[BUG] Using `environment:` in a workflow duplicates `deployment` for each job with `environment:` block

This is on an Enterprise account, where you can use environment specific secrets in overlays.

To make environment secrets available to a job, an environment: block is added to job, setting environment context for this job.

Adding this block creates a Deployment when job is run and it creates a Deployment for each job in this workflow that this block is added to. The block can only be added at job level. Deployments are then shown in GitHub UI in Environments.

We use environments to feed env specific secrets to GH jobs.

I have deployment workflow that is made out of number of jobs, such as deploying an app artefact and then importing different related schemas to 3rd party integrations. Each of those is run as a separate job in a workflow as it is just much cleaner way to group and provides better readability.

This workflow is triggered on deployment event, so we have another workflow that creates deployment on successful release.

Now the problem: this setup is causing us to have 3 deployments created each time we deploy, which is simply not good and I dont see any obvious way to eliminate this problem. It is creating a bit of a confusing mess, as we use GitHub integrations for notifications, etc. and it is just sore to look at.

Compressed workflow yaml below. Running this kind of workflow results in 3 deployments against dev, with only final one being active.

Build workflow that creates Deployment

name: "Build"

on:
  release

jobs:
  build:
    name: "Build"
    runs-on: ubuntu-latest
    
    steps:
    - name: "do build"
       run: |
         # some script that builds and pushes an artefact to a registry

    - name: "start deployment"
      uses: bobheadxi/deployments@v0.4.3
      id: deployment
      with:
        step: start
        token: ${{ secrets.GH_TOKEN }}
        env: dev

Deployment workflow that is triggered by Deployment event

name: "Deploy"

on:
  deployment

jobs:
  deploy:
    name: "Deploy artefact"
    runs-on: ubuntu-latest
    
    environment:
      name: dev

    steps:
    - name: "do deploy"
       run: |
         # some script that deploys an artefact

  import:
    name: "Import schemas"
    runs-on: ubuntu-latest
    
    environment: 
      name: dev

    steps:
    - name: "do import"
       run: |
         # some script that does import
1 Like

Hello,

I have exactly the same issue with a repository storing a multi module maven project, with many micro services.

In the deploy part of the CI/CD workflow, I use jobs like

 register-schemas:
    name: Register schemas
    needs:
      - other_job
    environment:
      name: dev
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v2

      - name: Register schemas dev
        uses: action that register schemas
        with:
          secret: ${{ secrets.SOME_ENV_SECRET }}
deploy:
    name: Deploy
    needs:
      - other_job
    runs-on: ubuntu-latest
    environment:
      name: dev
    strategy:
      matrix:
        module:
          - service1
          - service2
          - service3
    steps:
      - name: Deploy dev ${{ matrix.module }}
        uses: action that deploy to custom kubernetes manager
        with:
          secret: ${{ secrets.SOME_ENV_SECRET }}

As a consequence, in the Pull requests, or even in the deployment activity logs, it creates as many deployments as there are microservices (so, for the example above, 3). Moreover, the active deployment can be any of the triggered jobs, and so github environment can consider it is inactive.

Real results :


Have you found a solution for this ? Or it is impossible for now to have a single deployment to a specific environment that uses multiple jobs ?

1 Like