UML-3547 introduced new feature flag - "paper_verification" with a de… #760

Workflow file for this run

.github/workflows/path-to-live.yml at 46bfd29

	name: "[Workflow] Path to live"

	concurrency:
	group: ${{ github.ref }}-${{ github.workflow }}

	defaults:
	run:
	shell: bash

	on:
	push:
	branches:
	- 'main'

	permissions:
	contents: read
	security-events: write
	pull-requests: read
	actions: none
	checks: none
	deployments: none
	issues: none
	packages: none
	repository-projects: none
	statuses: none

	jobs:
	workflow_variables:
	runs-on: ubuntu-latest
	name: output workflow variables
	permissions:
	contents: write
	outputs:
	short_sha: ${{ steps.variables.outputs.short_sha }}
	semver_tag: ${{ steps.semver_tag.outputs.created_tag }}
	specific_path: ${{ steps.variables.outputs.path }}
	steps:
	- uses: actions/checkout@cbb722410c2e876e24abbe8de2cc27693e501dcb # pin@v3

	- name: get changed docs files in any folder
	id: changed-files-docs
	uses: tj-actions/changed-files@515a6b35d1d0948f7da6d5cdb347ed1600859795
	with:
	files: \|
	*/.md
	- name: extract variables for workflow
	id: variables
	run: \|
	echo "short_sha=$(echo ${GITHUB_SHA:0:7})" >> $GITHUB_OUTPUT
	if [[ ${{ steps.changed-files-docs.outputs.only_changed }} = "true" ]]
	then
	echo "path=$(echo docs)" >> $GITHUB_OUTPUT
	else
	echo "path=$(echo all)" >> $GITHUB_OUTPUT
	fi

	- name: Bump version and push tag
	uses: ministryofjustice/opg-github-actions/.github/actions/[email protected]
	id: semver_tag
	with:
	with_v: true
	default_bump: minor
	prerelease: false
	if: \|
	${{ steps.changed-files-docs.outputs.path }} != "docs"

	update_documentation:
	name: update documentation
	runs-on: ubuntu-latest
	needs:
	- workflow_variables
	steps:
	- name: only update documentation
	run: echo 'Only docs have changed - skipping rest of pipeline'
	if: \|
	needs.workflow_variables.outputs.specific_path == 'docs'

	terraform_lint:
	name: lint terraform code
	uses: ./.github/workflows/_lint-terraform.yml
	needs:
	- workflow_variables
	with:
	workspace: development
	secrets: inherit
	if: \|
	always() &&
	needs.workflow_variables.result == 'success' &&
	needs.workflow_variables.outputs.specific_path != 'docs'

	node_test:
	name: test node dependencies
	uses: ./.github/workflows/_node-test.yml
	needs:
	- workflow_variables
	if: \|
	always() &&
	needs.workflow_variables.result == 'success' &&
	needs.workflow_variables.outputs.specific_path == 'all'

	node_build:
	name: build node dependencies
	uses: ./.github/workflows/_node-build.yml
	needs:
	- workflow_variables
	if: \|
	always() &&
	needs.workflow_variables.result == 'success' &&
	needs.workflow_variables.outputs.specific_path == 'all'

	docker_build_scan_push:
	name: build, test, scan and push
	uses: ./.github/workflows/_build-and-push.yml
	needs:
	- workflow_variables
	- node_test
	- node_build
	with:
	tag: main-${{ needs.workflow_variables.outputs.semver_tag }}
	branch_name: main
	push_to_ecr: true
	specific_path: all
	secrets: inherit
	if: \|
	always() &&
	needs.workflow_variables.outputs.specific_path != 'docs' &&
	(needs.node_test.result == 'success' \|\| needs.node_test.result == 'skipped') &&
	(needs.node_build.result == 'success' \|\| needs.node_build.result == 'skipped') &&
	needs.workflow_variables.result == 'success'

	code_coverage:
	name: upload to code coverage
	uses: ./.github/workflows/_codecov.yml
	needs:
	- docker_build_scan_push
	- workflow_variables
	with:
	specific_path: 'all'
	secrets: inherit

	terraform_apply_shared_development:
	name: terraform apply shared development
	uses: ./.github/workflows/_run-terraform.yml
	needs:
	- docker_build_scan_push
	- terraform_lint
	with:
	workspace: development
	terraform_path: account
	apply: true
	specific_path: all
	secrets: inherit

	terraform_apply_shared_preproduction:
	name: terraform apply shared preproduction
	uses: ./.github/workflows/_run-terraform.yml
	needs:
	- terraform_apply_shared_development
	with:
	workspace: preproduction
	terraform_path: account
	apply: true
	specific_path: all
	secrets: inherit

	terraform_apply_preproduction:
	name: terraform apply preproduction
	uses: ./.github/workflows/_run-terraform.yml
	needs:
	- terraform_apply_shared_preproduction
	- workflow_variables
	with:
	workspace: preproduction
	terraform_path: environment
	container_version: main-${{ needs.workflow_variables.outputs.semver_tag }}
	apply: true
	specific_path: all
	secrets: inherit

	seed_dynamodb_preproduction:
	name: seed dynamodb in preproduction
	uses: ./.github/workflows/_seed-database.yml
	needs:
	- terraform_apply_preproduction
	secrets: inherit
	with:
	workspace: preproduction

	run_behat_suite_preproduction:
	name: run behat tests against preproduction
	uses: ./.github/workflows/_run-behat-tests.yml
	needs:
	- seed_dynamodb_preproduction
	with:
	workspace: preproduction
	secrets: inherit

	terraform_apply_shared_production:
	name: terraform apply shared production
	uses: ./.github/workflows/_run-terraform.yml
	needs:
	- run_behat_suite_preproduction
	with:
	workspace: production
	terraform_path: account
	apply: true
	specific_path: all
	secrets: inherit

	terraform_apply_production:
	name: terraform apply production
	uses: ./.github/workflows/_run-terraform.yml
	needs:
	- terraform_apply_shared_production
	- workflow_variables
	with:
	workspace: production
	terraform_path: environment
	container_version: main-${{ needs.workflow_variables.outputs.semver_tag }}
	apply: true
	specific_path: all
	extra_vars: "-var public_access_enabled=true"
	secrets: inherit

	production_health_check:
	name: health check production
	runs-on: ubuntu-latest
	needs:
	- terraform_apply_production
	steps:
	- uses: actions/checkout@cbb722410c2e876e24abbe8de2cc27693e501dcb # pin@v3
	with:
	fetch-depth: '0'
	- name: download cluster_config
	uses: actions/download-artifact@d0ce8fd1167ed839810201de977912a090ab10a7
	with:
	name: environment_config_file_production
	path: terraform/environment
	- name: workflow has ended without issue
	run: \|
	viewer_fqdn=$(cat ./terraform/environment/cluster_config.json \| jq .public_facing_view_fqdn \| xargs)
	viewer_response=$(curl --write-out %{http_code} --silent --output /dev/null https://$viewer_fqdn/healthcheck)
	[[ $viewer_response == 200 ]] \|\| (echo "Error with Viewer health check. HTTP status: ${viewer_response}" && exit 1)

	use_fqdn=$(cat ./terraform/environment/cluster_config.json \| jq .public_facing_use_fqdn \| xargs)
	use_response=$(curl --write-out %{http_code} --silent --output /dev/null https://$use_fqdn/healthcheck)
	[[ $use_response == 200 ]] \|\| (echo "Error with Use health check. HTTP status: ${use_response}" && exit 1)

	slack_notify:
	name: notify of result
	uses: ./.github/workflows/_slack-notification.yml
	needs:
	- production_health_check
	- update_documentation
	with:
	template: production_release.txt
	workflow_status: ${{ needs.production_health_check.result \|\| needs.update_documentation.result }}
	workspace: production
	secrets:
	webhook: ${{ secrets.PROD_SLACK_WEB_HOOK }}
	if: always()

	# Required end of workflow job
	end_of_workflow:
	name: end of workflow
	runs-on: ubuntu-latest
	needs:
	- workflow_variables
	- slack_notify
	steps:
	- name: workflow has ended
	run: \|
	if ${{ contains(needs.slack_notify.result, 'success') }}; then
	echo "Deployment to production successful"
	echo "Tag Used: main-${{ needs.workflow_variables.outputs.semver_tag }}"
	echo "URL: https://use-lasting-power-of-attorney.service.gov.uk"
	exit 0
	else
	echo "Deployment to production failed"
	exit 1
	fi
	if: always()

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

UML-3547 introduced new feature flag - "paper_verification" with a de… #760

Workflow file

UML-3547 introduced new feature flag - "paper_verification" with a de… #760

Jobs

Run details

Workflow file for this run