# Template: Deploy on merge to main (production)# Copy to: .github/workflows/main-deploy.yml## Triggers on push to main branch (after release merge)# Runs: build + artifact + deploy (PRODUCTION environment)# Tests should have passed in release branch, only build and deploy here## Required secrets: Same as develop-deploy.yml (including SLACK_WEBHOOK_URL for notify_on_failure / notify_on_deploy)
name: Deploy to Production
on: push: branches: - main
permissions: contents: write # required by run_tag to push vX.Y.Z tag and create GitHub Release id-token: write
jobs: pipeline: if: ${{ !contains(github.event.head_commit.message, '[skip ci]') }} uses: <org>/ci-templates/.github/workflows/java-main-pipeline.yml@main with: run_build: true run_test: false run_artifact: true artifact_registry: 'ecr' run_deploy: true deploy_target: 'ec2-vpn' environment: 'prod' spring_profiles: 'production' run_tag: true notify_on_failure: true notify_failure_mention: '@channel' notify_on_deploy: true # Mount TLS material/keystore from host into the container (read-only). # Place files at /opt/docker/<repo>/certs/ on the EC2 host before deploy. # Pair with container_env_vars (set in the pipeline) to point Spring Boot at them. # extra_volumes: | # - ./certs:/etc/ssl/app:ro secrets: inherit Java (Spring Boot)· Consumer template ·on: push
Java Main Deploy
Template: Deploy on merge to main (production) Copy to: .github/workflows/main-deploy.yml Triggers on push to main branch (after release merge) Runs: build + artifact + deploy (PRODUCTION environment)
templates/java-main-deploy.yml