Skip to content

Commit

Permalink
Enable build and deploy from PR (#779)
Browse files Browse the repository at this point in the history
  • Loading branch information
vertism authored Dec 16, 2024
1 parent 0a81c4d commit 473ffeb
Show file tree
Hide file tree
Showing 3 changed files with 84 additions and 166 deletions.
204 changes: 40 additions & 164 deletions .github/workflows/deploy.yml
Original file line number Diff line number Diff line change
@@ -1,12 +1,15 @@
name: Deploy Workflow

on:
workflow_dispatch:
workflow_call:

env:
PREFIX: "ct-public"
SHA: ${{ github.event.pull_request.head.sha || github.sha }}
KUBE_NAMESPACE: ${{ secrets.KUBE_NAMESPACE }}
KUBE_CERT: ${{ secrets.KUBE_CERT }}
KUBE_TOKEN: ${{ secrets.KUBE_TOKEN }}
KUBE_CLUSTER: ${{ secrets.KUBE_CLUSTER }}

concurrency:
group: deploy-${{ github.ref }}
Expand All @@ -16,6 +19,9 @@ jobs:
build:
runs-on: ubuntu-latest

outputs:
build_tag: ${{ steps.vars.outputs.build_tag }}

permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
Expand Down Expand Up @@ -56,7 +62,6 @@ jobs:
- name: Push to ECR
run: docker push ${{ vars.ECR_URL }}:$SHA


deploy-development:
runs-on: ubuntu-latest
needs: build
Expand All @@ -66,9 +71,6 @@ jobs:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout

env:
KUBE_NAMESPACE: ${{ secrets.KUBE_NAMESPACE }}

steps:
- name: Checkout
uses: actions/checkout@v4
Expand All @@ -83,25 +85,13 @@ jobs:
uses: aws-actions/amazon-ecr-login@v2
id: login-ec

- name: Store build tag
id: vars
run: |
branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}
short_sha=$(git rev-parse --short $SHA)
build_tag=$PREFIX-$branch-$short_sha
echo "build_tag=$build_tag" >> $GITHUB_OUTPUT
- name: Tag build and push to ECR
run: |
docker pull ${{ vars.ECR_URL }}:$SHA
docker tag ${{ vars.ECR_URL }}:$SHA ${{ vars.ECR_URL }}:development.latest
docker push ${{ vars.ECR_URL }}:development.latest
- name: Authenticate to the cluster
env:
KUBE_CERT: ${{ secrets.KUBE_CERT }}
KUBE_TOKEN: ${{ secrets.KUBE_TOKEN }}
KUBE_CLUSTER: ${{ secrets.KUBE_CLUSTER }}
run: |
echo "${KUBE_CERT}" > ca.crt
kubectl config set-cluster ${KUBE_CLUSTER} --certificate-authority=./ca.crt --server=https://${KUBE_CLUSTER}
Expand All @@ -117,35 +107,14 @@ jobs:
jobs="${{ vars.ECR_URL }}:$SHA" \
metrics="${{ vars.ECR_URL }}:$SHA"
- name: Send deploy notification to product Slack channel
uses: slackapi/[email protected]
with:
payload: |
{
"attachments": [
{
"color": "#1d990c",
"text": "${{ github.actor }} deployed *${{ steps.vars.outputs.build_tag }}* to *Development*",
"fields": [
{
"title": "Project",
"value": "Contact MOJ",
"short": true
}
],
"actions": [
{
"text": "Visit Job",
"type": "button",
"url": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
}
]
}
]
}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
notify-development:
needs: [build, deploy-development]
uses: ./.github/workflows/notification.yml
secrets:
webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }}
with:
build_tag: ${{ needs.build.outputs.build_tag }}
environment: Staging

deploy-staging:
runs-on: ubuntu-latest
Expand All @@ -156,9 +125,6 @@ jobs:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout

env:
KUBE_NAMESPACE: ${{ secrets.KUBE_NAMESPACE }}

steps:
- name: Checkout
uses: actions/checkout@v4
Expand All @@ -173,25 +139,13 @@ jobs:
uses: aws-actions/amazon-ecr-login@v2
id: login-ec

- name: Store build tag
id: vars
run: |
branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}
short_sha=$(git rev-parse --short $SHA)
build_tag=$PREFIX-$branch-$short_sha
echo "build_tag=$build_tag" >> $GITHUB_OUTPUT
- name: Tag build and push to ECR
run: |
docker pull ${{ vars.ECR_URL }}:$SHA
docker tag ${{ vars.ECR_URL }}:$SHA ${{ vars.ECR_URL }}:staging.latest
docker push ${{ vars.ECR_URL }}:staging.latest
- name: Authenticate to the cluster
env:
KUBE_CERT: ${{ secrets.KUBE_CERT }}
KUBE_TOKEN: ${{ secrets.KUBE_TOKEN }}
KUBE_CLUSTER: ${{ secrets.KUBE_CLUSTER }}
run: |
echo "${KUBE_CERT}" > ca.crt
kubectl config set-cluster ${KUBE_CLUSTER} --certificate-authority=./ca.crt --server=https://${KUBE_CLUSTER}
Expand All @@ -207,35 +161,14 @@ jobs:
jobs="${{ vars.ECR_URL }}:$SHA" \
metrics="${{ vars.ECR_URL }}:$SHA"
- name: Send deploy notification to product Slack channel
uses: slackapi/[email protected]
with:
payload: |
{
"attachments": [
{
"color": "#1d990c",
"text": "${{ github.actor }} deployed *${{ steps.vars.outputs.build_tag }}* to *Staging*",
"fields": [
{
"title": "Project",
"value": "Contact MOJ",
"short": true
}
],
"actions": [
{
"text": "Visit Job",
"type": "button",
"url": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
}
]
}
]
}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
notify-staging:
needs: [build, deploy-staging]
uses: ./.github/workflows/notification.yml
secrets:
webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }}
with:
build_tag: ${{ needs.build.outputs.build_tag }}
environment: Staging

deploy-production:
runs-on: ubuntu-latest
Expand All @@ -247,9 +180,6 @@ jobs:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout

env:
KUBE_NAMESPACE: ${{ secrets.KUBE_NAMESPACE }}

steps:
- name: Checkout
uses: actions/checkout@v4
Expand All @@ -264,25 +194,13 @@ jobs:
uses: aws-actions/amazon-ecr-login@v2
id: login-ec

- name: Store build tag
id: vars
run: |
branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}
short_sha=$(git rev-parse --short $SHA)
build_tag=$PREFIX-$branch-$short_sha
echo "build_tag=$build_tag" >> $GITHUB_OUTPUT
- name: Tag build and push to ECR
run: |
docker pull ${{ vars.ECR_URL }}:$SHA
docker tag ${{ vars.ECR_URL }}:$SHA ${{ vars.ECR_URL }}:production.latest
docker push ${{ vars.ECR_URL }}:production.latest
- name: Authenticate to the cluster
env:
KUBE_CERT: ${{ secrets.KUBE_CERT }}
KUBE_TOKEN: ${{ secrets.KUBE_TOKEN }}
KUBE_CLUSTER: ${{ secrets.KUBE_CLUSTER }}
run: |
echo "${KUBE_CERT}" > ca.crt
kubectl config set-cluster ${KUBE_CLUSTER} --certificate-authority=./ca.crt --server=https://${KUBE_CLUSTER}
Expand All @@ -298,62 +216,20 @@ jobs:
jobs="${{ vars.ECR_URL }}:$SHA" \
metrics="${{ vars.ECR_URL }}:$SHA"
- name: Send deploy notification to product Slack channel
uses: slackapi/[email protected]
with:
payload: |
{
"attachments": [
{
"color": "#1d990c",
"text": "${{ github.actor }} deployed *${{ steps.vars.outputs.build_tag }}* to *Production*",
"fields": [
{
"title": "Project",
"value": "Contact MOJ",
"short": true
}
],
"actions": [
{
"text": "Visit Job",
"type": "button",
"url": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
}
]
}
]
}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK

- name: Send deploy notification to cdpt production Slack channel
uses: slackapi/[email protected]
with:
payload: |
{
"attachments": [
{
"color": "#1d990c",
"text": "${{ github.actor }} deployed *${{ steps.vars.outputs.build_tag }}* to *Production*",
"fields": [
{
"title": "Project",
"value": "Contact MOJ",
"short": true
}
],
"actions": [
{
"text": "Visit Job",
"type": "button",
"url": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
}
]
}
]
}
env:
SLACK_WEBHOOK_URL: ${{ secrets.PROD_SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
notify-production:
needs: [build, deploy-production]
uses: ./.github/workflows/notification.yml
secrets:
webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }}
with:
build_tag: ${{ needs.build.outputs.build_tag }}
environment: Production

notify-production-2:
needs: [build, deploy-production]
uses: ./.github/workflows/notification.yml
secrets:
webhook_url: ${{ secrets.PROD_SLACK_WEBHOOK_URL }}
with:
build_tag: ${{ needs.build.outputs.build_tag }}
environment: Production
43 changes: 43 additions & 0 deletions .github/workflows/notification.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
name: Notification Workflow

on:
workflow_call:
secrets:
webhook_url:
required: true
inputs:
build_tag:
required: true
type: string
environment:
required: true
type: string

jobs:
notify:
runs-on: ubuntu-latest
name: "notify-${{ inputs.environment }}"

steps:
- name: Slack notification
uses: slackapi/[email protected]
with:
webhook: ${{ secrets.webhook_url }}
webhook-type: incoming-webhook
payload: |
{
"attachments": [
{
"color": "#1d990c",
"text": "${{ github.actor }} deployed *${{ inputs.build_tag }}* to *${{ inputs.environment }}*",
"fields": [
{
"title": "Project",
"value": "Contact MOJ",
"short": true
}
],
"footer": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
}
]
}
3 changes: 1 addition & 2 deletions .github/workflows/test.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
name: Test Workflow
name: CI Workflow
on:
pull_request:
push:
Expand Down Expand Up @@ -66,7 +66,6 @@ jobs:
minimum_file_coverage: 100

build-and-deploy:
if: ${{ github.ref == 'refs/heads/main' }}
needs: test
uses: ./.github/workflows/deploy.yml
secrets: inherit

0 comments on commit 473ffeb

Please sign in to comment.