clients/.github/workflows/deploy-non-prod-web.yml

---
name: Deploy Web - Non-Prod
run-name: Deploy Web ${{ inputs.environment }}

on:
  workflow_dispatch:
    inputs:
      environment:
        description: 'Environment'
        default: 'QA'
        type: choice
        options:
          - QA

  workflow_call:
    inputs:
      environment:
        description: 'Environment'
        default: 'QA'
        type: string

jobs:
  setup:
    name: Setup
    runs-on: ubuntu-20.04
    outputs:
      environment: ${{ steps.config.outputs.environment }}
      environment-url: ${{ steps.config.outputs.environment-url }}
      environment-name: ${{ steps.config.outputs.environment-name }}
      environment-branch: ${{ steps.config.outputs.environment-branch }}
      environment-artifact: ${{ steps.config.outputs.environment-artifact }}
    steps:
      - name: Configure
        id: config
        run: |
          ENV_NAME_LOWER=$(echo "${{ inputs.environment }}" | awk '{print tolower($0)}')
          echo "configuring the Web deploy for ${{ inputs.environment }}"
          echo "environment=${{ inputs.environment }}" >> $GITHUB_OUTPUT
          echo "environment-url=http://vault.$ENV_NAME_LOWER.bitwarden.pw" >> $GITHUB_OUTPUT
          echo "environment-name=Web Vault - ${{ inputs.environment }}" >> $GITHUB_OUTPUT
          echo "environment-branch=cf-pages-$ENV_NAME_LOWER" >> $GITHUB_OUTPUT
          echo "environment-artifact=web-*-cloud-${{ inputs.environment }}.zip" >> $GITHUB_OUTPUT          

  artifact-check:
    name: Check if Web artifact is present
    runs-on: ubuntu-22.04
    needs: setup
    env:
      _ENVIRONMENT_ARTIFACT: ${{ needs.setup.outputs.environment-artifact }}
    steps:
      - name: Download latest cloud asset
        uses: bitwarden/gh-actions/download-artifacts@main
        id: download-artifacts
        continue-on-error: true
        with:
          workflow: build-web.yml
          path: apps/web
          workflow_conclusion: success
          branch: ${{ github.ref_name }}
          artifacts: ${{ env._ENVIRONMENT_ARTIFACT }}

      - name: Login to Azure
        if: ${{ steps.download-artifacts.outcome == 'failure' }}
        uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
        with:
          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}

      - name: Retrieve secrets for Build trigger
        if: ${{ steps.download-artifacts.outcome == 'failure' }}
        id: retrieve-secret
        uses: bitwarden/gh-actions/get-keyvault-secrets@main
        with:
          keyvault: "bitwarden-ci"
          secrets: "github-pat-bitwarden-devops-bot-repo-scope"

      - name: Build server missing branch
        if: ${{ steps.download-artifacts.outcome == 'failure' }}
        uses: convictional/trigger-workflow-and-wait@f69fa9eedd3c62a599220f4d5745230e237904be # v1.6.5
        with:
          owner: bitwarden
          repo: clients
          github_token: ${{ steps.retrieve-secret.outputs.github-pat-bitwarden-devops-bot-repo-scope }}
          workflow_file_name: build-web.yml
          ref: ${{ github.ref_name }}
          wait_interval: 100

  cfpages-deploy:
    name: Deploy Web Vault to ${{ inputs.environment }} CloudFlare Pages branch
    needs:
      - setup
      - artifact-check
    runs-on: ubuntu-22.04
    env:
      _ENVIRONMENT: ${{ needs.setup.outputs.environment }}
      _ENVIRONMENT_URL: ${{ needs.setup.outputs.environment-url }}
      _ENVIRONMENT_NAME: ${{ needs.setup.outputs.environment-name }}
      _ENVIRONMENT_BRANCH: ${{ needs.setup.outputs.environment-branch }}
      _ENVIRONMENT_ARTIFACT: ${{ needs.setup.outputs.environment-artifact }}
    steps:
      - name: Create GitHub deployment
        uses: chrnorm/deployment-action@d42cde7132fcec920de534fffc3be83794335c00 # v2.0.5
        id: deployment
        with:
          token: '${{ secrets.GITHUB_TOKEN }}'
          initial-status: 'in_progress'
          environment-url: ${{ env._ENVIRONMENT_URL }}
          environment: ${{ env._ENVIRONMENT_NAME }}
          description: 'Deployment from branch ${{ github.ref_name }}'

      - name: Checkout Repo
        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3

      - name: Download latest cloud asset
        uses: bitwarden/gh-actions/download-artifacts@main
        with:
          workflow: build-web.yml
          path: apps/web
          workflow_conclusion: success
          branch: ${{ github.ref_name }}
          artifacts: ${{ env._ENVIRONMENT_ARTIFACT }}

      - name: Unzip cloud asset
        working-directory: apps/web
        run: unzip ${{ env._ENVIRONMENT_ARTIFACT }}

      - name: Checkout Repo
        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
        with:
          ref: ${{ env._ENVIRONMENT_BRANCH }}
          path: deployment

      - name: Setup git config
        run: |
          git config --global user.name "GitHub Action Bot"
          git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
          git config --global url."https://github.com/".insteadOf ssh://git@github.com/
          git config --global url."https://".insteadOf ssh://          

      - name: Deploy CloudFlare Pages
        run: |
          rm -rf ./*
          cp -R ../apps/web/build/* .          
        working-directory: deployment

      - name: Push new ver to ${{ env._ENVIRONMENT_BRANCH }}
        run: |
          if [ -n "$(git status --porcelain)" ]; then
            git add .
            git commit -m "Deploy ${{ github.ref_name }} to ${{ env._ENVIRONMENT }} Cloudflare pages"
            git push -u origin ${{ env._ENVIRONMENT_BRANCH }}
          else
            echo "No changes to commit!";
          fi          
        working-directory: deployment

      - name: Update deployment status to Success
        if: ${{ success() }}
        uses: chrnorm/deployment-status@2afb7d27101260f4a764219439564d954d10b5b0 # v2.0.1
        with:
          token: '${{ secrets.GITHUB_TOKEN }}'
          environment-url: ${{ env._ENVIRONMENT_URL }}
          state: 'success'
          deployment-id: ${{ steps.deployment.outputs.deployment_id }}

      - name: Update deployment status to Failure
        if: ${{ failure() }}
        uses: chrnorm/deployment-status@2afb7d27101260f4a764219439564d954d10b5b0 # v2.0.1
        with:
          token: '${{ secrets.GITHUB_TOKEN }}'
          environment-url: ${{ env._ENVIRONMENT_URL }}
          state: 'failure'
          deployment-id: ${{ steps.deployment.outputs.deployment_id }}

  notify:
    name: Notify Slack with result
    runs-on: ubuntu-22.04
    if: always()
    needs:
      - cfpages-deploy
      - setup
    steps:
      - uses: bitwarden/gh-actions/report-deployment-status-to-slack@main
        with:
          project: Web
          environment: US ${{ inputs.environment }} Cloud
          tag: ${{ github.ref_name }}
          slack-channel: team-eng-qa-devops
          failure: ${{ needs.cfpages-deploy.result == 'failure' }}
          AZURE_KV_CI_SERVICE_PRINCIPAL: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}