Skip to content

K8s Apply

K8s Apply #45

Workflow file for this run

name: K8s Apply
on:
workflow_dispatch:
inputs:
environment:
description: 'Environment'
required: true
type: environment
force_restart:
description: 'Force Deployment Rollout Restart'
required: true
default: false
type: boolean
permissions:
id-token: write
contents: read
jobs:
# initChecks:
# runs-on: ubuntu-22.04
# environment: ${{ inputs.environment }}
# steps:
# - name: Check user is a ${{ vars.ALLOWED_DEPLOY_GH_TEAMS }} team member
# id: checkUserPermissions
# if: ${{ inputs.environment != 'dev' }}
# env:
# GITHUB_TOKEN: ${{ secrets.BOT_TEAMS_RO_PAT }}
# ORG: ${{ github.repository_owner }}
# TEAMS: ${{ vars.ALLOWED_DEPLOY_GH_TEAMS }}
# USER: ${{ github.triggering_actor }}
# run: |
# set -euo pipefail
# TEAMS_LIST=$(echo $TEAMS | tr "," "\n")
# CHECK_SUCCESS=0
# for TEAM in $TEAMS_LIST; do
# set +e
# # Check current user membership with gh api
# echo "Check if user is member of $TEAM"
# GH_TEAM_MEMBERSHIP_RESPONSE=$(gh api -i --method GET -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" \/orgs/$ORG/teams/$TEAM/memberships/$USER)
# set -e
# # Extract the HTTP status code
# HTTP_CODE=$(echo $GH_TEAM_MEMBERSHIP_RESPONSE | head -n 1 | cut -d' ' -f 2)
# if [[ $HTTP_CODE -eq 200 ]]; then
# echo "User is member of $TEAM"
# CHECK_SUCCESS=1
# break
# else
# echo "User is NOT member of $TEAM"
# fi
# done
# if [[ $CHECK_SUCCESS -eq 0 ]]; then
# echo "::error:: Resource not found. Please check the organization ($ORG), team ($TEAMS), and username ($USER). $USER is not memeber of specified teams."
# exit 1
# fi
# echo "$USER has the correct permissions to execute the workflow."
# create_runner:
# name: Create Self-Hosted Runner
# runs-on: ubuntu-22.04
# environment: ${{ inputs.environment }}
# needs: [ initChecks ]
# outputs:
# ecs_task_id: ${{ steps.start_runner.outputs.ecs_task_id }}
# strategy:
# matrix:
# index: [1,2,3,4,5,6,7,8,9,10]
# fail-fast: false
# steps:
# - name: Start GitHub Runner
# id: start_runner
# uses: pagopa/interop-github-runner-aws-create-action@main
# with:
# aws_region: ${{ secrets.AWS_REGION }}
# iam_role_arn: ${{ secrets.ECS_IAM_ROLE_ARN }}
# ecs_cluster_name: ${{ secrets.ECS_CLUSTER_NAME }}
# ecs_task_definition: ${{ secrets.ECS_TASK_DEFINITION }}
# ecs_task_cpu: ${{ vars.ECS_TASK_CPU }}
# ecs_task_memory: ${{ vars.ECS_TASK_MEMORY }}
# ecs_container_name: ${{ vars.ECS_TASK_CONTAINER_NAME }}
# ecs_task_subnet_id: ${{ secrets.SUBNET_ID }}
# ecs_task_sec_group: ${{ secrets.SEC_GROUP_ID }}
# ecs_task_max_duration_seconds: ${{ vars.ECS_TASK_MAX_DURATION_SECONDS }}
# pat_token: ${{ secrets.BOT_TOKEN }}
# environment: ${{ inputs.environment }}
# deploy:
# needs: [ create_runner ]
# secrets: inherit
# uses: ./.github/workflows/k8s-apply-sub.yaml
# with:
# environment: ${{ inputs.environment }}
# timeout_seconds: 180
# delete_runner:
# name: Delete Self-Hosted Runner
# needs: [create_runner, deploy]
# if: ${{ always() }}
# runs-on: ubuntu-22.04
# environment: ${{ inputs.environment }}
# strategy:
# matrix:
# index: [1,2,3,4,5,6,7,8,9,10]
# fail-fast: false
# steps:
# - name: Stop Github Runner
# id: stop_runner
# uses: pagopa/interop-github-runner-aws-cleanup-action@main
# with:
# aws_region: ${{ secrets.AWS_REGION }}
# iam_role_arn: ${{ secrets.ECS_IAM_ROLE_ARN }}
# ecs_cluster_name: ${{ secrets.ECS_CLUSTER_NAME }}
# pat_token: ${{ secrets.BOT_TOKEN }}
# environment: ${{ inputs.environment }}
tf_apply:
secrets: inherit
uses: ./.github/workflows/tf-apply.yaml
with:
environment: ${{ inputs.environment }}
timeout_seconds: 300