122 lines
4.6 KiB
YAML
122 lines
4.6 KiB
YAML
name: Azure Production - Build and Deploy
|
|
|
|
# **What it does**: Builds and deploys the default branch to production
|
|
# **Why we have it**: To enable us to deploy the latest to production whenever necessary rather than relying on PR merges.
|
|
# **Who does it impact**: All contributors.
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
workflow_dispatch:
|
|
|
|
permissions:
|
|
contents: read
|
|
deployments: write
|
|
|
|
# This allows a subsequently queued workflow run to take priority over
|
|
# previously queued runs but NOT interrupt currently executing runs
|
|
concurrency:
|
|
group: '${{ github.workflow }}'
|
|
cancel-in-progress: false
|
|
|
|
jobs:
|
|
azure-prod-build-and-deploy:
|
|
if: ${{ github.repository == 'github/docs-internal' }}
|
|
runs-on: ubuntu-20.04-xl
|
|
timeout-minutes: 20
|
|
environment:
|
|
name: production
|
|
url: 'https://docs.github.com'
|
|
env:
|
|
DOCKER_IMAGE: ${{ secrets.PROD_REGISTRY_SERVER }}/${{ github.repository }}:${{ github.sha }}
|
|
DOCKER_IMAGE_CACHE_REF: ${{ secrets.PROD_REGISTRY_SERVER }}/${{ github.repository }}:main-production
|
|
RESOURCE_GROUP_NAME: docs-prod
|
|
APP_SERVICE_NAME: ghdocs-prod
|
|
SLOT_NAME: canary
|
|
|
|
steps:
|
|
- name: 'Az CLI login'
|
|
uses: azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # pin @v1.4.6
|
|
with:
|
|
creds: ${{ secrets.PROD_AZURE_CREDENTIALS }}
|
|
|
|
- name: 'Docker login'
|
|
uses: azure/docker-login@83efeb77770c98b620c73055fbb59b2847e17dc0
|
|
with:
|
|
login-server: ${{ secrets.PROD_REGISTRY_SERVER }}
|
|
username: ${{ secrets.PROD_REGISTRY_USERNAME }}
|
|
password: ${{ secrets.PROD_REGISTRY_PASSWORD }}
|
|
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226
|
|
|
|
- name: Check out repo
|
|
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
|
|
with:
|
|
ref: ${{ github.sha }}
|
|
# To prevent issues with cloning early access content later
|
|
persist-credentials: 'false'
|
|
|
|
- name: Setup Node.js
|
|
uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0
|
|
with:
|
|
node-version-file: 'package.json'
|
|
cache: npm
|
|
|
|
- name: Clone docs-early-access
|
|
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
|
|
with:
|
|
repository: github/docs-early-access
|
|
token: ${{ secrets.DOCS_BOT_PAT_READPUBLICKEY }}
|
|
path: docs-early-access
|
|
|
|
- name: Merge docs-early-access repo's folders
|
|
run: src/early-access/scripts/merge-early-access.sh
|
|
|
|
- uses: ./.github/actions/warmup-remotejson-cache
|
|
with:
|
|
restore-only: true
|
|
|
|
- uses: ./.github/actions/clone-translations
|
|
with:
|
|
token: ${{ secrets.DOCS_BOT_PAT_READPUBLICKEY }}
|
|
|
|
- name: 'Build and push image'
|
|
uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09
|
|
with:
|
|
context: .
|
|
push: true
|
|
target: production
|
|
tags: ${{ env.DOCKER_IMAGE }}, ${{ env.DOCKER_IMAGE_CACHE_REF }}
|
|
cache-from: type=registry,ref=${{ env.DOCKER_IMAGE_CACHE_REF }}
|
|
cache-to: type=registry,mode=max,ref=${{ env.DOCKER_IMAGE_CACHE_REF }}
|
|
build-args: |
|
|
BUILD_SHA=${{ github.sha }}
|
|
|
|
- name: 'Update docker-compose.prod.yaml template file'
|
|
run: |
|
|
sed 's|#{IMAGE}#|${{ env.DOCKER_IMAGE }}|g' src/workflows/docker-compose.prod.tmpl.yaml > docker-compose.prod.yaml
|
|
|
|
- name: 'Apply updated docker-compose.prod.yaml config to canary slot'
|
|
run: |
|
|
az webapp config container set --multicontainer-config-type COMPOSE --multicontainer-config-file docker-compose.prod.yaml --slot ${{ env.SLOT_NAME }} -n ${{ env.APP_SERVICE_NAME }} -g ${{ env.RESOURCE_GROUP_NAME }}
|
|
|
|
# Watch canary slot instances to see when all the instances are ready
|
|
- name: Check that canary slot is ready
|
|
env:
|
|
CHECK_INTERVAL: 10000
|
|
EXPECTED_SHA: ${{ github.sha }}
|
|
CANARY_BUILD_URL: https://ghdocs-prod-canary.azurewebsites.net/_build
|
|
run: src/workflows/check-canary-slots.js
|
|
|
|
- name: 'Swap canary slot to production'
|
|
run: |
|
|
az webapp deployment slot swap --slot ${{ env.SLOT_NAME }} --target-slot production -n ${{ env.APP_SERVICE_NAME }} -g ${{ env.RESOURCE_GROUP_NAME }}
|
|
|
|
- uses: ./.github/actions/slack-alert
|
|
if: ${{ failure() && github.event_name != 'workflow_dispatch' }}
|
|
with:
|
|
slack_channel_id: ${{ secrets.DOCS_ALERTS_SLACK_CHANNEL_ID }}
|
|
slack_token: ${{ secrets.SLACK_DOCS_BOT_TOKEN }}
|