diff --git a/.github/workflows/actions/database-backup/action.yml b/.github/workflows/actions/database-backup/action.yml index d3901f5f..d3acceac 100644 --- a/.github/workflows/actions/database-backup/action.yml +++ b/.github/workflows/actions/database-backup/action.yml @@ -109,7 +109,7 @@ runs: - name: K8 setup shell: bash run: | - make ${{ inputs.environment }} get-cluster-credentials + make ci ${{ inputs.environment }} get-cluster-credentials make bin/konduit.sh - name: Setup postgres client diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml index abb0372a..e07e31a2 100644 --- a/.github/workflows/build-and-deploy.yml +++ b/.github/workflows/build-and-deploy.yml @@ -58,7 +58,7 @@ jobs: uses: marocchino/sticky-pull-request-comment@v2 with: message: | - AKS review app deployed to ${{ steps.deploy.outputs.environment_url }} + AKS review app deployed to https://find-a-lost-trn-review-pr-${{ github.event.pull_request.number }}.test.teacherservices.cloud deploy_nonprod: name: Deploy to ${{ matrix.environment }} environment diff --git a/.github/workflows/delete-review-app.yml b/.github/workflows/delete-review-app.yml index 28af9a74..cb9d5563 100644 --- a/.github/workflows/delete-review-app.yml +++ b/.github/workflows/delete-review-app.yml @@ -14,70 +14,70 @@ jobs: environment: review steps: - uses: actions/checkout@v4 + - name: Extract configuration from tfvars + shell: bash id: config run: | - APP_KEY_VAULT=$(jq -r '.app_key_vault' $TFVARS) - NAMESPACE=$(jq -r '.namespace' $TFVARS) - if [ -z "$APP_KEY_VAULT" ]; then - echo "::error ::Failed to extract app_key_vault from $TFVARS" - exit 1 - fi - if [ -z "$NAMESPACE" ]; then - echo "::error ::Failed to extract namespace from $TFVARS" - exit 1 - fi - echo ::set-output name=app_key_vault::$APP_KEY_VAULT - echo ::set-output name=namespace::$NAMESPACE - shell: bash - env: - TFVARS: workspace_variables/review.tfvars.json - working-directory: terraform/aks + tf_vars_file=terraform/aks/workspace_variables/review.tfvars.json + cat $tf_vars_file + APP_VAULT_NAME=$(jq -r '.app_vault_name' ${tf_vars_file}) + NAMESPACE=$(jq -r '.namespace' ${tf_vars_file}) + APP_ENVIRONMENT=$(jq -r '.app_environment' ${tf_vars_file}) + CLUSTER=$(jq -r '.cluster' ${tf_vars_file}) + + echo "APP_VAULT_NAME=$APP_VAULT_NAME" >> $GITHUB_ENV + echo "NAMESPACE=$NAMESPACE" >> $GITHUB_ENV + echo "CLUSTER=$CLUSTER" >> $GITHUB_ENV + echo "APP_ENVIRONMENT=$APP_ENVIRONMENT" >> $GITHUB_ENV - uses: Azure/login@v1 with: creds: ${{ secrets.azure_credentials }} - - uses: Azure/get-keyvault-secrets@v1 + - uses: azure/CLI@v1 id: get_secrets with: - keyvault: ${{ steps.config.outputs.app_key_vault }} - secrets: "TFSTATE-CONTAINER-ACCESS-KEY,PAAS-USER,PAAS-PASSWORD" - - - uses: hashicorp/setup-terraform@v3 - with: - terraform_version: 1.0.10 - terraform_wrapper: false + inlineScript: | + TFSTATE_CONTAINER_ACCESS_KEY=$(az keyvault secret show --name "TFSTATE-CONTAINER-ACCESS-KEY" --vault-name "${{ env.APP_VAULT_NAME }}" --query "value" -o tsv) + echo "::add-mask::$TFSTATE_CONTAINER_ACCESS_KEY" + echo "TFSTATE_CONTAINER_ACCESS_KEY=$TFSTATE_CONTAINER_ACCESS_KEY" >> $GITHUB_ENV - name: Set Environment variables run: | PR_NUMBER=${{ github.event.pull_request.number }} - TF_STATE_FILE=review/review-pr-$PR_NUMBER.tfstate + TF_STATE_FILE=review-pr-$PR_NUMBER.tfstate echo "PR_NUMBER=$PR_NUMBER" >> $GITHUB_ENV echo "TF_STATE_FILE=$TF_STATE_FILE" >> $GITHUB_ENV pr_state_file=$(az storage blob list -c faltrn-tfstate \ - --account-key ${{ steps.get_secrets.outputs.TFSTATE-CONTAINER-ACCESS-KEY }} \ + --account-key ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} \ --account-name "s189t01faltrntfstatervsa" \ --prefix $TF_STATE_FILE --query "[].name" -o tsv) - if [ -n "$pr_state_file" ]; then echo "TF_STATE_EXISTS=true" >> $GITHUB_ENV; fi; + if [ ! -z "$pr_state_file" ]; then echo "TF_STATE_EXISTS=true" >> $GITHUB_ENV; fi; + + - uses: hashicorp/setup-terraform@v3 + with: + terraform_version: 1.5.0 + terraform_wrapper: false - uses: DFE-Digital/github-actions/set-kubelogin-environment@master + if: ${{ env.TF_STATE_EXISTS }} == 'true' with: azure-credentials: ${{ secrets.azure_credentials }} - name: Terraform - if: env.TF_STATE_EXISTS == 'true' + if: ${{ env.TF_STATE_EXISTS }} == 'true' id: terraform run: | make ci review terraform-destroy env: - TF_VAR_flt_docker_image: "ghcr.io/dfe-digital/find-a-lost-trn:no-tag" + DOCKER_IMAGE: "ghcr.io/dfe-digital/find-a-lost-trn:no-tag" pr_id: ${{ github.event.pull_request.number }} shell: bash - name: Delete tf state file - if: env.TF_STATE_EXISTS == 'true' + if: ${{ env.TF_STATE_EXISTS }} == 'true' run: | az storage blob delete -c faltrn-tfstate --name ${{ env.TF_STATE_FILE }} \ - --account-key ${{ steps.get_secrets.outputs.TFSTATE-CONTAINER-ACCESS-KEY }} \ + --account-key ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} \ --account-name "s189t01faltrntfstatervsa" diff --git a/terraform/aks/workspace_variables/review.backend.tfvars b/terraform/aks/workspace_variables/review.backend.tfvars index 3d01b90c..2405db8f 100644 --- a/terraform/aks/workspace_variables/review.backend.tfvars +++ b/terraform/aks/workspace_variables/review.backend.tfvars @@ -1,3 +1,2 @@ resource_group_name = "s189t01-faltrn-rv-rg" storage_account_name = "s189t01faltrntfstatervsa" - diff --git a/terraform/aks/workspace_variables/review.tfvars.json b/terraform/aks/workspace_variables/review.tfvars.json index 0863451d..8e96c850 100644 --- a/terraform/aks/workspace_variables/review.tfvars.json +++ b/terraform/aks/workspace_variables/review.tfvars.json @@ -10,5 +10,6 @@ "deploy_azure_backing_services": false, "enable_postgres_ssl": false, "inf_vault_name": "s189t01-faltrn-rv-inf-kv", + "app_vault_name": "s189t01-faltrn-rv-app-kv", "key_vault_resource_group": "s189t01-faltrn-rv-rg" }