Skip to content

Commit

Permalink
Merge pull request #15 from DFE-Digital/fix-deploy-dev
Browse files Browse the repository at this point in the history 
FHG-5471 : Initial Deployment
  • Loading branch information
@AaronJY
AaronJY authored Jun 25, 2024
2 parents 1be82b0 + 357a087 commit 05e5cd8
Show file tree
Hide file tree
Showing 24 changed files with 21,880 additions and 153 deletions.
39 changes: 39 additions & 0 deletions .github/actions/azure-firewall-ip/action.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
name: Azure IP Whitelist
description: Add or Remove an IP Address to the Azure SQL Whitelist

inputs:
ip_address:
required: true
type: string
action:
required: true
type: choice
options:
- "Add"
- "Remove"
az_resource_group:
required: true
type: string
az_sql_server_name:
required: true
type: string
az_firewall_rule_name:
required: false
type: string
default: "github-actions-temp"

runs:
using: composite

steps:
- name: Add to Whitelist
if: ${{ inputs.action == 'Add' }}
shell: bash
run: |
az sql server firewall-rule create --resource-group ${{ inputs.az_resource_group }} --server ${{ inputs.az_sql_server_name }} --name ${{ inputs.az_firewall_rule_name }} --start-ip-address ${{ inputs.ip_address }} --end-ip-address ${{ inputs.ip_address }} &> /dev/null
- name: Remove from Whitelist
if: ${{ inputs.action == 'Remove' }}
shell: bash
run: |
az sql server firewall-rule delete --resource-group ${{ inputs.az_resource_group }} --server ${{ inputs.az_sql_server_name }} --name ${{ inputs.az_firewall_rule_name }} &> /dev/null
48 changes: 48 additions & 0 deletions .github/actions/database-migration/action.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
name: Apply Database Migration
description: Add and remove IP address from an Azure SQL server and apply a database migration to it.

inputs:
db_context:
required: true
type: string
data_project_path:
required: true
type: string
startup_project_path:
required: true
type: string
azure_resource_group:
required: true
type: string
azure_sql_server_resource_name:
required: true
type: string

runs:
using: composite

steps:
- name: Get Workflow Runner IP
id: runner-ip
uses: ./.github/actions/get-runner-ip-address

- name: Add Azure Firewall Rule
uses: ./.github/actions/azure-firewall-ip
with:
ip_address: ${{ steps.runner-ip.outputs.ip_address }}
action: "Add"
az_resource_group: ${{ inputs.azure_resource_group }}
az_sql_server_name: ${{ inputs.azure_sql_server_resource_name }}

- name: Apply Database Migration
shell: bash
run: dotnet ef database update -c ${{ inputs.db_context }} --project ${{ inputs.data_project_path }} --startup-project ${{ inputs.startup_project_path }}

- name: Remove Azure Firewall Rule
if: always()
uses: ./.github/actions/azure-firewall-ip
with:
ip_address: ${{ steps.runner-ip.outputs.ip_address }}
action: "Remove"
az_resource_group: ${{ inputs.azure_resource_group }}
az_sql_server_name: ${{ inputs.azure_sql_server_resource_name }}
18 changes: 18 additions & 0 deletions .github/actions/get-runner-ip-address/action.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
name: Get Runner IP Address
description: Gets the IP Address of the Workflow Runner

outputs:
ip_address:
value: ${{ steps.get-ip.outputs.ip_address }}

runs:
using: composite

steps:
- name: Get Workflow Runner IP
id: get-ip
shell: bash
run: |
IP=$(curl -s https://api.ipify.org/)
echo "IP Address = $IP"
echo "ip_address=$IP" >> $GITHUB_OUTPUT
127 changes: 127 additions & 0 deletions .github/workflows/build-and-deploy.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,127 @@
run-name: Deploy to ${{ inputs.environment }}

concurrency:
group: "${{ github.workflow }}-${{ github.ref }}"
cancel-in-progress: true

on:
workflow_dispatch:
inputs:
environment:
description: The environment target for deployment
default: 'Development'
type: choice
options:
- 'Development'
- 'Test'
- 'Production'

permissions:
id-token: write
contents: read

jobs:
build-projects-upload-artifacts:
name: Build
strategy:
fail-fast: true
matrix:
project: [ src/service/idam-api/,
src/service/notification-api/,
src/service/referral-api/,
src/service/report-api/,
src/service/service-directory-api/,
src/ui/connect-dashboard-ui/,
src/ui/connect-ui/,
src/ui/find-ui/,
src/ui/idam-maintenance-ui/,
src/ui/manage-ui/
]
uses: ./.github/workflows/build.yml
with:
project: ${{ matrix.project }}
secrets: inherit

deploy-idam:
name: Deploy Idam API
runs-on: ubuntu-22.04
needs: [ build-projects-upload-artifacts ]
env:
ARTIFACT_NAME: idam-api
PROJECT_NAME: FamilyHubs.Idam.Api
DATA_PROJECT_NAME: FamilyHubs.Idam.Data
PROJECT_TYPE: service
APP_NAME: s181d01-as-fh-idam-api
environment: ${{ inputs.environment }}
steps:
- name: Checkout Repository
uses: actions/checkout@v4
with:
ref: ${{ github.ref }}

- name: Setup .NET ${{ vars.DOTNET_VERSION }}
uses: actions/setup-dotnet@v4
with:
dotnet-version: ${{ vars.DOTNET_VERSION }}

- name: Install Entity Framework
shell: bash
run: dotnet tool install --global dotnet-ef

- name: Package Cache
uses: actions/cache@v4
with:
path: ~/.nuget/packages
key: ${{ runner.os }}-nuget-${{ hashFiles('**/*.csproj') }}
restore-keys: |
${{ runner.os }}-nuget-
- name: Download Artifact
uses: actions/download-artifact@v4
with:
name: ${{ env.ARTIFACT_NAME }}
path: ./out

- name: App Settings Variable Substitution
uses: microsoft/variable-substitution@v1
with:
files: "${{ github.workspace }}/src/${{ env.PROJECT_TYPE }}/${{ env.ARTIFACT_NAME }}/src/${{ env.PROJECT_NAME }}/appsettings.json, ./out/appsettings.json"
env:
APPINSIGHTS_CONNECTION_STRING: ${{ secrets.IDAM_API_APPINSIGHTS_CONNECTION_STRING }}
APPINSIGHTS_INSTRUMENTATIONKEY: ${{ vars.IDAM_API_APPINSIGHTS_INSTRUMENTATIONKEY }}
ConnectionStrings.IdamConnection: ${{ secrets.IDAM_API_CONNECTIONSTRINGS_IDAMCONNECTION }}
Crypto.clientId: ${{ vars.IDAM_API_CRYPTO_CLIENTID }}
Crypto.clientSecret: ${{ secrets.IDAM_API_CRYPTO_CLIENTSECRET }}
Crypto.DbEncryptionIVKey: ${{ secrets.IDAM_API_CRYPTO_DBENCRYPTIONIVKEY }}
Crypto.DbEncryptionIVKeySecretName: ${{ vars.IDAM_API_CRYPTO_DBENCRYPTIONIVKEYSECRETNAME }}
Crypto.DbEncryptionKey: ${{ secrets.IDAM_API_CRYPTO_DBENCRYPTIONKEY }}
Crypto.DbEncryptionKeySecretName: ${{ vars.IDAM_API_CRYPTO_DBENCRYPTIONKEYSECRETNAME }}
Crypto.KeyVaultIdentifier: ${{ vars.IDAM_API_CRYPTO_KEYVAULTIDENTIFIER }}
Crypto.tenantId: ${{ vars.IDAM_API_CRYPTO_TENANTID }}
Crypto.UseKeyVault: ${{ vars.IDAM_API_CRYPTO_USEKEYVAULT }}
EventGridUrl: ${{ vars.IDAM_API_EVENTGRIDURL }}
GovUkOidcConfiguration.BearerTokenSigningKey: ${{ secrets.IDAM_API_GOVUKOIDCCONFIGURATION_BEARERTOKENSIGNINGKEY }}
ServiceDirectoryApiBaseUrl: ${{ vars.IDAM_API_SERVICEDIRECTORYAPIBASEURL }}

- name: Azure CLI Login
uses: azure/login@v2
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

- name: Apply Database Migration
uses: ./.github/actions/database-migration
with:
db_context: ApplicationDbContext
data_project_path: ${{ github.workspace }}/src/${{ env.PROJECT_TYPE }}/${{ env.ARTIFACT_NAME }}/src/${{ env.DATA_PROJECT_NAME }}
startup_project_path: ${{ github.workspace }}/src/${{ env.PROJECT_TYPE }}/${{ env.ARTIFACT_NAME }}/src/${{ env.PROJECT_NAME }}
azure_resource_group: ${{ vars.AZURE_RESOURCE_GROUP }}
azure_sql_server_resource_name: ${{ vars.AZURE_SQL_SERVER_RESOURCE_NAME }}

- name: Deploy Artifact to Azure
uses: azure/webapps-deploy@v3
with:
app-name: ${{ env.APP_NAME }}
publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE_IDAM_API }}
package: ./out
4 changes: 2 additions & 2 deletions .github/workflows/build-and-test.yml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
name: Build & Test Each .NET Project
name: Build & Test

concurrency:
group: "${{ github.workflow }}-${{ github.ref }}"
Expand Down Expand Up @@ -52,7 +52,7 @@ jobs:
run: dotnet test --no-build --no-restore --verbosity minimal

idam-api:
name: IDAM API
name: Idam API
runs-on: ubuntu-22.04
defaults:
run:
Expand Down
63 changes: 63 additions & 0 deletions .github/workflows/build.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
name: Build a Project

on:
workflow_call:
inputs:
project:
required: true
type: string
runner:
required: false
default: 'ubuntu-22.04'
type: string

jobs:
build-project-upload-artifact:
name: Build & Upload
runs-on: ${{ inputs.runner }}
defaults:
run:
working-directory: ${{ inputs.project }}
env:
BUILD_DIRECTORY: ${{ github.workspace }}/${{ inputs.project }}out
steps:
- name: Checkout Repository
uses: actions/checkout@v4
with:
ref: ${{ github.ref }}

- name: Setup .NET ${{ vars.DOTNET_VERSION }}
uses: actions/setup-dotnet@v4
with:
dotnet-version: ${{ vars.DOTNET_VERSION }}

- name: Package Cache
uses: actions/cache@v4
with:
path: ~/.nuget/packages
key: ${{ runner.os }}-nuget-${{ hashFiles('**/*.csproj') }}
restore-keys: |
${{ runner.os }}-nuget-
- name: Restore Project
shell: bash
run: dotnet restore

- name: Publish Project
shell: bash
run: dotnet publish --configuration Release --no-restore --property:PublishDir=${{ env.BUILD_DIRECTORY }}

# The name is the Present Working Directory, e.g., "idam-api" or "manage-ui"
- name: Get Name for Artifact
id: get-name
shell: bash
run: |
ARTIFACT_NAME=${PWD##*/}
echo "artifact_name=$ARTIFACT_NAME" >> $GITHUB_OUTPUT
- name: Upload Artifact
uses: actions/upload-artifact@v4
with:
name: ${{ steps.get-name.outputs.artifact_name }}
path: ${{ env.BUILD_DIRECTORY }}
if-no-files-found: error
Loading

0 comments on commit 05e5cd8

Please sign in to comment.