eligibility-signposting-api-specification/.github/workflows/prod_publish_deploy.yaml at main · NHSDigital/eligibility-signposting-api-specification · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
name: Deploy to Prod

on:
  workflow_dispatch:
    inputs:
      ref:
        description: "Tag to promote (e.g. spec-{timestamp})"
        required: true

jobs:
  prod:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v6
      - name: Set tag to deploy
        id: set_tag
        run: |
          if [ "${{ github.event.inputs.ref }}" = "latest" ]; then
            TAG=$(git tag --list 'spec-*' --sort=-v:refname | head -n 1)
            echo "Using latest tag: $TAG"
            echo "tag=$TAG" >> $GITHUB_OUTPUT
          else
            echo "tag=${{ github.event.inputs.ref }}" >> $GITHUB_OUTPUT
          fi
      - name: Checkout tag
        uses: actions/checkout@v6
        with:
          ref: ${{ steps.set_tag.outputs.tag }}
      - name: Set up Python 3.11
        uses: actions/setup-python@v6
        with:
          python-version: '3.11'
      - name: Set up Node.js
        uses: actions/setup-node@v6
        with:
          node-version: '20'
      - name: Install Poetry
        run: curl -sSL https://install.python-poetry.org | python3 -
      - name: Install Python and Node dependencies
        run: |
          make install
      - name: Install proxygen-cli
        run: |
          pip install proxygen-cli
      - name: Set up Proxygen credentials
        env:
          PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY_PROD }}
        run: |
          mkdir -p ~/.proxygen
          echo "$PROXYGEN_PRIVATE_KEY" > ~/.proxygen/eligibility-signposting-api.pem
          make setup-proxygen-credentials
      - name: Generate specification
        run: |
          make construct-spec APIM_ENV=prod
      - name: Publish prod spec to Proxygen
        run: |
          proxygen spec publish build/specification/prod/eligibility-signposting-api.yaml --no-confirm
      - name: Deploy prod spec to Proxygen
        run: |
          proxygen instance deploy prod eligibility-signposting-api build/specification/prod/eligibility-signposting-api.yaml --no-confirm

  create_release:
    needs: prod
    runs-on: ubuntu-latest
    steps:
      - name: Create GitHub Release
        uses: actions/create-release@v1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          tag_name: ${{ inputs.ref }}
          release_name: Release ${{ inputs.ref }}
          body: |
            Auto-release created during production deployment.
          draft: false
          prerelease: false