Only deploy from a release tag

The container that this project is runs in now* uses the `latest`-tagged image from ECR. Our `build-and-push-image` action only tags its built image as `latest` if it's built from the latest commit on `main`**. This does mean that we can't deploy an arbitrary branch or commit, but since we only deploy to production, that _might not_ be a bad thing. At least, there seems to be plenty we can test locally before needing to deploy a change, we have tooling (#5) for error handling and reporting and there's no reason we can't practice something closer to trunk-based development going forward. *https://github.com/alphagov/govuk-helm-charts/blob/456388977d052d7d50c26f550e24fc11166149a4/charts/govuk-sli-collector/values.yaml#L10 **https://github.com/alphagov/govuk-infrastructure/blob/a046a2c0da8f002e9e4507cd9d14310f2c1669a9/.github/workflows/build-and-push-image.yml#L76
alphagov · Dec 14, 2023 · f65ca69 · f65ca69
1 parent 864a905
commit f65ca69
Showing 1 changed file with 2 additions and 7 deletions.
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -1,14 +1,9 @@
 name: Deploy
 
-run-name: Deploy ${{ inputs.gitRef || github.event.release.tag_name  }} to integration
+run-name: Deploy ${{ github.event.release.tag_name  }} to integration
 
 on:
   workflow_dispatch:
-    inputs:
-      gitRef:
-        description: 'Commit, tag or branch name to deploy'
-        required: true
-        type: string
   release:
     types: [released]
 
@@ -18,7 +13,7 @@ jobs:
     name: Build and publish image
     uses: alphagov/govuk-infrastructure/.github/workflows/build-and-push-image.yml@main
     with:
-      gitRef: ${{ inputs.gitRef || github.event.release.tag_name }}
+      gitRef: ${{ github.event.release.tag_name }}
     secrets:
       AWS_ACCESS_KEY_ID: ${{ secrets.AWS_GOVUK_ECR_ACCESS_KEY_ID }}
       AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_GOVUK_ECR_SECRET_ACCESS_KEY }}