11name : PR Verify
22
33# Label-based workflow control:
4- # - 'run-dev-plan': Enables dev Terraform plan for copilot/* branches (always runs for other branches)
5- # - 'run-prd-plan': Enables prd Terraform plan for any branch
6- # - copilot/* branches: Require 'run-dev-plan' label to run dev plan, and both 'run-dev-plan' + 'run-prd-plan' labels to run prd plan
7- # - Non-copilot branches: Dev plan runs automatically, prd plan requires 'run-prd-plan' label
8- # - dependabot PRs: Terraform plans are always skipped
4+ # - Always run Terraform plan against Development when Terraform exists (skips drafts/dependabot)
5+ # - 'deploy-dev': Runs Terraform plan+apply and deploys the app to Development (skips drafts/dependabot)
6+ # - 'run-prd-plan': Runs Terraform plan against Production (skips drafts/dependabot)
97
108on :
119 pull_request :
1210 branches :
1311 - main
14- types : [opened, synchronize, reopened, ready_for_review]
12+ types : [opened, synchronize, reopened, ready_for_review, labeled, unlabeled ]
1513
1614permissions : {}
1715
@@ -29,15 +27,11 @@ jobs:
2927 dotnet-version : 9.0.x
3028 src-folder : " src"
3129
32- # Dev Terraform Plan:
33- # - Runs automatically for feature/bugfix/hotfix branches (non-copilot, non-dependabot)
34- # - Skipped for copilot/* branches unless 'run-dev-plan' label is added
35- # - Always skipped for dependabot PRs
3630 terraform-plan-dev :
3731 permissions :
3832 contents : read
3933 id-token : write
40- if : github.event.pull_request.draft == false && github.actor != 'dependabot[bot]' && (!startsWith(github.head_ref, 'copilot/') || contains(github.event.pull_request.labels.*.name, 'run -dev-plan') )
34+ if : github.event.pull_request.draft == false && github.event.pull_request.user.login != 'dependabot[bot]' && ! contains(github.event.pull_request.labels.*.name, 'deploy -dev' )
4135 needs : build-and-test
4236 environment : Development
4337 runs-on : ubuntu-latest
@@ -53,17 +47,69 @@ jobs:
5347 AZURE_TENANT_ID : ${{ vars.AZURE_TENANT_ID }}
5448 AZURE_SUBSCRIPTION_ID : ${{ vars.AZURE_SUBSCRIPTION_ID }}
5549
56- # Prd Terraform Plan:
57- # Label requirements for this job:
58- # - Non-copilot branches: require 'run-prd-plan' label only
59- # - copilot/* branches: require both 'run-dev-plan' and 'run-prd-plan' labels
60- # - Always skipped for dependabot PRs
50+ terraform-plan-and-apply-dev :
51+ permissions :
52+ contents : read
53+ id-token : write
54+ if : github.event.pull_request.draft == false && github.event.pull_request.user.login != 'dependabot[bot]' && contains(github.event.pull_request.labels.*.name, 'deploy-dev')
55+ needs : build-and-test
56+ environment : Development
57+ runs-on : ubuntu-latest
58+ concurrency :
59+ group : ${{ github.repository }}-dev
60+ steps :
61+ - uses : frasermolyneux/actions/terraform-plan-and-apply@main
62+ with :
63+ terraform-folder : " terraform"
64+ terraform-var-file : " tfvars/dev.tfvars"
65+ terraform-backend-file : " backends/dev.backend.hcl"
66+ AZURE_CLIENT_ID : ${{ vars.AZURE_CLIENT_ID }}
67+ AZURE_TENANT_ID : ${{ vars.AZURE_TENANT_ID }}
68+ AZURE_SUBSCRIPTION_ID : ${{ vars.AZURE_SUBSCRIPTION_ID }}
69+
70+ - id : terraform-output
71+ shell : bash
72+ run : |
73+ cd terraform
74+ echo "function_app_name=$(terraform output -raw function_app_name)" >> $GITHUB_OUTPUT
75+ echo "resource_group_name=$(terraform output -raw resource_group_name)" >> $GITHUB_OUTPUT
76+ env :
77+ ARM_CLIENT_ID : ${{ vars.AZURE_CLIENT_ID }}
78+ ARM_SUBSCRIPTION_ID : ${{ vars.AZURE_SUBSCRIPTION_ID }}
79+ ARM_TENANT_ID : ${{ vars.AZURE_TENANT_ID }}
80+ ARM_USE_AZUREAD : true
81+ ARM_USE_OIDC : true
82+
83+ outputs :
84+ function_app_name : ${{ steps.terraform-output.outputs.function_app_name }}
85+ resource_group_name : ${{ steps.terraform-output.outputs.resource_group_name }}
86+
87+ function-app-deploy-dev :
88+ permissions :
89+ contents : read
90+ id-token : write
91+ if : github.event.pull_request.draft == false && github.event.pull_request.user.login != 'dependabot[bot]' && contains(github.event.pull_request.labels.*.name, 'deploy-dev')
92+ environment : Development
93+ needs : [build-and-test, terraform-plan-and-apply-dev]
94+ runs-on : ubuntu-latest
95+ concurrency :
96+ group : ${{ github.repository }}-dev
97+ steps :
98+ - uses : frasermolyneux/actions/deploy-function-app@main
99+ with :
100+ function-app-artifact-name : " XtremeIdiots.Portal.Repository.App"
101+ function-app-name : ${{ needs.terraform-plan-and-apply-dev.outputs.function_app_name }}
102+ function-app-resource-group : ${{ needs.terraform-plan-and-apply-dev.outputs.resource_group_name }}
103+ AZURE_CLIENT_ID : ${{ vars.AZURE_CLIENT_ID }}
104+ AZURE_TENANT_ID : ${{ vars.AZURE_TENANT_ID }}
105+ AZURE_SUBSCRIPTION_ID : ${{ vars.AZURE_SUBSCRIPTION_ID }}
106+
61107 terraform-plan-prd :
62108 permissions :
63109 contents : read
64110 id-token : write
65- if : github.event.pull_request.draft == false && github.actor != 'dependabot[bot]' && contains(github.event.pull_request.labels.*.name, 'run-prd-plan') && (!startsWith(github.head_ref, 'copilot/') || contains(github.event.pull_request.labels.*.name, 'run-dev-plan') )
66- needs : terraform-plan-dev
111+ if : github.event.pull_request.draft == false && github.event.pull_request.user.login != 'dependabot[bot]' && contains(github.event.pull_request.labels.*.name, 'run-prd-plan')
112+ needs : build-and-test
67113 environment : Production
68114 runs-on : ubuntu-latest
69115 concurrency :
0 commit comments