Merge pull request #652 from developer-overheid-nl/blog-post-identity… #11
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy to Production | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - main | |
| env: | |
| IMAGE_NAME: ghcr.io/${{ github.repository }} | |
| INFRA_REPO: ${{ vars.INFRA_REPO }} | |
| KUSTOMIZE_PATH: ${{ vars.KUSTOMIZE_PATH }} | |
| DEPLOY_ENV: prod | |
| jobs: | |
| create-infra-pr: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Parse infra repository | |
| id: infra-repo | |
| run: | | |
| INFRA_REPO="${{ env.INFRA_REPO }}" | |
| if [[ -z "$INFRA_REPO" || "$INFRA_REPO" != */* ]]; then | |
| echo "INFRA_REPO moet de vorm owner/repo hebben, huidige waarde: '$INFRA_REPO'" >&2 | |
| exit 1 | |
| fi | |
| echo "owner=${INFRA_REPO%%/*}" >> "$GITHUB_OUTPUT" | |
| echo "repo=${INFRA_REPO#*/}" >> "$GITHUB_OUTPUT" | |
| - name: Genereer app token (Release proces app) | |
| id: app-token | |
| uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 | |
| with: | |
| app-id: ${{ secrets.RELEASE_PROCES_APP_ID }} | |
| private-key: ${{ secrets.RELEASE_PROCES_APP_PRIVATE_KEY }} | |
| owner: ${{ steps.infra-repo.outputs.owner }} | |
| repositories: ${{ steps.infra-repo.outputs.repo }} | |
| - name: Checkout don-infra | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd | |
| with: | |
| repository: ${{ env.INFRA_REPO }} | |
| token: ${{ steps.app-token.outputs.token }} | |
| - name: Maak release branch aan in don-infra | |
| id: branch | |
| run: | | |
| BRANCH="release/don-site-${{ github.sha }}" | |
| echo "branch=$BRANCH" >> $GITHUB_OUTPUT | |
| git checkout -b "$BRANCH" | |
| - name: Update image tag in prod overlay | |
| run: | | |
| KUSTOMIZATION_FILE="${{ env.KUSTOMIZE_PATH }}${{ env.DEPLOY_ENV }}/kustomization.yaml" | |
| yq e '(.images[] | select(.newName == "${{ env.IMAGE_NAME }}")).newTag = "${{ github.sha }}"' -i "$KUSTOMIZATION_FILE" | |
| - name: Commit en push release branch | |
| run: | | |
| KUSTOMIZATION_FILE="${{ env.KUSTOMIZE_PATH }}${{ env.DEPLOY_ENV }}/kustomization.yaml" | |
| git config user.name "${{ github.actor }}" | |
| git config user.email "${{ github.actor_id }}+${{ github.actor }}@users.noreply.github.com" | |
| git add "$KUSTOMIZATION_FILE" | |
| git commit -m "release: don-site → ${{ github.sha }} | |
| Commit: ${{ github.server_url }}/${{ github.repository }}/commit/${{ github.sha }}" | |
| git push origin "${{ steps.branch.outputs.branch }}" | |
| - name: Maak PR aan in don-infra | |
| env: | |
| GH_TOKEN: ${{ steps.app-token.outputs.token }} | |
| run: | | |
| gh pr create \ | |
| --repo "${{ env.INFRA_REPO }}" \ | |
| --base main \ | |
| --head "${{ steps.branch.outputs.branch }}" \ | |
| --title "Release: don-site → ${GITHUB_SHA::7}" \ | |
| --body "## don-site productie deploy | |
| **Image:** \`${{ env.IMAGE_NAME }}:${{ github.sha }}\` | |
| **Branch:** \`${{ github.ref_name }}\` | |
| **Commit:** ${{ github.server_url }}/${{ github.repository }}/commit/${{ github.sha }} | |
| Merge deze PR om de nieuwe versie naar productie te deployen." |