From 4d1a3bb0787f87557d3a339865033dcfaeaff18e Mon Sep 17 00:00:00 2001 From: vipin-dfe Date: Wed, 27 Nov 2024 15:14:27 +0000 Subject: [PATCH 1/2] Update preprod domain to AKS --- terraform/application/application.tf | 2 +- terraform/application/config/preprod.yml | 1 + .../domains/environment_domains/config/preprod.tfvars.json | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/terraform/application/application.tf b/terraform/application/application.tf index 93f2c227d..52d18ba42 100644 --- a/terraform/application/application.tf +++ b/terraform/application/application.tf @@ -13,7 +13,7 @@ module "application_configuration" { config_variables = { ENVIRONMENT_NAME = var.environment PGSSLMODE = local.postgres_ssl_mode - HOSTING_DOMAIN = local.external_domain + HOSTING_DOMAIN = "https://${local.external_domain}" HOSTING_ENVIRONMENT_NAME = var.environment AZURE_STORAGE_ACCOUNT_NAME = azurerm_storage_account.allegations.name, AZURE_STORAGE_CONTAINER = azurerm_storage_container.uploads.name diff --git a/terraform/application/config/preprod.yml b/terraform/application/config/preprod.yml index ed97d539c..b61bfe003 100644 --- a/terraform/application/config/preprod.yml +++ b/terraform/application/config/preprod.yml @@ -1 +1,2 @@ --- +EXTERNAL_DOMAIN: preprod.refer-serious-misconduct.education.gov.uk diff --git a/terraform/domains/environment_domains/config/preprod.tfvars.json b/terraform/domains/environment_domains/config/preprod.tfvars.json index 68200853a..a624b6e92 100644 --- a/terraform/domains/environment_domains/config/preprod.tfvars.json +++ b/terraform/domains/environment_domains/config/preprod.tfvars.json @@ -5,7 +5,7 @@ "resource_group_name": "s189p01-rsm-dom-rg", "domains": ["preprod"], "environment_short": "pp", - "origin_hostname": "s165t01-rsm-preprod-app.azurewebsites.net" + "origin_hostname": "refer-serious-misconduct-preprod.test.teacherservices.cloud" } } } From 18c06de18829cbec0f96a144bd8065549b93040f Mon Sep 17 00:00:00 2001 From: vipin-dfe Date: Wed, 27 Nov 2024 15:14:47 +0000 Subject: [PATCH 2/2] Remove legacy non prod jobs --- .github/workflows/build-and-deploy.yml | 95 +++++--------------------- 1 file changed, 17 insertions(+), 78 deletions(-) diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml index 174cf5569..c67c32584 100644 --- a/.github/workflows/build-and-deploy.yml +++ b/.github/workflows/build-and-deploy.yml @@ -13,21 +13,11 @@ on: - reopened - opened - converted_to_draft - workflow_dispatch: - inputs: - environment: - required: true - type: choice - options: - - dev - - test - - preprod - - prod jobs: build_image: name: Image build and push - if: contains(github.event.pull_request.labels.*.name, 'deploy') || contains(github.event.pull_request.labels.*.name, 'deploy-aks') || github.event_name != 'pull_request' + if: contains(github.event.pull_request.labels.*.name, 'deploy-aks') || github.event_name != 'pull_request' runs-on: ubuntu-latest outputs: image_name_tag: ${{ steps.build_image.outputs.ghcr_image_name_tag }} @@ -85,6 +75,8 @@ jobs: environment: name: ${{ matrix.environment }} url: ${{ steps.deploy.outputs.environment_url }} + outputs: + environment_name: ${{ matrix.environment }} steps: - uses: actions/checkout@v4 @@ -97,60 +89,12 @@ jobs: image-tag: ${{ github.sha }} azure-credentials: ${{ secrets.AZURE_CREDENTIALS }} - set_matrix: - name: Set deployment matrix - runs-on: ubuntu-latest - needs: [build_image] - outputs: - deployment_matrix: ${{ steps.set-matrix.outputs.deployment_matrix }} - steps: - - id: set-matrix - run: | - if [ "${{ github.event_name }}" == "workflow_dispatch" ]; then - DEPLOYMENT_MATRIX="{ 'environment': ['${{ github.event.inputs.environment }}'] }" - else - DEPLOYMENT_MATRIX="{ 'environment': ['preprod'] }" - fi - echo "deployment_matrix=$DEPLOYMENT_MATRIX" >> $GITHUB_OUTPUT - - deploy_non_prod: - name: Deploy to ${{ matrix.environment }} environment - runs-on: ubuntu-latest - if: (github.ref == 'refs/heads/main' && github.event_name == 'push') || github.event_name == 'workflow_dispatch' - concurrency: deploy_${{ matrix.environment }} - needs: [build_image, set_matrix] - strategy: - fail-fast: false # this is necessary to prevent early terminiation of terraform deployments that will result in tfstate locks - max-parallel: 3 - matrix: ${{ fromJson(needs.set_matrix.outputs.deployment_matrix) }} - environment: - name: ${{ matrix.environment }} - url: ${{ steps.deploy.outputs.environment_url }} - - steps: - - uses: actions/checkout@v4 - - - uses: ./.github/actions/deploy-environment - id: deploy - with: - environment_name: ${{ matrix.environment }} - image_name_tag: ${{ needs.build_image.outputs.image_name_tag }} - image_tag: ${{ github.sha }} - azure_credentials: ${{ secrets.AZURE_CREDENTIALS }} - - - uses: ./.github/actions/smoke-test - id: smoke-test - with: - environment: ${{ matrix.environment }} - azure_credentials: ${{ secrets.AZURE_CREDENTIALS }} - url: ${{ steps.deploy.outputs.environment_url }} - deploy_prod: name: Deploy to production environment runs-on: ubuntu-latest if: github.ref == 'refs/heads/main' && github.event_name == 'push' concurrency: deploy_prod - needs: [build_image, deploy_non_prod] + needs: [build_image, deploy_aks] environment: name: production url: ${{ steps.deploy.outputs.environment_url }} @@ -169,10 +113,10 @@ jobs: notify_slack_of_failures: name: Notify Slack of failures runs-on: ubuntu-latest - needs: [build_image, deploy_review_app_aks, set_matrix, deploy_non_prod, deploy_prod] - environment: ${{ needs.deploy_nonprod.outputs.environment_name || 'dev' }} + needs: [build_image, deploy_review_app_aks, deploy_aks, deploy_prod] + environment: aks-test env: - ENVIRONMENT_NAME: ${{ needs.deploy_nonprod.outputs.environment_name || 'dev' }} + ENVIRONMENT_NAME: ${{ needs.deploy_aks.outputs.environment_name || 'dev' }} if: failure() steps: - uses: actions/checkout@v4 @@ -188,19 +132,14 @@ jobs: then job=deploy_review_app_aks review=true - elif ${{ needs.set_matrix.result == 'failure' }} - then - job=set_matrix - elif ${{ needs.deploy_non_prod.result == 'failure' }} + elif ${{ needs.deploy_aks.result == 'failure' }} then - job=deploy_non_prod + job=deploy_aks elif ${{ needs.deploy_prod.result == 'failure' }} then job=deploy_prod fi - tf_vars_file=workspace_variables/${{ env.ENVIRONMENT_NAME }}.tfvars.json - echo "KEY_VAULT_NAME=$(jq -r '.key_vault_name' ${tf_vars_file})" >> $GITHUB_ENV echo "JOB=${job}" >> $GITHUB_ENV echo "REVIEW=${review}" >> $GITHUB_ENV @@ -208,14 +147,14 @@ jobs: with: creds: ${{ secrets.AZURE_CREDENTIALS }} - - uses: DfE-Digital/keyvault-yaml-secret@v1 - id: get_monitoring_secret + - name: Fetch secrets from key vault + uses: azure/CLI@v2 + id: key-vault-secrets with: - keyvault: ${{ env.KEY_VAULT_NAME }} - secret: MONITORING - key: SLACK_WEBHOOK - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + inlineScript: | + SLACK_WEBHOOK=$(az keyvault secret show --name "SLACK-WEBHOOK" --vault-name s189t01-rsm-ts-inf-kv --query "value" -o tsv) + echo "::add-mask::$SLACK_WEBHOOK" + echo "SLACK_WEBHOOK=$SLACK_WEBHOOK" >> $GITHUB_OUTPUT - name: Notify Slack channel on job failure uses: rtCamp/action-slack-notify@v2 @@ -223,6 +162,6 @@ jobs: SLACK_USERNAME: CI Deployment SLACK_TITLE: Deployment of refer-serious-misconduct ${{ env.REVIEW && 'review' }} failed SLACK_MESSAGE: Job ${{ env.JOB }} failed - SLACK_WEBHOOK: ${{ steps.get_monitoring_secret.outputs.SLACK_WEBHOOK }} + SLACK_WEBHOOK: ${{ steps.key-vault-secrets.outputs.SLACK_WEBHOOK }} SLACK_COLOR: failure SLACK_FOOTER: Sent from Build and Deploy workflow