From 88c47d2d07cc086dc4f087a08808e6db66b1502c Mon Sep 17 00:00:00 2001
From: Rocket <rocketnova@users.noreply.github.com>
Date: Mon, 8 Apr 2024 12:24:14 -0700
Subject: [PATCH] Explain CI/CD flow and files (#580)

---
 .github/workflows/README.md | 47 +++++++++++++++++++++++++++++++++++++
 1 file changed, 47 insertions(+)

diff --git a/.github/workflows/README.md b/.github/workflows/README.md
index e69de29b..d10928f7 100644
--- a/.github/workflows/README.md
+++ b/.github/workflows/README.md
@@ -0,0 +1,47 @@
+# CI/CD
+
+The CI/CD for this project uses [reusable Github Actions workflows](https://docs.github.com/en/actions/using-workflows/reusing-workflows).
+
+## 🧪 CI
+
+### Per app workflows
+
+Each app should have:
+
+- `ci-[app_name]`: must be created; should run linting and testing
+- `ci-[app_name]-vulnerability-scans`: calls `vulnerability-scans`
+  - Based on [ci-app-vulnerability-scans](https://github.com/navapbc/template-infra/blob/main/.github/workflows/ci-app-vulnerability-scans.yml)
+
+### App-agnostic workflows
+
+- [`ci-docs`](./ci-docs.yml): runs markdown linting on all markdown files in the file
+  - Configure in [markdownlint-config.json](./markdownlint-config.json)
+- [`ci-infra`](./ci-infra.yml): run infrastructure CI checks
+
+## 🚢 CD
+
+Each app should have:
+
+- `cd-[app_name]`: deploys an application
+  - Based on [`cd-app`](https://github.com/navapbc/template-infra/blob/main/.github/workflows/cd-app.yml)
+
+The CD workflow uses these reusable workflows:
+
+- [`deploy`](./deploy.yml): deploys an application
+- [`database-migrations`](./database-migrations.yml): runs database migrations for an application
+- [`build-and-publish`](./build-and-publish.yml): builds a container image for an application and publishes it to an image repository
+
+```mermaid
+graph TD
+  cd-app
+  deploy
+  database-migrations
+  build-and-publish
+
+  cd-app-->|calls|deploy-->|calls|database-migrations-->|calls|build-and-publish
+```
+
+## ⛑️ Helper workflows
+
+- [`check-infra-auth`](./check-infra-auth.yml): verifes that the project's Github repo is able to connect to AWS
+