Integrate new staging workflow

.github/workflows/build-and-deploy-to-eks.yaml

@@ -0,0 +1,206 @@
+name: Kubernetes
+on:
+  workflow_call:
+    inputs:
+      artifactName:
+        required: false
+        description: Downloads a previously uploaded artifact (has to be in the same workflow). Both artifactPath and artifactName have to be passed.
+        default: ""
+        type: string
+      artifactPath:
+        required: false
+        description: Downloads a previously uploaded artifact (has to be in the same workflow). Both artifactPath and artifactName have to be passed.
+        default: ""
+        type: string
+      description:
+        required: false
+        type: string
+      deploymentRepoPath:
+        required: false
+        description: Path to the values.yaml file in the deployment repository (e.g. .chart/staging)
+        type: string
+      deploymentRepoURL:
+        required: false
+        description: URL of the deployment repository
+        type: string
+      createGitHubDeployment:
+        required: false
+        default: false
+        type: boolean
+      enableContainerScan:
+        required: false
+        default: true
+        type: boolean
+      env:
+        required: true
+        type: string
+      imageTargets:
+        required: false
+        description: Sets targets for as many image builds as targets specified in Containerfile
+        default: ""
+        type: string
+      ref:
+        required: true
+        type: string
+      runner:
+        required: false
+        default: ubuntu-latest
+        type: string
+      sentryOrg:
+        required: false
+        type: string
+      sentryProject:
+        required: false
+        type: string
+      sentryEnvironment:
+        required: false
+        type: string
+      sentryUrl:
+        required: false
+        type: string
+      slackChannelId:
+        required: false
+        type: string
+      tagPath:
+        required: false
+        type: string
+    secrets:
+      slackBotToken:
+        required: false
+        description: The Slack bot token to write messages in the desired channels (required if slack channel ids are provided)
+      sentryAuthToken:
+        required: false
+      REPO_ACCESS_TOKEN:
+        required: false
+      AWS_ROLE_TO_ASSUME:
+        required: true
+        description: AWS OIDC role for GitHub to assume
+
+jobs:
+  init:
+    runs-on: ${{ inputs.runner }}
+    outputs:
+      version: ${{ steps.vars.outputs.version }}
+    steps:
+      - name: Load deployment variables
+        id: vars
+        run: |
+          REF="${{ inputs.ref }}"
+          SHA="${{ github.sha }}"
+          if [[ "${{ inputs.env }}" == 'prod' ]]
+          then
+            # shellcheck disable=SC2086
+            echo "version=${REF##*/}" >> $GITHUB_OUTPUT
+          else
+            # shellcheck disable=SC2086
+            echo "version=${SHA:0:7}" >> $GITHUB_OUTPUT
+
+  build:
+    needs: init
+    runs-on: ${{ inputs.runner }}
+    permissions:
+      contents: read
+      id-token: write
+    uses: parcelLab/ci/.github/workflows/build-image.yaml@v9.0.0
+    with:
+      artifactName: ${{ inputs.artifactName }}
+      artifactPath: ${{ inputs.artifactPath }}
+      imageTargets: ${{ inputs.imageTargets }}
+      enableContainerScan: ${{ inputs.enableContainerScan }}
+      runner: ${{ inputs.runner }}
+      version: ${{ needs.init.outputs.version }}
+    secrets: inherit
+
+  commit:
+    needs: build
+    environment: ${{ inputs.env }}
+    concurrency: commit-${{ inputs.deploymentRepoURL }}-${{ github.sha }}
+    runs-on: ${{ inputs.runner }}
+    steps:
+      - name: Checkout current git repository
+        uses: actions/checkout@v6
+      - name: Deploy ${{ github.sha }} to ${{ inputs.env }} values
+        uses: mikefarah/yq@v4.30.8
+        with:
+          cmd: yq '(.${{ inputs.tagPath }} = "${{ needs.init.outputs.version }}")' -i ${{ inputs.deploymentRepoPath }}/values.yaml
+      - name: Commit and push new tag
+        run: |
+          set -euxo pipefail
+          git config user.email "dev.bot@parcellab.com"
+          git config user.name "parcellab-dev-bot"
+          git add ${{ inputs.deploymentRepoPath }}/values.yaml
+          if git diff --cached --quiet; then
+            echo "No changes to commit"
+            exit 0
+          fi
+          git commit -m "chore(deploy): set ${{ inputs.env }} image tag to ${{ needs.init.outputs.version }}"
+
+          if [ "${{ inputs.env }}" = "staging" ]; then
+            echo "Commit new tag to staging"
+            NEW_SHA=$(git rev-parse HEAD)
+            VERSION="${{ needs.init.outputs.version }}"
+            git tag -fa staging -m "staging deploy ${VERSION} (${NEW_SHA}) via ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}" "${NEW_SHA}"
+            git push origin -f refs/tags/staging
+          else
+            echo "Commit new tag to ${{ inputs.env }}"
+            git push origin HEAD:main
+          fi
+
+  post-deploy:
+    needs: [init, commit]
+    runs-on: ${{ inputs.runner }}
+    steps:
+      - if: inputs.slackChannelId
+        name: Send out Slack notification
+        continue-on-error: true
+        uses: darioblanco/slack-deployment@main
+        env:
+          SLACK_BOT_TOKEN: ${{ secrets.slackBotToken }}
+        with:
+          channel_id: ${{ inputs.slackChannelId }}
+          deployment_description: "No description"
+          deployment_name: ${{ inputs.artifactName != '' && inputs.artifactName || 'unknown' }}
+          environment: ${{ inputs.env }}
+          owner: ${{ github.actor }}
+          package: ${{ inputs.artifactName != '' && inputs.artifactName || 'unknown' }}
+          ref: ${{ inputs.ref }}
+          repo: ${{ github.repository }}
+          sha: ${{ github.sha }}
+          status_url: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
+          url: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
+          version: ${{ needs.init.outputs.version }}
+      - if: inputs.sentryOrg != '' && inputs.sentryProject != ''
+        name: Create Sentry release
+        uses: getsentry/action-release@v1
+        env:
+          SENTRY_AUTH_TOKEN: ${{ secrets.sentryAuthToken }}
+          SENTRY_ORG: ${{ inputs.sentryOrg }}
+          SENTRY_PROJECT: ${{ inputs.sentryProject }}
+          SENTRY_URL: ${{ inputs.sentryUrl }}
+        with:
+          environment: ${{ inputs.sentryEnvironment != '' && inputs.sentryEnvironment || inputs.env }}
+          set_commits: skip
+          version: ${{ needs.init.outputs.version }}
+        continue-on-error: true
+      - if: inputs.createGitHubDeployment
+        name: Create GitHub Deployment
+        uses: chrnorm/deployment-action@v2
+        id: deployment
+        with:
+          token: ${{ secrets.REPO_ACCESS_TOKEN }}
+          ref: ${{ inputs.ref }}
+          environment: ${{ inputs.env }}
+          description: ${{ inputs.description != '' && inputs.description || format('Manual deployment {0}', github.sha) }}
+          auto-merge: false
+          payload: |
+            {"env":${{ toJSON(inputs.env) }},"name":"product-api","author":${{ toJSON(github.actor) }},"description":${{ toJSON(inputs.description) }},"kubernetes":{"versionKey":"monolith.image.tag"}}
+      - if: inputs.createGitHubDeployment
+        name: Set GitHub Deployment status to successful
+        uses: chrnorm/deployment-status@v2
+        with:
+          deployment-id: ${{ steps.deployment.outputs.deployment_id }}
+          environment-url: ${{ steps.deployment.outputs.environment_url }}
+          environment: ${{ inputs.env }}
+          state: "success"
+          token: ${{ github.token }}
+

.github/workflows/build-image.yaml

@@ -17,11 +17,6 @@ on:
         description: If provided, sets targets for as many image builds as targets specified
         default: ""
         type: string
-      preScript:
-        required: false
-        description: If provided, runs a script after repo checkout and before the docker image is built. Useful in case that you need to build a package outside of the docker image (and load the artifacts via copy).
-        default: ""
-        type: string
       enableContainerScan:
         required: false
         description: Apply the container scan

.github/workflows/kubernetes.yaml

@@ -204,7 +204,7 @@ jobs:
           repository: ${{ inputs.deploymentRepoURL }}
           directory: remote
           github_token: ${{ secrets.repoAccessToken }}
-          branch: main
+          branch: ${{ input.ref }}
       - if: success()
         name: Successful ${{ github.event.deployment.payload.name }} deployment
         uses: chrnorm/deployment-status@v2