artifacts
uses: ./.github/actions/build-push-artifacts
with:
ref: ${{ needs.create-and-post-tag.outputs.newVersion }}
aws-access-key-id: ${{ secrets.VAEC_AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.VAEC_AWS_SECRET_ACCESS_KEY }}
role-to-assume: ${{ secrets.VAEC_DEPLOY_ROLE }}
deploy-to-perf:
needs: [create-and-post-tag, build-push-artifacts]
uses: ./.github/workflows/deploy-release.yml
secrets: inherit
with:
environment: perf
ref: ${{ needs.create-and-post-tag.outputs.newVersion }}
lambdaDeploy: true
approval-deploy:
needs: deploy-to-perf
environment:
name: staging-deploy
runs-on: ${{ vars.RUNS_ON }}
steps:
- name: Pause for manual approval
run: echo "Deployment paused for manual approval to staging and production."
create-release-notes:
needs: [create-and-post-tag, approval-deploy]
uses: ./.github/workflows/create-release-notes.yml
secrets: inherit
with:
previousVersion: ${{ needs.create-and-post-tag.outputs.previousVersion }}
deploy-to-staging:
needs: [create-release-notes, create-and-post-tag]
uses: ./.github/workflows/deploy-release.yml
secrets: inherit
with:
environment: staging
ref: ${{ needs.create-and-post-tag.outputs.newVersion }}
lambdaDeploy: true
publish-release-notes:
needs: [create-release-notes, deploy-to-staging]
uses: ./.github/workflows/publish-release-notes.yml
secrets: inherit
with:
draftReleaseReference: ${{ needs.create-release-notes.outputs.draftReleaseReference }}
deploy-to-prod:
if: vars.CODE_FREEZE == 'false'
needs: [publish-release-notes, create-and-post-tag]
uses: ./.github/workflows/deploy-release.yml
secrets: inherit
with:
environment: prod
ref: ${{ needs.create-and-post-tag.outputs.newVersion }}
lambdaDeploy: true