chore(deps): bump the sentry group with 2 updates (#504) #411
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "Deploy" | |
on: | |
push: | |
branches: | |
- main | |
concurrency: | |
group: deploy | |
cancel-in-progress: false | |
env: | |
FORCE_COLOR: 1 | |
jobs: | |
build: | |
name: Build Image and Push | |
runs-on: ubuntu-latest | |
outputs: | |
image-tag: ${{ steps.image-tag.outputs.image-tag }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Set Image Tag | |
id: image-tag | |
run: echo "image-tag=ghcr.io/rubberdok/server:${{ github.sha }}" >> "$GITHUB_OUTPUT" | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: USERNAME | |
password: ${{ github.token }} | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Build and push | |
uses: docker/build-push-action@v5 | |
with: | |
file: Dockerfile.prod | |
tags: | | |
${{ steps.image-tag.outputs.image-tag }} | |
ghcr.io/rubberdok/server:latest | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
push: true | |
deploy: | |
needs: [build] | |
name: Deploy Image | |
runs-on: ubuntu-latest | |
environment: production | |
defaults: | |
run: | |
working-directory: ./infrastructure/server/environments/production | |
env: | |
# We authenticate to Azure using service principal with Open ID Connect (OIDC) | |
# as outlined in https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/service_principal_oidc | |
# `ARM_CLIENT_ID`, `ARM_SUBSCRIPTION_ID`, and `ARM_TENANT_ID` are all required for this authentication method. | |
# They belong to the `indok_web` app registration in Azure AD. | |
ARM_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }} | |
ARM_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }} | |
ARM_TENANT_ID: ${{ vars.AZURE_TENANT_ID }} | |
# Needed for the `github` provider to have the necessary permissions to create GH environments. | |
GITHUB_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }} | |
permissions: | |
# `id-token: write` permission is needed for OIDC authentication to Azure. | |
id-token: write | |
# `actions: write` permission is needed to create new environments in GH and add environment variables. | |
actions: write | |
contents: read | |
# `pull-requests: write` permission is needed to post the output of `terraform plan` as a comment on the PR. | |
pull-requests: write | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup Terraform | |
uses: hashicorp/setup-terraform@v3 | |
- name: Terraform Init | |
id: init | |
run: terraform init | |
- name: Terraform Apply | |
run: terraform apply -auto-approve -input=false -var docker_registry_password="${{ env.GITHUB_TOKEN }}" -var image_tag="${{ needs.build.outputs.image-tag }}" -var git_sha="${{ github.sha }}" | |
- name: Sentry Release | |
uses: getsentry/action-release@v1 | |
env: | |
SENTRY_ORG: rbberdk | |
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
SENTRY_PROJECT: node | |
with: | |
version: ${{ github.sha }} | |
finalize: true | |
environment: production | |
ignore_empty: true | |
ignore_missing: true |