CD Deployment Workflow
The CD pipeline deploys the MATIH platform to target environments. It supports automatic deployment on push to main, tag-based releases, and manual workflow dispatch with environment and component selection.
Source file: .github/work-flows/cd.yml
Triggers
| Event | Condition | Default Environment |
|---|---|---|
Push to main | Automatic | dev |
Tag v* | Automatic | staging |
workflow_dispatch | Manual | Selected by user |
Workflow Inputs (Manual Dispatch)
| Input | Type | Options | Description |
|---|---|---|---|
environment | choice | dev, staging, prod | Target environment |
version | string | Optional | Specific version to deploy |
component | choice | all, control-plane, data-plane, infra | Deployment scope |
Jobs
1. Prepare Deployment
Determines deployment parameters based on trigger type:
| Trigger | Version | Environment |
|---|---|---|
| Push to main | Git SHA | dev |
| Tag | Tag name (minus v prefix) | staging |
| Manual | User input or latest | User selected |
2. Build and Push Images
Builds Docker images and pushes to the container registry:
- name: Build and push
uses: docker/build-push-action@v5
with:
push: true
tags: ${{ env.REGISTRY }}/matih/${{ matrix.service }}:${{ needs.prepare.outputs.version }}3. Deploy to Environment
Executes the deployment using the CD pipeline script:
./scripts/cd-new.sh ${{ needs.prepare.outputs.component }} ${{ needs.prepare.outputs.environment }}4. Post-Deployment Validation
Runs Stage 18 validation checks and reports status.
Concurrency Control
concurrency:
group: cd-${{ github.ref }}-${{ inputs.environment || 'dev' }}
cancel-in-progress: falseCD deployments never cancel in-progress runs to avoid partial deployments.
Environment Protection
| Environment | Protection | Approvers |
|---|---|---|
| dev | None | Automatic |
| staging | Required review | Platform team |
| prod | Required review + wait | Platform leads |
Secrets Required
| Secret | Description |
|---|---|
AZURE_CREDENTIALS | Azure service principal for AKS access |
ACR_USERNAME | Azure Container Registry username |
ACR_PASSWORD | Azure Container Registry password |
KUBE_CONFIG | Kubernetes cluster configuration |
Related Pages
- CI Pipeline -- Continuous integration workflow
- CD Pipeline -- Script-based CD pipeline details
- GitOps -- ArgoCD-based deployment