Merge pull request #175 from communitiesuk/FS-3718

FS-3718
communitiesuk · Nov 2, 2023 · 23a453a · 23a453a
2 parents 87f2684 + e9b0094
commit 23a453a
Show file tree

Hide file tree

Showing 2 changed files with 89 additions and 73 deletions.
diff --git a/.github/workflows/copilot_deploy.yml b/.github/workflows/copilot_deploy.yml
@@ -45,97 +45,64 @@ jobs:
     with:
       # Note - no db-name, so defaults to postgres_db
       postgres_unit_testing: true
-  copilot_deploy_dev:
+
+  dev_copilot_deploy:
     if: inputs.environment == 'dev' || inputs.environment == ''
     needs: [pre_deploy_tests, paketo_build]
     concurrency: deploy-dev
+    secrets:
+      AWS_ACCOUNT: ${{ secrets.AWS_ACCOUNT }}
+    uses: ./.github/workflows/environment.yml
     permissions:
       id-token: write # This is required for requesting the JWT
       contents: read  # This is required for actions/checkout
-    runs-on: ubuntu-latest
-    environment: 'dev'
-    steps:
-    - name: Git clone the repository
-      uses: actions/checkout@v3
-
-    - name: Get current date
-      id: currentdatetime
-      run: echo "datetime=$(date +'%Y%m%d%H%M%S')" >> $GITHUB_OUTPUT
-
-    - name: configure aws credentials
-      uses: aws-actions/configure-aws-credentials@v2
-      with:
-        role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT }}:role/GithubCopilotDeploy
-        role-session-name: NOTIFICATION_DEV_COPILOT_${{ steps.currentdatetime.outputs.datetime }}
-        aws-region: eu-west-2
-
-    - name: Install AWS Copilot CLI
-      run: |
-        curl -Lo aws-copilot https://github.com/aws/copilot-cli/releases/latest/download/copilot-linux && chmod +x aws-copilot && sudo mv aws-copilot /usr/local/bin/copilot
-
-    - name: Inject Git SHA into manifest
-      run: |
-        yq -i '.variables.GITHUB_SHA = "${{ github.sha }}"'  copilot/fsd-fund-store/manifest.yml
-
-    - name: Inject replacement image into manifest
-      run: |
-        yq -i '.image.location = "ghcr.io/communitiesuk/funding-service-design-fund-store:${{ github.ref_name == 'main' && 'latest' || github.ref_name }}"'  copilot/fsd-fund-store/manifest.yml
-
-    - name: Copilot deploy dev
-      id: dev_build
-      run: |
-        copilot svc deploy --env dev
-
-    - name: Run database migrations
-      run: scripts/migration-task-script.py dev 'fsd-fund-store'
+    with:
+      workspace: 'dev'
 
-  copilot_deploy_test:
+  test_copilot_deploy:
     if: inputs.environment == 'test' || inputs.environment == ''
     needs: [pre_deploy_tests, paketo_build]
     concurrency: deploy-test
+    secrets:
+      AWS_ACCOUNT: ${{ secrets.AWS_ACCOUNT }}
+    uses: ./.github/workflows/environment.yml
     permissions:
       id-token: write # This is required for requesting the JWT
       contents: read  # This is required for actions/checkout
-    runs-on: ubuntu-latest
-    environment: 'test'
-    steps:
-    - name: Git clone the repository
-      uses: actions/checkout@v3
-
-    - name: Get current date
-      id: currentdatetime
-      run: echo "datetime=$(date +'%Y%m%d%H%M%S')" >> $GITHUB_OUTPUT
-
-    - name: configure aws credentials
-      uses: aws-actions/configure-aws-credentials@v2
-      with:
-        role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT }}:role/GithubCopilotDeploy
-        role-session-name: NOTIFICATION_TEST_COPILOT_${{ steps.currentdatetime.outputs.datetime }}
-        aws-region: eu-west-2
-
-    - name: Install AWS Copilot CLI
-      run: |
-        curl -Lo aws-copilot https://github.com/aws/copilot-cli/releases/latest/download/copilot-linux && chmod +x aws-copilot && sudo mv aws-copilot /usr/local/bin/copilot
-
-    - name: Inject Git SHA into manifest
-      run: |
-        yq -i '.variables.GITHUB_SHA = "${{ github.sha }}"'  copilot/fsd-fund-store/manifest.yml
-
-    - name: Inject replacement image into manifest
-      run: |
-        yq -i '.image.location = "ghcr.io/communitiesuk/funding-service-design-fund-store:${{ github.ref_name == 'main' && 'latest' || github.ref_name }}"'  copilot/fsd-fund-store/manifest.yml
+    with:
+      workspace: 'test'
 
-    - name: Copilot deploy test
-      id: test_build
-      run: |
-        copilot svc deploy --env test
+  # Allow the capability to override UAT with another branch, but ideally uat and production should be in sync as much as possible
+  uat_copilot_deploy:
+    if: inputs.environment == 'uat' || inputs.environment == ''
+    needs: [pre_deploy_tests, paketo_build]
+    concurrency: deploy-uat
+    secrets:
+      AWS_ACCOUNT: ${{ secrets.AWS_ACCOUNT }}
+    uses: ./.github/workflows/environment.yml
+    permissions:
+      id-token: write # This is required for requesting the JWT
+      contents: read  # This is required for actions/checkout
+    with:
+      workspace: 'uat'
 
-    - name: Run database migrations
-      run: scripts/migration-task-script.py test 'fsd-fund-store'
+  # Only run this if the branch being deployed is main
+  production_copilot_deploy:
+    if: (inputs.environment == 'production' || inputs.environment == '') && github.ref == 'refs/heads/main'
+    needs: [pre_deploy_tests, paketo_build]
+    concurrency: deploy-production
+    secrets:
+      AWS_ACCOUNT: ${{ secrets.AWS_ACCOUNT }}
+    uses: ./.github/workflows/environment.yml
+    permissions:
+      id-token: write # This is required for requesting the JWT
+      contents: read  # This is required for actions/checkout
+    with:
+      workspace: 'production'
 
   # Can we realistically run E2E at this stage, or just plump for application on the grounds it checks fund-store is operational?
   post_deploy_tests:
-      needs: copilot_deploy_test
+      needs: test_copilot_deploy
       secrets:
         E2E_PAT: ${{secrets.E2E_PAT}}
       uses: communitiesuk/funding-service-design-workflows/.github/workflows/post-deploy.yml@main

diff --git a/.github/workflows/environment.yml b/.github/workflows/environment.yml
@@ -0,0 +1,49 @@
+name: Environment Deployment
+on:
+  workflow_call:
+    inputs:
+      workspace:
+        required: true
+        type: string
+    secrets:
+      AWS_ACCOUNT:
+        required: true
+
+jobs:
+  copilot_deploy:
+    permissions:
+      id-token: write # This is required for requesting the JWT
+      contents: read  # This is required for actions/checkout
+    runs-on: ubuntu-latest
+    environment: ${{ inputs.workspace }}
+    steps:
+    - name: Git clone the repository
+      uses: actions/checkout@v3
+
+    - name: Get current date
+      id: currentdatetime
+      run: echo "datetime=$(date +'%Y%m%d%H%M%S')" >> $GITHUB_OUTPUT
+
+    - name: configure aws credentials
+      uses: aws-actions/configure-aws-credentials@v2
+      with:
+        role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT }}:role/GithubCopilotDeploy
+        role-session-name: FUND_STORE_${{ inputs.workspace }}_COPILOT_${{ steps.currentdatetime.outputs.datetime }}
+        aws-region: eu-west-2
+
+    - name: Install AWS Copilot CLI
+      run: |
+        curl -Lo aws-copilot https://github.com/aws/copilot-cli/releases/latest/download/copilot-linux && chmod +x aws-copilot && sudo mv aws-copilot /usr/local/bin/copilot
+
+    - name: Inject Git SHA into manifest
+      run: |
+        yq -i '.variables.GITHUB_SHA = "${{ github.sha }}"'  copilot/fsd-fund-store/manifest.yml
+
+    - name: Inject replacement image into manifest
+      run: |
+        yq -i '.image.location = "ghcr.io/communitiesuk/funding-service-design-fund-store:${{ github.ref_name == 'main' && 'latest' || github.ref_name }}"'  copilot/fsd-fund-store/manifest.yml
+
+    - name: Copilot ${{ inputs.workspace }} deploy
+      id: deploy_build
+      run: |
+        copilot svc deploy --env ${{ inputs.workspace }}