From e464f16d2359e7c6fda8f2224bc9b13d9749e4cb Mon Sep 17 00:00:00 2001 From: John Ake Date: Tue, 7 Nov 2023 11:32:26 +0000 Subject: [PATCH] Delete PaaS deployment workflows --- .github/workflows/actions/deploy/action.yml | 129 ----- .github/workflows/build-nocache.yml | 78 --- .github/workflows/build.yml | 563 -------------------- .github/workflows/manual.yml | 83 --- 4 files changed, 853 deletions(-) delete mode 100644 .github/workflows/actions/deploy/action.yml delete mode 100644 .github/workflows/build-nocache.yml delete mode 100644 .github/workflows/build.yml delete mode 100644 .github/workflows/manual.yml diff --git a/.github/workflows/actions/deploy/action.yml b/.github/workflows/actions/deploy/action.yml deleted file mode 100644 index 27188afbd..000000000 --- a/.github/workflows/actions/deploy/action.yml +++ /dev/null @@ -1,129 +0,0 @@ -name: Deploy to PaaS - -inputs: - environment: - description: The environment to deploy to Development/Test/Production/Review/Speed/UR etc - required: true - sha: - description: Commit sha to be deployed - required: true - pr: - description: Pull Request Reference - required: false - AZURE_CREDENTIALS: - required: true - KEY_VAULT: - required: true - ARM_ACCESS_KEY: - required: true - GITHUB_TOKEN: - required: true - -runs: - using: composite - steps: - - name: Checkout - uses: actions/checkout@v3 - - - name: set-up-environment - uses: DFE-Digital/github-actions/set-up-environment@master - - - uses: azure/login@v1 - with: - creds: ${{ inputs.AZURE_CREDENTIALS }} - - - name: Validate Key Vault Secrets - uses: DFE-Digital/github-actions/validate-key-vault-secrets@master - with: - KEY_VAULT: ${{ inputs.KEY_VAULT }} - SECRETS: | - TTA-KEYS - INFRA-KEYS - - - name: Get Short SHA - id: sha - shell: bash - run: echo "short=$(echo "${{ inputs.sha }}" | cut -c -7)" >> $GITHUB_OUTPUT - - - name: Setup Environment Variables - id: variables - shell: bash - run: | - if [ "${{inputs.environment }}" == "Review" ] - then - echo "control=review" >> $GITHUB_OUTPUT - pr_name="${{env.REVIEW_APPLICATION}}-${{inputs.pr}}" - echo "pr_name=${pr_name}" >> $GITHUB_OUTPUT - echo "healthcheck=${pr_name}" >> $GITHUB_OUTPUT - echo "key=${pr_name}" >> $GITHUB_OUTPUT - echo "TF_VAR_paas_adviser_application_name=${pr_name}" >> $GITHUB_ENV - echo "TF_VAR_paas_adviser_route_name=${pr_name}" >> $GITHUB_ENV - echo "docker_image=${{env.DOCKER_REPOSITORY}}:review-${{steps.sha.outputs.short}}" >> $GITHUB_OUTPUT - fi - - if [ "${{inputs.environment }}" == "Development" ] - then - echo "control=dev" >> $GITHUB_OUTPUT - echo "healthcheck=${{env.PAAS_APPLICATION_NAME}}-dev" >> $GITHUB_OUTPUT - echo "key=tta.dev.terraform" >> $GITHUB_OUTPUT - echo "docker_image=${{env.DOCKER_REPOSITORY}}:sha-${{ steps.sha.outputs.short}}" >> $GITHUB_OUTPUT - fi - - if [ "${{inputs.environment }}" == "Test" ] - then - echo "control=test" >> $GITHUB_OUTPUT - echo "healthcheck=${{env.PAAS_APPLICATION_NAME}}-test" >> $GITHUB_OUTPUT - echo "key=tta.test.terraform" >> $GITHUB_OUTPUT - echo "docker_image=${{env.DOCKER_REPOSITORY}}:sha-${{ steps.sha.outputs.short}}" >> $GITHUB_OUTPUT - fi - - if [ "${{inputs.environment }}" == "UR" ] - then - echo "control=ur" >> $GITHUB_OUTPUT - echo "healthcheck=${{env.PAAS_APPLICATION_NAME}}-ur" >> $GITHUB_OUTPUT - echo "key=tta.ur.terraform" >> $GITHUB_OUTPUT - echo "docker_image=${{env.DOCKER_REPOSITORY}}:sha-${{ steps.sha.outputs.short}}" >> $GITHUB_OUTPUT - fi - - if [ "${{inputs.environment }}" == "Production" ] - then - echo "control=production" >> $GITHUB_OUTPUT - echo "healthcheck=${{env.PAAS_APPLICATION_NAME}}-prod" >> $GITHUB_OUTPUT - echo "key=tta.prod.terraform" >> $GITHUB_OUTPUT - echo "docker_image=${{env.DOCKER_REPOSITORY}}:sha-${{ steps.sha.outputs.short}}" >> $GITHUB_OUTPUT - fi - - - uses: DfE-Digital/keyvault-yaml-secret@v1 - id: keyvault-yaml-secret - with: - keyvault: ${{ inputs.KEY_VAULT}} - secret: INFRA-KEYS - key: LOGIT-API - - - uses: hashicorp/setup-terraform@v2 - with: - terraform_version: 1.2.8 - - - name: Terraform ( ${{inputs.environment}} ) - shell: bash - run: | - cd terraform/paas && pwd - terraform init -backend-config=${{steps.variables.outputs.control}}.bk.vars -backend-config="key=${{steps.variables.outputs.key}}.tfstate" - terraform apply -var-file=${{steps.variables.outputs.control}}.env.tfvars -auto-approve - env: - ARM_ACCESS_KEY: ${{ inputs.ARM_ACCESS_KEY }} - TF_VAR_paas_adviser_docker_image: ${{ steps.variables.outputs.docker_image}} - TF_VAR_AZURE_CREDENTIALS: ${{ inputs.AZURE_CREDENTIALS }} - - - name: Log Deployment - if: always() - uses: DFE-Digital/github-actions/SendToLogit@master - with: - LOGIT-API-KEY: ${{ steps.keyvault-yaml-secret.outputs.LOGIT-API }} - logtype: "github" - JSON: | - '{"Application" : "${{env.PAAS_APPLICATION_NAME}}", - "Status" : "${{ job.status }}", - "Action" : "Deploy", - "Environment" : "${{inputs.environment}}", - "Version" : "${{ inputs.sha }}" }' diff --git a/.github/workflows/build-nocache.yml b/.github/workflows/build-nocache.yml deleted file mode 100644 index a2d55c57f..000000000 --- a/.github/workflows/build-nocache.yml +++ /dev/null @@ -1,78 +0,0 @@ -name: Rebuild master docker image -on: - workflow_dispatch: - - schedule: - - cron: '0 12 * * 0' - -jobs: - build: - name: Build - runs-on: ubuntu-latest - - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: set-up-environment - uses: DFE-Digital/github-actions/set-up-environment@master - - - uses: Azure/login@v1 - with: - creds: ${{ secrets.AZURE_CREDENTIALS }} - - - uses: DfE-Digital/keyvault-yaml-secret@v1 - id: keyvault-yaml-secret - with: - keyvault: ${{ secrets.KEY_VAULT}} - secret: INFRA-KEYS - key: SNYK-TOKEN,SLACK-WEBHOOK - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@master - - - name: Set environment variables - run: | - GIT_REF=${{ github.ref }} - echo "GIT_BRANCH=${GIT_REF##*/}" >> $GITHUB_ENV - GIT_SHORT_SHA=$(echo "${{ github.sha }}" | cut -c -7) - echo "GIT_SHORT_SHA=${GIT_SHORT_SHA}" >> $GITHUB_ENV - - - name: Login to GitHub Container Repository - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Build docker image - uses: docker/build-push-action@v5 - with: - cache-to: type=inline - tags: | - ${{ env.DOCKER_REPOSITORY }}:master - push: false - load: true - build-args: | - APP_SHA=${{ env.GIT_SHORT_SHA }} - - - name: Run Snyk to check Docker image for vulnerabilities - uses: snyk/actions/docker@master - env: - SNYK_TOKEN: ${{ steps.keyvault-yaml-secret.outputs.SNYK-TOKEN }} - with: - image: ${{ env.DOCKER_REPOSITORY }}:master - args: --severity-threshold=high --file=Dockerfile - - - name: Push image to registry - if: ${{ success() }} - run: docker image push --all-tags ${{ env.DOCKER_REPOSITORY }} - - - name: Slack Notification - if: failure() && github.ref == 'refs/heads/master' - uses: rtCamp/action-slack-notify@master - env: - SLACK_COLOR: ${{env.SLACK_ERROR}} - SLACK_TITLE: 'Failure Building Adviser' - SLACK_MESSAGE: 'There has been a failure building the teacher training adviser' - SLACK_WEBHOOK: ${{ steps.keyvault-yaml-secret.outputs.SLACK-WEBHOOK }} diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml deleted file mode 100644 index ee5f4d74d..000000000 --- a/.github/workflows/build.yml +++ /dev/null @@ -1,563 +0,0 @@ -name: Build Docker Image - -on: - pull_request: - types: [assigned, opened, synchronize, reopened, ready_for_review] - push: - branches: - - master - -permissions: - contents: write - deployments: write - issues: write - packages: write - pull-requests: write - -jobs: - build: - name: Build - runs-on: ubuntu-latest - outputs: - DOCKER_IMAGE: ${{ env.DOCKER_IMAGE }} - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: set-up-environment - uses: DFE-Digital/github-actions/set-up-environment@master - - - uses: Azure/login@v1 - with: - creds: ${{ secrets.AZURE_CREDENTIALS }} - - - uses: DfE-Digital/keyvault-yaml-secret@v1 - id: keyvault-yaml-secret - with: - keyvault: ${{ secrets.KEY_VAULT}} - secret: INFRA-KEYS - key: SLACK-WEBHOOK, SNYK-TOKEN - - - name: Lint Dockerfile - uses: brpaz/hadolint-action@master - with: - dockerfile: "Dockerfile" - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@master - - - name: Set environment variables - run: | - GIT_SHORT_SHA=$(echo "${{ github.sha }}" | cut -c -7) - echo "GIT_SHORT_SHA=${GIT_SHORT_SHA}" >> $GITHUB_ENV - - if [ "${{github.ref}}" == "refs/heads/master" ] - then - DOCKER_IMAGE=${{ env.DOCKER_REPOSITORY }}:sha-${GIT_SHORT_SHA} - echo "DOCKER_IMAGE=${DOCKER_IMAGE}" >> $GITHUB_ENV - GIT_REF=${{ github.ref }} # GIT_BRANCH will be main for refs/heads/main - else - DOCKER_IMAGE=${{ env.DOCKER_REPOSITORY }}:review-${GIT_SHORT_SHA} - echo "DOCKER_IMAGE=${DOCKER_IMAGE}" >> $GITHUB_ENV - GIT_REF=${{ github.head_ref }} - fi - echo "GIT_BRANCH=${GIT_REF##*/}" >> $GITHUB_ENV - - - name: Login to GitHub Container Repository - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Build docker image - uses: docker/build-push-action@v5 - with: - cache-from: | - type=registry,ref=${{ env.DOCKER_REPOSITORY }}:${{ env.GIT_BRANCH }} - type=registry,ref=${{ env.DOCKER_REPOSITORY }}:master - cache-to: type=inline - tags: | - ${{ env.DOCKER_IMAGE }} - ${{ env.DOCKER_REPOSITORY }}:${{ env.GIT_BRANCH }} - push: false - load: true - build-args: | - APP_SHA=${{ env.GIT_SHORT_SHA }} - - - name: Push image to registry - if: ${{ success() }} - run: docker image push --all-tags ${{ env.DOCKER_REPOSITORY }} - - - name: Slack Notification - if: failure() && github.ref == 'refs/heads/master' - uses: rtCamp/action-slack-notify@master - env: - SLACK_COLOR: ${{env.SLACK_ERROR}} - SLACK_TITLE: 'Failure Building Adviser' - SLACK_MESSAGE: 'There has been a failure building the teacher training adviser' - SLACK_WEBHOOK: ${{ steps.keyvault-yaml-secret.outputs.SLACK-WEBHOOK }} - - java-test: - name: Javascript Tests - runs-on: ubuntu-latest - needs: [build] - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: set-up-environment - uses: DFE-Digital/github-actions/set-up-environment@master - - - uses: Azure/login@v1 - with: - creds: ${{ secrets.AZURE_CREDENTIALS }} - - - uses: DfE-Digital/keyvault-yaml-secret@v1 - id: keyvault-yaml-secret - with: - keyvault: ${{ secrets.KEY_VAULT}} - secret: INFRA-KEYS - key: SLACK-WEBHOOK - - - name: Run Javascript Tests - run: |- - docker run -t --rm -e RAILS_ENV=test -e NODE_ENV=test -e CI=true \ - ${{ needs.build.outputs.DOCKER_IMAGE }} "yarn && yarn spec" - - - name: Slack Notification - if: failure() && github.ref == 'refs/heads/master' - uses: rtCamp/action-slack-notify@master - env: - SLACK_COLOR: ${{env.SLACK_FAILURE}} - SLACK_TITLE: 'Failure: Testing Master ${{env.APPLICATION}} ${{github.ref}}' - SLACK_TEXT: 'The javascript tests hav failed please click on the Actions URL to investigate the problem.' - SLACK_WEBHOOK: ${{ steps.keyvault-yaml-secret.outputs.SLACK-WEBHOOK }} - - security-test: - name: Security Tests - runs-on: ubuntu-latest - needs: [build] - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: set-up-environment - uses: DFE-Digital/github-actions/set-up-environment@master - - - uses: Azure/login@v1 - with: - creds: ${{ secrets.AZURE_CREDENTIALS }} - - - uses: DfE-Digital/keyvault-yaml-secret@v1 - id: keyvault-yaml-secret - with: - keyvault: ${{ secrets.KEY_VAULT}} - secret: INFRA-KEYS - key: SLACK-WEBHOOK - - - name: Run Brakeman static security scanner - run: |- - docker run -t --rm -e RAILS_ENV=test ${{ needs.build.outputs.DOCKER_IMAGE }} brakeman --no-pager - - - name: Slack Notification - if: failure() && github.ref == 'refs/heads/master' - uses: rtCamp/action-slack-notify@master - env: - SLACK_COLOR: ${{env.SLACK_FAILURE}} - SLACK_TITLE: 'Failure: Testing Master ${{env.APPLICATION}} ${{github.ref}}' - SLACK_TEXT: 'The security tests hav failed please click on the Actions URL to investigate the problem.' - SLACK_WEBHOOK: ${{ steps.keyvault-yaml-secret.outputs.SLACK-WEBHOOK }} - - unit-test: - name: Unit Tests - runs-on: ubuntu-latest - needs: [build] - services: - postgres: - image: postgres:11.11 - env: - POSTGRES_USER: postgres - POSTGRES_PASSWORD: postgres - options: >- - --health-cmd pg_isready - --health-interval 10s - --health-timeout 5s - --health-retries 5 - ports: - - 5432:5432 - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: set-up-environment - uses: DFE-Digital/github-actions/set-up-environment@master - - - uses: Azure/login@v1 - with: - creds: ${{ secrets.AZURE_CREDENTIALS }} - - - uses: DfE-Digital/keyvault-yaml-secret@v1 - id: keyvault-yaml-secret - with: - keyvault: ${{ secrets.KEY_VAULT}} - secret: INFRA-KEYS - key: SONAR-TOKEN, SLACK-WEBHOOK - - - name: Setup sonarqube - uses: warchant/setup-sonar-scanner@v7 - - - name: Prepare DB - run: |- - docker run --net=host -t --rm -e RAILS_ENV=test -e DATABASE_URL="postgresql://postgres:postgres@localhost" ${{ needs.build.outputs.DOCKER_IMAGE }} rails db:prepare - - - name: Lint Ruby - run: |- - docker run -t --rm -v ${PWD}/out:/app/out -e RAILS_ENV=test ${{ needs.build.outputs.DOCKER_IMAGE }} \ - rubocop app config db lib spec Gemfile --format json --out=/app/out/rubocop-result.json - - - name: Keep Rubocop output - if: always() - uses: actions/upload-artifact@v3 - with: - name: Rubocop_results - path: ${{ github.workspace }}/out/rubocop-result.json - - - name: Run Specs - run: |- - docker run --net=host -t --rm -v ${PWD}/out:/app/out -v ${PWD}/coverage:/app/coverage -e RAILS_ENV=test -e DATABASE_URL="postgresql://postgres:postgres@localhost" ${{ needs.build.outputs.DOCKER_IMAGE }} \ - rspec --format RspecSonarqubeFormatter --out /app/out/test-report.xml --format documentation - - - name: Fixup report file paths - run: sudo sed -i "s?\"/app/?\"${PWD}/?" coverage/coverage.json - - - name: Keep Unit Tests Results - if: always() - uses: actions/upload-artifact@v3 - with: - name: unit_tests - path: ${{ github.workspace }}/out/* - - - name: Keep Code Coverage Report - if: always() - uses: actions/upload-artifact@v3 - with: - name: Code_Coverage - path: ${{ github.workspace }}/coverage/* - - - name: Run sonarqube - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: sonar-scanner - -Dsonar.login=${{ steps.keyvault-yaml-secret.outputs.SONAR-TOKEN }} - -Dsonar.organization=dfe-digital - -Dsonar.host.url=https://sonarcloud.io/ - -Dsonar.projectKey=get-teacher-training-adviser-service - -Dsonar.testExecutionReportPaths=${PWD}/out/test-report.xml - -Dsonar.ruby.coverage.reportPaths=${PWD}/coverage/coverage.json - -Dsonar.ruby.rubocop.reportPaths=${PWD}/out/rubocop-result.json - - - name: Slack Notification - if: failure() && github.ref == 'refs/heads/master' - uses: rtCamp/action-slack-notify@master - env: - SLACK_COLOR: ${{env.SLACK_FAILURE}} - SLACK_TITLE: 'Failure: Testing Master ${{env.APPLICATION}} ${{github.ref}}' - SLACK_TEXT: 'The Unit tests hav failed please click on the Actions URL to investigate the problem.' - SLACK_WEBHOOK: ${{ steps.keyvault-yaml-secret.outputs.SLACK-WEBHOOK }} - - - review: - name: Review Deployment Process - needs: [ unit-test , security-test, java-test ] - if: github.ref != 'refs/heads/master' - runs-on: ubuntu-latest - concurrency: Review_${{github.event.number}} - environment: - name: Review - steps: - - - uses: actions/checkout@v4 - - - uses: DFE-Digital/github-actions/set-up-environment@master - - - uses: Azure/login@v1 - with: - creds: ${{ secrets.AZURE_CREDENTIALS }} - - - uses: DfE-Digital/keyvault-yaml-secret@v1 - id: keyvault-yaml-secret - with: - keyvault: ${{ secrets.KEY_VAULT}} - secret: INFRA-KEYS - key: SLACK-WEBHOOK - - - name: Deploy to Review - uses: ./.github/workflows/actions/deploy - id: deploy - with: - environment: Review - sha: ${{ github.sha }} - pr: ${{github.event.number}} - AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} - KEY_VAULT: ${{ secrets.KEY_VAULT }} - ARM_ACCESS_KEY: ${{ secrets.ARM_ACCESS_KEY }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: Post PR comment - run: | - curl --silent \ - --header "Accept: application/vnd.github.v3+json" \ - --header "Authorization: Bearer ${{ github.token }}" \ - --request POST \ - --data '{"body": "Review app deployed to https://${{env.REVIEW_APPLICATION}}-${{github.event.number}}.${{env.DOMAIN}} "}' \ - https://api.github.com/repos/${{ github.repository }}/issues/${{github.event.number }}/comments - - - name: Add Review Label - if: contains(github.event.pull_request.user.login, 'dependabot') == false - uses: actions-ecosystem/action-add-labels@v1 - with: - labels: Review - - development: - name: Development Deployment - needs: [ unit-test , security-test, java-test ] - if: github.ref == 'refs/heads/master' - runs-on: ubuntu-latest - concurrency: Development - outputs: - release_tag: ${{steps.tag_version.outputs.pr_number}} - release_sha: ${{github.sha}} - environment: - name: Development - steps: - - uses: actions/checkout@v4 - - - uses: DFE-Digital/github-actions/set-up-environment@master - - - uses: Azure/login@v1 - with: - creds: ${{ secrets.AZURE_CREDENTIALS }} - - - uses: DfE-Digital/keyvault-yaml-secret@v1 - id: keyvault-yaml-secret - with: - keyvault: ${{ secrets.KEY_VAULT}} - secret: INFRA-KEYS - key: SLACK-WEBHOOK - - - name: Trigger Development Deployment - uses: ./.github/workflows/actions/deploy - id: deploy - with: - environment: Development - sha: ${{ github.sha }} - AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} - KEY_VAULT: ${{ secrets.KEY_VAULT }} - ARM_ACCESS_KEY: ${{ secrets.ARM_ACCESS_KEY }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: Generate Tag from PR Number - id: tag_version - uses: DFE-Digital/github-actions/GenerateReleaseFromSHA@master - with: - sha: ${{github.sha}} - - - name: Create a GitHub Release - id: release - if: steps.tag_version.outputs.pr_found == 1 - uses: actions/create-release@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - tag_name: ${{ steps.tag_version.outputs.pr_number }} - release_name: Release ${{ steps.tag_version.outputs.pr_number }} - commitish: ${{ github.sha }} - prerelease: false - draft: false - - - name: Copy PR Info to Release - if: steps.release.outputs.id - uses: DFE-Digital/github-actions/CopyPRtoRelease@master - with: - PR_NUMBER: ${{ steps.tag_version.outputs.pr_number }} - RELEASE_ID: ${{ steps.release.outputs.id }} - TOKEN: ${{secrets.GITHUB_TOKEN}} - - owasp: - name: OWASP Checks - needs: [ development ] - runs-on: ubuntu-latest - steps: - - name: Check out the repo - uses: actions/checkout@v4 - - - name: Vunerability Test - uses: ./.github/workflows/actions/owasp - id: deploy - with: - environment: Development - AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} - KEY_VAULT: ${{ secrets.KEY_VAULT }} - ARM_ACCESS_KEY: ${{ secrets.ARM_ACCESS_KEY }} - GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} - - qa: - name: Quality Assurance Deployment - needs: [ development ] - if: github.ref == 'refs/heads/master' - runs-on: ubuntu-latest - concurrency: QA - environment: - name: Test - steps: - - uses: actions/checkout@v4 - - - uses: DFE-Digital/github-actions/set-up-environment@master - - - uses: Azure/login@v1 - with: - creds: ${{ secrets.AZURE_CREDENTIALS }} - - - uses: DfE-Digital/keyvault-yaml-secret@v1 - id: keyvault-yaml-secret - with: - keyvault: ${{ secrets.KEY_VAULT}} - secret: INFRA-KEYS - key: SLACK-WEBHOOK - - - name: Deploy to Test - uses: ./.github/workflows/actions/deploy - id: deploy - with: - environment: Test - sha: ${{ github.sha }} - AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} - KEY_VAULT: ${{ secrets.KEY_VAULT }} - ARM_ACCESS_KEY: ${{ secrets.ARM_ACCESS_KEY }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: Slack Notification - if: failure() - uses: rtCamp/action-slack-notify@master - env: - SLACK_COLOR: ${{env.SLACK_FAILURE}} - SLACK_TITLE: 'Failure: Failure in Post-Development Deploy' - SLACK_MESSAGE: 'Failure with initialising QA deployment for ${{env.APPLICATION}}' - SLACK_WEBHOOK: ${{ steps.keyvault-yaml-secret.outputs.SLACK-WEBHOOK }} - - integration: - name: Integration Tests - runs-on: ubuntu-latest - needs: [ build, qa ] - services: - postgres: - image: postgres:11.11 - env: - POSTGRES_USER: postgres - POSTGRES_PASSWORD: postgres - options: >- - --health-cmd pg_isready - --health-interval 10s - --health-timeout 5s - --health-retries 5 - ports: - - 5432:5432 - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: set-up-environment - uses: DFE-Digital/github-actions/set-up-environment@master - - - uses: Azure/login@v1 - with: - creds: ${{ secrets.AZURE_CREDENTIALS }} - - - uses: DfE-Digital/keyvault-yaml-secret@v1 - id: keyvault-yaml-secret - with: - keyvault: ${{ secrets.KEY_VAULT}} - secret: INFRA-KEYS - key: HTTP-USERNAME, HTTP-PASSWORD, MAILSAC-API-KEY - - - name: Prepare DB - run: |- - docker run --net=host -t --rm -e RAILS_ENV=test -e DATABASE_URL="postgresql://postgres:postgres@localhost" ${{ needs.build.outputs.DOCKER_IMAGE }} rails db:prepare - - - name: Run Integration Tests - run: |- - docker run --net=host -t --rm -e RAILS_ENV=test -e HTTP_USERNAME -e HTTP_PASSWORD -e MAILSAC_API_KEY \ - -e DATABASE_URL="postgresql://postgres:postgres@localhost" ${{needs.build.outputs.DOCKER_IMAGE}} "bundle exec rspec --tag integration" - env: - HTTP_USERNAME: ${{ steps.keyvault-yaml-secret.outputs.HTTP-USERNAME }} - HTTP_PASSWORD: ${{ steps.keyvault-yaml-secret.outputs.HTTP-PASSWORD }} - MAILSAC_API_KEY: ${{ steps.keyvault-yaml-secret.outputs.MAILSAC-API-KEY }} - - production: - name: Production Deployment - runs-on: ubuntu-latest - needs: [ integration , development ] - concurrency: Production - environment: - name: Production - steps: - - uses: actions/checkout@v4 - - - uses: DFE-Digital/github-actions/set-up-environment@master - - - uses: Azure/login@v1 - with: - creds: ${{ secrets.AZURE_CREDENTIALS }} - - - uses: DfE-Digital/keyvault-yaml-secret@v1 - id: keyvault-yaml-secret - with: - keyvault: ${{ secrets.KEY_VAULT}} - secret: INFRA-KEYS - key: SLACK-WEBHOOK, SLACK-RELEASE-NOTE-WEBHOOK - - - name: Get Release Id from Tag - id: tag_id - uses: DFE-Digital/github-actions/DraftReleaseByTag@master - with: - TAG: ${{needs.development.outputs.release_tag}} - TOKEN: ${{secrets.GITHUB_TOKEN}} - - - name: Publish Release - if: steps.tag_id.outputs.release_id - uses: eregon/publish-release@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - release_id: ${{steps.tag_id.outputs.release_id}} - - - name: Deploy to Production - uses: ./.github/workflows/actions/deploy - id: deploy - with: - environment: Production - sha: ${{ github.sha }} - AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} - KEY_VAULT: ${{ secrets.KEY_VAULT }} - ARM_ACCESS_KEY: ${{ secrets.ARM_ACCESS_KEY }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: Slack Release Notification - if: steps.tag_id.outputs.release_id - uses: rtCamp/action-slack-notify@master - env: - SLACK_COLOR: ${{env.SLACK_SUCCESS}} - SLACK_TITLE: "Release Published: ${{steps.tag_id.outputs.release_name}}" - SLACK_MESSAGE: ${{ fromJson( steps.tag_id.outputs.release_body) }} - SLACK_WEBHOOK: ${{ steps.keyvault-yaml-secret.outputs.SLACK-RELEASE-NOTE-WEBHOOK }} - MSG_MINIMAL: true - - - name: Slack Notification - if: failure() - uses: rtCamp/action-slack-notify@master - env: - SLACK_COLOR: ${{env.SLACK_FAILURE}} - SLACK_TITLE: "Production Release : ${{github.event.title}}" - SLACK_MESSAGE: 'Failure deploying Production release' - SLACK_WEBHOOK: ${{ steps.keyvault-yaml-secret.outputs.SLACK-WEBHOOK }} diff --git a/.github/workflows/manual.yml b/.github/workflows/manual.yml deleted file mode 100644 index cfe614c2e..000000000 --- a/.github/workflows/manual.yml +++ /dev/null @@ -1,83 +0,0 @@ ---- -name: Manual Release -on: - workflow_dispatch: - inputs: - environment: - description: Development/Test/Production/UR - required: true - type: environment - tag: - description: Release Tag - required: true - -jobs: - manual: - name: Deploy to ${{github.event.inputs.environment}} - environment: - name: ${{github.event.inputs.environment}} - - runs-on: ubuntu-latest - defaults: - run: - shell: bash - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: set-up-environment - uses: DFE-Digital/github-actions/set-up-environment@master - - - uses: Azure/login@v1 - with: - creds: ${{ secrets.AZURE_CREDENTIALS }} - - - uses: DfE-Digital/keyvault-yaml-secret@v1 - id: keyvault-yaml-secret - with: - keyvault: ${{ secrets.KEY_VAULT}} - secret: INFRA-KEYS - key: SLACK-WEBHOOK, SLACK-RELEASE-NOTE-WEBHOOK - - - name: Get Release Id from Tag - id: tag_id - uses: DFE-Digital/github-actions/DraftReleaseByTag@master - with: - TAG: ${{ github.event.inputs.tag }} - TOKEN: ${{secrets.GITHUB_TOKEN}} - - - name: Check if found - if: steps.tag_id.outputs.release_id == '' - run: | - echo "::error ::Tag ${{ github.event.inputs.tag }} cannot be found in releases" - exit 1 - - - name: Deploy to ${{github.event.inputs.environment}} - uses: ./.github/workflows/actions/deploy - id: deploy - with: - environment: ${{ github.event.inputs.environment }} - sha: ${{ steps.tag_id.outputs.release_sha }} - AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} - KEY_VAULT: ${{ secrets.KEY_VAULT }} - ARM_ACCESS_KEY: ${{ secrets.ARM_ACCESS_KEY }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: Slack Release Notification - if: steps.tag_id.outputs.release_id && github.event.inputs.environment == 'Production' - uses: rtCamp/action-slack-notify@master - env: - SLACK_COLOR: ${{env.SLACK_SUCCESS}} - SLACK_TITLE: "Release Published to ${{github.event.inputs.environment}}: ${{steps.tag_id.outputs.release_name}}" - SLACK_MESSAGE: ${{ fromJson( steps.tag_id.outputs.release_body) }} - SLACK_WEBHOOK: ${{ steps.keyvault-yaml-secret.outputs.SLACK-RELEASE-NOTE-WEBHOOK }} - MSG_MINIMAL: true - - - name: Slack Notification - if: failure() && github.event.inputs.environment == 'Production' - uses: rtCamp/action-slack-notify@master - env: - SLACK_COLOR: ${{env.SLACK_FAILURE}} - SLACK_TITLE: "Manual Release Failed: ${{steps.tag_id.outputs.release_name}}" - SLACK_MESSAGE: Failure deploying ${{github.event.inputs.environment}} release - SLACK_WEBHOOK: ${{ steps.keyvault-yaml-secret.outputs.SLACK-WEBHOOK }}