From 473ffeb3e6ae485a1eafddb5f800812c9884a7d1 Mon Sep 17 00:00:00 2001 From: Andrew Pepler Date: Mon, 16 Dec 2024 10:00:50 +0000 Subject: [PATCH] Enable build and deploy from PR (#779) --- .github/workflows/deploy.yml | 204 ++++++----------------------- .github/workflows/notification.yml | 43 ++++++ .github/workflows/test.yml | 3 +- 3 files changed, 84 insertions(+), 166 deletions(-) create mode 100644 .github/workflows/notification.yml diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 36afadde..5f7fff46 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -1,12 +1,15 @@ name: Deploy Workflow on: - workflow_dispatch: workflow_call: env: PREFIX: "ct-public" SHA: ${{ github.event.pull_request.head.sha || github.sha }} + KUBE_NAMESPACE: ${{ secrets.KUBE_NAMESPACE }} + KUBE_CERT: ${{ secrets.KUBE_CERT }} + KUBE_TOKEN: ${{ secrets.KUBE_TOKEN }} + KUBE_CLUSTER: ${{ secrets.KUBE_CLUSTER }} concurrency: group: deploy-${{ github.ref }} @@ -16,6 +19,9 @@ jobs: build: runs-on: ubuntu-latest + outputs: + build_tag: ${{ steps.vars.outputs.build_tag }} + permissions: id-token: write # This is required for requesting the JWT contents: read # This is required for actions/checkout @@ -56,7 +62,6 @@ jobs: - name: Push to ECR run: docker push ${{ vars.ECR_URL }}:$SHA - deploy-development: runs-on: ubuntu-latest needs: build @@ -66,9 +71,6 @@ jobs: id-token: write # This is required for requesting the JWT contents: read # This is required for actions/checkout - env: - KUBE_NAMESPACE: ${{ secrets.KUBE_NAMESPACE }} - steps: - name: Checkout uses: actions/checkout@v4 @@ -83,14 +85,6 @@ jobs: uses: aws-actions/amazon-ecr-login@v2 id: login-ec - - name: Store build tag - id: vars - run: | - branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}} - short_sha=$(git rev-parse --short $SHA) - build_tag=$PREFIX-$branch-$short_sha - echo "build_tag=$build_tag" >> $GITHUB_OUTPUT - - name: Tag build and push to ECR run: | docker pull ${{ vars.ECR_URL }}:$SHA @@ -98,10 +92,6 @@ jobs: docker push ${{ vars.ECR_URL }}:development.latest - name: Authenticate to the cluster - env: - KUBE_CERT: ${{ secrets.KUBE_CERT }} - KUBE_TOKEN: ${{ secrets.KUBE_TOKEN }} - KUBE_CLUSTER: ${{ secrets.KUBE_CLUSTER }} run: | echo "${KUBE_CERT}" > ca.crt kubectl config set-cluster ${KUBE_CLUSTER} --certificate-authority=./ca.crt --server=https://${KUBE_CLUSTER} @@ -117,35 +107,14 @@ jobs: jobs="${{ vars.ECR_URL }}:$SHA" \ metrics="${{ vars.ECR_URL }}:$SHA" - - name: Send deploy notification to product Slack channel - uses: slackapi/slack-github-action@v1.25.0 - with: - payload: | - { - "attachments": [ - { - "color": "#1d990c", - "text": "${{ github.actor }} deployed *${{ steps.vars.outputs.build_tag }}* to *Development*", - "fields": [ - { - "title": "Project", - "value": "Contact MOJ", - "short": true - } - ], - "actions": [ - { - "text": "Visit Job", - "type": "button", - "url": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" - } - ] - } - ] - } - env: - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} - SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK + notify-development: + needs: [build, deploy-development] + uses: ./.github/workflows/notification.yml + secrets: + webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }} + with: + build_tag: ${{ needs.build.outputs.build_tag }} + environment: Staging deploy-staging: runs-on: ubuntu-latest @@ -156,9 +125,6 @@ jobs: id-token: write # This is required for requesting the JWT contents: read # This is required for actions/checkout - env: - KUBE_NAMESPACE: ${{ secrets.KUBE_NAMESPACE }} - steps: - name: Checkout uses: actions/checkout@v4 @@ -173,14 +139,6 @@ jobs: uses: aws-actions/amazon-ecr-login@v2 id: login-ec - - name: Store build tag - id: vars - run: | - branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}} - short_sha=$(git rev-parse --short $SHA) - build_tag=$PREFIX-$branch-$short_sha - echo "build_tag=$build_tag" >> $GITHUB_OUTPUT - - name: Tag build and push to ECR run: | docker pull ${{ vars.ECR_URL }}:$SHA @@ -188,10 +146,6 @@ jobs: docker push ${{ vars.ECR_URL }}:staging.latest - name: Authenticate to the cluster - env: - KUBE_CERT: ${{ secrets.KUBE_CERT }} - KUBE_TOKEN: ${{ secrets.KUBE_TOKEN }} - KUBE_CLUSTER: ${{ secrets.KUBE_CLUSTER }} run: | echo "${KUBE_CERT}" > ca.crt kubectl config set-cluster ${KUBE_CLUSTER} --certificate-authority=./ca.crt --server=https://${KUBE_CLUSTER} @@ -207,35 +161,14 @@ jobs: jobs="${{ vars.ECR_URL }}:$SHA" \ metrics="${{ vars.ECR_URL }}:$SHA" - - name: Send deploy notification to product Slack channel - uses: slackapi/slack-github-action@v1.25.0 - with: - payload: | - { - "attachments": [ - { - "color": "#1d990c", - "text": "${{ github.actor }} deployed *${{ steps.vars.outputs.build_tag }}* to *Staging*", - "fields": [ - { - "title": "Project", - "value": "Contact MOJ", - "short": true - } - ], - "actions": [ - { - "text": "Visit Job", - "type": "button", - "url": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" - } - ] - } - ] - } - env: - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} - SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK + notify-staging: + needs: [build, deploy-staging] + uses: ./.github/workflows/notification.yml + secrets: + webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }} + with: + build_tag: ${{ needs.build.outputs.build_tag }} + environment: Staging deploy-production: runs-on: ubuntu-latest @@ -247,9 +180,6 @@ jobs: id-token: write # This is required for requesting the JWT contents: read # This is required for actions/checkout - env: - KUBE_NAMESPACE: ${{ secrets.KUBE_NAMESPACE }} - steps: - name: Checkout uses: actions/checkout@v4 @@ -264,14 +194,6 @@ jobs: uses: aws-actions/amazon-ecr-login@v2 id: login-ec - - name: Store build tag - id: vars - run: | - branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}} - short_sha=$(git rev-parse --short $SHA) - build_tag=$PREFIX-$branch-$short_sha - echo "build_tag=$build_tag" >> $GITHUB_OUTPUT - - name: Tag build and push to ECR run: | docker pull ${{ vars.ECR_URL }}:$SHA @@ -279,10 +201,6 @@ jobs: docker push ${{ vars.ECR_URL }}:production.latest - name: Authenticate to the cluster - env: - KUBE_CERT: ${{ secrets.KUBE_CERT }} - KUBE_TOKEN: ${{ secrets.KUBE_TOKEN }} - KUBE_CLUSTER: ${{ secrets.KUBE_CLUSTER }} run: | echo "${KUBE_CERT}" > ca.crt kubectl config set-cluster ${KUBE_CLUSTER} --certificate-authority=./ca.crt --server=https://${KUBE_CLUSTER} @@ -298,62 +216,20 @@ jobs: jobs="${{ vars.ECR_URL }}:$SHA" \ metrics="${{ vars.ECR_URL }}:$SHA" - - name: Send deploy notification to product Slack channel - uses: slackapi/slack-github-action@v1.25.0 - with: - payload: | - { - "attachments": [ - { - "color": "#1d990c", - "text": "${{ github.actor }} deployed *${{ steps.vars.outputs.build_tag }}* to *Production*", - "fields": [ - { - "title": "Project", - "value": "Contact MOJ", - "short": true - } - ], - "actions": [ - { - "text": "Visit Job", - "type": "button", - "url": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" - } - ] - } - ] - } - env: - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} - SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK - - - name: Send deploy notification to cdpt production Slack channel - uses: slackapi/slack-github-action@v1.25.0 - with: - payload: | - { - "attachments": [ - { - "color": "#1d990c", - "text": "${{ github.actor }} deployed *${{ steps.vars.outputs.build_tag }}* to *Production*", - "fields": [ - { - "title": "Project", - "value": "Contact MOJ", - "short": true - } - ], - "actions": [ - { - "text": "Visit Job", - "type": "button", - "url": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" - } - ] - } - ] - } - env: - SLACK_WEBHOOK_URL: ${{ secrets.PROD_SLACK_WEBHOOK_URL }} - SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK + notify-production: + needs: [build, deploy-production] + uses: ./.github/workflows/notification.yml + secrets: + webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }} + with: + build_tag: ${{ needs.build.outputs.build_tag }} + environment: Production + + notify-production-2: + needs: [build, deploy-production] + uses: ./.github/workflows/notification.yml + secrets: + webhook_url: ${{ secrets.PROD_SLACK_WEBHOOK_URL }} + with: + build_tag: ${{ needs.build.outputs.build_tag }} + environment: Production diff --git a/.github/workflows/notification.yml b/.github/workflows/notification.yml new file mode 100644 index 00000000..9f60b542 --- /dev/null +++ b/.github/workflows/notification.yml @@ -0,0 +1,43 @@ +name: Notification Workflow + +on: + workflow_call: + secrets: + webhook_url: + required: true + inputs: + build_tag: + required: true + type: string + environment: + required: true + type: string + +jobs: + notify: + runs-on: ubuntu-latest + name: "notify-${{ inputs.environment }}" + + steps: + - name: Slack notification + uses: slackapi/slack-github-action@v2.0.0 + with: + webhook: ${{ secrets.webhook_url }} + webhook-type: incoming-webhook + payload: | + { + "attachments": [ + { + "color": "#1d990c", + "text": "${{ github.actor }} deployed *${{ inputs.build_tag }}* to *${{ inputs.environment }}*", + "fields": [ + { + "title": "Project", + "value": "Contact MOJ", + "short": true + } + ], + "footer": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" + } + ] + } diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 9166800b..05328eef 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -1,4 +1,4 @@ -name: Test Workflow +name: CI Workflow on: pull_request: push: @@ -66,7 +66,6 @@ jobs: minimum_file_coverage: 100 build-and-deploy: - if: ${{ github.ref == 'refs/heads/main' }} needs: test uses: ./.github/workflows/deploy.yml secrets: inherit