ci: skip deploy when environment secrets are missing
Some checks failed
CI / AI Services (Python) — Smoke (push) Failing after 4s
Deploy / Check Deploy Configuration (push) Successful in 0s
CI / Lint → Typecheck → Test → Build (22) (push) Failing after 5s
CI / E2E Tests (push) Has been skipped
Deploy / Build API Image (push) Failing after 4s
Deploy / Build Web Image (push) Failing after 6s
Deploy / Build AI Services Image (push) Failing after 5s
E2E Tests / Playwright E2E (push) Failing after 7s
Deploy / Deploy to Staging (push) Has been skipped
Deploy / Smoke Test Staging (push) Has been skipped
Deploy / Deploy to Production (push) Has been skipped
Deploy / Smoke Test Production (push) Has been skipped
Deploy / Rollback Staging (push) Has been skipped
Deploy / Rollback Production (push) Has been skipped
Backup Verification / Backup Restore Verification (push) Failing after 14m52s
Security Scanning / Trivy Scan — API Image (push) Failing after 15s
Security Scanning / Trivy Scan — Web Image (push) Failing after 12s
Security Scanning / Trivy Scan — AI Services Image (push) Failing after 11s
Security Scanning / Trivy Filesystem Scan (push) Failing after 9s
Security Scanning / Dependency Audit (pnpm) (push) Failing after 11m53s
Security Scanning / Security Gate (push) Has been cancelled
Some checks failed
CI / AI Services (Python) — Smoke (push) Failing after 4s
Deploy / Check Deploy Configuration (push) Successful in 0s
CI / Lint → Typecheck → Test → Build (22) (push) Failing after 5s
CI / E2E Tests (push) Has been skipped
Deploy / Build API Image (push) Failing after 4s
Deploy / Build Web Image (push) Failing after 6s
Deploy / Build AI Services Image (push) Failing after 5s
E2E Tests / Playwright E2E (push) Failing after 7s
Deploy / Deploy to Staging (push) Has been skipped
Deploy / Smoke Test Staging (push) Has been skipped
Deploy / Deploy to Production (push) Has been skipped
Deploy / Smoke Test Production (push) Has been skipped
Deploy / Rollback Staging (push) Has been skipped
Deploy / Rollback Production (push) Has been skipped
Backup Verification / Backup Restore Verification (push) Failing after 14m52s
Security Scanning / Trivy Scan — API Image (push) Failing after 15s
Security Scanning / Trivy Scan — Web Image (push) Failing after 12s
Security Scanning / Trivy Scan — AI Services Image (push) Failing after 11s
Security Scanning / Trivy Filesystem Scan (push) Failing after 9s
Security Scanning / Dependency Audit (pnpm) (push) Failing after 11m53s
Security Scanning / Security Gate (push) Has been cancelled
This commit is contained in:
Ho Ngoc Hai
79
.github/workflows/deploy.yml
vendored
79
.github/workflows/deploy.yml
vendored
@@ -23,6 +23,53 @@ env:
|
||||
REGISTRY_URL: ghcr.io/${{ github.repository_owner }}
|
||||
|
||||
jobs:
|
||||
deploy-config:
|
||||
name: Check Deploy Configuration
|
||||
runs-on: ubuntu-latest
|
||||
outputs:
|
||||
staging_ready: ${{ steps.check.outputs.staging_ready }}
|
||||
production_ready: ${{ steps.check.outputs.production_ready }}
|
||||
|
||||
steps:
|
||||
- name: Check required deploy secrets
|
||||
id: check
|
||||
env:
|
||||
TARGET_ENV: ${{ inputs.environment }}
|
||||
STAGING_HOST: ${{ secrets.STAGING_HOST }}
|
||||
STAGING_USER: ${{ secrets.STAGING_USER }}
|
||||
STAGING_SSH_KEY: ${{ secrets.STAGING_SSH_KEY }}
|
||||
STAGING_URL: ${{ secrets.STAGING_URL }}
|
||||
STAGING_API_URL: ${{ secrets.STAGING_API_URL }}
|
||||
PRODUCTION_HOST: ${{ secrets.PRODUCTION_HOST }}
|
||||
PRODUCTION_USER: ${{ secrets.PRODUCTION_USER }}
|
||||
PRODUCTION_SSH_KEY: ${{ secrets.PRODUCTION_SSH_KEY }}
|
||||
PRODUCTION_URL: ${{ secrets.PRODUCTION_URL }}
|
||||
PRODUCTION_API_URL: ${{ secrets.PRODUCTION_API_URL }}
|
||||
run: |
|
||||
STAGING_READY=false
|
||||
PRODUCTION_READY=false
|
||||
|
||||
if [ -n "$STAGING_HOST" ] && [ -n "$STAGING_USER" ] && [ -n "$STAGING_SSH_KEY" ] && [ -n "$STAGING_URL" ] && [ -n "$STAGING_API_URL" ]; then
|
||||
STAGING_READY=true
|
||||
fi
|
||||
|
||||
if [ -n "$PRODUCTION_HOST" ] && [ -n "$PRODUCTION_USER" ] && [ -n "$PRODUCTION_SSH_KEY" ] && [ -n "$PRODUCTION_URL" ] && [ -n "$PRODUCTION_API_URL" ]; then
|
||||
PRODUCTION_READY=true
|
||||
fi
|
||||
|
||||
echo "staging_ready=$STAGING_READY" >> "$GITHUB_OUTPUT"
|
||||
echo "production_ready=$PRODUCTION_READY" >> "$GITHUB_OUTPUT"
|
||||
|
||||
if [ "${GITHUB_EVENT_NAME}" = "workflow_dispatch" ] && [ "$TARGET_ENV" = "staging" ] && [ "$STAGING_READY" != "true" ]; then
|
||||
echo "Missing required staging deploy secrets; configure STAGING_HOST, STAGING_USER, STAGING_SSH_KEY, STAGING_URL, and STAGING_API_URL."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ "${GITHUB_EVENT_NAME}" = "workflow_dispatch" ] && [ "$TARGET_ENV" = "production" ] && [ "$PRODUCTION_READY" != "true" ]; then
|
||||
echo "Missing required production deploy secrets; configure PRODUCTION_HOST, PRODUCTION_USER, PRODUCTION_SSH_KEY, PRODUCTION_URL, and PRODUCTION_API_URL."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
build-api:
|
||||
name: Build API Image
|
||||
runs-on: ubuntu-latest
|
||||
@@ -154,11 +201,14 @@ jobs:
|
||||
|
||||
deploy-staging:
|
||||
name: Deploy to Staging
|
||||
needs: [build-api, build-web, build-ai]
|
||||
needs: [deploy-config, build-api, build-web, build-ai]
|
||||
if: >-
|
||||
github.ref == 'refs/heads/develop' ||
|
||||
(github.event_name == 'push' && github.ref == 'refs/heads/master') ||
|
||||
(github.event_name == 'workflow_dispatch' && inputs.environment == 'staging')
|
||||
needs.deploy-config.outputs.staging_ready == 'true' &&
|
||||
(
|
||||
github.ref == 'refs/heads/develop' ||
|
||||
(github.event_name == 'push' && github.ref == 'refs/heads/master') ||
|
||||
(github.event_name == 'workflow_dispatch' && inputs.environment == 'staging')
|
||||
)
|
||||
runs-on: ubuntu-latest
|
||||
environment: staging
|
||||
|
||||
@@ -394,8 +444,11 @@ jobs:
|
||||
|
||||
rollback-staging:
|
||||
name: Rollback Staging
|
||||
needs: [deploy-staging, smoke-test-staging]
|
||||
if: failure()
|
||||
needs: [deploy-config, deploy-staging, smoke-test-staging]
|
||||
if: >-
|
||||
always() &&
|
||||
needs.deploy-config.outputs.staging_ready == 'true' &&
|
||||
(needs.deploy-staging.result == 'failure' || needs.smoke-test-staging.result == 'failure')
|
||||
runs-on: ubuntu-latest
|
||||
environment: staging
|
||||
|
||||
@@ -462,8 +515,11 @@ jobs:
|
||||
|
||||
deploy-production:
|
||||
name: Deploy to Production
|
||||
needs: [build-api, build-web, build-ai]
|
||||
if: inputs.environment == 'production'
|
||||
needs: [deploy-config, build-api, build-web, build-ai]
|
||||
if: >-
|
||||
github.event_name == 'workflow_dispatch' &&
|
||||
inputs.environment == 'production' &&
|
||||
needs.deploy-config.outputs.production_ready == 'true'
|
||||
runs-on: ubuntu-latest
|
||||
environment: production
|
||||
|
||||
@@ -654,8 +710,11 @@ jobs:
|
||||
|
||||
rollback-production:
|
||||
name: Rollback Production
|
||||
needs: [deploy-production, smoke-test-production]
|
||||
if: failure()
|
||||
needs: [deploy-config, deploy-production, smoke-test-production]
|
||||
if: >-
|
||||
always() &&
|
||||
needs.deploy-config.outputs.production_ready == 'true' &&
|
||||
(needs.deploy-production.result == 'failure' || needs.smoke-test-production.result == 'failure')
|
||||
runs-on: ubuntu-latest
|
||||
environment: production
|
||||
|
||||
|
||||
Reference in New Issue
Block a user