Skip to content

Bump jwt from 2.9.0 to 2.9.1 #3342

Bump jwt from 2.9.0 to 2.9.1

Bump jwt from 2.9.0 to 2.9.1 #3342

name: Build and Deploy
on:
push:
branches:
- main
pull_request:
branches:
- main
types:
- labeled
- synchronize
- reopened
- opened
- converted_to_draft
workflow_dispatch:
inputs:
environment:
description: "Environment"
required: true
type: choice
options:
- dev
- test
- preprod
- production
jobs:
build_image:
name: Image build and push
runs-on: ubuntu-latest
outputs:
image_name_tag: ${{ steps.build_image.outputs.ghcr_image_name_tag }}
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/build-image
id: build_image
with:
github_username: ${{ github.actor }}
github_token: ${{ secrets.GITHUB_TOKEN }}
registry: ghcr.io
deploy_review_app:
name: Deploy to review environment
runs-on: ubuntu-latest
if: contains(github.event.pull_request.labels.*.name, 'deploy')
concurrency: deploy_review_${{ github.event.pull_request.number }}
needs: [build_image]
environment:
name: review
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/deploy-environment
id: deploy
with:
environment_name: review
image_name_tag: ${{ needs.build_image.outputs.image_name_tag }}
image_tag: ${{ github.sha }}
azure_credentials: ${{ secrets.AZURE_CREDENTIALS }}
site_up_retries: 150
startup_command: "sh /app/bin/start-review-app.sh"
- name: Post URL to Pull Request comment
uses: marocchino/sticky-pull-request-comment@v2
with:
message: |
Review app deployed to <${{ steps.deploy.outputs.environment_url }}>
deploy_review_app_aks:
name: Deploy to review environment for AKS
runs-on: ubuntu-latest
if: contains(github.event.pull_request.labels.*.name, 'deploy-aks')
concurrency: deploy_review_${{ github.event.pull_request.number }}
needs: [build_image]
environment:
name: aks-review
steps:
- uses: actions/checkout@v4
- name: Deploy to AKS
uses: ./.github/actions/deploy-environment-aks
id: deploy_aks
with:
environment: aks-review
image-tag: ${{ github.sha }}
azure-credentials: ${{ secrets.AZURE_CREDENTIALS }}
pull-request-number: ${{ github.event.number }}
- uses: azure/login@v2
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Set kubelogin environment
uses: DFE-Digital/github-actions/set-kubelogin-environment@master
with:
azure-credentials: ${{ secrets.AZURE_CREDENTIALS }}
- name: Seed role codes
shell: bash
run: |
make ci aks-review get-cluster-credentials PR_NUMBER=123
kubectl exec -n tra-development deployment/access-your-teaching-qualifications-pr-${{ github.event.number }} -- /bin/sh -c "cd /app && bundle exec rake db:seed_role_codes"
- name: Post comment to Pull Request ${{ github.event.number }}
uses: marocchino/sticky-pull-request-comment@v2
with:
header: aks
message: |
### Deployments
| App | URL |
| ----------------- | ------------------------------------------------------------------------------------------------------------------------------------------|
| Access Your Teaching Qualifications | <https://access-your-teaching-qualifications-pr-${{ github.event.number }}.test.teacherservices.cloud> |
| Check A Teacher's Record | <https://check-a-teachers-record-pr-${{ github.event.number }}.test.teacherservices.cloud> |
set_matrix:
name: Set deployment matrix
runs-on: ubuntu-latest
needs: [build_image]
outputs:
deployment_matrix: ${{ steps.set-matrix.outputs.deployment_matrix }}
steps:
- id: set-matrix
run: |
if [ "${{ github.event_name }}" == "workflow_dispatch" ]; then
DEPLOYMENT_MATRIX="{ 'environment': ['${{ github.event.inputs.environment }}'] }"
else
DEPLOYMENT_MATRIX="{ 'environment': ['dev', 'test', 'preprod'] }"
fi
echo "deployment_matrix=$DEPLOYMENT_MATRIX" >> $GITHUB_OUTPUT
deploy_non_prod:
name: Deploy to ${{ matrix.environment }} environment
runs-on: ubuntu-latest
if: (github.ref == 'refs/heads/main' && github.event_name == 'push') || github.event_name == 'workflow_dispatch'
concurrency: deploy_${{ matrix.environment }}
needs: [build_image, set_matrix]
strategy:
fail-fast: false # this is necessary to prevent early termination of terraform deployments that will result in tfstate locks
max-parallel: 3
matrix: ${{ fromJson(needs.set_matrix.outputs.deployment_matrix) }}
environment:
name: ${{ matrix.environment }}
url: ${{ steps.deploy.outputs.environment_url }}
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/deploy-environment
id: deploy
with:
environment_name: ${{ matrix.environment }}
image_name_tag: ${{ needs.build_image.outputs.image_name_tag }}
image_tag: ${{ github.sha }}
azure_credentials: ${{ secrets.AZURE_CREDENTIALS }}
site_up_retries: 240
- run: |
echo Sleeping...
sleep 600
echo Finished sleeping
- uses: ./.github/actions/smoke-test
id: smoke-test
with:
environment: ${{ matrix.environment }}
azure_credentials: ${{ secrets.AZURE_CREDENTIALS }}
url: ${{ steps.deploy.outputs.environment_url }}
check_url: ${{ steps.deploy.outputs.check_service_url }}
deploy_prod:
name: Deploy to production environment
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/main' && github.event_name == 'push'
concurrency: deploy_prod
needs: [build_image, deploy_non_prod]
environment:
name: production
url: ${{ steps.deploy.outputs.environment_url }}
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/deploy-environment
id: deploy
with:
environment_name: production
image_name_tag: ${{ needs.build_image.outputs.image_name_tag }}
image_tag: ${{ github.sha }}
azure_credentials: ${{ secrets.AZURE_CREDENTIALS }}
notify_slack_of_failures:
name: Notify Slack of failures
runs-on: ubuntu-latest
needs: [build_image, deploy_review_app, set_matrix, deploy_non_prod, deploy_prod]
environment: ${{ needs.deploy_nonprod.outputs.environment_name || 'dev' }}
env:
ENVIRONMENT_NAME: ${{ needs.deploy_nonprod.outputs.environment_name || 'dev' }}
if: failure()
steps:
- uses: actions/checkout@v4
- name: Set Environment variables
shell: bash
working-directory: terraform
run: |
if ${{ needs.build_image.result == 'failure' }}
then
job=build_image
elif ${{ needs.deploy_review_app.result == 'failure' }}
then
job=deploy_review_app
review=true
elif ${{ needs.set_matrix.result == 'failure' }}
then
job=set_matrix
elif ${{ needs.deploy_non_prod.result == 'failure' }}
then
job=deploy_non_prod
elif ${{ needs.deploy_prod.result == 'failure' }}
then
job=deploy_prod
fi
tf_vars_file=workspace_variables/${{ env.ENVIRONMENT_NAME }}.tfvars.json
echo "KEY_VAULT_NAME=$(jq -r '.key_vault_name' ${tf_vars_file})" >> $GITHUB_ENV
echo "JOB=${job}" >> $GITHUB_ENV
echo "REVIEW=${review}" >> $GITHUB_ENV
- uses: Azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- uses: DfE-Digital/keyvault-yaml-secret@v1
id: get_monitoring_secret
with:
keyvault: ${{ env.KEY_VAULT_NAME }}
secret: MONITORING
key: SLACK_WEBHOOK
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Notify Slack channel on job failure
uses: rtCamp/action-slack-notify@v2
env:
SLACK_USERNAME: CI Deployment
SLACK_TITLE: Deployment of access-your-teaching-qualifications ${{ env.REVIEW && 'review' }} failed
SLACK_MESSAGE: Job ${{ env.JOB }} failed
SLACK_WEBHOOK: ${{ steps.get_monitoring_secret.outputs.SLACK_WEBHOOK }}
SLACK_COLOR: failure
SLACK_FOOTER: Sent from Build and Deploy workflow