-
Notifications
You must be signed in to change notification settings - Fork 4
234 lines (213 loc) · 6.75 KB
/
path-to-live.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
name: "[Workflow] Path to live"
concurrency:
group: ${{ github.ref }}-${{ github.workflow }}
defaults:
run:
shell: bash
on:
push:
branches:
- 'main'
permissions:
contents: read
security-events: write
pull-requests: read
actions: none
checks: none
deployments: none
issues: none
packages: none
repository-projects: none
statuses: none
jobs:
workflow_variables:
runs-on: ubuntu-latest
name: output workflow variables
outputs:
short_sha: ${{ steps.variables.outputs.short_sha }}
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v3
- name: extract variables for workflow
id: variables
run: |
echo "short_sha=$(echo ${GITHUB_SHA:0:7})" >> $GITHUB_OUTPUT
terraform_lint:
name: lint terraform code
uses: ./.github/workflows/_lint-terraform.yml
needs:
- workflow_variables
with:
workspace: development
secrets: inherit
node_test:
name: test node dependencies
uses: ./.github/workflows/_node-test.yml
needs:
- workflow_variables
node_build:
name: build node dependencies
uses: ./.github/workflows/_node-build.yml
needs:
- workflow_variables
docker_build_scan_push:
name: build, test, scan and push
uses: ./.github/workflows/_build-and-push.yml
needs:
- workflow_variables
- node_test
- node_build
with:
tag: main-${{ needs.workflow_variables.outputs.short_sha }}
branch_name: main
push_to_ecr: true
specific_path: all
secrets: inherit
code_coverage:
name: upload to code coverage
needs:
- docker_build_scan_push
- workflow_variables
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v3
- name: download artifact for front tests
uses: actions/download-artifact@e9ef242655d12993efdcda9058dee2db83a2cb9b
with:
name: service-front
path: service-front
- name: download artifact for api tests
uses: actions/download-artifact@e9ef242655d12993efdcda9058dee2db83a2cb9b
with:
name: service-api
path: service-api
- name: download artifact for api tests
uses: actions/download-artifact@e9ef242655d12993efdcda9058dee2db83a2cb9b
with:
name: service-admin
path: service-admin
- uses: codecov/codecov-action@v3
with:
name: codecov-use-an-lpa
terraform_apply_shared_development:
name: terraform apply shared development
uses: ./.github/workflows/_run-terraform.yml
needs:
- docker_build_scan_push
- terraform_lint
with:
workspace: development
terraform_path: account
apply: true
specific_path: all
secrets: inherit
terraform_apply_shared_preproduction:
name: terraform apply shared preproduction
uses: ./.github/workflows/_run-terraform.yml
needs:
- terraform_apply_shared_development
with:
workspace: preproduction
terraform_path: account
apply: true
specific_path: all
secrets: inherit
terraform_apply_preproduction:
name: terraform apply preproduction
uses: ./.github/workflows/_run-terraform.yml
needs:
- terraform_apply_shared_preproduction
- workflow_variables
with:
workspace: preproduction
terraform_path: environment
container_version: main-${{ needs.workflow_variables.outputs.short_sha }}
apply: true
specific_path: all
secrets: inherit
seed_dynamodb_preproduction:
name: seed dynamodb in preproduction
uses: ./.github/workflows/_seed-database.yml
needs:
- terraform_apply_preproduction
secrets: inherit
run_behat_suite_preproduction:
name: run behat tests against preproduction
uses: ./.github/workflows/_run-behat-tests.yml
needs:
- seed_dynamodb_preproduction
with:
workspace: preproduction
secrets: inherit
terraform_apply_shared_production:
name: terraform apply shared production
uses: ./.github/workflows/_run-terraform.yml
needs:
- run_behat_suite_preproduction
with:
workspace: production
terraform_path: account
apply: true
specific_path: all
secrets: inherit
terraform_apply_production:
name: terraform apply production
uses: ./.github/workflows/_run-terraform.yml
needs:
- terraform_apply_shared_production
- workflow_variables
with:
workspace: production
terraform_path: environment
container_version: main-${{ needs.workflow_variables.outputs.short_sha }}
apply: true
specific_path: all
extra_vars: "-var public_access_enabled=true"
secrets: inherit
production_health_check:
name: health check production
runs-on: ubuntu-latest
needs:
- terraform_apply_production
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v3
with:
fetch-depth: '0'
- name: download cluster_config
uses: actions/download-artifact@e9ef242655d12993efdcda9058dee2db83a2cb9b
with:
name: environment_config_file
path: terraform/environment
- name: workflow has ended without issue
run: |
viewer_fqdn=$(cat ./terraform/environment/cluster_config.json | jq .public_facing_view_fqdn | xargs)
viewer_response=$(curl --write-out %{http_code} --silent --output /dev/null https://$viewer_fqdn/healthcheck)
[[ $viewer_response == 200 ]] || (echo "Error with viewer health check. HTTP status: ${viewer_response}" && exit 1)
actor_fqdn=$(cat ./terraform/environment/cluster_config.json | jq .public_facing_use_fqdn | xargs)
actor_response=$(curl --write-out %{http_code} --silent --output /dev/null https://$actor_fqdn/healthcheck)
[[ $actor_response == 200 ]] || (echo "Error with actor health check. HTTP status: ${actor_response}" && exit 1)
slack_notify:
name: notify of result
uses: ./.github/workflows/_slack-notification.yml
needs:
- production_health_check
with:
template: production_release.txt
workflow_status: ${{ needs.production_health_check.result }}
secrets:
webhook: ${{ secrets.PROD_SLACK_WEB_HOOK }}
if: always()
# Required end of workflow job
end_of_workflow:
name: end of workflow
runs-on: ubuntu-latest
needs:
- code_coverage
- slack_notify
- production_health_check
- workflow_variables
steps:
- name: workflow has ended without issue
run: |
echo "Deployment to production successful"
echo "Tag Used: main-${{ needs.workflow_variables.outputs.short_sha }}"
echo "URL: https://use-lasting-power-of-attorney.service.gov.uk"