Deploy to Test-UAT-Prod #446
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy to AWS | |
| run-name: ${{ github.event_name == 'workflow_dispatch' && format('Deploy to {0}', github.event.inputs.environment) || (github.ref == 'refs/heads/main' && 'Deploy to Test-UAT-Prod' || 'Build & Unit Test') }} | |
| permissions: | |
| packages: write | |
| contents: write | |
| on: | |
| push: | |
| paths-ignore: | |
| [ | |
| "**/README.md", | |
| ".github/workflows/increment-version.yml", | |
| "version", | |
| "python/**", | |
| ] | |
| workflow_dispatch: | |
| inputs: | |
| environment: | |
| description: Deploy to which environnment | |
| type: choice | |
| required: true | |
| options: | |
| - dev | |
| - test | |
| - uat | |
| - prod | |
| run_performance_tests: | |
| required: false | |
| default: false | |
| type: boolean | |
| description: Run performance tests | |
| run_e2e_tests_assessment: | |
| required: false | |
| default: false | |
| type: boolean | |
| description: Run e2e tests (assessment) | |
| run_e2e_tests_application: | |
| required: false | |
| default: true | |
| type: boolean | |
| description: Run e2e tests (application) | |
| env: | |
| DOCKER_REGISTRY: ghcr.io | |
| IMAGE_NAME: "funding-service-design-form-runner" | |
| IMAGE_REPO_PATH: "ghcr.io/${{github.repository_owner}}" | |
| jobs: | |
| setup: | |
| uses: communitiesuk/funding-service-design-workflows/.github/workflows/determine-jobs.yml@main | |
| with: | |
| environment: ${{ inputs.environment }} | |
| docker-build: | |
| runs-on: ubuntu-latest | |
| needs: [setup] | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@v4 | |
| - name: "Set version in env" | |
| id: set-version | |
| run: | | |
| source version | |
| echo "VERSION=$VERSION" >> $GITHUB_ENV | |
| - name: Docker metadata | |
| id: metadata | |
| uses: docker/metadata-action@v4 | |
| with: | |
| images: ${{env.IMAGE_REPO_PATH}}/${{env.IMAGE_NAME}} | |
| tags: | | |
| type=sha,format=long | |
| type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }} | |
| type=raw,value=${{env.VERSION}},enable=${{ github.ref == format('refs/heads/{0}', 'main') }} | |
| type=ref,event=branch | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@v1 | |
| with: | |
| registry: ${{ env.DOCKER_REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Create .env for runner workspace | |
| run: | | |
| touch ./runner/.env | |
| echo LAST_TAG_GH=runner >> ./runner/.env | |
| echo LAST_COMMIT_GH=runner >> ./runner/.env | |
| cat ./runner/.env | |
| - name: Build and push docker image | |
| uses: docker/build-push-action@v4 | |
| with: | |
| context: . | |
| tags: ${{ steps.metadata.outputs.tags}} | |
| labels: ${{ steps.metadata.outputs.labels }} | |
| push: true | |
| file: ./fsd_config/Dockerfile | |
| build-args: | | |
| LAST_TAG='${{env.VERSION}}' | |
| LAST_COMMIT='${{ github.sha }}' | |
| dev_deploy: | |
| permissions: | |
| id-token: write # This is required for requesting the JWT | |
| contents: read # This is required for actions/checkout | |
| needs: [docker-build, setup] | |
| if: ${{ always() && contains(fromJSON(needs.setup.outputs.jobs_to_run), 'dev') && (! contains(needs.*.result, 'failure') ) && (! contains(needs.*.result, 'cancelled') ) }} | |
| uses: communitiesuk/funding-service-design-workflows/.github/workflows/standard-deploy.yml@main | |
| secrets: | |
| AWS_ACCOUNT: ${{ secrets.AWS_ACCOUNT }} | |
| with: | |
| environment: dev | |
| app_name: "form-runner" | |
| version: sha-${{ github.sha }} | |
| post_dev_deploy_tests: | |
| needs: [dev_deploy] | |
| secrets: | |
| FSD_GH_APP_ID: ${{ secrets.FSD_GH_APP_ID }} | |
| FSD_GH_APP_KEY: ${{ secrets.FSD_GH_APP_KEY }} | |
| uses: communitiesuk/funding-service-design-workflows/.github/workflows/post-deploy.yml@main | |
| with: | |
| run_performance_tests: ${{ inputs.run_performance_tests || true }} | |
| run_e2e_tests_assessment: ${{ inputs.run_e2e_tests_assessment || false }} | |
| run_e2e_tests_application: ${{ inputs.run_e2e_tests_application || false }} | |
| run_static_security_python: false | |
| run_zap_scan: true | |
| app_name: forms | |
| environment: dev | |
| test_deploy: | |
| permissions: | |
| id-token: write # This is required for requesting the JWT | |
| contents: read # This is required for actions/checkout | |
| needs: [setup, docker-build, dev_deploy, post_dev_deploy_tests] | |
| if: ${{ always() && contains(fromJSON(needs.setup.outputs.jobs_to_run), 'test') && (! contains(needs.*.result, 'failure') ) && (! contains(needs.*.result, 'cancelled') ) }} | |
| uses: communitiesuk/funding-service-design-workflows/.github/workflows/standard-deploy.yml@main | |
| secrets: | |
| AWS_ACCOUNT: ${{ secrets.AWS_ACCOUNT }} | |
| with: | |
| environment: "test" | |
| app_name: "form-runner" | |
| version: sha-${{ github.sha }} | |
| post_test_deploy_tests: | |
| needs: [setup, docker-build, dev_deploy, post_dev_deploy_tests, test_deploy] | |
| if: ${{ always() && contains(fromJSON(needs.setup.outputs.jobs_to_run), 'test') && (! contains(needs.*.result, 'failure') ) && (! contains(needs.*.result, 'cancelled') ) }} | |
| secrets: | |
| FSD_GH_APP_ID: ${{ secrets.FSD_GH_APP_ID }} | |
| FSD_GH_APP_KEY: ${{ secrets.FSD_GH_APP_KEY }} | |
| uses: communitiesuk/funding-service-design-workflows/.github/workflows/post-deploy.yml@main | |
| with: | |
| run_performance_tests: ${{ inputs.run_performance_tests || true }} | |
| run_e2e_tests_assessment: ${{ inputs.run_e2e_tests_assessment || false }} | |
| run_e2e_tests_application: ${{ inputs.run_e2e_tests_application || true }} | |
| run_static_security_python: false | |
| run_zap_scan: true | |
| app_name: forms | |
| environment: test | |
| uat_deploy: | |
| permissions: | |
| id-token: write # This is required for requesting the JWT | |
| contents: read # This is required for actions/checkout | |
| needs: | |
| [ | |
| setup, | |
| docker-build, | |
| dev_deploy, | |
| post_dev_deploy_tests, | |
| test_deploy, | |
| post_test_deploy_tests, | |
| ] | |
| if: ${{ always() && contains(fromJSON(needs.setup.outputs.jobs_to_run), 'uat') && (! contains(needs.*.result, 'failure') ) && (! contains(needs.*.result, 'cancelled') ) }} | |
| uses: communitiesuk/funding-service-design-workflows/.github/workflows/standard-deploy.yml@main | |
| secrets: | |
| AWS_ACCOUNT: ${{ secrets.AWS_ACCOUNT }} | |
| with: | |
| environment: "uat" | |
| app_name: "form-runner" | |
| version: sha-${{ github.sha }} | |
| post_uat_deploy_tests: | |
| needs: | |
| [ | |
| setup, | |
| docker-build, | |
| dev_deploy, | |
| post_dev_deploy_tests, | |
| test_deploy, | |
| post_test_deploy_tests, | |
| uat_deploy, | |
| ] | |
| if: ${{ always() && contains(fromJSON(needs.setup.outputs.jobs_to_run), 'uat') && (! contains(needs.*.result, 'failure') ) && (! contains(needs.*.result, 'cancelled') ) }} | |
| secrets: | |
| FSD_GH_APP_ID: ${{ secrets.FSD_GH_APP_ID }} | |
| FSD_GH_APP_KEY: ${{ secrets.FSD_GH_APP_KEY }} | |
| uses: communitiesuk/funding-service-design-workflows/.github/workflows/post-deploy.yml@main | |
| with: | |
| run_performance_tests: ${{ inputs.run_performance_tests || true }} | |
| run_e2e_tests_assessment: ${{ inputs.run_e2e_tests_assessment || false }} | |
| run_e2e_tests_application: ${{ inputs.run_e2e_tests_application || true }} | |
| run_static_security_python: false | |
| run_zap_scan: true | |
| app_name: forms | |
| environment: uat | |
| prod_deploy: | |
| permissions: | |
| id-token: write # This is required for requesting the JWT | |
| contents: read # This is required for actions/checkout | |
| needs: | |
| [ | |
| setup, | |
| docker-build, | |
| dev_deploy, | |
| post_dev_deploy_tests, | |
| test_deploy, | |
| post_test_deploy_tests, | |
| uat_deploy, | |
| post_uat_deploy_tests, | |
| ] | |
| if: ${{ always() && contains(fromJSON(needs.setup.outputs.jobs_to_run), 'prod') && (! contains(needs.*.result, 'failure') ) && (! contains(needs.*.result, 'cancelled') ) }} | |
| uses: communitiesuk/funding-service-design-workflows/.github/workflows/standard-deploy.yml@main | |
| secrets: | |
| AWS_ACCOUNT: ${{ secrets.AWS_ACCOUNT }} | |
| with: | |
| environment: "prod" | |
| app_name: "form-runner" | |
| version: sha-${{ github.sha }} |