-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
16 changed files
with
277 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,68 @@ | ||
name: Deploy to AKS | ||
description: deploys application | ||
inputs: | ||
environment: | ||
description: Environment to deploy to | ||
required: true | ||
docker_image: | ||
description: Docker image to be deployed | ||
required: true | ||
azure-credentials: | ||
description: Credentials for azure | ||
required: true | ||
arm-access-key: | ||
required: true | ||
pr-id: | ||
description: PR number for the review app | ||
required: false | ||
outputs: | ||
deploy-url: | ||
value: ${{ steps.set_env_var.outputs.deploy_url }} | ||
runs: | ||
using: composite | ||
steps: | ||
- name: Set Environment variables | ||
id: set_env_var | ||
shell: bash | ||
run: | | ||
tf_vars_file=terraform/aks/workspace_variables/${{ inputs.environment }}.tfvars.json | ||
terraform_version=$(awk '/{/{f=/^terraform/;next}f' terraform/aks/terraform.tf | grep -o [0-9\.]*) | ||
echo "cluster=$(jq -r '.cluster' ${tf_vars_file})" >> $GITHUB_ENV | ||
echo "TERRAFORM_VERSION=$terraform_version" >> $GITHUB_ENV | ||
echo "namespace=$(jq -r '.namespace' ${tf_vars_file})" >> $GITHUB_ENV | ||
if [ -n "${{ inputs.pr-id }}" ]; then | ||
APP_NAME=pr-${{ inputs.pr-id }} | ||
echo "deploy_url=https://find-a-lost-trn-review-${APP_NAME}.test.teacherservices.cloud" >> $GITHUB_OUTPUT | ||
else | ||
aks_app_environment=$(jq -r '.app_environment' ${tf_vars_file}) | ||
hostname=$(jq -r '.gov_uk_host_names[0]' ${tf_vars_file}) | ||
if [[ $hostname != null ]]; then | ||
echo "deploy_url=https://${hostname}" >> $GITHUB_OUTPUT | ||
else | ||
if [[ $cluster == 'production' ]]; then | ||
echo "deploy_url=https://find-a-lost-trn-${aks_app_environment}.teacherservices.cloud" >> $GITHUB_OUTPUT | ||
else | ||
echo "deploy_url=https://find-a-lost-trn-${aks_app_environment}.${cluster}.teacherservices.cloud" >> $GITHUB_OUTPUT | ||
fi | ||
fi | ||
fi | ||
- name: Use Terraform ${{ env.TERRAFORM_VERSION }} | ||
uses: hashicorp/setup-terraform@v2 | ||
with: | ||
terraform_version: ${{ env.TERRAFORM_VERSION }} | ||
|
||
- uses: azure/login@v1 | ||
with: | ||
creds: ${{ inputs.azure-credentials }} | ||
|
||
- name: Terraform init, plan & apply | ||
shell: bash | ||
run: make ci ${{ inputs.environment }} terraform-apply-aks | ||
env: | ||
ARM_ACCESS_KEY: ${{ inputs.arm-access-key }} | ||
DOCKER_IMAGE: ${{ inputs.docker_image }} | ||
pr_id: ${{ inputs.pr-id }} | ||
TF_VAR_azure_credentials: ${{ inputs.azure-credentials }} | ||
CONFIRM_PRODUCTION: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,57 @@ | ||
name: Run smoke test | ||
|
||
inputs: | ||
environment: | ||
description: The name of the environment | ||
required: true | ||
azure_credentials: | ||
description: JSON object containing a service principal that can read from Azure Key Vault | ||
required: true | ||
|
||
runs: | ||
using: composite | ||
|
||
steps: | ||
- uses: Azure/login@v1 | ||
with: | ||
creds: ${{ inputs.azure_credentials }} | ||
|
||
- name: Prepare application environment | ||
uses: ./.github/actions/prepare-app-env | ||
|
||
- name: Set environment variables | ||
shell: bash | ||
run: | | ||
tf_vars_file=terraform/aks/workspace_variables/${{ inputs.environment }}.tfvars.json | ||
echo "APP_KEY_VAULT=$(jq -r '.app_key_vault' ${tf_vars_file})" >> $GITHUB_ENV | ||
- name: Retrieve Secrets from KV | ||
uses: azure/CLI@v1 | ||
id: retrieve-secrets | ||
with: | ||
inlineScript: | | ||
HOSTING_DOMAIN=$(az keyvault secret show --name HOSTING-DOMAIN --vault-name "${{ env.APP_KEY_VAULT}}" --query 'value' -o tsv) | ||
echo "::add-mask::$HOSTING_DOMAIN" | ||
echo "HOSTING_DOMAIN=$HOSTING_DOMAIN" >> $GITHUB_OUTPUT | ||
GOVUK_NOTIFY_API_KEY=$(az keyvault secret show --name GOVUK-NOTIFY-API-KEY --vault-name "${{ env.APP_KEY_VAULT}}" --query 'value' -o tsv) | ||
echo "::add-mask::$GOVUK_NOTIFY_API_KEY" | ||
echo "GOVUK_NOTIFY_API_KEY=$GOVUK_NOTIFY_API_KEY" >> $GITHUB_OUTPUT | ||
HOSTING_ENVIRONMENT_NAME=$(az keyvault secret show --name HOSTING-ENVIRONMENT-NAME --vault-name "${{ env.APP_KEY_VAULT}}" --query 'value' -o tsv) | ||
echo "::add-mask::$HOSTING_ENVIRONMENT_NAME" | ||
echo "HOSTING_ENVIRONMENT_NAME=$HOSTING_ENVIRONMENT_NAME" >> $GITHUB_OUTPUT | ||
SUPPORT_USERNAME=$(az keyvault secret show --name SUPPORT-USERNAME --vault-name "${{ env.APP_KEY_VAULT}}" --query 'value' -o tsv) | ||
echo "::add-mask::$SUPPORT_USERNAME" | ||
echo "SUPPORT_USERNAME=$SUPPORT_USERNAME" >> $GITHUB_OUTPUT | ||
SUPPORT_PASSWORD=$(az keyvault secret show --name SUPPORT-PASSWORD --vault-name "${{ env.APP_KEY_VAULT}}" --query 'value' -o tsv) | ||
echo "::add-mask::$SUPPORT_PASSWORD" | ||
echo "SUPPORT_PASSWORD=$SUPPORT_PASSWORD" >> $GITHUB_OUTPUT | ||
- name: Run deployment smoke test | ||
shell: bash | ||
run: bin/smoke | ||
env: | ||
HOSTING_DOMAIN: ${{ steps.retrieve-secrets.outputs.HOSTING_DOMAIN }} | ||
RAILS_ENV: ${{ steps.retrieve-secrets.outputs.HOSTING_ENVIRONMENT_NAME }} | ||
GOVUK_NOTIFY_API_KEY: ${{ steps.retrieve-secrets.outputs.GOVUK_NOTIFY_API_KEY }} | ||
SUPPORT_USERNAME: ${{ steps.retrieve-secrets.outputs.SUPPORT_USERNAME }} | ||
SUPPORT_PASSWORD: ${{ steps.retrieve-secrets.outputs.SUPPORT_PASSWORD }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
name: Manual deployment | ||
on: | ||
workflow_dispatch: | ||
inputs: | ||
environment: | ||
description: "Deploy environment ( development_aks, test, preprod or production )" | ||
required: true | ||
default: development_aks | ||
type: choice | ||
options: | ||
- development_aks | ||
sha: | ||
description: Commit sha to be deployed | ||
required: true | ||
default: 588bfd4567e53f6b809d5ed107dc70b3d040710a | ||
type: choice | ||
options: | ||
- 588bfd4567e53f6b809d5ed107dc70b3d040710a | ||
env: | ||
CONTAINER_REGISTRY: ghcr.io | ||
|
||
jobs: | ||
deploy_v2_environment: | ||
name: Deploy to development_aks environment | ||
runs-on: ubuntu-latest | ||
environment: | ||
name: development_aks | ||
steps: | ||
- uses: actions/checkout@v3 | ||
|
||
- name: Docker image tag | ||
id: image | ||
run: | | ||
echo ::set-output name=tag::$CONTAINER_REGISTRY/$(echo $GITHUB_REPOSITORY | tr '[:upper:]' '[:lower:]'):$INPUT_GITHUB_SHA | ||
env: | ||
CONTAINER_REGISTRY: ${{ env.CONTAINER_REGISTRY }} | ||
INPUT_GITHUB_SHA: 588bfd4567e53f6b809d5ed107dc70b3d040710a | ||
shell: bash | ||
|
||
- uses: ./.github/workflows/actions/deploy_v2 | ||
id: deploy | ||
with: | ||
environment: development_aks | ||
docker_image: ${{ steps.image.outputs.tag }} | ||
azure-credentials: ${{ secrets.AZURE_CREDENTIALS }} | ||
arm-access-key: ${{ secrets.ARM_ACCESS_KEY }} | ||
|
||
- uses: ./.github/workflows/actions/smoke-test-v2 | ||
id: smoke-test | ||
with: | ||
environment: development_aks | ||
azure_credentials: ${{ secrets.AZURE_CREDENTIALS }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
CONFIG=review_aks | ||
DEPLOY_ENV=review | ||
CONFIG_SHORT=rv | ||
AZURE_SUBSCRIPTION=s189-teacher-services-cloud-test | ||
AZURE_RESOURCE_PREFIX=s189t01 | ||
ENV_TAG=Test | ||
DOMAINS_TERRAFORM_BACKEND_KEY=faltrndomains_review.tfstate |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
resource_group_name = "s189t01-faltrn-rv-rg" | ||
storage_account_name = "s189t01faltrntfstatervsa" | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
{ | ||
"app_environment": "review", | ||
"cluster": "test", | ||
"file_environment": "review", | ||
"enable_monitoring": false, | ||
"namespace": "tra-development", | ||
"azure_resource_prefix": "s189t01", | ||
"config_short": "rv", | ||
"service_short": "faltrn", | ||
"deploy_azure_backing_services": false, | ||
"enable_postgres_ssl": false | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
aks: | ||
source: "https://github.com/DFE-Digital/terraform-modules" | ||
version: "main" | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters