Merge pull request #191 from ministryofjustice/renovate-github-actions #58
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "[Workflow] Path to Live" | |
| concurrency: | |
| group: ${{ github.workflow }} | |
| on: | |
| push: | |
| branches: | |
| - main | |
| defaults: | |
| run: | |
| shell: bash | |
| jobs: | |
| branch_name: | |
| name: "Generate a safe branch name" | |
| uses: ministryofjustice/opg-github-workflows/.github/workflows/data-parse-branch-name.yml@main | |
| set_variables: | |
| name: output workflow variables | |
| runs-on: ubuntu-latest | |
| outputs: | |
| environment_terraform_version: ${{ steps.terraform_version_environment.outputs.version }} | |
| semver_tag: ${{ steps.semver_tag.outputs.created_tag }} | |
| steps: | |
| - name: Set terraform version - environment | |
| id: terraform_version_environment | |
| uses: ministryofjustice/opg-github-actions/.github/actions/[email protected] | |
| with: | |
| terraform_directory: "./terraform/environment" | |
| - name: "Semver tag" | |
| id: semver_tag | |
| uses: ministryofjustice/opg-github-actions/.github/actions/[email protected] | |
| with: | |
| prerelease: true | |
| with_v: true | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| docker_build_scan_push: | |
| name: Build, Scan and Push | |
| needs: | |
| - set_variables | |
| - branch_name | |
| uses: ./.github/workflows/_docker_build_scan_push.yml | |
| with: | |
| branch_name: ${{ needs.branch_name.outputs.safe }} | |
| semver_tag: ${{ needs.set_variables.outputs.semver_tag }} | |
| secrets: inherit # pragma: allowlist secret | |
| terraform_development_environment_apply: | |
| name: Terraform - Development - Environment - Apply | |
| needs: | |
| - set_variables | |
| - docker_build_scan_push | |
| uses: ministryofjustice/opg-github-workflows/.github/workflows/[email protected] | |
| with: | |
| terraform_version: ${{ needs.set_variables.outputs.environment_terraform_version }} | |
| terraform_directory: "./terraform/environment" | |
| terraform_workspace: development | |
| is_ephemeral: false | |
| terraform_apply: true | |
| terraform_variables: "-var=lambda_image_uri=${{ needs.docker_build_scan_push.outputs.ecr_image_uri }}" | |
| secrets: | |
| GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| AWS_ACCESS_KEY_ID_ACTIONS: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} | |
| AWS_SECRET_ACCESS_KEY_ACTIONS: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} | |
| PAGERDUTY_TOKEN: "" | |
| integration_test_development: | |
| name: Integration Test Development | |
| uses: ./.github/workflows/_integration_tests.yml | |
| needs: terraform_development_environment_apply | |
| with: | |
| data_lpa_api_url: "https://dev.lpa.api.opg.service.justice.gov.uk/v1" | |
| working_directory: "./integration_tests" | |
| tests_directory: "./integration_tests/v1" | |
| secrets: inherit | |
| terraform_preprod_environment_apply: | |
| name: Terraform - Preproduction - Environment - Apply | |
| needs: | |
| - set_variables | |
| - docker_build_scan_push | |
| - integration_test_development | |
| uses: ministryofjustice/opg-github-workflows/.github/workflows/[email protected] | |
| with: | |
| terraform_version: ${{ needs.set_variables.outputs.environment_terraform_version }} | |
| terraform_directory: "./terraform/environment" | |
| terraform_workspace: preproduction | |
| is_ephemeral: false | |
| terraform_apply: true | |
| terraform_variables: "-var=lambda_image_uri=${{ needs.docker_build_scan_push.outputs.ecr_image_uri }}" | |
| secrets: | |
| GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| AWS_ACCESS_KEY_ID_ACTIONS: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} | |
| AWS_SECRET_ACCESS_KEY_ACTIONS: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} | |
| PAGERDUTY_TOKEN: "" | |
| smoke_test_preprod: | |
| name: Smoke Test Preproduction | |
| uses: ./.github/workflows/_integration_tests.yml | |
| needs: terraform_preprod_environment_apply | |
| with: | |
| data_lpa_api_url: "https://pre.lpa.api.opg.service.justice.gov.uk/v1" | |
| working_directory: "./integration_tests" | |
| tests_directory: "./integration_tests/v1" | |
| specific_tests: "./v1/test_healthcheck.py" | |
| secrets: inherit | |
| terraform_prod_environment_apply: | |
| name: Terraform - Production - Environment - Apply | |
| needs: | |
| - set_variables | |
| - docker_build_scan_push | |
| - smoke_test_preprod | |
| uses: ministryofjustice/opg-github-workflows/.github/workflows/[email protected] | |
| with: | |
| terraform_version: ${{ needs.set_variables.outputs.environment_terraform_version }} | |
| terraform_directory: "./terraform/environment" | |
| terraform_workspace: production | |
| is_ephemeral: false | |
| terraform_apply: true | |
| terraform_variables: "-var=lambda_image_uri=${{ needs.docker_build_scan_push.outputs.ecr_image_uri }}" | |
| secrets: | |
| GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| AWS_ACCESS_KEY_ID_ACTIONS: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} | |
| AWS_SECRET_ACCESS_KEY_ACTIONS: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} | |
| PAGERDUTY_TOKEN: "" | |
| terraform_integration_environment_apply: | |
| name: Terraform - Integration - Environment - Apply | |
| needs: | |
| - set_variables | |
| - docker_build_scan_push | |
| - terraform_prod_environment_apply | |
| uses: ministryofjustice/opg-github-workflows/.github/workflows/[email protected] | |
| with: | |
| terraform_version: ${{ needs.set_variables.outputs.environment_terraform_version }} | |
| terraform_directory: "./terraform/environment" | |
| terraform_workspace: integration | |
| is_ephemeral: false | |
| terraform_apply: true | |
| terraform_variables: "-var=lambda_image_uri=${{ needs.docker_build_scan_push.outputs.ecr_image_uri }}" | |
| secrets: | |
| GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| AWS_ACCESS_KEY_ID_ACTIONS: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} | |
| AWS_SECRET_ACCESS_KEY_ACTIONS: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} | |
| PAGERDUTY_TOKEN: "" |