From 809d93fe8eccf381e253aefcf7c258984e2d3596 Mon Sep 17 00:00:00 2001
From: Vicente Olmedo <vicente@storacha.network>
Date: Wed, 18 Dec 2024 16:08:54 +0100
Subject: [PATCH] feat: deploy to prod automatically on successful releases
 (#69)

We are creating releases automatically whenever a change to
`version.json` is pushed. We expected the new tag would trigger our
`Terraform` workflow, but it looks like [workflows using `GITHUB_TOKEN`
cannot trigger other
workflows](https://docs.github.com/en/actions/security-for-github-actions/security-guides/automatic-token-authentication#using-the-github_token-in-a-workflow:~:text=When%20you%20use,push%20events%20occur.).

I want to try using the `workflow_run` event as a potential workaround.
---
 .github/workflows/terraform.yml | 31 ++++++++++++++++++++-----------
 1 file changed, 20 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml
index 22b0249..b70ba78 100644
--- a/.github/workflows/terraform.yml
+++ b/.github/workflows/terraform.yml
@@ -11,9 +11,12 @@ on:
       - "cmd/**"
       - "deploy/**"
       - "pkg/**"
-      - "version.json"
   pull_request:
     branches: ["main"]
+  workflow_run:
+    workflows: [Releaser]
+    types: [completed]
+    branches: ["main"]
   workflow_dispatch:
 
 concurrency:
@@ -43,27 +46,19 @@ jobs:
       - uses: opentofu/setup-opentofu@v1
       - uses: actions/setup-go@v5
 
+      # always deploy to staging
       - name: Set Staging Environment Variables
-        if: startsWith(github.ref, 'refs/tags/') != true
         run: |
           echo "ENV=staging" >> $GITHUB_ENV
           echo "TF_WORKSPACE=staging" >> $GITHUB_ENV
           echo "TF_VAR_private_key=${{ secrets.STAGING_PRIVATE_KEY }}" >> $GITHUB_ENV
           echo "TF_VAR_did=did:web:staging.indexer.storacha.network" >> $GITHUB_ENV
 
-      - name: Set Production Environment Variables
-        if: startsWith(github.ref, 'refs/tags/')
-        run: |
-          echo "ENV=production" >> $GITHUB_ENV
-          echo "TF_WORKSPACE=prod" >> $GITHUB_ENV
-          echo "TF_VAR_private_key=${{ secrets.PROD_PRIVATE_KEY }}" >> $GITHUB_ENV
-          echo "TF_VAR_did=did:web:indexer.storacha.network" >> $GITHUB_ENV
-          
       - name: Tofu Init
         run: |
           tofu -chdir="deploy/app" init
 
-      - name: Ruild Go Apps    
+      - name: Build Go Apps
         run: |
           touch .env
           make lambdas
@@ -77,3 +72,17 @@ jobs:
         if: github.event_name != 'pull_request'
         run: |
           tofu -chdir="deploy/app" apply -input=false --auto-approve
+
+      # deploy to prod on new releases
+      - name: Set Production Environment Variables
+        if: ${{ github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'success' }}
+        run: |
+          echo "ENV=production" >> $GITHUB_ENV
+          echo "TF_WORKSPACE=prod" >> $GITHUB_ENV
+          echo "TF_VAR_private_key=${{ secrets.PROD_PRIVATE_KEY }}" >> $GITHUB_ENV
+          echo "TF_VAR_did=did:web:indexer.storacha.network" >> $GITHUB_ENV
+
+      - name: Deploy to prod
+        if: ${{ github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'success' }}
+        run: |
+          tofu -chdir="deploy/app" apply -input=false --auto-approve