Skip to content

Commit

Permalink
Merge pull request #883 from DFE-Digital/2052-aytq-migrate-production…
Browse files Browse the repository at this point in the history
…-environment

Removing s165 jobs from GHA
  • Loading branch information
shaheislamdfe authored Oct 11, 2024
2 parents e4ebe07 + f2ddcc6 commit 5788563
Show file tree
Hide file tree
Showing 5 changed files with 43 additions and 397 deletions.
61 changes: 0 additions & 61 deletions .github/actions/deploy-environment-aks/action.yml

This file was deleted.

193 changes: 33 additions & 160 deletions .github/actions/deploy-environment/action.yml
Original file line number Diff line number Diff line change
@@ -1,188 +1,61 @@
name: Deploy to Azure
name: Deploy environment to AKS
description: Deploys an application environment to AKS

inputs:
environment_name:
environment:
description: The name of the environment
required: true
image_name_tag:
description: Image name and tag
image_tag:
description: GitHub SHA of the image
image-tag:
description: The image tag to deploy
required: true
azure_credentials:
azure-credentials:
description: JSON object containing a service principal that can read from Azure Key Vault
required: true
site_up_retries:
description: The number of times that the site up test will be retried
default: 60
startup_command:
pull-request-number:
description: The pull request number which triggered this deploy.
required: false

outputs:
environment_url:
description: The base URL for the deployed environment
value: ${{ steps.terraform.outputs.app_fqdn }}
check_service_url:
description: The base URL for the Check service in the deployed environment
value: ${{ steps.terraform.outputs.app_check_service_fqdn }}
value: ${{ steps.set_outputs.outputs.ACCESS_URL }}

runs:
using: composite

steps:
# Extract configuration from tfvars
- id: config
run: |
APP_RESOURCE_GROUP_NAME=$(jq -r '.resource_group_name' $TFVARS)
RESOURCE_PREFIX=$(jq -r '.resource_prefix' $TFVARS)
STORAGE_ACCOUNT_NAME=$(jq -r '.storage_account_name' $TFVARS)
TERRAFORM_VERSION=$(awk '/{/{f=/^terraform/;next}f' terraform.tf | grep -o [0-9\.]*)
if [ ${{ inputs.environment_name }} == "review" ]; then
DEV_TFVARS=workspace_variables/dev.tfvars.json
KEY_VAULT_NAME=$(jq -r '.key_vault_name' $DEV_TFVARS)
REVIEW_APP_SUFFIX=-pr-${{ github.event.pull_request.number }}
TF_RESOURCE_GROUP_NAME=$(jq -r '.resource_group_name' $DEV_TFVARS)
else
KEY_VAULT_NAME=$(jq -r '.key_vault_name' $TFVARS)
TF_RESOURCE_GROUP_NAME=$(jq -r '.resource_group_name' $TFVARS)
fi
if [ -z "$APP_RESOURCE_GROUP_NAME" ]; then
echo "::error ::Failed to extract app_resource_group_name from $TFVARS"
exit 1
fi
if [ -z "$KEY_VAULT_NAME" ]; then
echo "::error ::Failed to extract key_vault_name from $TFVARS"
exit 1
fi
if [ -z "$RESOURCE_PREFIX" ]; then
echo "::error ::Failed to extract resource_prefix from $TFVARS"
exit 1
fi
if [ -z "$STORAGE_ACCOUNT_NAME" ]; then
echo "::error ::Failed to extract storage_account_name from $TFVARS"
exit 1
fi
if [ -z "$TERRAFORM_VERSION" ]; then
echo "::error ::Failed to extract terraform_version from terraform.tf"
exit 1
fi
if [ -z "$TF_RESOURCE_GROUP_NAME" ]; then
echo "::error ::Failed to extract tf_resource_group_name from TFVARS"
exit 1
fi
- uses: hashicorp/setup-terraform@v3
with:
terraform_version: 1.6.4
terraform_wrapper: false

echo "app_resource_group_name=$APP_RESOURCE_GROUP_NAME" >> $GITHUB_ENV
echo "key_vault_name=$KEY_VAULT_NAME" >> $GITHUB_ENV
echo "resource_prefix=$RESOURCE_PREFIX" >> $GITHUB_ENV
echo "review_app_suffix=$REVIEW_APP_SUFFIX" >> $GITHUB_ENV
echo "storage_account_name=$STORAGE_ACCOUNT_NAME" >> $GITHUB_ENV
echo "terraform_version=$TERRAFORM_VERSION" >> $GITHUB_ENV
echo "tf_resource_group_name=$TF_RESOURCE_GROUP_NAME" >> $GITHUB_ENV
- uses: DFE-Digital/github-actions/set-kubelogin-environment@master
with:
azure-credentials: ${{ inputs.azure-credentials }}

- name: Terraform Apply
shell: bash
run: |
make ci ${{ inputs.environment }} aks-terraform-apply
env:
TFVARS: workspace_variables/${{ inputs.environment_name }}.tfvars.json
working-directory: terraform

- uses: Azure/login@v1
with:
creds: ${{ inputs.azure_credentials }}
DOCKER_IMAGE_TAG: ${{ inputs.image-tag }}
PR_NUMBER: ${{ inputs.pull-request-number }}

- id: deploy-arm-resources
if: ${{ inputs.environment_name != 'review' }}
run: |
make ci ${{ inputs.environment_name }} deploy-azure-resources
- name: Extract Terraform outputs
shell: bash
id: set_outputs
run: |
access_url=$(terraform -chdir=terraform/application output -json urls | jq -r '.[0]')
echo "ACCESS_URL=$access_url" >> $GITHUB_OUTPUT
- run: |
TFSTATE_CONTAINER_ACCESS_KEY="$(az storage account keys list -g ${{ env.tf_resource_group_name }} -n ${{ env.storage_account_name }} | jq -r '.[0].value')"
echo "::add-mask::$TFSTATE_CONTAINER_ACCESS_KEY"
echo "TFSTATE_CONTAINER_ACCESS_KEY=$TFSTATE_CONTAINER_ACCESS_KEY" >> $GITHUB_ENV
- name: Run smoke tests
shell: bash
- uses: hashicorp/setup-terraform@v2
with:
terraform_version: ${{ env.terraform_version }}
terraform_wrapper: false

- id: terraform
run: |
if [ ${{ inputs.environment_name }} == "review" ]; then
make ci ${{ inputs.environment_name }} terraform-apply pr_id=${{ github.event.pull_request.number }}
else
make ci ${{ inputs.environment_name }} terraform-apply
fi
cd terraform
TFOUTPUTS=$(terraform output --json)
OUTPUTS=($(jq -r <<< "$TFOUTPUTS" | jq -r 'keys | @sh' | tr -d \'))
for o in "${OUTPUTS[@]}"
do
echo ${o}=$(jq -r .${o}.value <<< "$TFOUTPUTS") >> $GITHUB_ENV
done
echo "app_fqdn=$(terraform output -raw app_fqdn)" >>$GITHUB_OUTPUT
echo "app_check_service_fqdn=$(terraform output -raw app_check_service_fqdn)" >>$GITHUB_OUTPUT
env:
ARM_ACCESS_KEY: ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }}
TF_VAR_azure_sp_credentials_json: ${{ inputs.azure_credentials }}
TF_VAR_aytq_docker_image: ${{ inputs.image_name_tag }}
shell: bash

- uses: azure/webapps-deploy@v2
if: ${{ inputs.environment_name != 'review' }}
with:
app-name: ${{ env.resource_prefix }}-${{ inputs.environment_name}}-app
images: ${{ inputs.image_name_tag }}
slot-name: ${{ env.web_app_slot_name }}
# Parse the JSON array of URLs into a Bash array
urls=$(echo "$HOSTNAMES" | jq -r '.[]')
- uses: azure/webapps-deploy@v2
if: ${{ inputs.environment_name == 'review' }}
with:
app-name: ${{ env.resource_prefix }}-${{ inputs.environment_name}}${{ env.review_app_suffix }}-app
images: ${{ inputs.image_name_tag }}
slot-name: ${{ env.web_app_slot_name }}
startup-command: ${{ inputs.startup_command }}

- uses: azure/CLI@v1
if: ${{ env.web_app_slot_name != 'production' }}
with:
inlineScript: |
az webapp deployment slot swap -g ${{ env.app_resource_group_name }} -n ${{ env.web_app_name }} --slot ${{ env.web_app_slot_name }} --target-slot production
# Check new site is up
- run: |
echo "Checking new site is up"
attempt_counter=0
max_attempts=$RETRIES
HEALTH_URL="${{ env.app_fqdn }}/health/all.json"
HEALTH_RESPONSE=$(curl $HEALTH_URL --silent --connect-timeout 600)
APP_SHA=$(echo $HEALTH_RESPONSE | jq -R '. as $line | try (fromjson | .version.message) catch $line' | grep -Po "Version: \K\w*")
APP_STATUS=$(echo $HEALTH_RESPONSE | jq -R '. as $line | try (fromjson | .default.success) catch $line')
APP_DATABASE_STATUS=$(echo $HEALTH_RESPONSE | jq -R '. as $line | try (fromjson | .database.success) catch $line')
echo "sha: $APP_SHA; app_status: $APP_STATUS; app_database_status: $APP_DATABASE_STATUS"
until [[ "$EXPECTED_SHA" == "$APP_SHA" && "$APP_STATUS" == "true" && "$APP_DATABASE_STATUS" == "true" ]]; do
if [ ${attempt_counter} -eq ${max_attempts} ];then
echo "Max attempts reached"
exit 1
fi
echo "Attempt $attempt_counter: new site not up, retrying in 5 seconds ..."
sleep 5
attempt_counter=$(($attempt_counter+1))
HEALTH_RESPONSE=$(curl $HEALTH_URL --silent --connect-timeout 600)
APP_SHA=$(echo $HEALTH_RESPONSE | jq -R '. as $line | try (fromjson | .version.message) catch $line' | grep -Po "Version: \K\w*")
APP_STATUS=$(echo $HEALTH_RESPONSE | jq -R '. as $line | try (fromjson | .default.success) catch $line')
APP_DATABASE_STATUS=$(echo $HEALTH_RESPONSE | jq -R '. as $line | try (fromjson | .database.success) catch $line')
echo "sha: $APP_SHA; app_status: $APP_STATUS; app_database_status: $APP_DATABASE_STATUS"
# Loop over each URL and perform the curl check on the /health/all.json endpoint
for url in $urls; do
echo "Check health for $url/health/all.json..."
curl -sS --fail "$url/health/all.json" > /dev/null && echo "Health check passed for $url" || echo "Health check failed for $url"
done
shell: bash
env:
EXPECTED_SHA: ${{ inputs.image_tag }}
RETRIES: ${{ inputs.site_up_retries }}
Loading

0 comments on commit 5788563

Please sign in to comment.