_deploy-env.yml

name: Deploy

on:
  workflow_call:
    inputs:
      stacks:
        type: string
        default: "**"
      environment:
        type: string
      action:
        type: string
  workflow_dispatch:
    inputs:
      environment:
        type: environment
        description: Target environment
      action:
        type: choice
        options:
          - deploy
          - diff
        description: Action to perform
      stacks:
        type: string
        description: Stacks to deploy
        default: "**"

concurrency:
  group: deploy-${{ github.ref_name }}-${{ inputs.environment }}
  # Cancel any in-progress jobs if a new one is queued, but only in Pull Requests.
  # On the main branch we don't want to cancel in-progress jobs, because they might be deploying.
  cancel-in-progress: ${{ inputs.action == 'diff' }}

env:
  TAG: ${{ github.sha }}
  MISE_PROFILE: ci

jobs:
  run:
    name: ${{ inputs.action }}
    runs-on: ubuntu-24.04
    permissions:
      id-token: write
      contents: read
    environment:
      name: ${{ inputs.environment }}
      url: ${{ vars.environment_url }}
    steps:
      - uses: actions/checkout@v4
      - name: Install tools
        uses: jdx/mise-action@v2
        with:
          experimental: true
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      - name: Log in to ${{ inputs.environment }}
        uses: aws-actions/configure-aws-credentials@v4
        with:
          aws-region: eu-west-1
          role-to-assume: arn:aws:iam::${{ vars.account_id }}:role/kitu-github-actions-role
      - name: Install dependencies
        run: npm ci
        working-directory: infra
      - name: ${{ inputs.action }}
        working-directory: infra
        run: |
          aws logs start-live-tail --log-group-identifiers arn:aws:logs:eu-west-1:${{ vars.account_id }}:log-group:KituService &
          npx cdk ${{ inputs.action }} --require-approval=never --exclusively '${{ inputs.environment }}/${{ inputs.stacks }}'