fix: make configuration docs AOT-safe (#196) (#203) #21
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy to Production | |
| on: | |
| push: | |
| branches: [trunk] | |
| tags: ['v*'] | |
| workflow_dispatch: | |
| inputs: | |
| environment: | |
| description: 'Deployment environment' | |
| required: true | |
| default: 'staging' | |
| type: choice | |
| options: | |
| - staging | |
| - production | |
| deployment_strategy: | |
| description: 'Deployment strategy' | |
| required: true | |
| default: 'rolling' | |
| type: choice | |
| options: | |
| - rolling | |
| - blue-green | |
| - canary | |
| force_deploy: | |
| description: 'Force deployment even if tests fail' | |
| required: false | |
| default: false | |
| type: boolean | |
| env: | |
| DOTNET_VERSION: '10.0.x' | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository }} | |
| jobs: | |
| build-and-push: | |
| name: Build & Push Container Image | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| security-events: write | |
| outputs: | |
| image-digest: ${{ steps.build.outputs.digest }} | |
| image-tag: ${{ steps.meta.outputs.tags }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v4 | |
| - name: Log in to Container Registry | |
| uses: docker/login-action@v4 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract metadata | |
| id: meta | |
| uses: docker/metadata-action@v6 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=sha,prefix={{branch}}- | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - name: Build and push | |
| id: build | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| platforms: linux/amd64,linux/arm64 | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| provenance: true | |
| sbom: true | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build.outputs.digest }} | |
| format: 'sarif' | |
| output: 'trivy-results.sarif' | |
| - name: Upload Trivy scan results to GitHub Security | |
| uses: github/codeql-action/upload-sarif@v4 | |
| if: always() | |
| with: | |
| sarif_file: 'trivy-results.sarif' | |
| deploy-staging: | |
| name: Deploy to Staging | |
| runs-on: ubuntu-latest | |
| needs: build-and-push | |
| if: github.ref == 'refs/heads/trunk' || github.event_name == 'workflow_dispatch' | |
| environment: | |
| name: staging | |
| url: ${{ steps.deploy.outputs.url }} | |
| steps: | |
| - name: Deploy to staging | |
| id: deploy | |
| run: | | |
| echo "Deploying ${{ needs.build-and-push.outputs.image-tag }} to staging..." | |
| # This would integrate with your deployment platform (K8s, Docker Swarm, etc.) | |
| echo "url=https://staging.honua.example.com" >> $GITHUB_OUTPUT | |
| - name: Run smoke tests | |
| run: | | |
| echo "Running smoke tests against staging..." | |
| # Add actual smoke test commands here | |
| curl -f https://staging.honua.example.com/healthz/live || exit 1 | |
| curl -f https://staging.honua.example.com/healthz/ready || exit 1 | |
| deploy-production: | |
| name: Deploy to Production | |
| runs-on: ubuntu-latest | |
| needs: [build-and-push, deploy-staging] | |
| if: startsWith(github.ref, 'refs/tags/v') || (github.event_name == 'workflow_dispatch' && inputs.environment == 'production') | |
| environment: | |
| name: production | |
| url: ${{ steps.deploy.outputs.url }} | |
| steps: | |
| - name: Checkout deployment scripts | |
| uses: actions/checkout@v4 | |
| - name: Setup deployment tools | |
| run: | | |
| # Install kubectl, helm, or other deployment tools | |
| echo "Setting up deployment tools..." | |
| - name: Deploy with selected strategy | |
| id: deploy | |
| env: | |
| STRATEGY: ${{ inputs.deployment_strategy || 'rolling' }} | |
| IMAGE: ${{ needs.build-and-push.outputs.image-tag }} | |
| run: | | |
| echo "Deploying $IMAGE to production using $STRATEGY strategy..." | |
| case $STRATEGY in | |
| "blue-green") | |
| echo "Implementing blue-green deployment..." | |
| # Blue-green deployment logic | |
| ./scripts/deploy-blue-green.sh "$IMAGE" | |
| ;; | |
| "canary") | |
| echo "Implementing canary deployment..." | |
| # Canary deployment logic | |
| ./scripts/deploy-canary.sh "$IMAGE" | |
| ;; | |
| *) | |
| echo "Implementing rolling deployment..." | |
| # Rolling deployment logic | |
| ./scripts/deploy-rolling.sh "$IMAGE" | |
| ;; | |
| esac | |
| echo "url=https://api.honua.example.com" >> $GITHUB_OUTPUT | |
| - name: Run production health checks | |
| run: | | |
| echo "Running production health checks..." | |
| # Comprehensive health checks | |
| ./scripts/production-health-check.sh | |
| - name: Post-deployment verification | |
| run: | | |
| echo "Running post-deployment verification..." | |
| # API contract tests, performance benchmarks, etc. | |
| ./scripts/post-deployment-verification.sh | |
| rollback: | |
| name: Rollback on Failure | |
| runs-on: ubuntu-latest | |
| needs: deploy-production | |
| if: failure() && !inputs.force_deploy | |
| environment: | |
| name: production | |
| steps: | |
| - name: Checkout rollback scripts | |
| uses: actions/checkout@v4 | |
| - name: Rollback deployment | |
| run: | | |
| echo "Rolling back due to deployment failure..." | |
| ./scripts/rollback-deployment.sh | |
| - name: Verify rollback | |
| run: | | |
| echo "Verifying rollback success..." | |
| ./scripts/production-health-check.sh | |
| - name: Notify team of rollback | |
| run: | | |
| echo "Notifying team of automatic rollback..." | |
| # Add notification logic (Slack, email, etc.) |