generated from ministryofjustice/template-repository
-
Notifications
You must be signed in to change notification settings - Fork 0
131 lines (122 loc) · 4.28 KB
/
pipeline.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
name: Pipeline
on:
push:
branches:
- main
workflow_dispatch: # Can be triggered manually from a branch
inputs:
force-deploy:
description: Force re-tagging and deployment of images
type: boolean
default: false
jobs:
build:
name: Build
uses: ./.github/workflows/build.yml
with:
push: true
force-deploy: "${{ inputs.force-deploy || false }}"
secrets:
GRADLE_ENCRYPTION_KEY: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
post-build:
name: Post-build
runs-on: ubuntu-latest
needs: build
outputs:
changes: ${{ steps.merge-changes.outputs.changes }}
dev_deployments: ${{ steps.merge-changes.outputs.dev }}
preprod_deployments: ${{ steps.merge-changes.outputs.preprod }}
prod_deployments: ${{ steps.merge-changes.outputs.prod }}
version: ${{ needs.build.outputs.version }}
steps:
- uses: actions/checkout@v4
- name: Merge changes from the matrix build
id: merge-changes
uses: ./.github/actions/merge-changes
analyse:
name: Analyse
runs-on: ubuntu-latest
needs: build
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/analyse
with:
sonar-token: ${{ secrets.SONAR_TOKEN }}
gradle-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
deploy-to-test:
name: Deploy to test
uses: ./.github/workflows/deploy.yml
needs: post-build
if: ${{ needs.post-build.outputs.dev_deployments != '[]' }}
with:
environment: test
version: ${{ needs.post-build.outputs.version }}
projects: ${{ needs.post-build.outputs.dev_deployments }}
secrets: inherit
deploy-to-preprod:
name: Deploy to preprod
uses: ./.github/workflows/deploy.yml
needs: post-build
if: ${{ needs.post-build.outputs.preprod_deployments != '[]'}}
with:
environment: preprod
version: ${{ needs.post-build.outputs.version }}
projects: ${{ needs.post-build.outputs.preprod_deployments }}
secrets: inherit
end-to-end-tests:
name: Run end-to-end tests
needs:
- post-build
- deploy-to-test
- deploy-to-preprod
runs-on: ubuntu-latest
timeout-minutes: 60
outputs:
failed-projects: ${{ steps.run.outputs.failed-projects }}
passed-projects: ${{ steps.run.outputs.passed-projects }}
deploy-to-prod: ${{ steps.intersect.outputs.prod }}
report-url: ${{ steps.run.outputs.report-url }}
steps:
- uses: actions/create-github-app-token@v1
id: app-token
with:
app-id: ${{ secrets.BOT_APP_ID }}
private-key: ${{ secrets.BOT_APP_PRIVATE_KEY }}
repositories: hmpps-probation-integration-e2e-tests
- name: Run tests
id: run
uses: ministryofjustice/hmpps-probation-integration-e2e-tests/.github/actions/run-tests@main
with:
projects: ${{ needs.post-build.outputs.changes }}
token: ${{ steps.app-token.outputs.token }}
- name: Output projects with changes for production where the tests have passed
id: intersect
if: always()
run: echo "prod=$(jq -crn --argjson changes "$CHANGES" --argjson passed "$PASSED" '$changes - ($changes - $passed)')" | tee -a "$GITHUB_OUTPUT"
env:
CHANGES: ${{ needs.post-build.outputs.prod_deployments }}
PASSED: ${{ steps.run.outputs.passed-projects }}
report-test-failures:
name: Failed testing
if: ${{ failure() && needs.end-to-end-tests.outputs.failed-projects != '[]' }}
needs:
- end-to-end-tests
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
project: ${{ fromJson(needs.end-to-end-tests.outputs.failed-projects) }}
steps:
- run: 'echo Tests failed for ${{ matrix.project }}. View the full report here: ${{ needs.end-to-end-tests.outputs.report-url }}; exit 1'
deploy-to-prod:
name: Deploy to production
uses: ./.github/workflows/deploy.yml
if: ${{ (success() || (failure() && needs.end-to-end-tests.outputs.deploy-to-prod != '[]')) && github.ref == 'refs/heads/main' }}
needs:
- post-build
- end-to-end-tests
with:
environment: prod
version: ${{ needs.post-build.outputs.version }}
projects: ${{ needs.end-to-end-tests.outputs.deploy-to-prod }}
secrets: inherit