deploy-production.yml: allow workflow_dispatch on arbitrary image digest

aodn · Dec 11, 2023 · ed3cf0e · ed3cf0e
1 parent 6b4dfaa
commit ed3cf0e
Showing 1 changed file with 27 additions and 14 deletions.
diff --git a/.github/workflows/deploy-production.yml b/.github/workflows/deploy-production.yml
@@ -5,19 +5,44 @@ on:
       types:
         - published
   workflow_dispatch:
+    inputs:
+      image_digest:
+        description: The sha256 digest of the docker image to use
+        required: true
+        type: string
 
 permissions:
   id-token: write
   contents: read
 
 jobs:
+  get_image_metadata:
+    runs-on: ubuntu-latest
+    environment: production
+    if: github.event != 'workflow_dispatch'
+    outputs:
+      image_digest: ${{ steps.set_image_digest.outputs.image_digest }}
+    steps:
+      - name: Get Image Metadata from Release
+        uses: dsaltares/fetch-gh-release-asset@master
+        with:
+          version: ${{ github.event.release.id ||  }}
+          file: metadata.json
+
+      - name: Set Image Digest from Metadata
+        id: set_image_digest
+        run: |
+          image_digest=$(cat metadata.json | jq -r '."containerimage.digest"')
+          echo "image_digest=$image_digest" >> $GITHUB_OUTPUT
+
   production_deploy:
     runs-on: ubuntu-latest
     environment: production
     env:
       tf_version: '1.5.7'
       tg_version: '0.54.0'
       tg_dir: './deploy/tg'
+    needs: [get_image_metadata]
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -29,18 +54,6 @@ jobs:
           aws-region: ${{ vars.AWS_REGION }}
           role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
 
-      - name: Get Image Metadata from Release
-        uses: dsaltares/fetch-gh-release-asset@master
-        with:
-          version: ${{ github.event.release.id || github.ref_name }}
-          file: metadata.json
-
-      - name: Set Image Digest from Metadata
-        id: set_image_digest
-        run: |
-          image_digest=$(cat metadata.json | jq -r '."containerimage.digest"')
-          echo "image_digest=$image_digest" >> $GITHUB_OUTPUT
-
       - name: Expose github environment as shell variables
         env:
           SECRETS_CONTEXT: ${{ toJson(secrets) }}
@@ -74,7 +87,7 @@ jobs:
           TF_INPUT: 0
           TF_IN_AUTOMATION: true
           # get the image digest from the build job with optional override from vars context
-          TF_VAR_image: ${{ vars.IMAGE || steps.set_image_digest.outputs.image_digest }}
+          TF_VAR_image: ${{ vars.IMAGE || needs.get_image_metadata.outputs.image_digest || inputs.image_digest }}
 
       - name: Terragrunt Apply
         id: terragrunt_apply
@@ -84,4 +97,4 @@ jobs:
           TF_INPUT: 0
           TF_IN_AUTOMATION: true
           # get the image digest from the build job with optional override from vars context
-          TF_VAR_image: ${{ vars.IMAGE || steps.set_image_digest.outputs.image_digest }}
+          TF_VAR_image: ${{ vars.IMAGE || needs.get_image_metadata.outputs.image_digest || inputs.image_digest }}