Removing s165 jobs from GHA

.github/actions/deploy-environment/action.yml

@@ -1,188 +1,61 @@
-name: Deploy to Azure
+name: Deploy environment to AKS
+description: Deploys an application environment to AKS
 
 inputs:
-  environment_name:
+  environment:
     description: The name of the environment
     required: true
-  image_name_tag:
-    description: Image name and tag
-  image_tag:
-    description: GitHub SHA of the image
+  image-tag:
+    description: The image tag to deploy
     required: true
-  azure_credentials:
+  azure-credentials:
     description: JSON object containing a service principal that can read from Azure Key Vault
     required: true
-  site_up_retries:
-    description: The number of times that the site up test will be retried
-    default: 60
-  startup_command:
+  pull-request-number:
+    description: The pull request number which triggered this deploy.
     required: false
 
 outputs:
   environment_url:
     description: The base URL for the deployed environment
-    value: ${{ steps.terraform.outputs.app_fqdn }}
-  check_service_url:
-    description: The base URL for the Check service in the deployed environment
-    value: ${{ steps.terraform.outputs.app_check_service_fqdn }}
+    value: ${{ steps.set_outputs.outputs.ACCESS_URL }}
 
 runs:
   using: composite
 
   steps:
-    # Extract configuration from tfvars
-    - id: config
-      run: |
-        APP_RESOURCE_GROUP_NAME=$(jq -r '.resource_group_name' $TFVARS)
-        RESOURCE_PREFIX=$(jq -r '.resource_prefix' $TFVARS)
-        STORAGE_ACCOUNT_NAME=$(jq -r '.storage_account_name' $TFVARS)
-        TERRAFORM_VERSION=$(awk '/{/{f=/^terraform/;next}f' terraform.tf | grep -o [0-9\.]*)
-
-        if [ ${{ inputs.environment_name }} == "review" ]; then
-          DEV_TFVARS=workspace_variables/dev.tfvars.json
-          KEY_VAULT_NAME=$(jq -r '.key_vault_name' $DEV_TFVARS)
-          REVIEW_APP_SUFFIX=-pr-${{ github.event.pull_request.number }}
-          TF_RESOURCE_GROUP_NAME=$(jq -r '.resource_group_name' $DEV_TFVARS)
-        else
-          KEY_VAULT_NAME=$(jq -r '.key_vault_name' $TFVARS)
-          TF_RESOURCE_GROUP_NAME=$(jq -r '.resource_group_name' $TFVARS)
-        fi
-
-        if [ -z "$APP_RESOURCE_GROUP_NAME" ]; then
-          echo "::error ::Failed to extract app_resource_group_name from $TFVARS"
-          exit 1
-        fi
-
-        if [ -z "$KEY_VAULT_NAME" ]; then
-          echo "::error ::Failed to extract key_vault_name from $TFVARS"
-          exit 1
-        fi
-
-        if [ -z "$RESOURCE_PREFIX" ]; then
-          echo "::error ::Failed to extract resource_prefix from $TFVARS"
-          exit 1
-        fi
-
-        if [ -z "$STORAGE_ACCOUNT_NAME" ]; then
-          echo "::error ::Failed to extract storage_account_name from $TFVARS"
-          exit 1
-        fi
-
-        if [ -z "$TERRAFORM_VERSION" ]; then
-          echo "::error ::Failed to extract terraform_version from terraform.tf"
-          exit 1
-        fi
-
-        if [ -z "$TF_RESOURCE_GROUP_NAME" ]; then
-          echo "::error ::Failed to extract tf_resource_group_name from TFVARS"
-          exit 1
-        fi
+    - uses: hashicorp/setup-terraform@v3
+      with:
+        terraform_version: 1.6.4
+        terraform_wrapper: false
 
-        echo "app_resource_group_name=$APP_RESOURCE_GROUP_NAME" >> $GITHUB_ENV
-        echo "key_vault_name=$KEY_VAULT_NAME" >> $GITHUB_ENV
-        echo "resource_prefix=$RESOURCE_PREFIX" >> $GITHUB_ENV
-        echo "review_app_suffix=$REVIEW_APP_SUFFIX" >> $GITHUB_ENV
-        echo "storage_account_name=$STORAGE_ACCOUNT_NAME" >> $GITHUB_ENV
-        echo "terraform_version=$TERRAFORM_VERSION" >> $GITHUB_ENV
-        echo "tf_resource_group_name=$TF_RESOURCE_GROUP_NAME" >> $GITHUB_ENV
+    - uses: DFE-Digital/github-actions/set-kubelogin-environment@master
+      with:
+        azure-credentials: ${{ inputs.azure-credentials }}
 
+    - name: Terraform Apply
       shell: bash
+      run: |
+        make ci ${{ inputs.environment }} aks-terraform-apply
       env:
-        TFVARS: workspace_variables/${{ inputs.environment_name }}.tfvars.json
-      working-directory: terraform
-
-    - uses: Azure/login@v1
-      with:
-        creds: ${{ inputs.azure_credentials }}
+        DOCKER_IMAGE_TAG: ${{ inputs.image-tag }}
+        PR_NUMBER: ${{ inputs.pull-request-number }}
 
-    - id: deploy-arm-resources
-      if: ${{ inputs.environment_name != 'review' }}
-      run: |
-        make ci ${{ inputs.environment_name }} deploy-azure-resources
+    - name: Extract Terraform outputs
       shell: bash
+      id: set_outputs
+      run: |
+        access_url=$(terraform -chdir=terraform/application output -json urls | jq -r '.[0]')
+        echo "ACCESS_URL=$access_url" >> $GITHUB_OUTPUT
 
-    - run: |
-        TFSTATE_CONTAINER_ACCESS_KEY="$(az storage account keys list -g ${{ env.tf_resource_group_name }} -n ${{ env.storage_account_name }} | jq -r '.[0].value')"
-        echo "::add-mask::$TFSTATE_CONTAINER_ACCESS_KEY"
-        echo "TFSTATE_CONTAINER_ACCESS_KEY=$TFSTATE_CONTAINER_ACCESS_KEY" >> $GITHUB_ENV
+    - name: Run smoke tests
       shell: bash
-
-    - uses: hashicorp/setup-terraform@v2
-      with:
-        terraform_version: ${{ env.terraform_version }}
-        terraform_wrapper: false
-
-    - id: terraform
       run: |
-        if [ ${{ inputs.environment_name }} == "review" ]; then
-          make ci ${{ inputs.environment_name }} terraform-apply pr_id=${{ github.event.pull_request.number }}
-        else
-          make ci ${{ inputs.environment_name }} terraform-apply
-        fi
-        cd terraform
-        TFOUTPUTS=$(terraform output --json)
-        OUTPUTS=($(jq -r <<< "$TFOUTPUTS" | jq -r 'keys | @sh' | tr -d \'))
-        for o in "${OUTPUTS[@]}"
-        do
-          echo ${o}=$(jq -r .${o}.value <<< "$TFOUTPUTS") >> $GITHUB_ENV
-        done
-        echo "app_fqdn=$(terraform output -raw app_fqdn)" >>$GITHUB_OUTPUT
-        echo "app_check_service_fqdn=$(terraform output -raw app_check_service_fqdn)" >>$GITHUB_OUTPUT
-      env:
-        ARM_ACCESS_KEY: ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }}
-        TF_VAR_azure_sp_credentials_json: ${{ inputs.azure_credentials }}
-        TF_VAR_aytq_docker_image: ${{ inputs.image_name_tag }}
-      shell: bash
-
-    - uses: azure/webapps-deploy@v2
-      if: ${{ inputs.environment_name != 'review' }}
-      with:
-        app-name: ${{ env.resource_prefix }}-${{ inputs.environment_name}}-app
-        images: ${{ inputs.image_name_tag }}
-        slot-name: ${{ env.web_app_slot_name }}
+        # Parse the JSON array of URLs into a Bash array
+        urls=$(echo "$HOSTNAMES" | jq -r '.[]')
 
-    - uses: azure/webapps-deploy@v2
-      if: ${{ inputs.environment_name == 'review' }}
-      with:
-        app-name: ${{ env.resource_prefix }}-${{ inputs.environment_name}}${{ env.review_app_suffix }}-app
-        images: ${{ inputs.image_name_tag }}
-        slot-name: ${{ env.web_app_slot_name }}
-        startup-command: ${{ inputs.startup_command }}
-
-    - uses: azure/CLI@v1
-      if: ${{ env.web_app_slot_name != 'production' }}
-      with:
-        inlineScript: |
-          az webapp deployment slot swap -g ${{ env.app_resource_group_name }} -n ${{ env.web_app_name }} --slot ${{ env.web_app_slot_name }} --target-slot production
-
-    # Check new site is up
-    - run: |
-        echo "Checking new site is up"
-        attempt_counter=0
-        max_attempts=$RETRIES
-
-        HEALTH_URL="${{ env.app_fqdn }}/health/all.json"
-        HEALTH_RESPONSE=$(curl $HEALTH_URL --silent --connect-timeout 600)
-        APP_SHA=$(echo $HEALTH_RESPONSE | jq -R '. as $line | try (fromjson | .version.message) catch $line' | grep -Po "Version: \K\w*")
-        APP_STATUS=$(echo $HEALTH_RESPONSE | jq -R '. as $line | try (fromjson | .default.success) catch $line')
-        APP_DATABASE_STATUS=$(echo $HEALTH_RESPONSE | jq -R '. as $line | try (fromjson | .database.success) catch $line')
-        echo "sha: $APP_SHA; app_status: $APP_STATUS; app_database_status: $APP_DATABASE_STATUS"
-        until [[ "$EXPECTED_SHA" == "$APP_SHA" && "$APP_STATUS" == "true" && "$APP_DATABASE_STATUS" == "true" ]]; do
-          if [ ${attempt_counter} -eq ${max_attempts} ];then
-            echo "Max attempts reached"
-            exit 1
-          fi
-          echo "Attempt $attempt_counter: new site not up, retrying in 5 seconds ..."
-          sleep 5
-          attempt_counter=$(($attempt_counter+1))
-
-          HEALTH_RESPONSE=$(curl $HEALTH_URL --silent --connect-timeout 600)
-          APP_SHA=$(echo $HEALTH_RESPONSE | jq -R '. as $line | try (fromjson | .version.message) catch $line' | grep -Po "Version: \K\w*")
-          APP_STATUS=$(echo $HEALTH_RESPONSE | jq -R '. as $line | try (fromjson | .default.success) catch $line')
-          APP_DATABASE_STATUS=$(echo $HEALTH_RESPONSE | jq -R '. as $line | try (fromjson | .database.success) catch $line')
-          echo "sha: $APP_SHA; app_status: $APP_STATUS; app_database_status: $APP_DATABASE_STATUS"
+        # Loop over each URL and perform the curl check on the /health/all.json endpoint
+        for url in $urls; do
+          echo "Check health for $url/health/all.json..."
+          curl -sS --fail "$url/health/all.json" > /dev/null && echo "Health check passed for $url" || echo "Health check failed for $url"
         done
-      shell: bash
-      env:
-        EXPECTED_SHA: ${{ inputs.image_tag }}
-        RETRIES: ${{ inputs.site_up_retries }}