chore(ci): prod deploy on gh release

.github/workflows/merge-demo.yml

@@ -1,4 +1,4 @@
-name: Deploy to Demo
+name: DEMO (merge)
 
 on:
   push:
@@ -42,7 +42,7 @@ jobs:
           token: ${{ secrets.GITHUB_TOKEN }}
 
   deploy:
-    name: Deploy (Demo)
+    name: Deploy (DEMO)
     needs: [build]
     secrets: inherit
     uses: ./.github/workflows/.deploy.yml

.github/workflows/merge-main.yml

@@ -1,4 +1,4 @@
-name: Merge to Main
+name: TEST (merge)
 
 on:
   push:
@@ -15,8 +15,8 @@ concurrency:
 permissions: {}
 
 jobs:
-  deploy-test:
-    name: Deploy (Test)
+  deploy:
+    name: Deploy (TEST)
     secrets: inherit
     uses: ./.github/workflows/.deploy.yml
     with:
@@ -28,71 +28,3 @@ jobs:
       logout_chain_url: https://logontest7.gov.bc.ca/clp-cgi/logoff.cgi?retnow=1&returl=https://test.loginproxy.gov.bc.ca/auth/realms/standard/protocol/openid-connect/logout?redirect_uri=
       target: test
       url: fom-test.nrs.gov.bc.ca
-
-  # deploy-prod:
-  #   name: PROD Deploys
-  #   needs: [deploy-test, vars]
-  #   environment: prod
-  #   env:
-  #     ZONE: prod
-  #   runs-on: ubuntu-24.04
-  #   timeout-minutes: 10
-  #   strategy:
-  #     matrix:
-  #       name: [api, admin, db, init, public]
-  #       include:
-  #         - name: api
-  #           file: api/openshift.deploy.yml
-  #           oc_version: "4.13"
-  #           overwrite: true
-  #           parameters:
-  #             -p URL=fom.nrs.gov.bc.ca
-  #             -p AWS_USER_POOLS_WEB_CLIENT_ID="4bu2n8at3m32a2fqnvd4t06la1"
-  #             -p LOGOUT_CHAIN_URL="https://logon7.gov.bc.ca/clp-cgi/logoff.cgi?retnow=1&returl=https://loginproxy.gov.bc.ca/auth/realms/standard/protocol/openid-connect/logout?redirect_uri="
-  #             -p MEMORY_REQUEST=650Mi
-  #             -p MEMORY_LIMIT=4Gi
-  #         - name: admin
-  #           file: admin/openshift.deploy.yml
-  #           overwrite: true
-  #           parameters: -p URL=fom.nrs.gov.bc.ca
-  #         - name: db
-  #           file: db/openshift.deploy.yml
-  #           overwrite: false
-  #         - name: init
-  #           file: libs/openshift.init.yml
-  #           overwrite: false
-  #         - name: public
-  #           file: public/openshift.deploy.yml
-  #           overwrite: true
-  #           parameters: -p URL=fom.nrs.gov.bc.ca
-  #   steps:
-  #     - uses: bcgov-nr/[email protected]
-  #       with:
-  #         file: ${{ matrix.file }}
-  #         oc_namespace: ${{ vars.OC_NAMESPACE }}
-  #         oc_server: ${{ vars.OC_SERVER }}
-  #         oc_token: ${{ secrets.OC_TOKEN }}
-  #         oc_version: ${{ matrix.oc_version }}
-  #         overwrite: ${{ matrix.overwrite }}
-  #         penetration_test: false
-  #         parameters:
-  #           -p ZONE=${{ env.ZONE }} -p TAG=${{ needs.vars.outputs.tag }}
-  #           ${{ matrix.parameters }}
-  #         post_rollout: ${{ matrix.post_rollout }}
-
-  # prod-promotions:
-  #   name: Promote images to PROD
-  #   needs: [deploy-prod, vars]
-  #   permissions:
-  #     packages: write
-  #   runs-on: ubuntu-24.04
-  #   strategy:
-  #     matrix:
-  #       component: [api, admin, db, public]
-  #   steps:
-  #     - uses: shrink/actions-docker-registry-tag@v4
-  #       with:
-  #         registry: ghcr.io
-  #         repository: ${{ github.repository }}/${{ matrix.component }}
-  #         target: ${{ needs.vars.outputs.tag }}
-  #         tags: prod

.github/workflows/pr-close.yml

@@ -1,4 +1,4 @@
-name: Pull Request Closed
+name: PR Closed
 
 on:
   pull_request:

.github/workflows/pr-open.yml

@@ -1,4 +1,4 @@
-name: Pull Request Open
+name: PR
 
 on:
   pull_request:

.github/workflows/release.yml

@@ -0,0 +1,71 @@
+name: PROD (release)
+
+on:
+  release:
+    types: published
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: Container tag; usually prod or PR number, can be omitted
+        type: string
+  workflow_call:
+    inputs:
+      tag:
+        description: Container tag; usually prod or PR number, can be omitted
+        type: string
+
+concurrency:
+  group: ${{ github.workflow }}
+  cancel-in-progress: true
+
+permissions: {}
+
+jobs:
+  deploy:
+    name: Deploy (PROD)
+    secrets: inherit
+    uses: ./.github/workflows/.deploy.yml
+    with:
+      aws_user_pools_web_client_id: 4bu2n8at3m32a2fqnvd4t06la1
+      batch_client_rfsh_api_tkn_op_secret_name: fom-client-app-api
+      environment: prod
+      email_notify: [email protected]
+      logout_chain_url: https://logon7.gov.bc.ca/clp-cgi/logoff.cgi?retnow=1&returl=https://loginproxy.gov.bc.ca/auth/realms/standard/protocol/openid-connect/logout?redirect_uri=
+      tag: ${{ inputs.tag }}
+      target: prod
+      url: fom.nrs.gov.bc.ca
+
+  images-backup:
+    name: Backup images (PROD)
+    continue-on-error: true # If no prod tags
+    needs: deploy
+    permissions:
+      packages: write
+    runs-on: ubuntu-24.04
+    strategy:
+      matrix:
+        component: [api, admin, db, public]
+    steps:
+      - uses: shrink/actions-docker-registry-tag@v4
+        with:
+          registry: ghcr.io
+          repository: ${{ github.repository }}/${{ matrix.component }}
+          target: prod
+          tags: prod-backup
+
+  images-promote:
+    name: Promote images (PROD)
+    needs: deploy, images-backup
+    permissions:
+      packages: write
+    runs-on: ubuntu-24.04
+    strategy:
+      matrix:
+        component: [api, admin, db, public]
+    steps:
+      - uses: shrink/actions-docker-registry-tag@v4
+        with:
+          registry: ghcr.io
+          repository: ${{ github.repository }}/${{ matrix.component }}
+          target: ${{ needs.deploy.outputs.tag }}
+          tags: prod