Merge pull request #279 from communitiesuk/FS-3315-add-copilot

FS-3315 First pass of adding copilot configs

.github/workflows/dluhc-build-and-deploy-with-forms.yml

@@ -5,6 +5,21 @@ permissions:
 
 on:
   workflow_dispatch:
+    inputs:
+      environment:
+        description:  Which AWS Account to use
+        type: choice
+        required: true
+        options:
+        - test
+        - uat
+        default: test
+      copilot:
+        description: Whether to deploy to AWS?
+        type: boolean
+        required: false
+        default: false
+
 
 env:
   DOCKER_REGISTRY: ghcr.io
@@ -47,6 +62,7 @@ jobs:
             COMMIT_SHA=:${{ github.sha }}
 
   deploy-and-test-dev:
+    if: ${{ !github.event.inputs.copilot }}
     needs: docker-build
     runs-on: ubuntu-latest
     steps:
@@ -89,7 +105,7 @@ jobs:
 
   run-shared-tests_dev:
     needs: deploy-and-test-dev
-    if: ${{ github.actor != 'dependabot[bot]'}}
+    if: ${{ github.actor != 'dependabot[bot]'}} && ${{ !github.event.inputs.copilot }}
     uses: communitiesuk/funding-design-service-workflows/.github/workflows/run-shared-tests.yml@main
     with:
       perf_test_target_url_application_store: https://funding-service-design-application-store-dev.london.cloudapps.digital
@@ -106,7 +122,7 @@ jobs:
 
   deploy-to-test:
     needs: deploy-and-test-dev
-    if: github.ref == 'refs/heads/main'
+    if: github.ref == 'refs/heads/main' && ${{ !github.event.inputs.copilot }}
     runs-on: ubuntu-latest
     steps:
       - name: checkout code
@@ -125,7 +141,7 @@ jobs:
 
   run-shared-tests_test:
     needs: deploy-to-test
-    if: ${{ github.actor != 'dependabot[bot]' }}
+    if: ${{ github.actor != 'dependabot[bot]' }} && ${{ !github.event.inputs.copilot }}
     uses: communitiesuk/funding-design-service-workflows/.github/workflows/run-shared-tests.yml@main
     with:
       perf_test_target_url_application_store: https://funding-service-design-application-store-test.london.cloudapps.digital
@@ -139,3 +155,48 @@ jobs:
       run_e2e_tests: true
     secrets:
       E2E_PAT: ${{secrets.E2E_PAT}}
+
+  deploy-aws:
+    if: ${{ github.event.inputs.copilot }}
+    needs: docker-build
+    runs-on: ubuntu-latest
+    steps:
+    concurrency: deploy-${{ inputs.environment || 'test' }}
+    permissions:
+      id-token: write # This is required for requesting the JWT
+      contents: read  # This is required for actions/checkout
+    runs-on: ubuntu-latest
+    environment: ${{ inputs.environment || 'test' }}
+    steps:
+    - name: Git clone the repository
+      uses: actions/checkout@v3
+
+    - name: Get current date
+      id: currentdatetime
+      run: echo "datetime=$(date +'%Y%m%d%H%M%S')" >> $GITHUB_OUTPUT
+
+    - name: configure aws credentials
+      uses: aws-actions/configure-aws-credentials@v2
+      with:
+        role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT }}:role/GithubCopilotDeploy
+        role-session-name: FORMS_COPILOT_${{ steps.currentdatetime.outputs.datetime }}
+        aws-region: eu-west-2
+
+    - name: Install AWS Copilot CLI
+      run: |
+        curl -Lo aws-copilot https://github.com/aws/copilot-cli/releases/latest/download/copilot-linux && chmod +x aws-copilot && sudo mv aws-copilot /usr/local/bin/copilot
+
+    - name: Inject Git SHA into manifest
+      run: |
+        yq -i '.variables.GITHUB_SHA = "${{ github.sha }}"'  copilot/fsd-forms/manifest.yml
+
+    - name: Inject replacement image into manifest
+      run: |
+        yq -i '.image.location = "${{env.IMAGE_REPO_PATH}}/${{env.IMAGE_NAME}}:sha-${{ github.sha }}"'  copilot/fsd-forms/manifest.yml
+
+#    - name: Run database migrations
+#      run: scripts/migration-task-script.py ${{ inputs.environment || 'test' }}
+
+    - name: Copilot deploy
+      run: |
+        copilot deploy --env ${{ inputs.environment || 'test' }}

README.md

@@ -135,3 +135,22 @@ Pre-requite for running smoke test are:
 5.  yarn install
 
 More details are on [Smoke Tests](./smoke-tests/README.md)
+
+## Copilot Initialisation
+
+Copilot is the deployment of the infrastructure configuration, which is all stored under the copilot folder. The manifest files have been pre-generated by running through various initialisation steps that create the manifest files by prompting a series of questions, but do not _deploy_ the infrastructure.
+
+For each AWS account, these commands will need to be run _once_ to initialise the environment:
+
+`copilot app init pre-award` - this links the pre-award app with the current service, and associates the next commands with the service. Essentially, this provides context for the service to run under
+
+```
+copilot init \
+    --name fsd-form-runner \
+    --app pre-award \
+    --type 'Load Balanced Web Service' \
+    --image "ghcr.io/${{github.repository_owner}}"/runner \
+    --port 80
+```
+
+This will initalise this service, using the current created image

copilot/environments/test/manifest.yml

@@ -0,0 +1,29 @@
+# The manifest for the "test" environment.
+# Read the full specification for the "Environment" type at:
+#  https://aws.github.io/copilot-cli/docs/manifest/environment/
+
+# Your environment name will be used in naming your resources like VPC, cluster, etc.
+name: test
+type: Environment
+
+# Import your own VPC and subnets or configure how they should be created.
+# Run this in uat/production only - in the test environments, these should be ad-hoc per deployment
+network:
+  vpc:
+    id: 'vpc-0ca7bdd50d5dba428'
+    subnets:
+      public:
+        - id: 'subnet-0f1f40929bdabbcdd'
+        - id: 'subnet-0e686586655747458'
+      private:
+        - id: 'subnet-07f5736fe61f32266'
+        - id: 'subnet-054d3a0257e2c809d'
+
+# Configure the load balancers in your environment, once created.
+# http:
+#   public:
+#   private:
+
+# Configure observability for your environment resources.
+observability:
+  container_insights: false

copilot/fsd-form-runner/manifest.yml

@@ -0,0 +1,67 @@
+# The manifest for the "form-runner" service.
+# Read the full specification for the "Load Balanced Web Service" type at:
+#  https://aws.github.io/copilot-cli/docs/manifest/lb-web-service/
+name: 'fsd-form-runner'
+type: 'Load Balanced Web Service'
+
+# Distribute traffic to your service.
+http:
+  # Requests to this path will be forwarded to your service.
+  # To match all requests you can use the "/" path.
+  path: '/'
+  # You can specify a custom health check path. The default is "/".
+  healthcheck: '/healthcheck'
+  alias: form-runner.test.access-funding.test.levellingup.gov.uk
+
+# Configuration for your containers and service.
+image:
+  # Docker build arguments. For additional overrides: https://aws.github.io/copilot-cli/docs/manifest/lb-web-service/#image-build
+  location: ghcr.io/communitiesuk/digital-form-builder-dluhc-runner:latest
+  # Port exposed through your container to route traffic to it.
+  port: 8080
+
+# Valid values: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-cpu-memory-error.html
+# Number of CPU units for the task.
+cpu: 256
+# Amount of memory in MiB used by the task.
+memory: 512
+
+# See https://aws.github.io/copilot-cli/docs/manifest/lb-web-service/#platform
+platform: linux/x86_64
+
+# Number of tasks that should be running in your service.
+count: 1
+
+# Enable running commands in your container.
+exec: true
+
+network:
+  connect: true # Enable Service Connect for intra-environment traffic between services.
+
+  # Override the network configuration with the public/private/data subnets built using terraform
+  # notification should be private (internal)
+  # vpc:
+  #   placement:
+  #     subnets: ["subnet-04851bdddcd8f5bbc", "subnet-0178ac1212c96b6c4"]
+
+# storage:
+  # readonly_fs: true       # Limit to read-only access to mounted root filesystems.
+
+# Optional fields for more advanced use-cases.
+#
+# Pass environment variables as key value pairs.
+variables:
+  # SENTRY_DSN: "https://[email protected]/4503918903820288"
+  FLASK_ENV: ${COPILOT_ENVIRONMENT_NAME}
+  PORT: 8080
+
+# You can override any of the values defined above by environment.
+# environments:
+#   production:
+#     count: 2               # Number of tasks to run for the "prod" environment.
+#     variables:
+#       http:
+#       alias: funding-service-design-form-runner-production.apps.internal
+#     image:
+#       location: ghcr.io/communitiesuk/digital-form-builder-dluhc-runner:prod
+