DFE-Digital · johnake · Jan 3, 2024 · Dec 28, 2023
@@ -28,7 +28,7 @@ runs:
       shell: bash
       id: set_kv_env_vars
       run: |
-        tf_vars_file=terraform/aks/workspace_variables/${{ inputs.environment }}_aks.tfvars.json
+        tf_vars_file=terraform/aks/workspace_variables/${{ inputs.environment }}.tfvars.json
         cat $tf_vars_file
         INF_VAULT_NAME=$(jq -r '.inf_vault_name' ${tf_vars_file})
         NAMESPACE=$(jq -r '.namespace' ${tf_vars_file})

@@ -59,7 +59,7 @@ runs:
 
     - name: Terraform init, plan & apply
       shell: bash
-      run: make ci ${{ inputs.environment }} terraform-apply-aks
+      run: make ci ${{ inputs.environment }} terraform-apply
       env:
         ARM_ACCESS_KEY: ${{ inputs.arm-access-key }}
         DOCKER_IMAGE: ${{ inputs.docker_image }}

@@ -22,23 +22,36 @@ runs:
     - name: Set environment variables
       shell: bash
       run: |
-        tf_vars_file=terraform/paas/workspace_variables/${{ inputs.environment }}.tfvars.json
-        echo "KEY_VAULT_NAME=$(jq -r '.key_vault_name' ${tf_vars_file})" >> $GITHUB_ENV
-        echo "PAAS_SPACE=$(jq -r '.paas_space' ${tf_vars_file})" >> $GITHUB_ENV
+        tf_vars_file=terraform/aks/workspace_variables/${{ inputs.environment }}.tfvars.json
+        echo "APP_KEY_VAULT=$(jq -r '.app_key_vault' ${tf_vars_file})" >> $GITHUB_ENV
 
-    - uses: DfE-Digital/keyvault-yaml-secret@v1
-      id: keyvault-yaml-secret
+    - name: Retrieve Secrets from KV
+      uses: azure/CLI@v1
+      id: retrieve-secrets
       with:
-        keyvault: ${{ env.KEY_VAULT_NAME }}
-        secret: INFRASTRUCTURE
-        key: HOSTING_DOMAIN,GOVUK_NOTIFY_API_KEY,SUPPORT_USERNAME,SUPPORT_PASSWORD
+        inlineScript: |
+          HOSTING_DOMAIN=$(az keyvault secret show --name HOSTING-DOMAIN --vault-name "${{ env.APP_KEY_VAULT}}" --query 'value' -o tsv)
+          echo "::add-mask::$HOSTING_DOMAIN"
+          echo "HOSTING_DOMAIN=$HOSTING_DOMAIN" >> $GITHUB_OUTPUT
+          GOVUK_NOTIFY_API_KEY=$(az keyvault secret show --name GOVUK-NOTIFY-API-KEY --vault-name "${{ env.APP_KEY_VAULT}}" --query 'value' -o tsv)
+          echo "::add-mask::$GOVUK_NOTIFY_API_KEY"
+          echo "GOVUK_NOTIFY_API_KEY=$GOVUK_NOTIFY_API_KEY" >> $GITHUB_OUTPUT
+          HOSTING_ENVIRONMENT_NAME=$(az keyvault secret show --name HOSTING-ENVIRONMENT-NAME --vault-name "${{ env.APP_KEY_VAULT}}" --query 'value' -o tsv)
+          echo "::add-mask::$HOSTING_ENVIRONMENT_NAME"
+          echo "HOSTING_ENVIRONMENT_NAME=$HOSTING_ENVIRONMENT_NAME" >> $GITHUB_OUTPUT
+          SUPPORT_USERNAME=$(az keyvault secret show --name SUPPORT-USERNAME --vault-name "${{ env.APP_KEY_VAULT}}" --query 'value' -o tsv)
+          echo "::add-mask::$SUPPORT_USERNAME"
+          echo "SUPPORT_USERNAME=$SUPPORT_USERNAME" >> $GITHUB_OUTPUT
+          SUPPORT_PASSWORD=$(az keyvault secret show --name SUPPORT-PASSWORD --vault-name "${{ env.APP_KEY_VAULT}}" --query 'value' -o tsv)
+          echo "::add-mask::$SUPPORT_PASSWORD"
+          echo "SUPPORT_PASSWORD=$SUPPORT_PASSWORD" >> $GITHUB_OUTPUT
 
     - name: Run deployment smoke test
       shell: bash
       run: bin/smoke
       env:
-        HOSTING_DOMAIN: ${{ steps.keyvault-yaml-secret.outputs.HOSTING_DOMAIN }}
-        RAILS_ENV: ${{ steps.keyvault-yaml-secret.outputs.HOSTING_ENVIRONMENT_NAME }}
-        GOVUK_NOTIFY_API_KEY: ${{ steps.keyvault-yaml-secret.outputs.GOVUK_NOTIFY_API_KEY }}
-        SUPPORT_USERNAME: ${{ steps.keyvault-yaml-secret.outputs.SUPPORT_USERNAME }}
-        SUPPORT_PASSWORD: ${{ steps.keyvault-yaml-secret.outputs.SUPPORT_PASSWORD }}
+        HOSTING_DOMAIN: ${{ steps.retrieve-secrets.outputs.HOSTING_DOMAIN }}
+        RAILS_ENV: ${{ steps.retrieve-secrets.outputs.HOSTING_ENVIRONMENT_NAME }}
+        GOVUK_NOTIFY_API_KEY: ${{ steps.retrieve-secrets.outputs.GOVUK_NOTIFY_API_KEY }}
+        SUPPORT_USERNAME: ${{ steps.retrieve-secrets.outputs.SUPPORT_USERNAME }}
+        SUPPORT_PASSWORD: ${{ steps.retrieve-secrets.outputs.SUPPORT_PASSWORD }}
@@ -14,8 +14,8 @@ jobs:
       matrix:
         environment: [development, test, preproduction, production]
     environment:
-      name: ${{matrix.environment}}_aks
-    concurrency: ${{matrix.environment}}_${{github.event.number}}_aks
+      name: ${{matrix.environment}}
+    concurrency: ${{matrix.environment}}_${{github.event.number}}
     steps:
       - name: Check out the repo
         uses: actions/checkout@v4

@@ -21,7 +21,7 @@ env:
 jobs:
   docker:
     name: Docker build and push
-    if: contains(github.event.pull_request.labels.*.name, 'deploy') || contains(github.event.pull_request.labels.*.name, 'deploy_v2') || github.event_name != 'pull_request'
+    if: contains(github.event.pull_request.labels.*.name, 'deploy') || github.event_name != 'pull_request'
     runs-on: ubuntu-latest
     outputs:
       docker_image: ${{ steps.dockerimage.outputs.docker_image_tag }}
@@ -44,37 +44,10 @@ jobs:
 
     steps:
       - uses: actions/checkout@v3
-      - uses: ./.github/workflows/actions/deploy-environment
+      - uses: ./.github/workflows/actions/deploy
         id: deploy
         with:
-          environment_name: review
-          docker_image: ${{ needs.docker.outputs.docker_image }}
-          azure_credentials: ${{ secrets.AZURE_CREDENTIALS }}
-          terraform_vars: workspace_variables/review.tfvars.json
-          pr_id: ${{ github.event.pull_request.number }}
-
-      - name: Post sticky pull request comment
-        if: github.event_name == 'pull_request'
-        uses: marocchino/sticky-pull-request-comment@v2
-        with:
-          message: |
-            Review app deployed to ${{ steps.deploy.outputs.environment_url }}
-
-  deploy_v2_review:
-    name: Deploy to review_aks environment
-    concurrency: deploy_v2_review_${{ github.event.pull_request.number }}
-    needs: [docker]
-    runs-on: ubuntu-latest
-    if: contains(github.event.pull_request.labels.*.name, 'deploy_v2')
-    environment:
-      name: review_aks
-
-    steps:
-      - uses: actions/checkout@v3
-      - uses: ./.github/workflows/actions/deploy_v2
-        id: deploy_v2
-        with:
-          environment: review_aks
+          environment: review
           docker_image: ${{ needs.docker.outputs.docker_image }}
           azure-credentials: ${{ secrets.AZURE_CREDENTIALS }}
           arm-access-key: ${{ secrets.ARM_ACCESS_KEY }}
@@ -85,9 +58,9 @@ jobs:
         uses: marocchino/sticky-pull-request-comment@v2
         with:
           message: |
-            AKS review app deployed to ${{ steps.deploy_v2.outputs.environment_url }}
+            AKS review app deployed to ${{ steps.deploy.outputs.environment_url }}
 
-  deploy_v2_nonprod:
+  deploy_nonprod:
     name: Deploy to ${{ matrix.environment }} environment
     runs-on: ubuntu-latest
     if: github.ref == 'refs/heads/main' && github.event_name == 'push'
@@ -96,7 +69,7 @@ jobs:
     strategy:
       max-parallel: 1
       matrix:
-        environment: [development_aks, test_aks, preproduction_aks]
+        environment: [development, test, preproduction]
     environment:
       name: ${{ matrix.environment }}
       url: ${{ steps.deploy.outputs.environment_url }}
@@ -105,38 +78,38 @@ jobs:
 
     steps:
       - uses: actions/checkout@v3
-      - uses: ./.github/workflows/actions/deploy_v2
-        id: deploy_v2
+      - uses: ./.github/workflows/actions/deploy
+        id: deploy
         with:
           environment: ${{ matrix.environment }}
           docker_image: ${{ needs.docker.outputs.docker_image }}
           azure-credentials: ${{ secrets.AZURE_CREDENTIALS }}
           arm-access-key: ${{ secrets.ARM_ACCESS_KEY }}
-      - uses: ./.github/workflows/actions/smoke-test-v2
+      - uses: ./.github/workflows/actions/smoke-test
         id: smoke-test
         with:
           environment: ${{ matrix.environment }}
           azure_credentials: ${{ secrets.AZURE_CREDENTIALS }}
 
-  deploy_v2_production:
-    name: Deploy to production_aks environment
+  deploy_production:
+    name: Deploy to production environment
     runs-on: ubuntu-latest
     if: github.ref == 'refs/heads/main' && github.event_name == 'push'
     environment:
-      name: production_aks
-      url: ${{ steps.deploy_v2.outputs.environment_url }}
-    concurrency: deploy_production_aks
-    needs: [docker, deploy_v2_nonprod]
+      name: production
+      url: ${{ steps.deploy.outputs.environment_url }}
+    concurrency: deploy_production
+    needs: [docker, deploy_nonprod]
 
     outputs:
-      environment_url: ${{ steps.deploy_v2.outputs.environment_url }}
+      environment_url: ${{ steps.deploy.outputs.environment_url }}
 
     steps:
       - uses: actions/checkout@v3
-      - uses: ./.github/workflows/actions/deploy_v2
-        id: deploy_v2
+      - uses: ./.github/workflows/actions/deploy
+        id: deploy
         with:
-          environment: production_aks
+          environment: production
           docker_image: ${{ needs.docker.outputs.docker_image }}
           azure-credentials: ${{ secrets.AZURE_CREDENTIALS }}
           arm-access-key: ${{ secrets.ARM_ACCESS_KEY }}
@@ -3,12 +3,12 @@ on:
   workflow_dispatch:
     inputs:
       environment:
-        description: "Deploy environment ( development_aks, test, preprod or production )"
+        description: "Deploy environment ( development, test, preprod or production )"
         required: true
-        default: development_aks
+        default: development
         type: choice
         options:
-          - development_aks
+          - development
       sha:
         description: Commit sha to be deployed
         required: true
@@ -20,11 +20,11 @@ env:
   CONTAINER_REGISTRY: ghcr.io
 
 jobs:
-  deploy_v2_environment:
-    name: Deploy to development_aks environment
+  deploy_environment:
+    name: Deploy to development environment
     runs-on: ubuntu-latest
     environment:
-      name: development_aks
+      name: development
     steps:
       - uses: actions/checkout@v3
 
@@ -37,16 +37,16 @@ jobs:
           INPUT_GITHUB_SHA: 588bfd4567e53f6b809d5ed107dc70b3d040710a
         shell: bash
 
-      - uses: ./.github/workflows/actions/deploy_v2
+      - uses: ./.github/workflows/actions/deploy
         id: deploy
         with:
-          environment: development_aks
+          environment: development
           docker_image: ${{ steps.image.outputs.tag }}
           azure-credentials: ${{ secrets.AZURE_CREDENTIALS }}
           arm-access-key: ${{ secrets.ARM_ACCESS_KEY }}
 
-      - uses: ./.github/workflows/actions/smoke-test-v2
+      - uses: ./.github/workflows/actions/smoke-test
         id: smoke-test
         with:
-          environment: development_aks
+          environment: development
           azure_credentials: ${{ secrets.AZURE_CREDENTIALS }}