Skip to content

Commit

Permalink
DDLS-107 update the ga workflows to use more shared components (#1500)
Browse files Browse the repository at this point in the history
  • Loading branch information
@jamesrwarren
jamesrwarren authored Jan 9, 2024
1 parent b8ccd81 commit 136e5f8
Show file tree
Hide file tree
Showing 3 changed files with 66 additions and 57 deletions.
60 changes: 27 additions & 33 deletions .github/workflows/_run-terraform.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,11 @@ on:
required: false
type: string
default: "false"
path_to_live:
description: "Called from path to live"
required: false
type: string
default: "false"

jobs:
terraform_workflow:
Expand All @@ -30,11 +35,6 @@ jobs:

- uses: unfor19/install-aws-cli-action@46282f151073130d90347412d9c4ef0640177f22 # pin@v1.0.3

- name: build redeployer
if: inputs.terraform_path == 'account'
run: GOARCH=amd64 GOOS=linux go build -o bootstrap ./main.go
working-directory: terraform/account/go_redeployer

- uses: actions/setup-python@e9d6f990972a57673cdb72ec29e19d42ba28880f
if: inputs.terraform_path == 'shared'
with:
Expand All @@ -45,22 +45,15 @@ jobs:
run: pip3 install -r requirements.txt --target ./layers/python/lib/python3.11/site-packages/
working-directory: lambdas/functions/slack_lambda

- name: parse terraform version
id: tf_version_setup
run: |
if [ -f ./versions.tf ]; then
terraform_version=$(cat ./versions.tf | ../../scripts/pipeline/terraform/terraform-version.sh)
echo "- Terraform version: [${terraform_version}]" >> $GITHUB_STEP_SUMMARY
echo "TERRAFORM_VERSION=${terraform_version}" >> $GITHUB_OUTPUT
fi
working-directory: terraform/${{ inputs.terraform_path }}

- name: "Terraform version [${{ steps.tf_version_setup.outputs.TERRAFORM_VERSION }}]"
run: echo "terraform version [${{ steps.tf_version_setup.outputs.TERRAFORM_VERSION }}]"
- id: terraform_version
name: get terraform version
uses: ministryofjustice/opg-github-actions/.github/actions/terraform-version@v2.5.0
with:
terraform_directory: terraform/${{ inputs.terraform_path }}

- uses: hashicorp/setup-terraform@1b93182764c8332e7679b2393cb307cbe7baf9dc # pin@v2.0.0
with:
terraform_version: ${{ steps.tf_version_setup.outputs.TERRAFORM_VERSION }}
terraform_version: ${{ steps.terraform_version.outputs.version }}
terraform_wrapper: false

- name: configure AWS credentials for terraform
Expand All @@ -76,6 +69,11 @@ jobs:
with:
ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY_ALLOW_LIST_REPOSITORY }}

- name: build redeployer
if: inputs.terraform_path == 'account'
run: GOARCH=amd64 GOOS=linux go build -o bootstrap ./main.go
working-directory: terraform/account/go_redeployer

- name: terraform init for account
if: inputs.terraform_path == 'account'
run: terraform init -input=false
Expand All @@ -97,21 +95,17 @@ jobs:
terraform plan -input=false -parallelism=30 -lock-timeout=5m
working-directory: terraform/${{ inputs.terraform_path }}

- name: install workspace manager
if: inputs.apply == 'true' && inputs.terraform_path == 'environment'
run: |
wget https://github.com/TomTucka/terraform-workspace-manager/releases/download/v0.3.1/terraform-workspace-manager_Linux_x86_64.tar.gz -O $HOME/terraform-workspace-manager.tar.gz
sudo tar -xvf $HOME/terraform-workspace-manager.tar.gz -C /usr/local/bin
sudo chmod +x /usr/local/bin/terraform-workspace-manager
- name: protect workspace
if: inputs.apply == 'true' && inputs.terraform_path == 'environment'
run: terraform-workspace-manager -register-workspace=$TF_WORKSPACE -time-to-protect="${PROTECT_TIME}" -aws-account-id=248804316466 -aws-iam-role=digideps-ci
env:
TF_WORKSPACE: ${{ inputs.workspace }}
PROTECT_TIME: 3
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }}
- id: terraform_workspace
if: inputs.apply == 'true' && inputs.terraform_path == 'environment' && inputs.path_to_live == 'false'
name: register workspace
uses: ministryofjustice/opg-github-actions/.github/actions/terraform-workspace-manager@v2.5.0
with:
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws_account_id: 248804316466
aws_iam_role: digideps-ci
register_workspace: ${{ inputs.workspace }}
time_to_protect: 3

- name: terraform apply ${{ inputs.terraform_path }}
if: inputs.apply == 'true'
Expand Down
40 changes: 25 additions & 15 deletions .github/workflows/workflow-path-to-live.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,13 +30,15 @@ jobs:
name: output workflow variables
outputs:
build_identifier: "main"
short_sha: ${{ steps.variables.outputs.short_sha }}
version_tag: ${{ steps.semver_tag.outputs.created_tag }}
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v3
- name: extract variables for workflow
id: variables
run: |
echo "short_sha=$(echo ${GITHUB_SHA:0:7})" >> $GITHUB_OUTPUT
- name: generate semver tag and release
id: semver_tag
uses: ministryofjustice/opg-github-actions/.github/actions/semver-tag@v2.5.0
with:
prerelease: false
github_token: ${{ secrets.GITHUB_TOKEN }}

build_web_resources:
name: build web resources
Expand All @@ -50,7 +52,7 @@ jobs:
- workflow_variables
- build_web_resources
with:
tag: ${{ needs.workflow_variables.outputs.build_identifier }}-${{ needs.workflow_variables.outputs.short_sha }}
tag: ${{ needs.workflow_variables.outputs.build_identifier }}-${{ needs.workflow_variables.outputs.version_tag }}
branch_name: ${{ needs.workflow_variables.outputs.build_identifier }}
push_to_ecr: true
secrets: inherit
Expand Down Expand Up @@ -115,7 +117,8 @@ jobs:
workspace: development
terraform_path: account
apply: true
container_version: ${{ needs.workflow_variables.outputs.build_identifier }}-${{ needs.workflow_variables.outputs.short_sha }}
container_version: ${{ needs.workflow_variables.outputs.build_identifier }}-${{ needs.workflow_variables.outputs.version_tag }}
path_to_live: true
secrets: inherit

terraform_apply_development:
Expand All @@ -134,7 +137,8 @@ jobs:
workspace: development
terraform_path: environment
apply: true
container_version: ${{ needs.workflow_variables.outputs.build_identifier }}-${{ needs.workflow_variables.outputs.short_sha }}
container_version: ${{ needs.workflow_variables.outputs.build_identifier }}-${{ needs.workflow_variables.outputs.version_tag }}
path_to_live: true
secrets: inherit

terraform_apply_account_preproduction:
Expand All @@ -147,7 +151,8 @@ jobs:
workspace: preproduction
terraform_path: account
apply: true
container_version: ${{ needs.workflow_variables.outputs.build_identifier }}-${{ needs.workflow_variables.outputs.short_sha }}
container_version: ${{ needs.workflow_variables.outputs.build_identifier }}-${{ needs.workflow_variables.outputs.version_tag }}
path_to_live: true
secrets: inherit

terraform_apply_integration:
Expand All @@ -160,7 +165,8 @@ jobs:
workspace: integration
terraform_path: environment
apply: true
container_version: ${{ needs.workflow_variables.outputs.build_identifier }}-${{ needs.workflow_variables.outputs.short_sha }}
container_version: ${{ needs.workflow_variables.outputs.build_identifier }}-${{ needs.workflow_variables.outputs.version_tag }}
path_to_live: true
secrets: inherit

scale_services_up:
Expand Down Expand Up @@ -302,7 +308,8 @@ jobs:
workspace: preproduction
terraform_path: environment
apply: true
container_version: ${{ needs.workflow_variables.outputs.build_identifier }}-${{ needs.workflow_variables.outputs.short_sha }}
container_version: ${{ needs.workflow_variables.outputs.build_identifier }}-${{ needs.workflow_variables.outputs.version_tag }}
path_to_live: true
secrets: inherit

terraform_apply_training:
Expand All @@ -315,7 +322,8 @@ jobs:
workspace: training
terraform_path: environment
apply: true
container_version: ${{ needs.workflow_variables.outputs.build_identifier }}-${{ needs.workflow_variables.outputs.short_sha }}
container_version: ${{ needs.workflow_variables.outputs.build_identifier }}-${{ needs.workflow_variables.outputs.version_tag }}
path_to_live: true
secrets: inherit

terraform_apply_account_production:
Expand All @@ -328,7 +336,8 @@ jobs:
workspace: production
terraform_path: account
apply: true
container_version: ${{ needs.workflow_variables.outputs.build_identifier }}-${{ needs.workflow_variables.outputs.short_sha }}
container_version: ${{ needs.workflow_variables.outputs.build_identifier }}-${{ needs.workflow_variables.outputs.version_tag }}
path_to_live: true
secrets: inherit

terraform_apply_production:
Expand All @@ -341,7 +350,8 @@ jobs:
workspace: production02
terraform_path: environment
apply: true
container_version: ${{ needs.workflow_variables.outputs.build_identifier }}-${{ needs.workflow_variables.outputs.short_sha }}
container_version: ${{ needs.workflow_variables.outputs.build_identifier }}-${{ needs.workflow_variables.outputs.version_tag }}
path_to_live: true
secrets: inherit

backup_production:
Expand Down Expand Up @@ -379,7 +389,7 @@ jobs:
- name: workflow ended successfully
run: |
echo "${{ needs.workflow_variables.outputs.build_identifier }} PR environment tested, built and deployed"
echo "Tag Used: ${{ needs.workflow_variables.outputs.build_identifier }}-${{ needs.workflow_variables.outputs.short_sha }}"
echo "Tag Used: ${{ needs.workflow_variables.outputs.build_identifier }}-${{ needs.workflow_variables.outputs.version_tag }}"
echo "URL: https://${{ needs.workflow_variables.outputs.build_identifier }}.complete-deputy-report.service.gov.uk"
slack_notify_success:
Expand Down
23 changes: 14 additions & 9 deletions .github/workflows/workflow-pull-request-path.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ jobs:
outputs:
parsed_branch: ${{ steps.variables.outputs.branch_formatted }}
build_identifier: ${{ steps.variables.outputs.build_identifier }}
short_sha: ${{ steps.variables.outputs.short_sha }}
version_tag: ${{ steps.semver_tag.outputs.created_tag }}
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v3
- name: extract variables for workflow
Expand All @@ -42,13 +42,18 @@ jobs:
export BRANCH=$(echo ${GITHUB_HEAD_REF:-${GITHUB_REF##*/}} | awk -F'_' '{print $1}' | tr -cd '[:alnum:]' | tr '[:upper:]' '[:lower:]' | cut -c1-8)
echo "branch_formatted=$(echo ${BRANCH})" >> $GITHUB_OUTPUT
echo "build_identifier=$(echo ${BRANCH}${PR_NUMBER})" >> $GITHUB_OUTPUT
echo "short_sha=$(echo ${GITHUB_SHA:0:7})" >> $GITHUB_OUTPUT
echo ${build_identifier}
- name: generate semver tag and release
id: semver_tag
uses: ministryofjustice/opg-github-actions/.github/actions/semver-tag@v2.5.0
with:
prerelease: true
github_token: ${{ secrets.GITHUB_TOKEN }}
- uses: actions/labeler@main
if: github.event_name == 'pull_request'
with:
configuration-path: ".github/labeller.yml"
repo-token: "${{ secrets.GITHUB_TOKEN }}"
configuration-path: .github/labeller.yml
repo-token: ${{ secrets.GITHUB_TOKEN }}
sync-labels: true

build_web_resources:
Expand Down Expand Up @@ -78,7 +83,7 @@ jobs:
- workflow_variables
- build_web_resources
with:
tag: ${{ needs.workflow_variables.outputs.build_identifier }}-${{ needs.workflow_variables.outputs.short_sha }}
tag: ${{ needs.workflow_variables.outputs.build_identifier }}-${{ needs.workflow_variables.outputs.version_tag }}
branch_name: ${{ needs.workflow_variables.outputs.build_identifier }}
push_to_ecr: true
secrets: inherit
Expand Down Expand Up @@ -143,7 +148,7 @@ jobs:
with:
workspace: development
terraform_path: account
container_version: ${{ needs.workflow_variables.outputs.build_identifier }}-${{ needs.workflow_variables.outputs.short_sha }}
container_version: ${{ needs.workflow_variables.outputs.build_identifier }}-${{ needs.workflow_variables.outputs.version_tag }}
secrets: inherit

terraform_apply_environment:
Expand All @@ -157,14 +162,14 @@ jobs:
workspace: ${{ needs.workflow_variables.outputs.build_identifier }}
terraform_path: environment
apply: true
container_version: ${{ needs.workflow_variables.outputs.build_identifier }}-${{ needs.workflow_variables.outputs.short_sha }}
container_version: ${{ needs.workflow_variables.outputs.build_identifier }}-${{ needs.workflow_variables.outputs.version_tag }}
secrets: inherit

ecr_scan_results:
name: ecr scan results
uses: ./.github/workflows/_ecr-scanning.yml
with:
tag: ${{ needs.workflow_variables.outputs.build_identifier }}-${{ needs.workflow_variables.outputs.short_sha }}
tag: ${{ needs.workflow_variables.outputs.build_identifier }}-${{ needs.workflow_variables.outputs.version_tag }}
needs:
- terraform_apply_environment
- workflow_variables
Expand Down Expand Up @@ -310,7 +315,7 @@ jobs:
- name: workflow ended successfully
run: |
echo "${{ needs.workflow_variables.outputs.build_identifier }} PR environment tested, built and deployed"
echo "Tag Used: ${{ needs.workflow_variables.outputs.build_identifier }}-${{ needs.workflow_variables.outputs.short_sha }}"
echo "Tag Used: ${{ needs.workflow_variables.outputs.build_identifier }}-${{ needs.workflow_variables.outputs.version_tag }}"
echo "URL: https://${{ needs.workflow_variables.outputs.build_identifier }}.complete-deputy-report.service.gov.uk"
slack_notify_success:
Expand Down

0 comments on commit 136e5f8

Please sign in to comment.