Merge pull request #803 from DFE-Digital/1901-aytq-deploy-review-apps…

…-using-workflow 1901 aytq deploy review apps using workflow
DFE-Digital · Sep 5, 2024 · 2dd387c · 2dd387c
2 parents 7e12f1c + 82a868c
commit 2dd387c
Show file tree

Hide file tree

Showing 5 changed files with 307 additions and 49 deletions.
diff --git a/.github/actions/deploy-environment-aks/action.yml b/.github/actions/deploy-environment-aks/action.yml
@@ -0,0 +1,56 @@
+name: Deploy environment to AKS
+description: Deploys an application environment to AKS
+
+inputs:
+  environment:
+    description: The name of the environment
+    required: true
+  image-tag:
+    description: The image tag to deploy
+    required: true
+  azure-credentials:
+    description: JSON object containing a service principal that can read from Azure Key Vault
+    required: true
+  pull-request-number:
+    description: The pull request number which triggered this deploy.
+    required: false
+
+runs:
+  using: composite
+
+  steps:
+    - uses: hashicorp/setup-terraform@v3
+      with:
+        terraform_version: 1.6.4
+        terraform_wrapper: false
+
+    - uses: DFE-Digital/github-actions/set-kubelogin-environment@master
+      with:
+        azure-credentials: ${{ inputs.azure-credentials }}
+
+    - name: Terraform Apply
+      shell: bash
+      run: |
+        make ci ${{ inputs.environment }} aks-terraform-apply
+      env:
+        DOCKER_IMAGE_TAG: ${{ inputs.image-tag }}
+        PR_NUMBER: ${{ inputs.pull-request-number }}
+
+    - name: Extract Terraform outputs
+      shell: bash
+      id: set_outputs
+      run: |
+        output=$(terraform -chdir=terraform/application output -json urls)
+        echo "HOSTNAMES=$output" >> $GITHUB_ENV
+
+    - name: Run smoke tests
+      shell: bash
+      run: |
+        # Parse the JSON array of URLs into a Bash array
+        urls=$(echo "$HOSTNAMES" | jq -r '.[]')
+
+        # Loop over each URL and perform the curl check on the /health/all.json endpoint
+        for url in $urls; do
+          echo "Check health for $url/health/all.json..."
+          curl -sS --fail "$url/health/all.json" > /dev/null && echo "Health check passed for $url" || echo "Health check failed for $url"
+        done
diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml
@@ -69,6 +69,39 @@ jobs:
           message: |
             Review app deployed to <${{ steps.deploy.outputs.environment_url }}>
 
+  deploy_review_app_aks:
+    name: Deploy to review environment for AKS
+    runs-on: ubuntu-latest
+    if: contains(github.event.pull_request.labels.*.name, 'deploy-aks')
+    concurrency: deploy_review_${{ github.event.pull_request.number }}
+    needs: [build_image]
+    environment:
+      name: aks-review
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Deploy to AKS
+        uses: ./.github/actions/deploy-environment-aks
+        id: deploy_aks
+        with:
+          environment: aks-review
+          image-tag: ${{ github.sha }}
+          azure-credentials: ${{ secrets.AZURE_CREDENTIALS }}
+          pull-request-number: ${{ github.event.number }}
+
+      - name: Post comment to Pull Request ${{ github.event.number }}
+        uses: marocchino/sticky-pull-request-comment@v2
+        with:
+          header: aks
+          message: |
+            ### Deployments
+
+            | App               | URL                                                                                                                                       |
+            | ----------------- | ------------------------------------------------------------------------------------------------------------------------------------------|
+            | Access Your Teaching Qualifications       | <https://access-your-teaching-qualifications-pr-${{ github.event.number }}.test.teacherservices.cloud>            |
+            | Check A Teacher's Record                  | <https://check-a-teachers-record-pr-${{ github.event.number }}.test.teacherservices.cloud>                        |
+
   set_matrix:
     name: Set deployment matrix
     runs-on: ubuntu-latest
@@ -92,7 +125,7 @@ jobs:
     concurrency: deploy_${{ matrix.environment }}
     needs: [build_image, set_matrix]
     strategy:
-      fail-fast: false # this is necessary to prevent early terminiation of terraform deployments that will result in tfstate locks
+      fail-fast: false # this is necessary to prevent early termination of terraform deployments that will result in tfstate locks
       max-parallel: 3
       matrix: ${{ fromJson(needs.set_matrix.outputs.deployment_matrix) }}
     environment:
@@ -144,9 +177,9 @@ jobs:
     name: Notify Slack of failures
     runs-on: ubuntu-latest
     needs: [build_image, deploy_review_app, set_matrix, deploy_non_prod, deploy_prod]
-    environment: ${{ needs.deploy_nonprod.outputs.environment_name || 'dev'  }}
+    environment: ${{ needs.deploy_nonprod.outputs.environment_name || 'dev' }}
     env:
-      ENVIRONMENT_NAME: ${{ needs.deploy_nonprod.outputs.environment_name || 'dev'  }}
+      ENVIRONMENT_NAME: ${{ needs.deploy_nonprod.outputs.environment_name || 'dev' }}
     if: failure()
     steps:
       - uses: actions/checkout@v4

diff --git a/.github/workflows/delete-review-app.yml b/.github/workflows/delete-review-app.yml
@@ -2,19 +2,23 @@ name: Delete Review App
 
 on:
   pull_request:
-    types: [closed]
-    branches: [main]
+    branches:
+      - main
+    types:
+      - closed
   workflow_dispatch:
     inputs:
       pr_number:
         description: PR number of review app to delete
-        required: true
+        required: false
         type: string
+
 jobs:
   delete-review-app:
     name: Delete Review App ${{ github.event.pull_request.number }}
     concurrency: deploy_review_${{ github.event.pull_request.number }}
     runs-on: ubuntu-latest
+    if: ${{ contains(github.event.pull_request.labels.*.name, 'deploy') }}
     environment: review
     steps:
       - uses: actions/checkout@v4
@@ -129,3 +133,82 @@ jobs:
           az storage blob delete -c ${{ env.tf_state_container }} --name ${{ env.TF_STATE_FILE }} \
           --account-key ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} \
           --account-name ${{ env.storage_account_name }}
+
+  delete-review-app-aks:
+    name: Delete Review App ${{ github.event.pull_request.number }}
+    concurrency: deploy_review_${{ github.event.pull_request.number }}
+    runs-on: ubuntu-latest
+    if: ${{ contains(github.event.pull_request.labels.*.name, 'deploy-aks') }}
+    environment: aks-review
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Extract configuration from tfvars
+        run: |
+          if [ ${{ github.event_name }} == 'workflow_dispatch' ]; then
+            PR_NUMBER=${{ github.event.inputs.pr_number }}
+          else
+            PR_NUMBER=${{ github.event.pull_request.number }}
+          fi
+
+          echo "PR_NUMBER=$PR_NUMBER" >> $GITHUB_ENV
+          echo "STORAGE_ACCOUNT_NAME=s189t01aytqrvtfsa" >> $GITHUB_ENV
+          echo "TF_RESOURCE_GROUP_NAME=s189t01-aytq-rv-rg" >> $GITHUB_ENV
+        shell: bash
+
+      - uses: Azure/login@v1
+        with:
+          creds: ${{ secrets.AZURE_CREDENTIALS }}
+
+      - run: |
+          TFSTATE_CONTAINER_ACCESS_KEY="$(az storage account keys list -g ${{ env.TF_RESOURCE_GROUP_NAME }} -n ${{ env.STORAGE_ACCOUNT_NAME }} | jq -r '.[0].value')"
+          echo "::add-mask::$TFSTATE_CONTAINER_ACCESS_KEY"
+          echo "TFSTATE_CONTAINER_ACCESS_KEY=$TFSTATE_CONTAINER_ACCESS_KEY" >> $GITHUB_ENV
+        shell: bash
+
+      - uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: 1.6.4
+          terraform_wrapper: false
+
+      - name: Set Environment variables
+        run: |
+          TF_STATE_FILE=pr-${{ env.PR_NUMBER }}_kubernetes.tfstate
+          echo "TF_STATE_FILE=$TF_STATE_FILE" >> $GITHUB_ENV
+
+          pr_state_file=$(az storage blob list -c terraform-state \
+            --account-key ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} \
+            --account-name ${{ env.STORAGE_ACCOUNT_NAME }} \
+            --prefix $TF_STATE_FILE --query "[].name" -o tsv)
+          if [ -n "$pr_state_file" ]; then
+            echo "TF_STATE_EXISTS=true" >> $GITHUB_ENV
+          fi
+
+      - uses: DFE-Digital/github-actions/set-kubelogin-environment@master
+        with:
+          azure-credentials: ${{ secrets.AZURE_CREDENTIALS }}
+
+      - name: Terraform Destroy
+        run: |
+          make ci aks-review aks-terraform-destroy
+        env:
+          PR_NUMBER: ${{ env.PR_NUMBER }}
+
+      - name: Delete tf state file
+        if: env.TF_STATE_EXISTS == 'true'
+        run: |
+          az storage blob delete -c terraform-state --name ${{ env.TF_STATE_FILE }} \
+          --account-key ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} \
+          --account-name ${{ env.STORAGE_ACCOUNT_NAME }}
+
+      - name: Post Pull Request Comment ${{ github.event.number }}
+        if: ${{ github.event_name == 'pull_request' }}
+        uses: marocchino/sticky-pull-request-comment@v2
+        with:
+          header: aks
+          message: |
+            The review apps Access Your Teaching Qualifications & Check A Teacher's Record have been deleted.
+            The following domains are not available anymore:
+            - <https://access-your-teaching-qualifications-pr-${{ github.event.number }}.test.teacherservices.cloud>
+            - <https://check-a-teachers-record-pr-${{ github.event.number }}.test.teacherservices.cloud>