-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.github-deploy-staging.yml.sample
42 lines (38 loc) · 1.67 KB
/
.github-deploy-staging.yml.sample
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
# This example workflow can be adapted to perform automated Azimuth deployments targeting staging or test environments.
# The `azimuth-config-env-name` variable in the `env` section below should be set to name of the Azimuth config environment
# to be deployed.
#
# The site-specific config repo must also define a repository secret named GIT_CRYPT_KEY_B64 which contains the base64 encoded
# git-crypt key which was used to encrypt the repository's secrets. This can be obtained by running `git-crypt export-key - | base64`
# from within an unlocked checkout of the repository. For information on defining GitHub repo secrets, see:
# https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions
name: Azimuth deployment
on:
push:
branches:
- main
env:
azimuth-config-env-name: <staging-env-name>
jobs:
deploy_azimuth:
runs-on: self-hosted
steps:
- name: Ensure required host packages are installed
run: |
set -xe
sudo apt update
sudo apt install -y python3-venv python3-dev build-essential unzip git-crypt
- name: Checkout the config repo
uses: actions/checkout@v3
- name: Deploy Azimuth
shell: bash
env:
ANSIBLE_FORCE_COLOR: True
# Here we just decrypt the repo checkout then follow the steps from the Azimuth deployment docs.
run: |
set -e
echo ${{ secrets.GIT_CRYPT_KEY_B64 }} | base64 -d | git-crypt unlock -
./bin/ensure-venv
source ./bin/activate ${{ env.azimuth-config-env-name }}
ansible-galaxy install -fr ./requirements.yml
ansible-playbook azimuth_cloud.azimuth_ops.provision