-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
7621bfe
commit b35acbe
Showing
3 changed files
with
43 additions
and
397 deletions.
There are no files selected for viewing
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,188 +1,61 @@ | ||
name: Deploy to Azure | ||
name: Deploy environment to AKS | ||
description: Deploys an application environment to AKS | ||
|
||
inputs: | ||
environment_name: | ||
environment: | ||
description: The name of the environment | ||
required: true | ||
image_name_tag: | ||
description: Image name and tag | ||
image_tag: | ||
description: GitHub SHA of the image | ||
image-tag: | ||
description: The image tag to deploy | ||
required: true | ||
azure_credentials: | ||
azure-credentials: | ||
description: JSON object containing a service principal that can read from Azure Key Vault | ||
required: true | ||
site_up_retries: | ||
description: The number of times that the site up test will be retried | ||
default: 60 | ||
startup_command: | ||
pull-request-number: | ||
description: The pull request number which triggered this deploy. | ||
required: false | ||
|
||
outputs: | ||
environment_url: | ||
description: The base URL for the deployed environment | ||
value: ${{ steps.terraform.outputs.app_fqdn }} | ||
check_service_url: | ||
description: The base URL for the Check service in the deployed environment | ||
value: ${{ steps.terraform.outputs.app_check_service_fqdn }} | ||
value: ${{ steps.set_outputs.outputs.ACCESS_URL }} | ||
|
||
runs: | ||
using: composite | ||
|
||
steps: | ||
# Extract configuration from tfvars | ||
- id: config | ||
run: | | ||
APP_RESOURCE_GROUP_NAME=$(jq -r '.resource_group_name' $TFVARS) | ||
RESOURCE_PREFIX=$(jq -r '.resource_prefix' $TFVARS) | ||
STORAGE_ACCOUNT_NAME=$(jq -r '.storage_account_name' $TFVARS) | ||
TERRAFORM_VERSION=$(awk '/{/{f=/^terraform/;next}f' terraform.tf | grep -o [0-9\.]*) | ||
if [ ${{ inputs.environment_name }} == "review" ]; then | ||
DEV_TFVARS=workspace_variables/dev.tfvars.json | ||
KEY_VAULT_NAME=$(jq -r '.key_vault_name' $DEV_TFVARS) | ||
REVIEW_APP_SUFFIX=-pr-${{ github.event.pull_request.number }} | ||
TF_RESOURCE_GROUP_NAME=$(jq -r '.resource_group_name' $DEV_TFVARS) | ||
else | ||
KEY_VAULT_NAME=$(jq -r '.key_vault_name' $TFVARS) | ||
TF_RESOURCE_GROUP_NAME=$(jq -r '.resource_group_name' $TFVARS) | ||
fi | ||
if [ -z "$APP_RESOURCE_GROUP_NAME" ]; then | ||
echo "::error ::Failed to extract app_resource_group_name from $TFVARS" | ||
exit 1 | ||
fi | ||
if [ -z "$KEY_VAULT_NAME" ]; then | ||
echo "::error ::Failed to extract key_vault_name from $TFVARS" | ||
exit 1 | ||
fi | ||
if [ -z "$RESOURCE_PREFIX" ]; then | ||
echo "::error ::Failed to extract resource_prefix from $TFVARS" | ||
exit 1 | ||
fi | ||
if [ -z "$STORAGE_ACCOUNT_NAME" ]; then | ||
echo "::error ::Failed to extract storage_account_name from $TFVARS" | ||
exit 1 | ||
fi | ||
if [ -z "$TERRAFORM_VERSION" ]; then | ||
echo "::error ::Failed to extract terraform_version from terraform.tf" | ||
exit 1 | ||
fi | ||
if [ -z "$TF_RESOURCE_GROUP_NAME" ]; then | ||
echo "::error ::Failed to extract tf_resource_group_name from TFVARS" | ||
exit 1 | ||
fi | ||
- uses: hashicorp/setup-terraform@v3 | ||
with: | ||
terraform_version: 1.6.4 | ||
terraform_wrapper: false | ||
|
||
echo "app_resource_group_name=$APP_RESOURCE_GROUP_NAME" >> $GITHUB_ENV | ||
echo "key_vault_name=$KEY_VAULT_NAME" >> $GITHUB_ENV | ||
echo "resource_prefix=$RESOURCE_PREFIX" >> $GITHUB_ENV | ||
echo "review_app_suffix=$REVIEW_APP_SUFFIX" >> $GITHUB_ENV | ||
echo "storage_account_name=$STORAGE_ACCOUNT_NAME" >> $GITHUB_ENV | ||
echo "terraform_version=$TERRAFORM_VERSION" >> $GITHUB_ENV | ||
echo "tf_resource_group_name=$TF_RESOURCE_GROUP_NAME" >> $GITHUB_ENV | ||
- uses: DFE-Digital/github-actions/set-kubelogin-environment@master | ||
with: | ||
azure-credentials: ${{ inputs.azure-credentials }} | ||
|
||
- name: Terraform Apply | ||
shell: bash | ||
run: | | ||
make ci ${{ inputs.environment }} aks-terraform-apply | ||
env: | ||
TFVARS: workspace_variables/${{ inputs.environment_name }}.tfvars.json | ||
working-directory: terraform | ||
|
||
- uses: Azure/login@v1 | ||
with: | ||
creds: ${{ inputs.azure_credentials }} | ||
DOCKER_IMAGE_TAG: ${{ inputs.image-tag }} | ||
PR_NUMBER: ${{ inputs.pull-request-number }} | ||
|
||
- id: deploy-arm-resources | ||
if: ${{ inputs.environment_name != 'review' }} | ||
run: | | ||
make ci ${{ inputs.environment_name }} deploy-azure-resources | ||
- name: Extract Terraform outputs | ||
shell: bash | ||
id: set_outputs | ||
run: | | ||
access_url=$(terraform -chdir=terraform/application output -json urls | jq -r '.[0]') | ||
echo "ACCESS_URL=$access_url" >> $GITHUB_OUTPUT | ||
- run: | | ||
TFSTATE_CONTAINER_ACCESS_KEY="$(az storage account keys list -g ${{ env.tf_resource_group_name }} -n ${{ env.storage_account_name }} | jq -r '.[0].value')" | ||
echo "::add-mask::$TFSTATE_CONTAINER_ACCESS_KEY" | ||
echo "TFSTATE_CONTAINER_ACCESS_KEY=$TFSTATE_CONTAINER_ACCESS_KEY" >> $GITHUB_ENV | ||
- name: Run smoke tests | ||
shell: bash | ||
- uses: hashicorp/setup-terraform@v2 | ||
with: | ||
terraform_version: ${{ env.terraform_version }} | ||
terraform_wrapper: false | ||
|
||
- id: terraform | ||
run: | | ||
if [ ${{ inputs.environment_name }} == "review" ]; then | ||
make ci ${{ inputs.environment_name }} terraform-apply pr_id=${{ github.event.pull_request.number }} | ||
else | ||
make ci ${{ inputs.environment_name }} terraform-apply | ||
fi | ||
cd terraform | ||
TFOUTPUTS=$(terraform output --json) | ||
OUTPUTS=($(jq -r <<< "$TFOUTPUTS" | jq -r 'keys | @sh' | tr -d \')) | ||
for o in "${OUTPUTS[@]}" | ||
do | ||
echo ${o}=$(jq -r .${o}.value <<< "$TFOUTPUTS") >> $GITHUB_ENV | ||
done | ||
echo "app_fqdn=$(terraform output -raw app_fqdn)" >>$GITHUB_OUTPUT | ||
echo "app_check_service_fqdn=$(terraform output -raw app_check_service_fqdn)" >>$GITHUB_OUTPUT | ||
env: | ||
ARM_ACCESS_KEY: ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} | ||
TF_VAR_azure_sp_credentials_json: ${{ inputs.azure_credentials }} | ||
TF_VAR_aytq_docker_image: ${{ inputs.image_name_tag }} | ||
shell: bash | ||
|
||
- uses: azure/webapps-deploy@v2 | ||
if: ${{ inputs.environment_name != 'review' }} | ||
with: | ||
app-name: ${{ env.resource_prefix }}-${{ inputs.environment_name}}-app | ||
images: ${{ inputs.image_name_tag }} | ||
slot-name: ${{ env.web_app_slot_name }} | ||
# Parse the JSON array of URLs into a Bash array | ||
urls=$(echo "$HOSTNAMES" | jq -r '.[]') | ||
- uses: azure/webapps-deploy@v2 | ||
if: ${{ inputs.environment_name == 'review' }} | ||
with: | ||
app-name: ${{ env.resource_prefix }}-${{ inputs.environment_name}}${{ env.review_app_suffix }}-app | ||
images: ${{ inputs.image_name_tag }} | ||
slot-name: ${{ env.web_app_slot_name }} | ||
startup-command: ${{ inputs.startup_command }} | ||
|
||
- uses: azure/CLI@v1 | ||
if: ${{ env.web_app_slot_name != 'production' }} | ||
with: | ||
inlineScript: | | ||
az webapp deployment slot swap -g ${{ env.app_resource_group_name }} -n ${{ env.web_app_name }} --slot ${{ env.web_app_slot_name }} --target-slot production | ||
# Check new site is up | ||
- run: | | ||
echo "Checking new site is up" | ||
attempt_counter=0 | ||
max_attempts=$RETRIES | ||
HEALTH_URL="${{ env.app_fqdn }}/health/all.json" | ||
HEALTH_RESPONSE=$(curl $HEALTH_URL --silent --connect-timeout 600) | ||
APP_SHA=$(echo $HEALTH_RESPONSE | jq -R '. as $line | try (fromjson | .version.message) catch $line' | grep -Po "Version: \K\w*") | ||
APP_STATUS=$(echo $HEALTH_RESPONSE | jq -R '. as $line | try (fromjson | .default.success) catch $line') | ||
APP_DATABASE_STATUS=$(echo $HEALTH_RESPONSE | jq -R '. as $line | try (fromjson | .database.success) catch $line') | ||
echo "sha: $APP_SHA; app_status: $APP_STATUS; app_database_status: $APP_DATABASE_STATUS" | ||
until [[ "$EXPECTED_SHA" == "$APP_SHA" && "$APP_STATUS" == "true" && "$APP_DATABASE_STATUS" == "true" ]]; do | ||
if [ ${attempt_counter} -eq ${max_attempts} ];then | ||
echo "Max attempts reached" | ||
exit 1 | ||
fi | ||
echo "Attempt $attempt_counter: new site not up, retrying in 5 seconds ..." | ||
sleep 5 | ||
attempt_counter=$(($attempt_counter+1)) | ||
HEALTH_RESPONSE=$(curl $HEALTH_URL --silent --connect-timeout 600) | ||
APP_SHA=$(echo $HEALTH_RESPONSE | jq -R '. as $line | try (fromjson | .version.message) catch $line' | grep -Po "Version: \K\w*") | ||
APP_STATUS=$(echo $HEALTH_RESPONSE | jq -R '. as $line | try (fromjson | .default.success) catch $line') | ||
APP_DATABASE_STATUS=$(echo $HEALTH_RESPONSE | jq -R '. as $line | try (fromjson | .database.success) catch $line') | ||
echo "sha: $APP_SHA; app_status: $APP_STATUS; app_database_status: $APP_DATABASE_STATUS" | ||
# Loop over each URL and perform the curl check on the /health/all.json endpoint | ||
for url in $urls; do | ||
echo "Check health for $url/health/all.json..." | ||
curl -sS --fail "$url/health/all.json" > /dev/null && echo "Health check passed for $url" || echo "Health check failed for $url" | ||
done | ||
shell: bash | ||
env: | ||
EXPECTED_SHA: ${{ inputs.image_tag }} | ||
RETRIES: ${{ inputs.site_up_retries }} |
Oops, something went wrong.