name: Bootstrap Environment Orchestrator on: workflow_dispatch: inputs: env: description: "Environment lifecycle (dev / staging / prod)" required: true type: string workspace: description: "Workspace / region / cluster (e.g. cn-shanghai)" required: true type: string identity_playbook: description: "Identity service deployment playbook" required: false default: "deploy_zitadel_docker.yaml" type: choice options: - deploy_zitadel_docker.yaml - deploy_keycloak_docker.yaml - skip env: DISPATCH_TOKEN: ${{ secrets.CROSS_REPO_DISPATCH_TOKEN }} jobs: # ================================================= # Step 1: Preflight - Infrastructure Readiness # ================================================= preflight-infra: name: Preflight - Infrastructure Readiness runs-on: ubuntu-latest steps: - name: Dispatch infrastructure readiness check uses: peter-evans/repository-dispatch@v4 with: token: ${{ env.DISPATCH_TOKEN }} repository: cloud-neutral-toolkit/Modern-Container-Application-Reference-Architecture event-type: bootstrap.preflight.infra client-payload: | { "env": "${{ inputs.env }}", "workspace": "${{ inputs.workspace }}" } # ================================================= # Step 2: Preflight - Artifact / Image Check # ================================================= preflight-artifacts: name: Preflight - Artifact & Image Check needs: preflight-infra runs-on: ubuntu-latest steps: - name: Dispatch artifact validation uses: peter-evans/repository-dispatch@v4 with: token: ${{ env.DISPATCH_TOKEN }} repository: cloud-neutral-toolkit/XControl event-type: bootstrap.preflight.artifacts client-payload: | { "env": "${{ inputs.env }}", "workspace": "${{ inputs.workspace }}" } # ================================================= # Step 3: Provision - Runtime & Core Services # ================================================= provision-runtime: name: Provision - Runtime & Core Services needs: preflight-artifacts runs-on: ubuntu-latest env: ENV: ${{ inputs.env }} WORKSPACE: ${{ inputs.workspace }} IDENTITY_PLAYBOOK: ${{ inputs.identity_playbook }} steps: - name: Checkout deployment repository uses: actions/checkout@v4 - name: Install Ansible run: | sudo apt-get update sudo apt-get install -y ansible # ----------------------------- # DNS # ----------------------------- - name: Register DNS Records run: | ansible-playbook \ -i inventory/${ENV}/${WORKSPACE}/hosts.ini \ playbooks/alicloud_dns_record.yml \ --extra-vars "env=${ENV} workspace=${WORKSPACE}" \ -D -C # ----------------------------- # Runtime / Base Layer # ----------------------------- - name: Provision Runtime (Docker / Base Services) run: | ansible-playbook \ -i inventory/${ENV}/${WORKSPACE}/hosts.ini \ playbooks/setup-docker.yml \ --extra-vars "env=${ENV} workspace=${WORKSPACE}" \ -D -C # ----------------------------- # Identity (pluggable) # ----------------------------- - name: Deploy or Update Identity Service if: ${{ env.IDENTITY_PLAYBOOK != 'skip' }} run: | ansible-playbook \ -i inventory/${ENV}/${WORKSPACE}/hosts.ini \ playbooks/${IDENTITY_PLAYBOOK} \ --extra-vars "env=${ENV} workspace=${WORKSPACE}" \ -D -C # ----------------------------- # Post-check # ----------------------------- - name: Post-Provision Status Check run: | ansible-playbook \ -i inventory/${ENV}/${WORKSPACE}/hosts.ini \ playbooks/check-runtime-status.yml \ --extra-vars "env=${ENV} workspace=${WORKSPACE}"