Add SDLC workflow

Emil Matyjaszewski · Emil Matyjaszewski · commit b6b7fa1c8aa7 · 2025-06-25T14:33:31.000+02:00
diff --git a/.github/workflows/sdlc-push.yml b/.github/workflows/sdlc-push.yml
@@ -0,0 +1,75 @@
+name: SDLC - Branch push
+
+on:
+  push:
+    branches:
+      - "**"
+
+jobs:
+  prepare-docker:
+    name: "Prepare Docker image tag"
+    runs-on: ubuntu-latest
+    outputs:
+      docker_image_tag: ${{ steps.sanitize-branch.outputs.docker_image_tag }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Get current branch name
+        id: get-branch
+        run: |
+          if [[ "${GITHUB_REF}" == refs/pull/*/merge ]]; then
+            BRANCH_NAME="${GITHUB_HEAD_REF}"
+          else
+            BRANCH_NAME="${GITHUB_REF_NAME}"
+          fi
+          echo "branch_name=$BRANCH_NAME" >> $GITHUB_OUTPUT
+
+      - name: Sanitize branch name for Docker
+        id: sanitize-branch
+        run: |
+          SAFE_BRANCH=$(echo "${{ steps.get-branch.outputs.branch_name }}" | tr '[:upper:]' '[:lower:]' | sed 's#[^a-z0-9_.-]#-#g')
+          echo "docker_image_tag=$SAFE_BRANCH" >> $GITHUB_OUTPUT
+
+  build-push:
+    name: "Build & push image"
+    runs-on: ubuntu-latest
+    needs: [prepare-docker]
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Build and push image
+        run: |
+          IMAGE_TAG="${{ needs.prepare-docker.outputs.docker_image_tag }}"
+          docker buildx create --use
+          docker buildx build \
+            --cache-from ${{ vars.DOCKERHUB_ORGANIZATION }}/${{ vars.DOCKERHUB_REPOSITORY }}:cache-develop \
+            --cache-from ${{ vars.DOCKERHUB_ORGANIZATION }}/${{ vars.DOCKERHUB_REPOSITORY }}:cache-$IMAGE_TAG \
+            --cache-to ${{ vars.DOCKERHUB_ORGANIZATION }}/${{ vars.DOCKERHUB_REPOSITORY }}:cache-$IMAGE_TAG \
+            -t ${{ vars.DOCKERHUB_ORGANIZATION }}/${{ vars.DOCKERHUB_REPOSITORY }}:$IMAGE_TAG \
+            -f ./docker/Dockerfile \
+            --push \
+            ./
+
+  deploy:
+    name: "Trigger deployment"
+    if: github.ref == 'refs/heads/develop'
+    needs: [build-push]
+    uses: ./.github/workflows/trigger-azure-pipeline.yml
+    with:
+      azure-organization: ${{ vars.AZURE_ORGANIZATION }}
+      azure-project: ${{ vars.AZURE_PROJECT }}
+      azure-pipeline-id: ${{ vars.AZURE_PIPELINE_ID_DEVELOP }}
+      image-tag: "develop"
+    secrets:
+      azure-pat: ${{ secrets.AZURE_PAT }}
diff --git a/.github/workflows/sdlc-version-create.yml b/.github/workflows/sdlc-version-create.yml
@@ -0,0 +1,50 @@
+name: SDLC - Version create
+
+on:
+  push:
+    tags:
+      - '[0-9]+.[0-9]+.[0-9]+*' # Allows semver format and any suffix (i.e. 'rc1')
+
+jobs:
+  prepare-version:
+    name: "Prepare version number"
+    runs-on: ubuntu-latest
+    outputs:
+      version: ${{ steps.version.outputs.version }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Extract tag
+        id: version
+        run: |
+          TAG_NAME="${GITHUB_REF#refs/tags/}"
+          echo "Extracted tag: $TAG_NAME"
+          echo "version=$TAG_NAME" >> $GITHUB_OUTPUT
+
+  build-push:
+    name: "Build & push image"
+    runs-on: ubuntu-latest
+    needs: [prepare-version]
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Build and push versioned image
+        run: |
+          IMAGE_TAG="${{ needs.prepare-version.outputs.version }}"
+          docker buildx create --use
+          docker buildx build \
+            --cache-from ${{ vars.DOCKERHUB_ORGANIZATION }}/${{ vars.DOCKERHUB_REPOSITORY }}:cache-develop \
+            --cache-from ${{ vars.DOCKERHUB_ORGANIZATION }}/${{ vars.DOCKERHUB_REPOSITORY }}:cache-$IMAGE_TAG \
+            --cache-to ${{ vars.DOCKERHUB_ORGANIZATION }}/${{ vars.DOCKERHUB_REPOSITORY }}:cache-$IMAGE_TAG \
+            -t ${{ vars.DOCKERHUB_ORGANIZATION }}/${{ vars.DOCKERHUB_REPOSITORY }}:$IMAGE_TAG \
+            -f ./docker/Dockerfile \
+            --push \
+            ./
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -159,73 +159,3 @@ jobs:
           token: ${{ secrets.CODECOV_TOKEN }}
           verbose: false
           name: codecov-${{env.GITHUB_REF_NAME}}
-
-  release:
-    needs: [ test ]
-    runs-on: ubuntu-latest
-    services:
-      redis1:
-        image: redis:7.4.0
-        ports:
-          - 5379:6379
-      db1:
-        image: postgres:14
-        env:
-          POSTGRES_HOST: db1
-          POSTGRES_DATABASE: country_workspace
-          POSTGRES_PASSWORD: postgres
-          POSTGRES_USERNAME: postgres
-        ports:
-          - 4432:5432
-        options: >-
-          --health-cmd pg_isready
-          --health-interval 10s
-          --health-timeout 5s
-          --health-retries 5
-    env:
-      DOCKER_DEFAULT_PLATFORM: linux/amd64
-      DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index
-      DATABASE_URL: postgres://postgres:postgres@localhost:4432/country_workspace
-      CELERY_BROKER_URL: redis://localhost:5379/1
-      CACHE_URL: redis://localhost:5379/2
-      DOCKER_BUILDKIT: 1
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-      - name: DockerHub login
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: Build Distro
-        run: |
-            docker build \
-                --target dist \
-                --cache-from "type=gha" \
-                --cache-to "type=gha,mode=max" \
-                --build-arg "GIT_SHA=${{needs.test.outputs.commit}}" \
-                --build-arg "BUILD_DATE=${{needs.test.outputs.build_date}}" \
-                --build-arg "BRANCH=${{needs.test.outputs.branch}}" \
-                -t ${{needs.test.outputs.image}} \
-                -f docker/Dockerfile .
-#
-#      - name: Docker Integrity Check
-#        run: |
-#            docker run --rm \
-#              --network host \
-#              -e DATABASE_URL=${DATABASE_URL} \
-#              -e CELERY_BROKER_URL=${CELERY_BROKER_URL} \
-#              -e CACHE_URL=${CACHE_URL} \
-#              -e SECRET_KEY=super-secret-key-just-for-testing \
-#              -e HOPE_API_URL="https://dev-hope.unitst.org/api/rest/" \
-#              -e HOPE_API_TOKEN=${{ secrets.HOPE_API_TOKEN }} \
-#              -e AURORA_API_URL="https://uni-hope-ukr-sr-dev.unitst.org/api/" \
-#              -e AURORA_API_TOKEN=${{ secrets.AURORA_API_TOKEN }} \
-#              -t ${{needs.test.outputs.image}} \
-#              django-admin upgrade
-
-      - name: Publish images
-        run: |
-            docker push ${{needs.test.outputs.image}}
-            docker inspect ${{needs.test.outputs.image}} | jq -r '.[0].Config.Labels'
-            echo "::notice::✅ Image ${{needs.test.outputs.image}} built and pushed"
diff --git a/.github/workflows/trigger-azure-pipeline.yml b/.github/workflows/trigger-azure-pipeline.yml
@@ -0,0 +1,53 @@
+name: Trigger pipeline in Azure Pipelines
+
+on:
+  workflow_call:
+    inputs:
+      azure-organization:
+        required: true
+        type: string
+      azure-project:
+        required: true
+        type: string
+      azure-pipeline-id:
+        required: true
+        type: string
+      image-tag:
+        required: true
+        type: string
+    secrets:
+      azure-pat:
+        required: true
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Trigger deploy
+        run: |
+          pipelineId=${{ inputs.azure-pipeline-id }}
+
+          IFS=',' read -ra pipelines <<< "$pipelineId"
+          for pipeline in "${pipelines[@]}"; do
+            jsonBody='{"variables": {"sha": {"isSecret": false, "value": "${{ github.sha }}"}, "tag": {"isSecret": false, "value": "${{ inputs.image-tag }}"}}}'
+            contentLength=$(echo -n $jsonBody | wc -c)
+            organization=${{ inputs.azure-organization }}
+            project=${{ inputs.azure-project }}
+
+            echo Triggering deploy for pipeline $pipeline
+            echo JSON body: $jsonBody
+
+            curl -f -v -L \
+              -u ":${{ secrets.azure-pat }}" \
+              -H "Content-Type: application/json" \
+              -H "Content-Length: $contentLength" \
+              -d "$jsonBody" \
+              https://dev.azure.com/$organization/$project/_apis/pipelines/$pipeline/runs?api-version=7.1-preview.1
+            if [ $? -ne 0 ]; then
+              echo "Failed to trigger deploy for pipeline $pipeline"
+              exit 1
+            fi
+          done
