3.0.1 #12
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "TOOL: Create Release" | |
| run-name: ${{ inputs.tag }} | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| tag: | |
| description: "Release Tag (format: X.Y.Z, e.g. 1.0.0)" | |
| required: true | |
| permissions: {} | |
| jobs: | |
| create_release: | |
| name: Run Full Deployment and Re-tag Services | |
| runs-on: ubuntu-latest | |
| environment: dev | |
| permissions: | |
| id-token: write | |
| contents: write | |
| env: | |
| tag: ${{ inputs.tag }} | |
| steps: | |
| - name: Validate Tag Format | |
| run: | | |
| if [[ ! "$tag" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then | |
| echo "Error: Tag must be in the format X.Y.Z (e.g. 1.0.0)" | |
| exit 1 | |
| fi | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Create GitHub Tag | |
| run: | | |
| git config user.name "github-actions[bot]" | |
| git config user.email "github-actions[bot]@users.noreply.github.com" | |
| git tag $tag | |
| git push origin $tag | |
| full-deployment: | |
| name: Full Deployment | |
| needs: create_release | |
| permissions: | |
| contents: write | |
| id-token: write | |
| pull-requests: write | |
| uses: ./.github/workflows/full-deployment.yml | |
| secrets: inherit | |
| re-tag-services: | |
| name: Re-tag Services with Release Tag | |
| needs: full-deployment | |
| runs-on: ubuntu-latest | |
| environment: dev | |
| permissions: | |
| id-token: write | |
| contents: write | |
| env: | |
| tag: ${{ inputs.tag }} | |
| steps: | |
| - name: Configure AWS Credentials | |
| id: credentials | |
| uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0 | |
| with: | |
| role-to-assume: ${{ secrets.IAM_ROLE }} | |
| aws-region: ${{ vars.AWS_REGION }} | |
| role-skip-session-tagging: true | |
| mask-aws-account-id: true | |
| - name: Login to Amazon ECR | |
| id: ecr-login | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| - name: Re-tag ECR Images with Release Tag | |
| env: | |
| IMAGE_SHA: ${{ github.sha }} | |
| run: | | |
| repo_list=("deductions/ehr-out-service" | |
| "deductions/ehr-repo" | |
| "deductions/ehr-transfer-service" | |
| "deductions/gp2gp-messenger" | |
| "deductions/mesh-forwarder" | |
| "deductions/nems-event-processor" | |
| "deductions/pds-adaptor" | |
| "repo/re-registration-service" | |
| "repo/suspension-service" | |
| ) | |
| for repo in "${repo_list[@]}"; do | |
| full_repo="${{ steps.credentials.outputs.aws-account-id }}.dkr.ecr.eu-west-2.amazonaws.com/${repo}" | |
| docker pull "${full_repo}:${IMAGE_SHA}" | |
| docker tag "${full_repo}:${IMAGE_SHA}" "${full_repo}:${tag}" | |
| docker push "${full_repo}:${tag}" | |
| done |