add job to deploy to production after staging success

Co-authored-by: maysakanoni <maysa@madetech.com>
Co-authored-by: mattbee <matt.bee@madetech.com>

Author: 3 people

.github/workflows/data_platform_stg.yml

@@ -18,7 +18,7 @@ env:
 on:
   # This controls when a build will be triggered for a push. Unless you have a specific use case, this should be sufficient!
   push:
-    branches: [main]
+    branches: [mainy]
     paths-ignore:
       - "documentation/**"
       - "infrastructure/projects/**"

.github/workflows/deploy.yaml

@@ -0,0 +1,109 @@
+name: Data-Platform (Staging)
+env:
+  aws_deploy_region: "eu-west-2"
+  terraform_state_s3_key_prefix: "data-platform"
+  build_path: "."
+  automation_build_url: "https://github.com/LBHackney-IT/data-platform/actions/workflows/deploy.yml"
+on:
+  # This controls when a build will be triggered for a push. Unless you have a specific use case, this should be sufficient!
+  push:
+    branches: [main]
+    paths-ignore:
+      - "documentation/**"
+      - "infrastructure/projects/**"
+      - "infrastructure/platform/**"
+  # This allows a manual trigger of the build, where a branch can be set. Please https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#inputs
+  # or delete if you don't wish to allow manual triggers of the build
+  workflow_dispatch:
+    inputs:
+      terraform_import:
+        description: "Terraform import statements"
+        required: false
+      terraform_remove:
+        description: "Terraform state rm statements"
+        required: false
+
+# Nothing to change down from here!
+# Pay no attention to the man behind the curtain
+jobs:
+  deploy_stg:
+    name: Deploy Staging
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Source
+        uses: actions/checkout@v2
+      - name: Set Node.js 14
+        uses: actions/setup-node@v2
+        with:
+          node-version: "14"
+      - name: Install dependencies in rds-database-snapshot-replicator lambda
+        working-directory: "./lambdas/rds-database-snapshot-replicator/lambda"
+        run: npm install
+      - name: Set up Google Cloud Credentials
+        run: |
+            echo $GOOGLE_CREDENTIALS_STG >> ./google_service_account_creds.json
+        shell: bash
+        env:
+          GOOGLE_CREDENTIALS_STG: ${{secrets.GOOGLE_CREDENTIALS_STG}}
+      - name: Run AWS Terraform
+        uses: ./.github/actions/aws-terraform
+        with:
+          environment: "stg"
+          aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws_deploy_region: "eu-west-2"
+          terraform_state_s3_key_prefix: ${{ env.terraform_state_s3_key_prefix }}
+          build_path: ${{ env.build_path }}
+          automation_build_url: ${{ env.automation_build_url }}
+          aws_deploy_account: ${{ secrets.AWS_ACCOUNT_DATA_PLATFORM_STG }}
+          aws_api_account: ${{ secrets.AWS_API_ACCOUNT_STG }}
+          aws_deploy_iam_role_name: ${{ secrets.AWS_ROLE_TO_ASSUME }}
+          branch: ${GITHUB_REF##*/}
+          terraform_import: ${{ github.event.inputs.terraform_import }}
+          terraform_remove: ${{ github.event.inputs.terraform_remove }}
+          # DANGER ZONE
+          # In order to allow you to run a Terraform destroy (that will delete all AWS resources managed by Terraform,
+          # you can set terraform_destroy: 'destroy_me'. Not providing a value or any other value except 'destroy_me' will
+          # cause nothing to happen. The example here, with the value set to false is to ensure you've read this comment ;)
+          terraform_destroy: false
+  deploy_prod:
+    name: Deploy Production
+    needs: deploy_stg
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Source
+        uses: actions/checkout@v2
+      - name: Set Node.js 14
+        uses: actions/setup-node@v2
+        with:
+          node-version: "14"
+      - name: Install dependencies in rds-database-snapshot-replicator lambda
+        working-directory: "./lambdas/rds-database-snapshot-replicator/lambda"
+        run: npm install
+      - name: Set up Google Cloud Credentials
+        run: |
+            echo $GOOGLE_CREDENTIALS_STG >> ./google_service_account_creds.json
+        shell: bash
+        env:
+          GOOGLE_CREDENTIALS_STG: ${{secrets.GOOGLE_CREDENTIALS_STG}}
+      - name: Run AWS Terraform
+        uses: ./.github/actions/aws-terraform
+        with:
+          environment: "stg"
+          aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws_deploy_region: ${{ env.aws_deploy_region }}
+          terraform_state_s3_key_prefix: ${{ env.terraform_state_s3_key_prefix }}
+          build_path: ${{ env.build_path }}
+          automation_build_url: ${{ env.automation_build_url }}
+          aws_deploy_account: ${{ secrets.AWS_ACCOUNT_DATA_PLATFORM_STG }}
+          aws_api_account: ${{ secrets.AWS_API_ACCOUNT_STG }}
+          aws_deploy_iam_role_name: ${{ secrets.AWS_ROLE_TO_ASSUME }}
+          branch: ${GITHUB_REF##*/}
+          terraform_import: ${{ github.event.inputs.terraform_import }}
+          terraform_remove: ${{ github.event.inputs.terraform_remove }}
+          # DANGER ZONE
+          # In order to allow you to run a Terraform destroy (that will delete all AWS resources managed by Terraform,
+          # you can set terraform_destroy: 'destroy_me'. Not providing a value or any other value except 'destroy_me' will
+          # cause nothing to happen. The example here, with the value set to false is to ensure you've read this comment ;)
+          terraform_destroy: false