cd.yml

# This CD workflow pulls the docker image from ECR and deploys it to the environment specified by the manual trigger

name: CD workflow for deploying microservice to ECS Fargate

on:
  workflow_dispatch:
    inputs:
      environment:
        description: 'Environment to run the workflow against'
        type: environment
        required: true
  pull_request:
    types: [closed]  # when PR is merged, CD will be triggered

permissions:  # added using https://github.com/step-security/secure-workflows
  contents: read
  
jobs:

  # only run build-and-test job for dev env, this is to ensure the latest code from the PR merge is built and deployed.
  build-and-test:
    if: github.event.inputs.environment == null || github.event.inputs.environment == 'dev'
    permissions:
      id-token: write # need this for OIDC
      contents: read
    uses: wenqiglantz/reusable-workflows-modules/.github/workflows/java-maven-build-test.yml@main
    with:
      env: ${{ github.event.inputs.environment }}
    secrets: inherit

  deploy-to-ecs:
    needs: build-and-test
    # runs deploy job only when PR merged in dev, or in other envs via manual trigger, and PR not raised by dependabot
    if: (github.event.pull_request.merged || github.event.inputs.environment != null) && github.actor != 'dependabot[bot]'
    permissions:
      id-token: write # need this for OIDC
      contents: read
    uses: wenqiglantz/reusable-workflows-modules/.github/workflows/java-api-deploy-to-ecs.yml@main
    with:
      env: ${{ github.event.inputs.environment }}
    secrets: inherit