diff --git a/.github/workflows/build-image.yaml b/.github/workflows/build-image.yaml index e7f8734..49e0862 100644 --- a/.github/workflows/build-image.yaml +++ b/.github/workflows/build-image.yaml @@ -14,7 +14,12 @@ on: type: string imageTargets: required: false - description: If provided, sets targets for as many image builds as targets specified + description: If provided, must be a JSON array string of target names to build (for example, ["app","worker"]). When bakeFile is provided, these values are Docker Buildx Bake targets. + default: "" + type: string + bakeFile: + required: false + description: If provided, builds the imageTargets with Docker Buildx Bake instead of docker/build-push-action. default: "" type: string preScript: @@ -35,6 +40,33 @@ on: version: required: true type: string + appName: + required: false + description: Application name fallback for non-deployment validation runs + default: "" + type: string + env: + required: false + description: Environment fallback for non-deployment validation runs + default: test + type: string + containerContext: + required: false + description: Container context fallback for non-deployment validation runs + default: . + type: string + containerFile: + required: false + description: Container file fallback for non-deployment validation runs + default: Containerfile + type: string + secrets: + npmGithubReadToken: + required: false + description: The Github token with permissions to read NPM private packages + AWS_ROLE_TO_ASSUME: + required: false + description: AWS OIDC role for GitHub to assume env: IMAGE_SCAN_SEVERITY: LOW @@ -44,11 +76,11 @@ env: jobs: build-ecr-single: - if: inputs.imageTargets == '' + if: inputs.imageTargets == '' && inputs.bakeFile == '' permissions: id-token: write contents: read - environment: ${{ github.event.deployment.payload.env }} + environment: ${{ github.event.deployment.payload.env || inputs.env }} runs-on: ${{ inputs.runner }} steps: - name: Checkout current git repository @@ -75,12 +107,12 @@ jobs: role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} - name: Create ECR repository if it doesn't exist run: | - if ! aws ecr describe-repositories --repository-names ${{ github.event.deployment.payload.name }} 2>/dev/null; then - echo "Repository ${{ github.event.deployment.payload.name }} does not exist, creating it..." - aws ecr create-repository --repository-name ${{ github.event.deployment.payload.name }} + if ! aws ecr describe-repositories --repository-names ${{ github.event.deployment.payload.name || inputs.appName }} 2>/dev/null; then + echo "Repository ${{ github.event.deployment.payload.name || inputs.appName }} does not exist, creating it..." + aws ecr create-repository --repository-name ${{ github.event.deployment.payload.name || inputs.appName }} echo "Setting lifecycle policy..." else - echo "Repository ${{ github.event.deployment.payload.name }} already exists, skipping creation" + echo "Repository ${{ github.event.deployment.payload.name || inputs.appName }} already exists, skipping creation" fi echo "Applying lifecycle policies" @@ -89,7 +121,7 @@ jobs: {"rulePriority":2,"description":"Preserve production images","selection":{"tagStatus":"tagged","tagPatternList":["v*"],"countType":"imageCountMoreThan","countNumber":50},"action":{"type":"expire"}}, {"rulePriority":3,"description":"Remove untagged images","selection":{"tagStatus":"untagged","countType":"sinceImagePushed","countUnit":"days","countNumber":7},"action":{"type":"expire"}} ]}' - aws ecr put-lifecycle-policy --repository-name ${{ github.event.deployment.payload.name }} --lifecycle-policy-text "$LIFECYCLE_POLICY" + aws ecr put-lifecycle-policy --repository-name ${{ github.event.deployment.payload.name || inputs.appName }} --lifecycle-policy-text "$LIFECYCLE_POLICY" - name: Login to Amazon ECR id: login-ecr uses: aws-actions/amazon-ecr-login@v2 @@ -99,24 +131,24 @@ jobs: build-args: | GITHUB_SHA=${{ github.sha }} VERSION=${{ inputs.version }} - APP_NAME=${{ github.event.deployment.payload.name }} - ENVIRONMENT=${{ github.event.deployment.payload.env }} + APP_NAME=${{ github.event.deployment.payload.name || inputs.appName }} + ENVIRONMENT=${{ github.event.deployment.payload.env || inputs.env }} NPM_GITHUB_TOKEN=${{ secrets.npmGithubReadToken }} - cache-from: type=registry,ref=${{ steps.login-ecr.outputs.registry }}/${{ github.event.deployment.payload.name }}:cache - cache-to: mode=max,image-manifest=true,oci-mediatypes=true,type=registry,ref=${{ steps.login-ecr.outputs.registry }}/${{ github.event.deployment.payload.name }}:cache - context: ${{ github.event.deployment.payload.container.context }} + cache-from: type=registry,ref=${{ steps.login-ecr.outputs.registry }}/${{ github.event.deployment.payload.name || inputs.appName }}:cache + cache-to: mode=max,image-manifest=true,oci-mediatypes=true,type=registry,ref=${{ steps.login-ecr.outputs.registry }}/${{ github.event.deployment.payload.name || inputs.appName }}:cache + context: ${{ github.event.deployment.payload.container.context || inputs.containerContext }} load: true - file: ${{ github.event.deployment.payload.container.file }} + file: ${{ github.event.deployment.payload.container.file || inputs.containerFile }} platforms: linux/amd64 tags: | - ${{ steps.login-ecr.outputs.registry }}/${{ github.event.deployment.payload.name }}:latest - ${{ steps.login-ecr.outputs.registry }}/${{ github.event.deployment.payload.name }}:${{ inputs.version }} - ${{ steps.login-ecr.outputs.registry }}/${{ github.event.deployment.payload.name }}:${{ github.sha }} + ${{ steps.login-ecr.outputs.registry }}/${{ github.event.deployment.payload.name || inputs.appName }}:latest + ${{ steps.login-ecr.outputs.registry }}/${{ github.event.deployment.payload.name || inputs.appName }}:${{ inputs.version }} + ${{ steps.login-ecr.outputs.registry }}/${{ github.event.deployment.payload.name || inputs.appName }}:${{ github.sha }} - name: Scan for vulnerabilities if: inputs.enableContainerScan uses: crazy-max/ghaction-container-scan@v4 with: - image: ${{ steps.login-ecr.outputs.registry }}/${{ github.event.deployment.payload.name }}:latest + image: ${{ steps.login-ecr.outputs.registry }}/${{ github.event.deployment.payload.name || inputs.appName }}:latest dockerfile: Containerfile severity: ${{ env.IMAGE_SCAN_SEVERITY }} severity_threshold: ${{ env.IMAGE_SCAN_SEVERITY_THRESHOLD }} @@ -125,14 +157,14 @@ jobs: TRIVY_TIMEOUT: ${{ env.IMAGE_SCAN_TRIVY_TIMEOUT }} - name: Push image to ECR run: | - docker push -a ${{ steps.login-ecr.outputs.registry }}/${{ github.event.deployment.payload.name }} + docker push -a ${{ steps.login-ecr.outputs.registry }}/${{ github.event.deployment.payload.name || inputs.appName }} build-ecr-matrix: - if: inputs.imageTargets != '' + if: inputs.imageTargets != '' && inputs.bakeFile == '' permissions: id-token: write contents: read - environment: ${{ github.event.deployment.payload.env }} + environment: ${{ github.event.deployment.payload.env || inputs.env }} runs-on: ${{ inputs.runner }} strategy: matrix: @@ -162,12 +194,12 @@ jobs: role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} - name: Create ${{ matrix.containerfile_targets }} ECR repository if it doesn't exist run: | - if ! aws ecr describe-repositories --repository-names ${{ github.event.deployment.payload.name }}-${{ matrix.containerfile_targets }} 2>/dev/null; then - echo "Repository ${{ github.event.deployment.payload.name }}-${{ matrix.containerfile_targets }} does not exist, creating it..." - aws ecr create-repository --repository-name ${{ github.event.deployment.payload.name }}-${{ matrix.containerfile_targets }} + if ! aws ecr describe-repositories --repository-names ${{ github.event.deployment.payload.name || inputs.appName }}-${{ matrix.containerfile_targets }} 2>/dev/null; then + echo "Repository ${{ github.event.deployment.payload.name || inputs.appName }}-${{ matrix.containerfile_targets }} does not exist, creating it..." + aws ecr create-repository --repository-name ${{ github.event.deployment.payload.name || inputs.appName }}-${{ matrix.containerfile_targets }} echo "Setting lifecycle policy..." else - echo "Repository ${{ github.event.deployment.payload.name }}-${{ matrix.containerfile_targets }} already exists, skipping creation" + echo "Repository ${{ github.event.deployment.payload.name || inputs.appName }}-${{ matrix.containerfile_targets }} already exists, skipping creation" fi echo "Applying lifecycle policies" @@ -176,7 +208,7 @@ jobs: {"rulePriority":2,"description":"Preserve production images","selection":{"tagStatus":"tagged","tagPatternList":["v*"],"countType":"imageCountMoreThan","countNumber":50},"action":{"type":"expire"}}, {"rulePriority":3,"description":"Remove untagged images","selection":{"tagStatus":"untagged","countType":"sinceImagePushed","countUnit":"days","countNumber":7},"action":{"type":"expire"}} ]}' - aws ecr put-lifecycle-policy --repository-name ${{ github.event.deployment.payload.name }}-${{ matrix.containerfile_targets }} --lifecycle-policy-text "$LIFECYCLE_POLICY" + aws ecr put-lifecycle-policy --repository-name ${{ github.event.deployment.payload.name || inputs.appName }}-${{ matrix.containerfile_targets }} --lifecycle-policy-text "$LIFECYCLE_POLICY" - name: Login to Amazon ECR id: login-ecr uses: aws-actions/amazon-ecr-login@v2 @@ -186,25 +218,25 @@ jobs: build-args: | GITHUB_SHA=${{ github.sha }} VERSION=${{ inputs.version }} - APP_NAME=${{ github.event.deployment.payload.name }} - ENVIRONMENT=${{ github.event.deployment.payload.env }} + APP_NAME=${{ github.event.deployment.payload.name || inputs.appName }} + ENVIRONMENT=${{ github.event.deployment.payload.env || inputs.env }} NPM_GITHUB_TOKEN=${{ secrets.npmGithubReadToken }} - cache-from: type=registry,ref=${{ steps.login-ecr.outputs.registry }}/${{ github.event.deployment.payload.name }}:cache - cache-to: mode=max,image-manifest=true,oci-mediatypes=true,type=registry,ref=${{ steps.login-ecr.outputs.registry }}/${{ github.event.deployment.payload.name }}:cache - context: ${{ github.event.deployment.payload.container.context }} + cache-from: type=registry,ref=${{ steps.login-ecr.outputs.registry }}/${{ github.event.deployment.payload.name || inputs.appName }}:cache + cache-to: mode=max,image-manifest=true,oci-mediatypes=true,type=registry,ref=${{ steps.login-ecr.outputs.registry }}/${{ github.event.deployment.payload.name || inputs.appName }}:cache + context: ${{ github.event.deployment.payload.container.context || inputs.containerContext }} load: true - file: ${{ github.event.deployment.payload.container.file }} + file: ${{ github.event.deployment.payload.container.file || inputs.containerFile }} platforms: linux/amd64 tags: | - ${{ steps.login-ecr.outputs.registry }}/${{ github.event.deployment.payload.name }}-${{ matrix.containerfile_targets }}:latest - ${{ steps.login-ecr.outputs.registry }}/${{ github.event.deployment.payload.name }}-${{ matrix.containerfile_targets }}:${{ inputs.version }} - ${{ steps.login-ecr.outputs.registry }}/${{ github.event.deployment.payload.name }}-${{ matrix.containerfile_targets }}:${{ github.sha }} + ${{ steps.login-ecr.outputs.registry }}/${{ github.event.deployment.payload.name || inputs.appName }}-${{ matrix.containerfile_targets }}:latest + ${{ steps.login-ecr.outputs.registry }}/${{ github.event.deployment.payload.name || inputs.appName }}-${{ matrix.containerfile_targets }}:${{ inputs.version }} + ${{ steps.login-ecr.outputs.registry }}/${{ github.event.deployment.payload.name || inputs.appName }}-${{ matrix.containerfile_targets }}:${{ github.sha }} target: ${{ matrix.containerfile_targets }} - name: Scan for vulnerabilities if: inputs.enableContainerScan uses: crazy-max/ghaction-container-scan@v4 with: - image: ${{ steps.login-ecr.outputs.registry }}/${{ github.event.deployment.payload.name }}-${{ matrix.containerfile_targets }}:latest + image: ${{ steps.login-ecr.outputs.registry }}/${{ github.event.deployment.payload.name || inputs.appName }}-${{ matrix.containerfile_targets }}:latest dockerfile: Containerfile severity: ${{ env.IMAGE_SCAN_SEVERITY }} severity_threshold: ${{ env.IMAGE_SCAN_SEVERITY_THRESHOLD }} @@ -213,4 +245,96 @@ jobs: TRIVY_TIMEOUT: ${{ env.IMAGE_SCAN_TRIVY_TIMEOUT }} - name: Push ${{ matrix.containerfile_targets }} image to ECR run: | - docker push -a ${{ steps.login-ecr.outputs.registry }}/${{ github.event.deployment.payload.name }}-${{ matrix.containerfile_targets }} + docker push -a ${{ steps.login-ecr.outputs.registry }}/${{ github.event.deployment.payload.name || inputs.appName }}-${{ matrix.containerfile_targets }} + + build-ecr-bake: + if: inputs.bakeFile != '' + permissions: + id-token: write + contents: read + environment: ${{ github.event.deployment.payload.env || inputs.env }} + runs-on: ${{ inputs.runner }} + steps: + - name: Checkout current git repository + uses: actions/checkout@v4 + - if: inputs.preScript != '' + name: Run script before the docker image is built + run: | + echo "Run '${{ inputs.preScript }}'" + ${{ inputs.preScript }} + env: + NPM_GITHUB_TOKEN: ${{ secrets.npmGithubReadToken }} + - if: inputs.artifactPath != '' && inputs.artifactName != '' + name: Download artifact + uses: actions/download-artifact@v4 + with: + name: ${{ inputs.artifactName }} + path: ${{ inputs.artifactPath }} + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v3 + with: + aws-region: eu-central-1 + role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} + - name: Login to Amazon ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v2 + - name: Build images with Docker Bake + env: + APP_NAME: ${{ github.event.deployment.payload.name || inputs.appName }} + BAKE_FILE: ${{ inputs.bakeFile }} + ENVIRONMENT: ${{ github.event.deployment.payload.env || inputs.env }} + GITHUB_SHA: ${{ github.sha }} + IMAGE_TARGETS: ${{ inputs.imageTargets }} + REGISTRY: ${{ steps.login-ecr.outputs.registry }} + NPM_GITHUB_TOKEN: ${{ secrets.npmGithubReadToken }} + VERSION: ${{ inputs.version }} + run: | + set -euo pipefail + if [ -z "$IMAGE_TARGETS" ]; then + echo "ERROR: imageTargets is required when bakeFile is provided" + exit 1 + fi + + LIFECYCLE_POLICY='{"rules":[ + {"rulePriority":1,"description":"Preserve preview images","selection":{"tagStatus":"tagged","tagPatternList":["preview-*"],"countType":"sinceImagePushed","countUnit":"days","countNumber":365},"action":{"type":"expire"}}, + {"rulePriority":2,"description":"Preserve production images","selection":{"tagStatus":"tagged","tagPatternList":["v*"],"countType":"imageCountMoreThan","countNumber":50},"action":{"type":"expire"}}, + {"rulePriority":3,"description":"Remove untagged images","selection":{"tagStatus":"untagged","countType":"sinceImagePushed","countUnit":"days","countNumber":7},"action":{"type":"expire"}} + ]}' + + mapfile -t TARGET_CONFIGS < <(jq -c '.[]' <<< "$IMAGE_TARGETS") + BAKE_ARGS=(-f "$BAKE_FILE" --push) + BAKE_TARGETS=() + + for target_config in "${TARGET_CONFIGS[@]}"; do + bake_target=$(jq -r 'if type == "object" then .target else . end' <<< "$target_config") + image_target=$(jq -r 'if type == "object" then (.imageTarget // .target) else . end' <<< "$target_config") + image_repository="$REGISTRY/$APP_NAME-$image_target" + + if ! aws ecr describe-repositories --repository-names "$APP_NAME-$image_target" 2>/dev/null; then + echo "Repository $APP_NAME-$image_target does not exist, creating it..." + aws ecr create-repository --repository-name "$APP_NAME-$image_target" + else + echo "Repository $APP_NAME-$image_target already exists, skipping creation" + fi + + echo "Applying lifecycle policy for $APP_NAME-$image_target" + aws ecr put-lifecycle-policy --repository-name "$APP_NAME-$image_target" --lifecycle-policy-text "$LIFECYCLE_POLICY" + + BAKE_ARGS+=( + --set "$bake_target.args.APP_NAME=$APP_NAME" + --set "$bake_target.args.ENVIRONMENT=$ENVIRONMENT" + --set "$bake_target.args.GITHUB_SHA=$GITHUB_SHA" + --set "$bake_target.args.NPM_GITHUB_TOKEN=$NPM_GITHUB_TOKEN" + --set "$bake_target.args.VERSION=$VERSION" + --set "$bake_target.cache-from=type=registry,ref=$image_repository:cache" + --set "$bake_target.cache-to=mode=max,image-manifest=true,oci-mediatypes=true,type=registry,ref=$image_repository:cache" + --set "$bake_target.tags=$image_repository:latest" + --set "$bake_target.tags=$image_repository:$VERSION" + --set "$bake_target.tags=$image_repository:$GITHUB_SHA" + ) + BAKE_TARGETS+=("$bake_target") + done + + docker buildx bake "${BAKE_ARGS[@]}" "${BAKE_TARGETS[@]}" diff --git a/.github/workflows/kubernetes.yaml b/.github/workflows/kubernetes.yaml index 20f6481..e3466d9 100644 --- a/.github/workflows/kubernetes.yaml +++ b/.github/workflows/kubernetes.yaml @@ -34,7 +34,12 @@ on: type: string imageTargets: required: false - description: If provided, sets targets for as many image builds as targets specified + description: If provided, sets targets for as many image builds as targets specified. When bakeFile is provided, these are Docker Buildx Bake targets. + default: "" + type: string + bakeFile: + required: false + description: If provided, builds the imageTargets with Docker Buildx Bake instead of docker/build-push-action. default: "" type: string preScript: @@ -97,12 +102,52 @@ on: description: The relative file path to the folder that holds the application Kubernetes values default: values.yaml type: string + appName: + required: false + description: Application name fallback for non-deployment validation runs + default: "" + type: string + env: + required: false + description: Environment fallback for non-deployment validation runs + default: test + type: string + ref: + required: false + description: Git ref fallback for non-deployment validation runs + default: "" + type: string + sha: + required: false + description: Git SHA fallback for non-deployment validation runs + default: "" + type: string + versionKey: + required: false + description: Values key fallback for non-deployment validation runs + default: "" + type: string + pushToEnvTag: + required: false + description: Whether to push the env tag in the GitOps commit step + default: false + type: boolean + containerContext: + required: false + description: Container context fallback for non-deployment validation runs + default: . + type: string + containerFile: + required: false + description: Container file fallback for non-deployment validation runs + default: Containerfile + type: string secrets: npmGithubReadToken: - required: true + required: false description: The Github token with permissions to read NPM private packages repoAccessToken: - required: true + required: false description: The Github token to perform operations cross-repo (not github.token!) slackBotToken: required: false @@ -111,12 +156,12 @@ on: required: false description: Authentication token for Sentry AWS_ROLE_TO_ASSUME: - required: true + required: false description: AWS OIDC role for GitHub to assume jobs: initialize: - environment: ${{ github.event.deployment.payload.env }} + environment: ${{ github.event.deployment.payload.env || inputs.env }} runs-on: ${{ inputs.runner }} outputs: channel-id: ${{ steps.vars.outputs.channel-id }} @@ -124,22 +169,24 @@ jobs: steps: - name: Check if 'env' input is provided run: | - if [ -z "${{ github.event.deployment.payload.env }}" ]; then + DEPLOY_ENV="${{ github.event.deployment.payload.env || inputs.env }}" + if [ -z "$DEPLOY_ENV" ]; then echo "ERROR: 'env' input is missing or empty!" exit 1 fi - name: Load deployment variables id: vars run: | - REF="${{ github.event.deployment.ref }}" - SHA="${{ github.event.deployment.sha }}" - if [[ "${{ github.event.deployment.payload.env }}" == 'prod' ]] + REF="${{ github.event.deployment.ref || inputs.ref }}" + SHA="${{ github.event.deployment.sha || inputs.sha || github.sha }}" + DEPLOY_ENV="${{ github.event.deployment.payload.env || inputs.env }}" + if [[ "$DEPLOY_ENV" == 'prod' ]] then # shellcheck disable=SC2086 echo "version=${REF##*/}" >> $GITHUB_OUTPUT # shellcheck disable=SC2086 echo "channel-id=${{ inputs.slackChannelProd }}" >> $GITHUB_OUTPUT - elif [[ "${{ github.event.deployment.payload.env }}" == 'test' ]] + elif [[ "$DEPLOY_ENV" == 'test' ]] then # shellcheck disable=SC2086 echo "version=${SHA:0:7}" >> $GITHUB_OUTPUT @@ -151,7 +198,8 @@ jobs: # shellcheck disable=SC2086 echo "channel-id=${{ inputs.slackChannelStaging }}" >> $GITHUB_OUTPUT fi - - name: Start ${{ github.event.deployment.payload.name }} deployment + - name: Start ${{ github.event.deployment.payload.name || inputs.appName }} deployment + if: github.event_name == 'deployment' uses: chrnorm/deployment-status@v2 with: deployment-id: ${{ github.event.deployment.id }} @@ -166,16 +214,23 @@ jobs: with: artifactName: ${{ inputs.artifactName }} artifactPath: ${{ inputs.artifactPath }} + bakeFile: ${{ inputs.bakeFile }} imageTargets: ${{ inputs.imageTargets }} preScript: ${{ inputs.preScript }} enableContainerScan: ${{ inputs.enableContainerScan }} runner: ${{ inputs.runner }} version: ${{ needs.initialize.outputs.version }} - secrets: inherit + appName: ${{ github.event.deployment.payload.name || inputs.appName }} + env: ${{ github.event.deployment.payload.env || inputs.env }} + containerContext: ${{ github.event.deployment.payload.container.context || inputs.containerContext }} + containerFile: ${{ github.event.deployment.payload.container.file || inputs.containerFile }} + secrets: + npmGithubReadToken: ${{ secrets.npmGithubReadToken }} + AWS_ROLE_TO_ASSUME: ${{ secrets.AWS_ROLE_TO_ASSUME }} commit: needs: [initialize, build] - environment: ${{ github.event.deployment.payload.env }} + environment: ${{ github.event.deployment.payload.env || inputs.env }} concurrency: commit-${{ inputs.deploymentRepoURL }}-${{ github.sha }} runs-on: ${{ inputs.runner }} steps: @@ -186,10 +241,10 @@ jobs: path: remote token: ${{ secrets.repoAccessToken }} ref: main - - name: Deploy ${{ github.sha }} to ${{ github.event.deployment.environment }} values + - name: Deploy ${{ github.sha }} to ${{ github.event.deployment.environment || inputs.env }} values uses: mikefarah/yq@v4.52.5 with: - cmd: yq '(.${{ github.event.deployment.payload.kubernetes.versionKey }} = "${{ needs.initialize.outputs.version }}")' -i remote/${{ inputs.deploymentRepoPath }}/values.yaml + cmd: yq '(.${{ github.event.deployment.payload.kubernetes.versionKey || inputs.versionKey }} = "${{ needs.initialize.outputs.version }}")' -i remote/${{ inputs.deploymentRepoPath }}/values.yaml - name: Commit and push new image tag run: | set -euxo pipefail @@ -209,11 +264,11 @@ jobs: env: GIT_USER_EMAIL: dev.bot@parcellab.com GIT_USER_NAME: parcellab-dev-bot - ENV: ${{ github.event.deployment.payload.env }} + ENV: ${{ github.event.deployment.payload.env || inputs.env }} VERSION: ${{ needs.initialize.outputs.version }} - PUSH_TO_ENV_TAG: ${{ github.event.deployment.payload.pushToEnvTag }} - - if: success() - name: Successful ${{ github.event.deployment.payload.name }} deployment + PUSH_TO_ENV_TAG: ${{ github.event.deployment.payload.pushToEnvTag || inputs.pushToEnvTag }} + - if: success() && github.event_name == 'deployment' + name: Successful ${{ github.event.deployment.payload.name || inputs.appName }} deployment uses: chrnorm/deployment-status@v2 with: deployment-id: ${{ github.event.deployment.id }} @@ -221,8 +276,8 @@ jobs: environment: ${{ github.event.deployment.payload.env }} state: "success" token: ${{ github.token }} - - if: failure() - name: Failed ${{ github.event.deployment.payload.name }} deployment + - if: failure() && github.event_name == 'deployment' + name: Failed ${{ github.event.deployment.payload.name || inputs.appName }} deployment uses: chrnorm/deployment-status@v2 with: deployment-id: ${{ github.event.deployment.id }} @@ -230,8 +285,8 @@ jobs: environment: ${{ github.event.deployment.payload.env }} state: "failure" token: ${{ github.token }} - - if: success() && needs.initialize.outputs.channel-id != '' - name: Notify ${{ github.event.deployment.payload.name }} deployment success + - if: success() && github.event_name == 'deployment' && needs.initialize.outputs.channel-id != '' + name: Notify ${{ github.event.deployment.payload.name || inputs.appName }} deployment success continue-on-error: true uses: darioblanco/slack-deployment@main env: @@ -258,14 +313,14 @@ jobs: SENTRY_PROJECT: ${{ inputs.sentryProject }} SENTRY_URL: ${{ inputs.sentryUrl }} with: - environment: ${{ inputs.sentryEnvironment != '' && inputs.sentryEnvironment || github.event.deployment.payload.env }} + environment: ${{ inputs.sentryEnvironment != '' && inputs.sentryEnvironment || github.event.deployment.payload.env || inputs.env }} set_commits: skip version: ${{ needs.initialize.outputs.version }} continue-on-error: true - name: Clean up images uses: actions/delete-package-versions@v5 with: - package-name: ${{ github.event.deployment.payload.name }} + package-name: ${{ github.event.deployment.payload.name || inputs.appName }} package-type: container min-versions-to-keep: "500" token: ${{ secrets.repoAccessToken }}