Add start/stop workflows and move to environment-based config

- Add start.yml and stop.yml workflows for server lifecycle - All workflows now use `type: environment` input for environment selection - Secrets and variables moved from repo-level to environment-level - Enables approval gates per environment (e.g., require approval for production) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-14 11:37:13 +10:00
parent 7076d28de0
commit b1261ad622
5 changed files with 184 additions and 52 deletions
@@ -3,6 +3,10 @@ name: Update SFP Server
 on:
  workflow_dispatch:
    inputs:
+      environment:
+        description: 'Target environment'
+        type: environment
+        required: true
      docker_tag:
        description: 'Docker image tag to deploy (leave empty to use IMAGE_TAG variable or "latest")'
        required: false
@@ -22,28 +26,14 @@ on:

 jobs:
  update:
-    name: 'Update server'
+    name: 'Update server (${{ inputs.environment }})'
    runs-on: ubuntu-latest
+    environment: ${{ inputs.environment }}

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

-      - name: Validate required variables
-        run: |
-          MISSING=""
-          [ -z "${{ vars.SSH_HOST }}" ] && MISSING="$MISSING SSH_HOST"
-          [ -z "${{ vars.TENANT_NAME }}" ] && MISSING="$MISSING TENANT_NAME"
-          [ -z "${{ vars.DOCKER_REGISTRY }}" ] && MISSING="$MISSING DOCKER_REGISTRY"
-          [ -z "${{ vars.IMAGE_FQDN }}" ] && MISSING="$MISSING IMAGE_FQDN"
-
-          if [ -n "$MISSING" ]; then
-            echo "Missing required GitHub Variables:$MISSING"
-            echo ""
-            echo "Configure these in: Settings > Secrets and variables > Actions > Variables"
-            exit 1
-          fi
-
      - name: Resolve image tag
        id: resolve
        run: |
@@ -77,12 +67,12 @@ jobs:
          TAG="${{ steps.resolve.outputs.tag }}"

          echo "Updating SFP Server"
-          echo "  Tenant:   $TENANT"
-          echo "  Host:     $SSH_HOST"
-          echo "  Tag:      $TAG"
-          echo "  Image:    $SFP_IMAGE"
+          echo "  Environment: ${{ inputs.environment }}"
+          echo "  Tenant:      $TENANT"
+          echo "  Host:        $SSH_HOST"
+          echo "  Tag:         $TAG"
+          echo "  Image:       $SFP_IMAGE"

-          # Build the update command
          UPDATE_CMD="sfp server update"
          UPDATE_CMD="$UPDATE_CMD --tenant \"$TENANT\""
          UPDATE_CMD="$UPDATE_CMD --base-dir \"$BASE_DIR\""
@@ -101,8 +91,6 @@ jobs:
            UPDATE_CMD="$UPDATE_CMD --skip-backup"
          fi

-          # Run sfp CLI from inside the Docker image
-          # Copy SSH key into a temp dir with correct permissions
          SSH_DIR=$(mktemp -d)
          cp ~/.ssh/deploy_key "$SSH_DIR/deploy_key"
          cp ~/.ssh/known_hosts "$SSH_DIR/known_hosts"
@@ -123,12 +111,11 @@ jobs:
      - name: Output update results
        if: always()
        run: |
-          TAG="${{ steps.resolve.outputs.tag }}"
-
          echo "## SFP Server Update" >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY
          echo "| Setting | Value |" >> $GITHUB_STEP_SUMMARY
          echo "|---------|-------|" >> $GITHUB_STEP_SUMMARY
+          echo "| Environment | ${{ inputs.environment }} |" >> $GITHUB_STEP_SUMMARY
          echo "| Tenant | ${{ vars.TENANT_NAME }} |" >> $GITHUB_STEP_SUMMARY
          echo "| Host | ${{ vars.SSH_HOST }} |" >> $GITHUB_STEP_SUMMARY
          echo "| Image | ${{ steps.setup.outputs.sfp-image }} |" >> $GITHUB_STEP_SUMMARY