Merge pull request #16449 from CDCgov/platform/david-navapbc/04nov24/… #3849

Workflow file for this run

.github/workflows/release_to_azure.yml at ed28a56


	name: Release to Azure

	on:
	push:
	branches:
	- main
	- production
	- test
	- demo1
	- demo2
	- demo3

	defaults:
	run:
	working-directory: prime-router

	jobs:
	pre_job:
	name: "Set Build Environment"
	runs-on: ubuntu-latest
	outputs:
	env_name: ${{ steps.build_vars.outputs.env_name }}
	version: ${{ steps.build_vars.outputs.version }}
	has_router_change: ${{ steps.build_vars.outputs.has_router_change }}
	has_frontend_change: ${{ steps.build_vars.outputs.has_frontend_change }}
	dns_ip: ${{ steps.build_vars.outputs.dns_ip }}
	steps:
	- name: Check out changes
	uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938

	- name: Build vars
	id: build_vars
	uses: ./.github/actions/build-vars
	with:
	sp-creds: ${{ secrets.SERVICE_PRINCIPAL_CREDS }}

	build_router_release:
	name: "Release: Build Router"
	needs:
	- pre_job
	if: needs.pre_job.outputs.has_router_change == 'true'
	runs-on: ubuntu-latest
	steps:
	- name: Check out changes
	uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938

	- name: Build backend
	uses: ./.github/actions/build-backend
	with:
	version: ${{ needs.pre_job.outputs.version }}

	build_frontend_react_release:
	name: "Release: Build Frontend (React)"
	needs:
	- pre_job
	if: needs.pre_job.outputs.has_frontend_change == 'true'
	runs-on: ubuntu-latest
	defaults:
	run:
	working-directory: frontend-react
	steps:
	- name: Check out changes
	uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938

	- name: Build frontend
	uses: ./.github/actions/build-frontend
	with:
	env-name: ${{ needs.pre_job.outputs.env_name }}
	appinsights-staging-key: ${{ secrets.APPINSIGHTS_STAGING_KEY }}
	appinsights-prod-key: ${{ secrets.APPINSIGHTS_PROD_KEY }}
	version: ${{ needs.pre_job.outputs.version }}
	test-admin-user: ${{ secrets.TEST_ADMIN_USERNAME }}
	test-admin-password: ${{ secrets.TEST_ADMIN_PASSWORD }}
	test-sender-user: ${{ secrets.TEST_SENDER_USERNAME }}
	test-sender-password: ${{ secrets.TEST_SENDER_PASSWORD }}
	test-receiver-user: ${{ secrets.TEST_RECEIVER_USERNAME }}
	test-receiver-password: ${{ secrets.TEST_RECEIVER_PASSWORD }}

	deploy_infrastructure:
	name: "Deploy Infrastructure: ${{ needs.pre_job.outputs.env_name }}"
	needs:
	- pre_job
	if: \|
	needs.pre_job.outputs.env_name == 'demo1' \|\|
	needs.pre_job.outputs.env_name == 'demo2' \|\|
	needs.pre_job.outputs.env_name == 'demo3'
	environment: ${{ needs.pre_job.outputs.env_name }}
	concurrency: demo
	runs-on: ubuntu-latest
	steps:
	- name: Check out changes
	uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938

	- name: Use specific version of Terraform
	uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd
	with:
	terraform_version: 1.7.4
	terraform_wrapper: false

	- name: Connect to VPN and login to Azure
	uses: ./.github/actions/vpn-azure
	with:
	env-name: ${{ needs.pre_job.outputs.env_name }}
	sp-creds: ${{ secrets.SERVICE_PRINCIPAL_CREDS }}
	tf-auth: true

	- name: Provision demo environment
	uses: ./.github/actions/demo-env
	with:
	env-name: ${{ needs.pre_job.outputs.env_name }}
	github-token: ${{ secrets.DEMO_ENV }}
	backup-age-limit: 7200
	backup-from: staging

	approve_router_release:
	name: "Approve Router Release: ${{ needs.pre_job.outputs.env_name }}"
	needs:
	- pre_job
	- build_router_release
	- deploy_infrastructure
	if: \|
	always() &&
	!cancelled() &&
	!failure() &&
	needs.pre_job.outputs.has_router_change == 'true'
	environment: ${{ needs.pre_job.outputs.env_name }}-router
	concurrency: ${{ needs.pre_job.outputs.env_name }}-router
	runs-on: ubuntu-latest
	steps:
	- name: Check out changes
	uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938

	- name: Login to Azure
	if: \|
	needs.pre_job.outputs.has_router_change == 'true' \|\|
	needs.pre_job.outputs.has_frontend_change == 'true'
	uses: ./.github/actions/vpn-azure
	with:
	env-name: ${{ needs.pre_job.outputs.env_name }}
	sp-creds: ${{ secrets.SERVICE_PRINCIPAL_CREDS }}

	- name: Get function app checksum
	env:
	checksum_validation: ${{ vars.CHECKSUM_VALIDATION }}
	if: needs.pre_job.outputs.has_router_change == 'true' && env.checksum_validation == 'true'

	uses: JosiahSiegel/checksum-validate-action@ebdf8c12c00912d18de93c483b935d51582f9236
	## DevSecOps - Aquia (Replace) - uses: ./.github/actions/checksum-validate-action

	with:
	key: backend
	input: $(az functionapp config appsettings list -g prime-data-hub-${{ needs.pre_job.outputs.env_name }} -n pdh${{ needs.pre_job.outputs.env_name }}-functionapp -o tsv \| sort)

	approve_frontend_release:
	name: "Approve Frontend Release: ${{ needs.pre_job.outputs.env_name }}"
	needs:
	- pre_job
	- build_frontend_react_release
	if: \|
	always() &&
	!cancelled() &&
	!failure() &&
	needs.pre_job.outputs.has_frontend_change == 'true'
	environment: ${{ needs.pre_job.outputs.env_name }}-frontend
	concurrency: ${{ needs.pre_job.outputs.env_name }}-frontend
	runs-on: ubuntu-latest
	steps:
	- name: Check out changes
	uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938

	deploy_router_release:
	name: "Deploy Router Release: ${{ needs.pre_job.outputs.env_name }}"
	needs:
	- pre_job
	- approve_router_release
	if: \|
	always() &&
	!cancelled() &&
	!failure() &&
	needs.pre_job.outputs.has_router_change == 'true'
	environment: ${{ needs.pre_job.outputs.env_name }}
	concurrency: ${{ needs.pre_job.outputs.env_name }}
	runs-on: ubuntu-latest
	steps:
	- name: Check out changes
	uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938

	- name: Connect to VPN and login to Azure
	uses: ./.github/actions/vpn-azure
	with:
	env-name: ${{ needs.pre_job.outputs.env_name }}
	tls-key: ${{ secrets.TLS_KEY }}
	ca-cert: ${{ secrets.CA_CRT}}
	user-crt: ${{ secrets.USER_CRT }}
	user-key: ${{ secrets.USER_KEY }}
	sp-creds: ${{ secrets.SERVICE_PRINCIPAL_CREDS }}
	dns-ip: ${{ needs.pre_job.outputs.dns_ip }}

	- name: Deploy backend
	env:
	checksum_validation: ${{ vars.CHECKSUM_VALIDATION }}
	uses: ./.github/actions/deploy-backend
	with:
	env-name: ${{ needs.pre_job.outputs.env_name }}
	dct-root-pass: ${{ secrets.DCT_ROOT_PASS }}
	dct-repo-pass: ${{ secrets.DCT_REPO_PASS }}
	version: ${{ needs.pre_job.outputs.version }}
	checksum-validation: ${{ env.checksum_validation }}

	deploy_frontend_release:
	name: "Deploy Frontend Release: ${{ needs.pre_job.outputs.env_name }}"
	needs:
	- pre_job
	- approve_frontend_release
	if: \|
	always() &&
	!cancelled() &&
	!failure() &&
	needs.pre_job.outputs.has_frontend_change == 'true'
	environment: ${{ needs.pre_job.outputs.env_name }}
	concurrency: ${{ needs.pre_job.outputs.env_name }}
	runs-on: ubuntu-latest
	steps:
	- name: Check out changes
	uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938

	- name: Connect to VPN and login to Azure
	uses: ./.github/actions/vpn-azure
	with:
	env-name: ${{ needs.pre_job.outputs.env_name }}
	tls-key: ${{ secrets.TLS_KEY }}
	ca-cert: ${{ secrets.CA_CRT}}
	user-crt: ${{ secrets.USER_CRT }}
	user-key: ${{ secrets.USER_KEY }}
	sp-creds: ${{ secrets.SERVICE_PRINCIPAL_CREDS }}
	dns-ip: ${{ needs.pre_job.outputs.dns_ip }}

	- name: Deploy frontend
	uses: ./.github/actions/deploy-frontend
	with:
	env-name: ${{ needs.pre_job.outputs.env_name }}
	version: ${{ needs.pre_job.outputs.version }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge pull request #16449 from CDCgov/platform/david-navapbc/04nov24/… #3849

Workflow file

Merge pull request #16449 from CDCgov/platform/david-navapbc/04nov24/… #3849

Jobs

Run details

Workflow file for this run