name: Multi-Cloud Deployment on: workflow_dispatch: inputs: environment: description: 'Environment name to deploy' required: true type: choice options: - all - admin-azure-westus - workload-azure-eastus - workload-aws-usw2 - workload-gcp-ew1 - workload-hci-dc1 strategy: description: 'Deployment strategy' required: false default: 'blue-green' type: choice options: - blue-green - canary - rolling dry_run: description: 'Dry run (plan only)' required: false default: false type: boolean env: TF_VERSION: "1.6.0" AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }} GCP_PROJECT_ID: ${{ secrets.GCP_PROJECT_ID }} jobs: load-environments: runs-on: ubuntu-latest outputs: environments: ${{ steps.parse.outputs.environments }} steps: - name: Checkout uses: actions/checkout@v4 - name: Parse environments.yaml id: parse run: | python3 << 'EOF' import yaml import json with open('config/environments.yaml', 'r') as f: config = yaml.safe_load(f) environments = config.get('environments', []) enabled = [e['name'] for e in environments if e.get('enabled', False)] print(f"environments={json.dumps(enabled)}") EOF id: parse terraform-plan: needs: load-environments runs-on: ubuntu-latest strategy: matrix: environment: ${{ fromJson(needs.load-environments.outputs.environments) }} if: | github.event.inputs.environment == 'all' || github.event.inputs.environment == matrix.environment steps: - name: Checkout uses: actions/checkout@v4 - name: Setup Terraform uses: hashicorp/setup-terraform@v3 with: terraform_version: ${{ env.TF_VERSION }} - name: Terraform Init working-directory: terraform/multi-cloud run: terraform init - name: Terraform Plan working-directory: terraform/multi-cloud env: TF_VAR_environment: ${{ matrix.environment }} run: | terraform plan \ -var="environment=${{ matrix.environment }}" \ -out=tfplan-${{ matrix.environment }}.tfplan - name: Upload Plan uses: actions/upload-artifact@v4 with: name: tfplan-${{ matrix.environment }} path: terraform/multi-cloud/tfplan-${{ matrix.environment }}.tfplan terraform-apply: needs: [load-environments, terraform-plan] runs-on: ubuntu-latest if: github.event.inputs.dry_run == false strategy: matrix: environment: ${{ fromJson(needs.load-environments.outputs.environments) }} steps: - name: Checkout uses: actions/checkout@v4 - name: Setup Terraform uses: hashicorp/setup-terraform@v3 with: terraform_version: ${{ env.TF_VERSION }} - name: Download Plan uses: actions/download-artifact@v4 with: name: tfplan-${{ matrix.environment }} path: terraform/multi-cloud - name: Terraform Apply working-directory: terraform/multi-cloud env: TF_VAR_environment: ${{ matrix.environment }} AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} GOOGLE_APPLICATION_CREDENTIALS: ${{ secrets.GCP_SA_KEY }} run: | terraform apply -auto-approve tfplan-${{ matrix.environment }}.tfplan deploy-applications: needs: [load-environments, terraform-apply] runs-on: ubuntu-latest if: github.event.inputs.dry_run == false strategy: matrix: environment: ${{ fromJson(needs.load-environments.outputs.environments) }} steps: - name: Checkout uses: actions/checkout@v4 - name: Setup Helm uses: azure/setup-helm@v3 with: version: '3.13.0' - name: Deploy Besu Network run: | # Get kubeconfig for environment # Deploy Helm charts helm upgrade --install besu-network ./helm/besu-network \ --namespace besu-network \ --create-namespace \ --set environment=${{ matrix.environment }} - name: Verify Deployment run: | # Check pod status kubectl get pods -n besu-network kubectl wait --for=condition=ready pod -l app=besu-validator -n besu-network --timeout=300s notify: needs: [terraform-apply, deploy-applications] runs-on: ubuntu-latest if: always() steps: - name: Notify Deployment Status run: | echo "Deployment completed" # Add notification logic (Slack, Teams, etc.)