Skip to content

Updating workflow to integrate with GH action. #1427

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 6 commits into
base: develop
Choose a base branch
from
Open

Updating workflow to integrate with GH action. #1427

Changes from 2 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
ba99748
Added workflow check for circleci.
richardgaunt Sep 22, 2025
938465a
Update .github/workflows/build-deploy.yml
richardgaunt Sep 22, 2025
9175202
Updated webhook from CircleCI to trigger GH workflow.
richardgaunt Sep 22, 2025
4c8a46e
Update .circleci/config.yml
richardgaunt Sep 22, 2025
1b79c9c
Update .github/workflows/build-deploy.yml
richardgaunt Sep 22, 2025
750634f
Add Quant Cloud migration configuration
stooit Sep 25, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 19 additions & 13 deletions .github/workflows/build-deploy.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,146 +1,152 @@
name: Build and Push civictheme-monorepo-drupal to Quant Cloud
'on':
push:
branches:
- main
- master
- develop
- quant-cloud-migration
- feature/*
- pr-*
- content/*
tags:
- '*'
pull_request:
branches: '*'
# Manual trigger for testing and emergency deployments
workflow_dispatch:

# Trigger when CircleCI check suite completes successfully
check_suite:
types: [completed]

# Alternative: Use status event for the specific CircleCI workflow check
status:

concurrency:
group: build-and-push-${{ github.ref }}
cancel-in-progress: true

jobs:
build-and-push:
# Only run when triggered by successful CircleCI checks or manual dispatch
if: |
(github.event_name == 'check_suite' &&
github.event.check_suite.app.slug == 'circleci-checks' &&
github.event.check_suite.conclusion == 'success') ||
(github.event_name == 'status' &&
startsWith(github.event.context, 'ci/circleci:') &&
github.event.state == 'success' &&
(github.event.sender.login == 'circleci' || github.actor == 'circleci[bot]')) ||
github.event_name == 'workflow_dispatch'
runs-on: ubuntu-latest
steps:

- name: Checkout code
uses: actions/checkout@v4

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Initialize Quant Cloud
uses: quantcdn/[email protected]
id: init
with:
quant_organization: ${{ secrets.QUANT_ORGANIZATION }}
quant_api_key: ${{ secrets.QUANT_API_KEY }}
quant_application: civictheme-monorepo-drupal
master_branch_override: main

- name: Override outputs for quant-cloud-migration branch
id: override-outputs
run: |-
# Override outputs for quant-cloud-migration branch to treat it as production
if [[ "${{ github.ref }}" == "refs/heads/quant-cloud-migration" ]]; then
echo "image_suffix=-latest" >> $GITHUB_OUTPUT
echo "image_suffix_clean=latest" >> $GITHUB_OUTPUT
echo "is_production=true" >> $GITHUB_OUTPUT
echo "environment_name=production" >> $GITHUB_OUTPUT
echo "environment_exists=true" >> $GITHUB_OUTPUT
echo "Overriding outputs for quant-cloud-migration branch: using -latest suffix and production environment"
else
# Use the original action outputs
echo "image_suffix=${{ steps.init.outputs.image_suffix }}" >> $GITHUB_OUTPUT
# Remove leading hyphen from image_suffix for image_suffix parameter
suffix="${{ steps.init.outputs.image_suffix }}"
clean_suffix="${suffix#-}"
echo "image_suffix_clean=$clean_suffix" >> $GITHUB_OUTPUT
echo "is_production=${{ steps.init.outputs.is_production }}" >> $GITHUB_OUTPUT
echo "environment_name=${{ steps.init.outputs.environment_name }}" >> $GITHUB_OUTPUT
echo "environment_exists=${{ steps.init.outputs.environment_exists }}" >> $GITHUB_OUTPUT
fi

- name: Build and push cli image
uses: docker/build-push-action@v5
with:
context: .
file: ./.docker/cli.dockerfile
platforms: linux/arm64
push: true
tags: ${{ steps.init.outputs.stripped_endpoint }}/${{ secrets.QUANT_ORGANIZATION }}/${{ steps.init.outputs.quant_application
}}:cli${{ steps.override-outputs.outputs.image_suffix }}
cache-from: |-
type=gha
type=registry,ref=${{ steps.init.outputs.stripped_endpoint }}/${{ secrets.QUANT_ORGANIZATION }}/${{ steps.init.outputs.quant_application }}:cli-cache
cache-to: type=gha,mode=max
build-args: CLI_IMAGE=${{ steps.init.outputs.stripped_endpoint }}/${{ secrets.QUANT_ORGANIZATION }}/${{ steps.init.outputs.quant_application
}}:cli${{ steps.override-outputs.outputs.image_suffix }}

- name: Build and push nginx image
uses: docker/build-push-action@v5
with:
context: .
file: ./.docker/nginx-drupal.dockerfile
platforms: linux/arm64
push: true
tags: ${{ steps.init.outputs.stripped_endpoint }}/${{ secrets.QUANT_ORGANIZATION }}/${{ steps.init.outputs.quant_application
}}:nginx${{ steps.override-outputs.outputs.image_suffix }}
cache-from: |-
type=gha
type=registry,ref=${{ steps.init.outputs.stripped_endpoint }}/${{ secrets.QUANT_ORGANIZATION }}/${{ steps.init.outputs.quant_application }}:nginx-cache
cache-to: type=gha,mode=max
build-args: CLI_IMAGE=${{ steps.init.outputs.stripped_endpoint }}/${{ secrets.QUANT_ORGANIZATION }}/${{ steps.init.outputs.quant_application
}}:cli${{ steps.override-outputs.outputs.image_suffix }}

- name: Build and push php image
uses: docker/build-push-action@v5
with:
context: .
file: ./.docker/php.dockerfile
platforms: linux/arm64
push: true
tags: ${{ steps.init.outputs.stripped_endpoint }}/${{ secrets.QUANT_ORGANIZATION }}/${{ steps.init.outputs.quant_application
}}:php${{ steps.override-outputs.outputs.image_suffix }}
cache-from: |-
type=gha
type=registry,ref=${{ steps.init.outputs.stripped_endpoint }}/${{ secrets.QUANT_ORGANIZATION }}/${{ steps.init.outputs.quant_application }}:php-cache
cache-to: type=gha,mode=max
build-args: CLI_IMAGE=${{ steps.init.outputs.stripped_endpoint }}/${{ secrets.QUANT_ORGANIZATION }}/${{ steps.init.outputs.quant_application
}}:cli${{ steps.override-outputs.outputs.image_suffix }}

- name: Create environment if it doesn't exist
if: ${{ !startsWith(github.ref, 'refs/tags/') && steps.override-outputs.outputs.environment_exists == 'false' }}
uses: quantcdn/[email protected]
with:
api_key: ${{ secrets.QUANT_API_KEY }}
organization: ${{ secrets.QUANT_ORGANIZATION }}
app_name: ${{ steps.init.outputs.quant_application }}
environment_name: ${{ steps.override-outputs.outputs.environment_name }}
from_environment: production
image_suffix: ${{ steps.override-outputs.outputs.image_suffix_clean }}

- name: Sync database from production to new environment
if: ${{ !startsWith(github.ref, 'refs/tags/') && steps.override-outputs.outputs.environment_exists == 'false' && steps.override-outputs.outputs.environment_name
!= 'production' }}
uses: quantcdn/[email protected]
with:
api_key: ${{ secrets.QUANT_API_KEY }}
organization: ${{ secrets.QUANT_ORGANIZATION }}
app_name: ${{ steps.init.outputs.quant_application }}
environment_name: ${{ steps.override-outputs.outputs.environment_name }}
source: production
type: database
wait: true
wait_interval: 10
max_retries: 30

- name: Redeploy existing environment
if: ${{ !startsWith(github.ref, 'refs/tags/') && steps.override-outputs.outputs.environment_exists == 'true' }}
uses: quantcdn/quant-cloud-environment-state-action@v1
with:
api_key: ${{ secrets.QUANT_API_KEY }}
organization: ${{ secrets.QUANT_ORGANIZATION }}
application: ${{ steps.init.outputs.quant_application }}
environment: ${{ steps.override-outputs.outputs.environment_name }}
action: redeploy

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}