chore: streamline environment variables and format inputs in GitHub a…

…ctions
CDCgov · Sep 19, 2023 · 40d8997 · 40d8997
1 parent 89f38a4
commit 40d8997
Show file tree

Hide file tree

Showing 17 changed files with 530 additions and 949 deletions.
diff --git a/.github/actions/build-frontend/action.yml b/.github/actions/build-frontend/action.yml
@@ -33,13 +33,13 @@ runs:
   steps:
     - uses: actions/[email protected]
       with:
-        node-version: ${{env.NODE_VERSION}}
+        node-version: ${{ env.NODE_VERSION }}
     - name: Use cache for node_modules
       uses: actions/[email protected]
       with:
         path: |
           ./frontend/node_modules
-        key: npm-${{env.NODE_VERSION}}-${{ hashFiles('frontend/yarn.lock', 'frontend/package.json') }}
+        key: npm-${{ env.NODE_VERSION }}-${{ hashFiles('frontend/yarn.lock', 'frontend/package.json') }}
     - uses: azure/login@v1
       with:
         creds: ${{ inputs.azure_creds }}
@@ -55,26 +55,26 @@ runs:
       working-directory: ./frontend
       run: |
           echo "::group::Set build variables"
-          ENVLVL=${{inputs.deploy_env}}
+          ENVLVL=${{ inputs.deploy_env }}
           ENVLVL=${ENVLVL//[[:digit:]]/}
           echo "Environment level: $ENVLVL"
           az config set extension.use_dynamic_install=yes_without_prompt
           INSIGHTS_CONNECTION_STRING=$(
             az monitor app-insights component show \
               -g prime-simple-report-$ENVLVL \
-              -a prime-simple-report-${{inputs.deploy_env}}-insights \
+              -a prime-simple-report-${{ inputs.deploy_env }}-insights \
             | jq -r '.connectionString')
           echo "REACT_APP_APPLICATIONINSIGHTS_CONNECTION_STRING=${INSIGHTS_CONNECTION_STRING}" > .env.production.local
           if [[ -n "${{ inputs.base_domain_name }}" ]]
-            then echo "REACT_APP_BASE_URL=https://${{inputs.base_domain_name}}" >> .env.production.local
+            then echo "REACT_APP_BASE_URL=https://${{ inputs.base_domain_name }}" >> .env.production.local
           fi
           if [[ "true" == "${{ inputs.is_training_site }}" ]]
             then echo "REACT_APP_IS_TRAINING_SITE=true" >> .env.production.local
           fi
           if [[ "true" == "${{ inputs.okta_enabled }}" ]]; then 
             echo "REACT_APP_OKTA_ENABLED=true" >> .env.production.local
-            echo "REACT_APP_OKTA_URL=${{inputs.okta_url}}" >> .env.production.local
-            echo "REACT_APP_OKTA_CLIENT_ID=${{inputs.okta_client_id}}" >> .env.production.local
+            echo "REACT_APP_OKTA_URL=${{ inputs.okta_url }}" >> .env.production.local
+            echo "REACT_APP_OKTA_CLIENT_ID=${{ inputs.okta_client_id }}" >> .env.production.local
           fi
           echo "::endgroup::"
     - name: Build deployable application
@@ -91,7 +91,7 @@ runs:
       shell: bash
       run: |
         echo "::group::Create application archive"
-        tar -C ./frontend/build -czf ${{inputs.client_tarball}} .
+        tar -C ./frontend/build -czf ${{ inputs.client_tarball }} .
         echo "::endgroup::"
     - name: Save compiled frontend application
       uses: actions/upload-artifact@v3

diff --git a/...b/actions/stg-wait-slot-commit/action.yml → ...tions/stg-wait-for-slot-commit/action.yml b/...b/actions/stg-wait-slot-commit/action.yml → ...tions/stg-wait-for-slot-commit/action.yml
@@ -9,5 +9,6 @@ runs:
   using: composite
   steps:
     - name: Wait for correct commit to be deployed in staging slot
+      working-directory: ./ops
       shell: bash
       run: make wait-for-${{ inputs.deploy_env }}-slot-commit
diff --git a/...ctions/stg-wait-slot-readiness/action.yml → ...ns/stg-wait-for-slot-readiness/action.yml b/...ctions/stg-wait-slot-readiness/action.yml → ...ns/stg-wait-for-slot-readiness/action.yml
@@ -9,5 +9,6 @@ runs:
   using: composite
   steps:
     - name: Wait for staging deploy to be ready
+      working-directory: ./ops
       shell: bash
       run: make wait-for-${{ inputs.deploy_env }}-slot-readiness
diff --git a/.github/actions/tf-deploy/action.yml b/.github/actions/tf-deploy/action.yml
@@ -26,16 +26,9 @@ inputs:
 runs:
   using: composite
   steps:
-    - uses: actions/checkout@v4
     - uses: azure/login@v1
       with:
         creds: ${{ inputs.azure_creds }}
-      env: # all Azure interaction is through Terraform
-        ARM_CLIENT_ID: ${{ inputs.terraform_arm_client_id }}
-        ARM_CLIENT_SECRET: ${{ inputs.terraform_arm_client_secret }}
-        ARM_SUBSCRIPTION_ID: ${{ inputs.terraform_arm_subscription_id }}
-        ARM_TENANT_ID: ${{ inputs.terraform_arm_tenant_id }}
-        OKTA_API_TOKEN: ${{ inputs.okta_api_token }}
     - uses: hashicorp/[email protected]
       with:
         terraform_version: 1.3.3
@@ -45,9 +38,21 @@ runs:
         deploy-env: ${{ inputs.deploy_env }}
     - name: Terraform Init
       working-directory: ./ops
+      env: # all Azure interaction is through Terraform
+        ARM_CLIENT_ID: ${{ inputs.terraform_arm_client_id }}
+        ARM_CLIENT_SECRET: ${{ inputs.terraform_arm_client_secret }}
+        ARM_SUBSCRIPTION_ID: ${{ inputs.terraform_arm_subscription_id }}
+        ARM_TENANT_ID: ${{ inputs.terraform_arm_tenant_id }}
+        OKTA_API_TOKEN: ${{ inputs.okta_api_token }}
       shell: bash
       run: make init-${{ inputs.deploy_env }}
     - name: Terraform deploy (infrastructure and staging slot)
       working-directory: ./ops
+      env: # all Azure interaction is through Terraform
+        ARM_CLIENT_ID: ${{ inputs.terraform_arm_client_id }}
+        ARM_CLIENT_SECRET: ${{ inputs.terraform_arm_client_secret }}
+        ARM_SUBSCRIPTION_ID: ${{ inputs.terraform_arm_subscription_id }}
+        ARM_TENANT_ID: ${{ inputs.terraform_arm_tenant_id }}
+        OKTA_API_TOKEN: ${{ inputs.okta_api_token }}
       shell: bash
       run: make deploy-${{ inputs.deploy_env }}
diff --git a/.github/workflows/deployDemo.yml b/.github/workflows/deployDemo.yml
@@ -15,102 +15,67 @@ concurrency:
 
 jobs:
   build_docker:
-    if: ${{ github.event.workflow_run.conclusion == 'success' }}
     runs-on: ubuntu-latest
-    defaults:
-      run:
-        working-directory: ./backend
     steps:
       - uses: actions/checkout@v4
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-      - name: Login to ACR
-        run: docker login ${{ secrets.ACR_REPO_URL }} -u ${{ secrets.ACR_ADMIN_USERNAME }} -p ${{ secrets.ACR_ADMIN_PASWORD }}
-      - name: Build and push Docker images
-        run: ./build_and_push.sh
-  prerelease_backend:
-    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+      - name: Build and Push backend
+        uses: ./.github/actions/build-and-push
+        with:
+          acr_registry: ${{ secrets.ACR_REPO_URL }}
+          acr_username: ${{ secrets.ACR_ADMIN_USERNAME }}
+          acr_password: ${{ secrets.ACR_ADMIN_PASWORD }}
+  build_frontend:
     runs-on: ubuntu-latest
-    needs: [build_frontend, build_docker]
-    defaults:
-      run:
-        working-directory: ./ops
-    env: # all Azure interaction is through terraform
-      ARM_CLIENT_ID: ${{ secrets.TERRAFORM_ARM_CLIENT_ID }}
-      ARM_CLIENT_SECRET: ${{ secrets.TERRAFORM_ARM_CLIENT_SECRET }}
-      ARM_SUBSCRIPTION_ID: ${{ secrets.TERRAFORM_ARM_SUBSCRIPTION_ID }}
-      ARM_TENANT_ID: ${{ secrets.TERRAFORM_ARM_TENANT_ID }}
-      OKTA_API_TOKEN: ${{ secrets.OKTA_API_TOKEN }}
     steps:
       - uses: actions/checkout@v4
-      - uses: azure/login@v1
-        with:
-          creds: ${{ secrets.AZURE_CREDENTIALS }}
-      - uses: hashicorp/[email protected]
+      - uses: ./.github/actions/build-frontend
+        name: Build front-end application
         with:
-          terraform_version: 1.3.3
-      - name: Terraform Init
-        run: make init-${{ env.DEPLOY_ENV }}
-      - name: Terraform deploy (infrastructure and staging slot)
-        run: make deploy-${{ env.DEPLOY_ENV }}
-      - name: Wait for correct commit to be deployed in staging slot
-        timeout-minutes: 5
-        run: make wait-for-${{ env.DEPLOY_ENV }}-slot-commit
-      - name: Wait for staging deploy to be ready
-        timeout-minutes: 1
-        run: make wait-for-${{ env.DEPLOY_ENV }}-slot-readiness
-  build_frontend:
-    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+          azure_creds: ${{ secrets.AZURE_CREDENTIALS }}
+          client_tarball: ./client.tgz
+          deploy_env: ${{env.DEPLOY_ENV}}
+          smarty_streets_key: ${{ secrets.SMARTY_STREETS_KEY }}
+          okta_enabled: false
+  prerelease_backend:
     runs-on: ubuntu-latest
+    needs: [build_frontend, build_docker]
     steps:
       - uses: actions/checkout@v4
-      - uses: actions/[email protected]
-        with:
-          node-version: ${{env.NODE_VERSION}}
-      - name: Use cache for node_modules
-        uses: actions/[email protected]
-        with:
-          path: |
-            ./frontend/node_modules
-          key: npm-${{env.NODE_VERSION}}-${{ hashFiles('frontend/yarn.lock', 'frontend/package.json') }}
-      - uses: azure/login@v1
+      - uses: ./.github/actions/tf-deploy
+        name: Deploy with Terraform
         with:
-          creds: ${{ secrets.AZURE_CREDENTIALS }}
-      - uses: ./.github/actions/build-frontend
-        name: Build front-end application
+          azure_creds: ${{ secrets.AZURE_CREDENTIALS }}
+          deploy_env: ${{ env.DEPLOY_ENV }}
+          terraform_arm_client_id: ${{ secrets.TERRAFORM_ARM_CLIENT_ID }}
+          terraform_arm_client_secret: ${{ secrets.TERRAFORM_ARM_CLIENT_SECRET }}
+          terraform_arm_subscription_id: ${{ secrets.TERRAFORM_ARM_SUBSCRIPTION_ID }}
+          terraform_arm_tenant_id: ${{ secrets.TERRAFORM_ARM_TENANT_ID }}
+          okta_api_token: ${{ secrets.OKTA_API_TOKEN }}
+      - uses: ./.github/actions/stg-wait-for-slot-commit
+        name: Wait for correct commit to be deployed in staging slot
+        timeout-minutes: 5
         with:
-          deploy-env: ${{env.DEPLOY_ENV}}
-          smarty-streets-key: ${{ secrets.SMARTY_STREETS_KEY }}
-          client-tarball: ./client.tgz
-          okta-enabled: false
-      - name: Save compiled frontend application
-        uses: actions/upload-artifact@v3
-        if: success()
+          deploy_env: ${{ env.DEPLOY_ENV }}
+      - uses: ./.github/actions/stg-wait-for-slot-readiness
+        name: Wait for staging deploy to be ready
+        timeout-minutes: 1
         with:
-          name: frontend-tarball
-          path: client.tgz
-          retention-days: 1
+          deploy_env: ${{ env.DEPLOY_ENV }}
   deploy:
-    if: ${{ github.event.workflow_run.conclusion == 'success' }}
     runs-on: ubuntu-latest
     environment:
-      name: Demo
-      url: https://demo.simplereport.gov
+      name: ${{ env.DEPLOY_ENV }}
+      url: https://${{ env.DEPLOY_ENV }}.simplereport.gov
     needs: [prerelease_backend]
     steps:
       - uses: actions/checkout@v4
-      - uses: azure/login@v1
-        with:
-          creds: ${{ secrets.AZURE_CREDENTIALS }}
-      - name: Retrieve frontend build
-        uses: actions/download-artifact@v3
-        with:
-          name: frontend-tarball
       - name: Promote and deploy
         uses: ./.github/actions/deploy-application
         with:
-          client-tarball: client.tgz
-          deploy-env: ${{env.DEPLOY_ENV}}
+          azure_creds: ${{ secrets.AZURE_CREDENTIALS }}
+          client_tarball: client.tgz
+          deploy_env: ${{ env.DEPLOY_ENV }}
+
   slack_alert:
     runs-on: ubuntu-latest
     if: failure()