Extend app CI/CD to production
Extend an existing dev-only CI/CD workflow so your application also deploys to production, with manual approval.
Before you begin
You have completed App repo setup, which sets up an app repo and a CI/CD workflow for your dev environment.
Step 1: Replace .gp.cicd.json with the full template
App repo setup installed the dev-only .gp.cicd.json template.
Replace it with the full template, which adds the production section:
gh api repos/oslokommune/golden-path-templates/contents/templates/gh-cicd-app/.gp.cicd.json \
--jq '.content' | base64 -d > .gp.cicd.json
Re-apply the dev values you set during app repo setup, and fill in the production values. You can find them in
common-config.yml in your IaC repository's prod environment directory.
| Field | Description | Example |
|---|---|---|
<team-name> |
Your team name | pirates |
<repo-iac> |
Infrastructure-as-code repository name | pirates-iac |
<dev-aws-account-id> |
AWS account ID for dev | 123456789012 |
<dev-environment-name> |
Name of your dev environment | pirates-dev |
<prod-aws-account-id> |
AWS account ID for prod | 987654321098 |
<prod-environment-name> |
Name of your prod environment | pirates-prod |
<aws-region> |
Your AWS region | eu-west-1 |
Step 2: Protect GitHub Actions environment targeting production
This enables manual approval for deployments to production, and ensures that deployments to production only can be made from the default branch.
Manual approval
You can turn off manual approval of production deployments if you want to, but we strongly recommend that you enable it during initial setup to reduce the risk of negatively affecting your production environment.
- Go to Settings → Environments → New environment
- Set the name to match the name of your production environment:
- For an application repo:
<environment>(e.g.,pirates-prod) - For an application monorepo:
<environment>-<app-name>(e.g.,pirates-prod-swordsmith)
- For an application repo:
- Set Required reviewers to your GitHub team
- Click Save protection rules
- Under Deployment branches and tags, select Selected branches and add your default branch (
mainormaster)
Step 3: Enable production deployment in the workflow
Uncomment the production deployment job that you commented out in Step 3.2 of App repo setup.
Step 4: Create a pull request
Push the branch and create a pull request.
Verify that the build job succeeds and that no deployment occurs.
Step 5: Merge and deploy
Merge the pull request.
Verify
Commit a change to your application and verify that the pipeline:
- deploys to dev first, then production
- asks for your confirmation before deploying to production (if you enabled environment protection).