Solar System - Main Pipeline #250
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Solar System - Main Pipeline | |
| on: | |
| push: # Auto-trigger on push | |
| branches: [main] | |
| workflow_dispatch: | |
| inputs: | |
| skip-tests: | |
| description: 'Skip CI tests' | |
| required: false | |
| default: false | |
| type: boolean | |
| skip-docker: | |
| description: 'Skip Docker build' | |
| required: false | |
| default: false | |
| type: boolean | |
| skip-terraform: | |
| description: 'Skip Terraform deployment' | |
| required: false | |
| default: false | |
| type: boolean | |
| skip-argocd: | |
| description: 'Skip ArgoCD deployment' | |
| required: false | |
| default: false | |
| type: boolean | |
| skip-monitoring: | |
| description: 'Skip Monitoring deployment' | |
| required: false | |
| default: false | |
| type: boolean | |
| skip-deployment: | |
| description: 'Skip Application deployment' | |
| required: false | |
| default: false | |
| type: boolean | |
| skip-karpenter: | |
| description: 'Skip Karpenter deployment' | |
| required: false | |
| default: false | |
| type: boolean | |
| force-all: # Force all workflows | |
| description: 'Force run all workflows (ignore path detection)' | |
| required: false | |
| default: false | |
| type: boolean | |
| permissions: | |
| contents: write | |
| packages: write | |
| id-token: write | |
| actions: read | |
| jobs: | |
| # Detect what changed | |
| detect-changes: | |
| name: Detect Changes | |
| runs-on: ubuntu-latest | |
| outputs: | |
| app-changed: ${{ steps.changes.outputs.app }} | |
| infra-changed: ${{ steps.changes.outputs.infra }} | |
| is-manual: ${{ github.event_name == 'workflow_dispatch' }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v5 | |
| with: | |
| fetch-depth: 2 | |
| - name: Detect file changes | |
| uses: dorny/paths-filter@v2 | |
| id: changes | |
| with: | |
| filters: | | |
| app: | |
| - 'app_test.py' | |
| - 'app.py' | |
| - 'index.html' | |
| - 'Dockerfile' | |
| - 'static/**' | |
| - '.github/workflows/ci.yml' | |
| - '.github/workflows/docker.yml' | |
| infra: | |
| - 'Terraform/**' | |
| - '.github/workflows/terraform.yml' | |
| - '.github/workflows/karpenter.yml' | |
| - 'karpenter/**' | |
| - '.github/workflows/argocd.yml' | |
| - 'argocd/application.yml' | |
| - '.github/workflows/deploy.yml' | |
| - 'argocd/monitoring.yml' | |
| - '.github/workflows/monitoring.yml' | |
| - name: Debug - List changed files | |
| run: | | |
| echo "Changed files in this push:" | |
| git diff --name-only HEAD~1 HEAD || echo "No previous commit to compare" | |
| echo "App changed: ${{ steps.changes.outputs.app }}" | |
| echo "Infra changed: ${{ steps.changes.outputs.infra }}" | |
| # CI Tests - runs when app changes or manual dispatch | |
| ci: | |
| name: Run CI Tests | |
| needs: [detect-changes] | |
| if: | | |
| !inputs.skip-tests && ( | |
| inputs.force-all || | |
| (github.event_name == 'workflow_dispatch') || | |
| needs.detect-changes.outputs.app-changed == 'true' | |
| ) | |
| uses: ./.github/workflows/ci.yml | |
| secrets: inherit | |
| permissions: | |
| contents: write | |
| packages: write | |
| id-token: write | |
| actions: read | |
| # Docker Build - runs after CI when app changes or manual dispatch | |
| docker: | |
| name: Build Docker Image | |
| needs: [ci, detect-changes] | |
| if: | | |
| !cancelled() && | |
| !inputs.skip-docker && | |
| (needs.ci.result == 'success' || (needs.ci.result == 'skipped' && inputs.skip-tests)) && ( | |
| inputs.force-all || | |
| (github.event_name == 'workflow_dispatch') || | |
| needs.detect-changes.outputs.app-changed == 'true' | |
| ) | |
| permissions: | |
| contents: write | |
| packages: write | |
| id-token: write | |
| actions: read | |
| uses: ./.github/workflows/docker.yml | |
| secrets: inherit | |
| terraform: | |
| name: Deploy Infrastructure | |
| needs: [docker, detect-changes] | |
| if: | | |
| !cancelled() && | |
| !inputs.skip-terraform && ( | |
| needs.docker.result == 'success' || | |
| needs.docker.result == 'skipped' || | |
| (needs.detect-changes.outputs.infra-changed == 'true' && needs.detect-changes.outputs.app-changed == 'false') | |
| ) && ( | |
| inputs.force-all || | |
| (github.event_name == 'workflow_dispatch') || | |
| needs.detect-changes.outputs.infra-changed == 'true' | |
| ) | |
| uses: ./.github/workflows/terraform.yml | |
| secrets: inherit | |
| permissions: | |
| contents: write | |
| packages: write | |
| id-token: write | |
| actions: read | |
| # Karpenter - runs after terraform when infra changes or manual dispatch | |
| karpenter: | |
| name: Deploy Karpenter | |
| needs: [terraform, detect-changes] | |
| if: | | |
| !cancelled() && | |
| !inputs.skip-karpenter && | |
| (needs.terraform.result == 'success' || (needs.terraform.result == 'skipped' && inputs.skip-terraform)) && ( | |
| inputs.force-all || | |
| (github.event_name == 'workflow_dispatch') || | |
| needs.detect-changes.outputs.infra-changed == 'true' | |
| ) | |
| uses: ./.github/workflows/karpenter.yml | |
| secrets: inherit | |
| with: | |
| cluster_name: ${{ needs.terraform.outputs.cluster_name }} | |
| karpenter_nodepool_name: ${{ needs.terraform.outputs.karpenter_nodepool_name }} | |
| karpenter_nodeclass_name: ${{ needs.terraform.outputs.karpenter_nodeclass_name }} | |
| karpenter_node_role: ${{ needs.terraform.outputs.karpenter_node_role }} | |
| karpenter_instance_profile: ${{ needs.terraform.outputs.karpenter_instance_profile }} | |
| karpenter_namespace: ${{ needs.terraform.outputs.karpenter_namespace }} | |
| karpenter_controller_cpu_request: ${{ needs.terraform.outputs.karpenter_controller_cpu_request }} | |
| karpenter_controller_memory_request: ${{ needs.terraform.outputs.karpenter_controller_memory_request }} | |
| karpenter_controller_cpu_limit: ${{ needs.terraform.outputs.karpenter_controller_cpu_limit }} | |
| karpenter_controller_memory_limit: ${{ needs.terraform.outputs.karpenter_controller_memory_limit }} | |
| permissions: | |
| contents: write | |
| packages: write | |
| id-token: write | |
| actions: read | |
| # ArgoCD - runs after karpenter when infra changes or manual dispatch | |
| argocd: | |
| name: Deploy ArgoCD Applications | |
| needs: [terraform, karpenter, detect-changes] | |
| if: | | |
| !cancelled() && | |
| !inputs.skip-argocd && | |
| (needs.karpenter.result == 'success' || (needs.karpenter.result == 'skipped' && inputs.skip-karpenter)) && ( | |
| inputs.force-all || | |
| (github.event_name == 'workflow_dispatch') || | |
| needs.detect-changes.outputs.infra-changed == 'true' | |
| ) | |
| uses: ./.github/workflows/argocd.yml | |
| secrets: inherit | |
| with: | |
| cluster_name: ${{ needs.terraform.outputs.cluster_name }} | |
| app_namespace: ${{ needs.terraform.outputs.app_namespace }} | |
| monitoring_namespace: ${{ needs.terraform.outputs.monitoring_namespace }} | |
| argocd_namespace: ${{ needs.terraform.outputs.argocd_namespace }} | |
| app_name: ${{ needs.terraform.outputs.app_name }} | |
| image_tag: ${{ github.sha }} | |
| permissions: | |
| contents: write | |
| packages: write | |
| id-token: write | |
| actions: read | |
| # Monitoring - runs first after ArgoCD | |
| monitoring: | |
| name: Deploy Monitoring Stack | |
| needs: [terraform, argocd, detect-changes] | |
| if: | | |
| !cancelled() && | |
| !inputs.skip-monitoring && | |
| (needs.argocd.result == 'success' || (needs.argocd.result == 'skipped' && inputs.skip-argocd)) && ( | |
| inputs.force-all || | |
| (github.event_name == 'workflow_dispatch') || | |
| needs.detect-changes.outputs.infra-changed == 'true' | |
| ) | |
| uses: ./.github/workflows/monitoring.yml | |
| secrets: inherit | |
| with: | |
| cluster_name: ${{ needs.terraform.outputs.cluster_name }} | |
| app_namespace: ${{ needs.terraform.outputs.app_namespace }} | |
| monitoring_namespace: ${{ needs.terraform.outputs.monitoring_namespace }} | |
| argocd_namespace: ${{ needs.terraform.outputs.argocd_namespace }} | |
| app_name: ${{ needs.terraform.outputs.app_name }} | |
| image_tag: ${{ github.sha }} | |
| permissions: | |
| contents: write | |
| packages: write | |
| id-token: write | |
| actions: read | |
| # Application Deployment - runs after monitoring completes | |
| deployment: | |
| name: Deploy Application | |
| needs: [terraform, monitoring, detect-changes] | |
| if: | | |
| !cancelled() && | |
| !inputs.skip-deployment && | |
| (needs.monitoring.result == 'success' || (needs.monitoring.result == 'skipped' && inputs.skip-monitoring)) && ( | |
| inputs.force-all || | |
| (github.event_name == 'workflow_dispatch') || | |
| needs.detect-changes.outputs.infra-changed == 'true' | |
| ) | |
| uses: ./.github/workflows/deploy.yml | |
| secrets: inherit | |
| with: | |
| cluster_name: ${{ needs.terraform.outputs.cluster_name }} | |
| app_namespace: ${{ needs.terraform.outputs.app_namespace }} | |
| monitoring_namespace: ${{ needs.terraform.outputs.monitoring_namespace }} | |
| argocd_namespace: ${{ needs.terraform.outputs.argocd_namespace }} | |
| app_name: ${{ needs.terraform.outputs.app_name }} | |
| image_tag: ${{ github.sha }} | |
| permissions: | |
| contents: write | |
| packages: write | |
| id-token: write | |
| actions: read | |
| # Show endpoints - runs after deployment completes | |
| show-endpoints: | |
| name: Show Service Endpoints | |
| needs: [terraform, detect-changes, deployment, monitoring] | |
| if: | | |
| !cancelled() && ( | |
| (github.event_name == 'workflow_dispatch') || | |
| (needs.detect-changes.outputs.infra-changed == 'true' && ( | |
| needs.deployment.result == 'success' || | |
| needs.monitoring.result == 'success' | |
| )) | |
| ) | |
| uses: ./.github/workflows/endpoints.yml | |
| secrets: inherit | |
| with: | |
| cluster_name: ${{ needs.terraform.outputs.cluster_name }} | |
| app_namespace: ${{ needs.terraform.outputs.app_namespace }} | |
| monitoring_namespace: ${{ needs.terraform.outputs.monitoring_namespace }} | |
| argocd_namespace: ${{ needs.terraform.outputs.argocd_namespace }} | |
| app_name: ${{ needs.terraform.outputs.app_name }} | |
| image_tag: ${{ github.sha }} | |
| permissions: | |
| contents: read | |
| id-token: write |