DFE-Digital · DrizzlyOwl · Mar 22, 2024 · Mar 18, 2024 · Mar 18, 2024 · Mar 18, 2024
diff --git a/.github/workflows/build-and-push-image.yml b/.github/workflows/build-and-push-image.yml
@@ -2,8 +2,7 @@ name: Deploy to environment
 
 on:
   push:
-    branches:
-      - main
+    branches: [ main ]
   workflow_dispatch:
     inputs:
       environment:
@@ -14,68 +13,33 @@ on:
 concurrency:
   group: ${{ github.workflow }}-${{ github.event.inputs.environment }}
 
-env:
-  DOCKER_IMAGE: identifiersapi-app
-  NODE_VERSION: 18
-
 jobs:
   set-env:
     name: Determine environment
     runs-on: ubuntu-22.04
     outputs:
       environment: ${{ steps.var.outputs.environment }}
       branch: ${{ steps.var.outputs.branch }}
-      release: ${{ steps.var.outputs.release }}
-      checked-out-sha: ${{ steps.var.outputs.checked-out-sha }}
+      release: ${{steps.var.outputs.release}}
     steps:
-      - uses: actions/checkout@v4
-        with:
-          ref: ${{ github.ref }}
+      - name: Get branch name for push/dispatch event
+        run: |
+          GIT_REF=${{ github.ref_name }}
+          echo "branch_ref=${GIT_REF}" >> $GITHUB_ENV
 
       - id: var
         run: |
-          GIT_REF=${{ github.ref }}
+          GIT_REF=${{ env.branch_ref }}
           GIT_BRANCH=${GIT_REF##*/}
           INPUT=${{ github.event.inputs.environment }}
           ENVIRONMENT=${INPUT:-"development"}
           RELEASE=${ENVIRONMENT,,}-`date +%Y-%m-%d`.${{ github.run_number }}
-          CHECKED_OUT_SHA="$(git log -1 '--format=format:%H')"
           echo "environment=${ENVIRONMENT,,}" >> $GITHUB_OUTPUT
           echo "branch=$GIT_BRANCH" >> $GITHUB_OUTPUT
-          echo "release=${RELEASE}" >> $GITHUB_OUTPUT
-          echo "checked-out-sha=${CHECKED_OUT_SHA}" >> $GITHUB_OUTPUT
-
-  build-and-push-image:
-    name: Build and push to ACR
-    needs: set-env
-    runs-on: ubuntu-22.04
-    environment: ${{ needs.set-env.outputs.environment }}
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          ref: ${{ github.ref }}
-
-      - name: Azure Container Registry login
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.AZURE_ACR_CLIENTID }}
-          password: ${{ secrets.AZURE_ACR_SECRET }}
-          registry: ${{ secrets.AZURE_ACR_URL }}
-
-      - name: Build and push docker image
-        uses: docker/build-push-action@v5
-        with:
-          context: .
-          file: Dockerfile
-          build-args: COMMIT_SHA=${{ needs.set-env.outputs.checked-out-sha }}
-          tags: |
-            ${{ secrets.AZURE_ACR_URL }}/${{ env.DOCKER_IMAGE }}:${{ needs.set-env.outputs.branch }}
-            ${{ secrets.AZURE_ACR_URL }}/${{ env.DOCKER_IMAGE }}:${{ needs.set-env.outputs.release }}
-            ${{ secrets.AZURE_ACR_URL }}/${{ env.DOCKER_IMAGE }}:sha-${{ needs.set-env.outputs.checked-out-sha }}
-            ${{ secrets.AZURE_ACR_URL }}/${{ env.DOCKER_IMAGE }}:latest
-          push: true
+          echo "release=${RELEASE,,}" >> $GITHUB_OUTPUT
 
   create-tag:
+    if: needs.set-env.outputs.environment == 'production'
     name: Tag and release
     needs: set-env
     runs-on: ubuntu-22.04
@@ -96,11 +60,9 @@ jobs:
           script: |
             try {
               await github.rest.repos.createRelease({
-                draft: ${{ needs.set-env.outputs.environment == 'test' }},
                 generate_release_notes: true,
                 name: "${{ needs.set-env.outputs.release }}",
                 owner: context.repo.owner,
-                prerelease: ${{ needs.set-env.outputs.environment == 'test' }},
                 repo: context.repo.repo,
                 tag_name: "${{ needs.set-env.outputs.release }}",
               });
@@ -109,58 +71,17 @@ jobs:
             }
 
   deploy-image:
-    name: Deploy to ${{ needs.set-env.outputs.environment }}
-    needs: [ build-and-push-image, set-env ]
-    runs-on: ubuntu-22.04
-    environment: ${{ needs.set-env.outputs.environment }}
-    steps:
-      - name: Azure login with ACA credentials
-        uses: azure/login@v2
-        with:
-          creds: ${{ secrets.AZURE_ACA_CREDENTIALS }}
-
-      - name: Update Azure Container Apps Revision
-        uses: azure/CLI@v2
-        id: azure
-        with:
-          azcliversion: 2.45.0
-          inlineScript: |
-            az config set extension.use_dynamic_install=yes_without_prompt
-            az containerapp update \
-              --name ${{ secrets.AZURE_ACA_NAME }} \
-              --resource-group ${{ secrets.AZURE_ACA_RESOURCE_GROUP }} \
-              --image ${{ secrets.AZURE_ACR_URL }}/${{ env.DOCKER_IMAGE }}:${{ needs.set-env.outputs.release }} \
-              --output none
-
-  cypress-tests:
-    name: Run Cypress Tests
-    if: needs.set-env.outputs.environment == 'test' || needs.set-env.outputs.environment == 'development'
-    needs: [ deploy-image, set-env ]
-    runs-on: ubuntu-22.04
-    environment: ${{ needs.set-env.outputs.environment }}
-    defaults:
-      run:
-        working-directory: CypressTests
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-        with:
-          ref: ${{ github.ref }}
-
-      - name: Setup node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: ${{ env.NODE_VERSION }}
-
-      - name: Npm install
-        run: npm install
-
-      - name: Run cypress
-        run: npm run cy:run -- --env apiKey="${{ secrets.IDENTIFIERS_API_KEY }}",url="${{ secrets.IDENTIFIERS_API_BASE_URL }}"
-
-      - name: Upload screenshots
-        if: ${{ failure() }}
-        uses: actions/upload-artifact@v4
-        with:
-          name: screenshots-${{ needs.set-env.outputs.environment }}
-          path: screenshots
+    name: Deploy to environment
+    needs: [ set-env ]
+    uses: DFE-Digital/deploy-azure-container-apps-action/.github/workflows/build-push-deploy.yml@main
+    with:
+      docker-image-name: 'identapi-app'
+      docker-build-file-name: 'docker/Dockerfile'
+      environment: ${{ needs.set-env.outputs.environment }}
+    secrets:
+      azure-acr-client-id: ${{ secrets.AZURE_ACR_CLIENTID }}
+      azure-acr-secret: ${{ secrets.AZURE_ACR_SECRET }}
+      azure-acr-url: ${{ secrets.AZURE_ACR_URL }}
+      azure-aca-credentials: ${{ secrets.AZURE_ACA_CREDENTIALS }}
+      azure-aca-name: ${{ secrets.AZURE_ACA_NAME }}
+      azure-aca-resource-group: ${{ secrets.AZURE_ACA_RESOURCE_GROUP }}
diff --git a/terraform/.terraform-docs.yml b/terraform/.terraform-docs.yml
@@ -0,0 +1,26 @@
+---
+formatter: "markdown table"
+version: "~> 0.16"
+settings:
+  anchor: true
+  default: true
+  description: false
+  escape: true
+  hide-empty: false
+  html: true
+  indent: 2
+  lockfile: true
+  read-comments: true
+  required: true
+  sensitive: true
+  type: true
+sort:
+  enabled: true
+  by: name
+output:
+  file: README.md
+  mode: inject
+  template: |-
+        <!-- BEGIN_TF_DOCS -->
+        {{ .Content }}
+        <!-- END_TF_DOCS -->
diff --git a/terraform/.terraform-version b/terraform/.terraform-version
@@ -0,0 +1 @@
+1.7.5
diff --git a/terraform/.terraform.lock.hcl b/terraform/.terraform.lock.hcl
diff --git a/terraform/Brewfile b/terraform/Brewfile
@@ -0,0 +1,6 @@
+brew "tfenv"
+brew "terraform-docs"
+brew "tfsec"
+brew "az"
+brew "coreutils"
+brew "jq"