name: Deploy Production

on:
  push:
    branches: [ production ]
    paths-ignore:
      - 'doc/**'
      - 'README.md'

jobs:
  deploy:
    name: Deploy to production
    runs-on: ubuntu-latest
    environment: production
    steps:
      - uses: actions/checkout@v2
        with:
          fetch-depth: 2
      <% if terraform? %>
      - name: Check for changes to Terraform
        id: changed-terraform-files
        uses: tj-actions/changed-files@v1.1.2
        with:
          files: |
            terraform/shared
            terraform/production
      - name: Terraform init
        if: steps.changed-terraform-files.outputs.any_changed == 'true'
        working-directory: terraform/production
        env:
          AWS_ACCESS_KEY_ID: ${{ secrets.TERRAFORM_STATE_ACCESS_KEY }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.TERRAFORM_STATE_SECRET_ACCESS_KEY }}
        run: terraform init
      - name: Terraform apply
        if: steps.changed-terraform-files.outputs.any_changed == 'true'
        working-directory: terraform/production
        env:
          AWS_ACCESS_KEY_ID: ${{ secrets.TERRAFORM_STATE_ACCESS_KEY }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.TERRAFORM_STATE_SECRET_ACCESS_KEY }}
          TF_VAR_cf_user: ${{ secrets.CF_USERNAME }}
          TF_VAR_cf_password: ${{ secrets.CF_PASSWORD }}
        run: terraform apply -auto-approve -input=false
      <% end %>
      - name: Deploy app
        uses: 18F/cg-deploy-action@main
        env:
          RAILS_MASTER_KEY: ${{ secrets.RAILS_MASTER_KEY }}
        with:
          cf_username: ${{ secrets.CF_USERNAME }}
          cf_password: ${{ secrets.CF_PASSWORD }}
          cf_org: <%= cloud_gov_organization %>
          cf_space: <%= cloud_gov_production_space %>
          push_arguments: >-
            --vars-file config/deployment/production.yml
            --var rails_master_key=$RAILS_MASTER_KEY