feat: implement dynamic config for manager #954
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy | |
| on: | |
| push: | |
| branches: | |
| - main | |
| tags: | |
| - "*" | |
| paths: | |
| - ".github/workflows/deploy.yml" | |
| - ".github/workflows/terraform.yml" | |
| - "cmd/**" | |
| - "deploy/**" | |
| - "internal/**" | |
| - "pkg/**" | |
| pull_request: | |
| branches: [main] | |
| workflow_run: | |
| workflows: [Releaser] | |
| types: [completed] | |
| branches: [main] | |
| workflow_dispatch: | |
| inputs: | |
| environment: | |
| type: choice | |
| description: Environment | |
| options: | |
| - staging | |
| - production | |
| permissions: | |
| id-token: write # This is required for requesting the JWT | |
| contents: read # This is required for actions/checkout | |
| jobs: | |
| # always deploy to staging | |
| staging: | |
| uses: ./.github/workflows/terraform.yml | |
| with: | |
| env: staging | |
| workspace: staging | |
| apply: ${{ github.event_name != 'pull_request' }} | |
| network: staging | |
| indexing-service-did: ${{ vars.STAGING_INDEXING_SERVICE_DID }} | |
| indexing-service-url: ${{ vars.STAGING_INDEXING_SERVICE_URL }} | |
| principal-mapping: ${{ vars.STAGING_PRINCIPAL_MAPPING }} | |
| blob-bucket-key-pattern: ${{ vars.STAGING_BLOB_BUCKET_KEY_PATTERN }} | |
| use-external-blob-bucket: ${{ vars.STAGING_USE_EXTERNAL_BLOB_BUCKET == 'true' }} | |
| external-blob-bucket-endpoint: ${{ vars.STAGING_EXTERNAL_BLOB_BUCKET_ENDPOINT }} | |
| external-blob-bucket-region: ${{ vars.STAGING_EXTERNAL_BLOB_BUCKET_REGION }} | |
| external-blob-bucket-name: ${{ vars.STAGING_EXTERNAL_BLOB_BUCKET_NAME }} | |
| external-blob-bucket-domain: ${{ vars.STAGING_EXTERNAL_BLOB_BUCKET_DOMAIN }} | |
| ipni-announce-urls: ${{ vars.STAGING_IPNI_ANNOUNCE_URLS }} | |
| secrets: | |
| aws-account-id: ${{ secrets.STAGING_AWS_ACCOUNT_ID }} | |
| aws-region: ${{ secrets.STAGING_AWS_REGION }} | |
| region: ${{ secrets.STAGING_AWS_REGION }} | |
| allowed-account-ids: ${{ secrets.STAGING_ALLOWED_ACCOUNT_IDS }} | |
| private-key: ${{ secrets.STAGING_PRIVATE_KEY }} | |
| indexing-service-proof: ${{ secrets.STAGING_INDEXING_SERVICE_PROOF }} | |
| external-blob-bucket-access-key-id: ${{ secrets.STAGING_EXTERNAL_BLOB_BUCKET_ACCESS_KEY_ID }} | |
| external-blob-bucket-secret-access-key: ${{ secrets.STAGING_EXTERNAL_BLOB_BUCKET_SECRET_ACCESS_KEY }} | |
| sentry-dsn: ${{ secrets.SENTRY_DSN }} | |
| # deploy to prod on new releases | |
| production: | |
| if: ${{ (github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'success') || (github.event_name == 'workflow_dispatch' && github.event.inputs.environment == 'production') }} | |
| uses: ./.github/workflows/terraform.yml | |
| with: | |
| env: production | |
| workspace: prod | |
| apply: true | |
| network: prod | |
| indexing-service-did: ${{ vars.PROD_INDEXING_SERVICE_DID }} | |
| indexing-service-url: ${{ vars.PROD_INDEXING_SERVICE_URL }} | |
| principal-mapping: ${{ vars.PROD_PRINCIPAL_MAPPING }} | |
| blob-bucket-key-pattern: ${{ vars.PROD_BLOB_BUCKET_KEY_PATTERN }} | |
| use-external-blob-bucket: ${{ vars.PROD_USE_EXTERNAL_BLOB_BUCKET == 'true' }} | |
| external-blob-bucket-endpoint: ${{ vars.PROD_EXTERNAL_BLOB_BUCKET_ENDPOINT }} | |
| external-blob-bucket-region: ${{ vars.PROD_EXTERNAL_BLOB_BUCKET_REGION }} | |
| external-blob-bucket-name: ${{ vars.PROD_EXTERNAL_BLOB_BUCKET_NAME }} | |
| external-blob-bucket-domain: ${{ vars.PROD_EXTERNAL_BLOB_BUCKET_DOMAIN }} | |
| ipni-announce-urls: ${{ vars.PROD_IPNI_ANNOUNCE_URLS }} | |
| secrets: | |
| aws-account-id: ${{ secrets.PROD_AWS_ACCOUNT_ID }} | |
| aws-region: ${{ secrets.PROD_AWS_REGION }} | |
| region: ${{ secrets.PROD_AWS_REGION }} | |
| allowed-account-ids: ${{ secrets.PROD_ALLOWED_ACCOUNT_IDS }} | |
| private-key: ${{ secrets.PROD_PRIVATE_KEY }} | |
| indexing-service-proof: ${{ secrets.PROD_INDEXING_SERVICE_PROOF }} | |
| external-blob-bucket-access-key-id: ${{ secrets.PROD_EXTERNAL_BLOB_BUCKET_ACCESS_KEY_ID }} | |
| external-blob-bucket-secret-access-key: ${{ secrets.PROD_EXTERNAL_BLOB_BUCKET_SECRET_ACCESS_KEY }} | |
| sentry-dsn: ${{ secrets.SENTRY_DSN }} |