This reverts commit f9faeeba4c.
This commit is contained in:
Opeyemi
GitHub
parent
f9faeeba4c
commit
9a35608fc3
|
|
@ -112,48 +112,13 @@ jobs:
|
|||
echo "azure-login-creds=AZURE_KV_US_DEV_SERVICE_PRINCIPAL" >> $GITHUB_OUTPUT
|
||||
echo "retrieve-secrets-keyvault=webvault-eastus-dev" >> $GITHUB_OUTPUT
|
||||
echo "environment-artifact=web-*-cloud-usdev.zip" >> $GITHUB_OUTPUT
|
||||
echo "environment-name=Web Vault - US DEV Cloud" >> $GITHUB_OUTPUT
|
||||
echo "environment-name=Web Vault - US Development Cloud" >> $GITHUB_OUTPUT
|
||||
echo "environment-url=http://vault.$ENV_NAME_LOWER.bitwarden.pw" >> $GITHUB_OUTPUT
|
||||
;;
|
||||
esac
|
||||
# Set the sync utility to use for deployment to the environment (az-sync or azcopy)
|
||||
echo "sync-utility=azcopy" >> $GITHUB_OUTPUT
|
||||
|
||||
- name: Environment Protection
|
||||
env:
|
||||
TAG: ${{ steps.project_tag.outputs.tag }}
|
||||
run: |
|
||||
BRANCH_OR_TAG_LOWER=$(echo ${{ inputs.branch-or-tag }} | awk '{print tolower($0)}')
|
||||
|
||||
PROD_ENV_PATTERN='USPROD|EUPROD'
|
||||
PROD_ALLOWED_TAGS_PATTERN='web-v[0-9]+\.[0-9]+\.[0-9]+'
|
||||
|
||||
QA_ENV_PATTERN='USQA|EUQA'
|
||||
QA_ALLOWED_TAGS_PATTERN='.*'
|
||||
|
||||
DEV_ENV_PATTERN='USDEV'
|
||||
DEV_ALLOWED_TAGS_PATTERN='.*'
|
||||
|
||||
if [[ \
|
||||
${{ inputs.environment }} =~ \.*($PROD_ENV_PATTERN)\.* && \
|
||||
! "$BRANCH_OR_TAG_LOWER" =~ ^($PROD_ALLOWED_TAGS_PATTERN).* \
|
||||
]] || [[ \
|
||||
${{ inputs.environment }} =~ \.*($QA_ENV_PATTERN)\.* && \
|
||||
! "$BRANCH_OR_TAG_LOWER" =~ ^($QA_ALLOWED_TAGS_PATTERN).* \
|
||||
]] || [[ \
|
||||
=~ \.*($DEV_ENV_PATTERN)\.* && \
|
||||
! "$BRANCH_OR_TAG_LOWER" =~ ^($DEV_ALLOWED_TAGS_PATTERN).* \
|
||||
]]; then
|
||||
echo "!Deployment blocked!"
|
||||
echo "Attempting to deploy a tag that is not allowed in ${{ inputs.environment }} environment"
|
||||
echo
|
||||
echo "Environment: ${{ inputs.environment }}
|
||||
echo "Tag: ${{ inputs.branch-or-tag }}
|
||||
exit 1
|
||||
else
|
||||
echo "${{ inputs.branch-or-tag }} is allowed to deployed on to ${{ inputs.environment }} environment"
|
||||
fi
|
||||
|
||||
approval:
|
||||
name: Approval for Deployment to ${{ needs.setup.outputs.environment-name }}
|
||||
needs: setup
|
||||
|
|
@ -241,31 +206,6 @@ jobs:
|
|||
echo "commit=${{ steps.download-latest-artifacts.outputs.artifact-build-commit }}" >> $GITHUB_OUTPUT
|
||||
fi
|
||||
|
||||
- name: Ensure artifact is from main branch for USDEV environment
|
||||
if: ${{ 'inputs.environment' == 'USDEV'}}
|
||||
run: |
|
||||
# If run-id was used
|
||||
if [ "${{ inputs.build-web-run-id }}" ]; then
|
||||
if [ "${{ steps.download-latest-artifacts.outputs.artifact-build-branch }}" != "main" ]; then
|
||||
echo "Artifact is not from main branch"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# If artifact download failed
|
||||
elif [ "${{ steps.download-latest-artifacts.outcome }}" == "failure" ]; then
|
||||
branch=$(gh api /repos/bitwarden/clients/actions/runs/${{ steps.trigger-build-web.outputs.workflow_id }}/artifacts --jq '.artifacts[0].workflow_run.head_branch')
|
||||
if [ "$branch" != "main" ]; then
|
||||
echo "Artifact is not from main branch"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
else
|
||||
if [ "${{ steps.download-latest-artifacts.outputs.artifact-build-branch }}" != "main" ]; then
|
||||
echo "Artifact is not from main branch"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
notify-start:
|
||||
name: Notify Slack with start message
|
||||
needs:
|
||||
|
|
|
|||
Loading…
Reference in New Issue