Merge pull request #1545 from ministryofjustice/MLPAB-2249-after-hard… #1398
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "Path To Live" | |
on: | |
push: | |
branches: | |
- main | |
permissions: | |
id-token: write | |
contents: write | |
security-events: write | |
pull-requests: write | |
actions: none | |
checks: none | |
deployments: none | |
issues: write | |
packages: none | |
repository-projects: none | |
statuses: none | |
defaults: | |
run: | |
shell: bash | |
jobs: | |
create_tags: | |
name: Create Tags | |
uses: ./.github/workflows/tags_job.yml | |
with: | |
changes_detected: 'true' | |
go_unit_tests: | |
name: Run Go unit tests | |
uses: ./.github/workflows/go-unit-tests.yml | |
needs: [create_tags] | |
with: | |
tag: ${{ needs.create_tags.outputs.version_tag }} | |
commit_sha: ${{ github.sha }} | |
branch: 'main' | |
secrets: | |
pact_broker_password: ${{ secrets.PACT_BROKER_PASSWORD }} | |
codecov_token: ${{ secrets.CODECOV_TOKEN }} | |
docker_build_scan_push: | |
name: Docker Build, Scan and Push | |
uses: ./.github/workflows/docker_job.yml | |
needs: [go_unit_tests,create_tags] | |
with: | |
tag: ${{ needs.create_tags.outputs.version_tag }} | |
branch_name: main | |
terraform_account_workflow_development: | |
name: TF Apply Dev Account | |
uses: ./.github/workflows/terraform_account_job.yml | |
with: | |
workspace_name: development | |
secrets: | |
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} | |
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} | |
pagerduty_api_key: ${{ secrets.PAGERDUTY_API_KEY }} | |
terraform_account_workflow_preproduction: | |
name: TF Apply Preprod Account | |
needs: terraform_account_workflow_development | |
uses: ./.github/workflows/terraform_account_job.yml | |
with: | |
workspace_name: preproduction | |
secrets: | |
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} | |
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} | |
pagerduty_api_key: ${{ secrets.PAGERDUTY_API_KEY }} | |
preproduction_deploy: | |
name: Preproduction Deploy | |
needs: [create_tags, terraform_account_workflow_preproduction, docker_build_scan_push] | |
uses: ./.github/workflows/terraform_environment_job.yml | |
with: | |
workspace_name: preproduction | |
version_tag: ${{ needs.create_tags.outputs.version_tag }} | |
s3_av_scanner_zip_tag: ${{ needs.create_tags.outputs.s3_av_scanner_zip_tag }} | |
secrets: | |
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} | |
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} | |
ssh_deploy_key: ${{ secrets.OPG_MODERNISING_LPA_DEPLOY_KEY_PRIVATE_KEY }} | |
github_access_token: ${{ secrets.GITHUB_TOKEN }} | |
pagerduty_api_key: ${{ secrets.PAGERDUTY_API_KEY }} | |
ui_tests_preproduction_env: | |
name: Run Cypress UI Tests On Preproduction Environment | |
uses: ./.github/workflows/ui_test_job.yml | |
needs: [preproduction_deploy, create_tags] | |
with: | |
run_against_image: false | |
base_url: "https://${{ needs.preproduction_deploy.outputs.url }}" | |
tag: ${{ needs.create_tags.outputs.version_tag }} | |
environment_config_json: ${{ needs.preproduction_deploy.outputs.environment_config_json }} | |
specs: 'cypress/smoke/*.cy.js' | |
secrets: | |
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} | |
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} | |
cypress_record_key: ${{ secrets.CYPRESS_RECORD_KEY }} | |
github_access_token: ${{ secrets.GITHUB_TOKEN }} | |
test_onelogin_basic_auth: ${{ secrets.TEST_ONELOGIN_BASIC_AUTH }} | |
test_onelogin_totp_key: ${{ secrets.TEST_ONELOGIN_TOTP_KEY }} | |
test_onelogin_password: ${{ secrets.TEST_ONELOGIN_PASSWORD }} | |
preproduction_deploy_complete: | |
name: Preproduction Deployment | |
if: github.ref == 'refs/heads/main' | |
runs-on: ubuntu-latest | |
environment: preproduction | |
needs: [ui_tests_preproduction_env] | |
steps: | |
- name: Complete | |
run: | | |
echo "preproduction environment tested, built and deployed" | |
always_remove_ingress: | |
name: Remove CI ingress from environment | |
if: ${{ always() }} | |
uses: ./.github/workflows/remove_ingress_job.yml | |
needs: [ui_tests_preproduction_env, preproduction_deploy] | |
with: | |
environment_config_json: ${{ needs.preproduction_deploy.outputs.environment_config_json }} | |
secrets: | |
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} | |
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} | |
terraform_account_workflow_production: | |
name: TF Apply Prod Account | |
needs: [preproduction_deploy_complete] | |
uses: ./.github/workflows/terraform_account_job.yml | |
with: | |
workspace_name: production | |
secrets: | |
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} | |
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} | |
pagerduty_api_key: ${{ secrets.PAGERDUTY_API_KEY }} | |
production_deploy: | |
name: Production Deploy | |
needs: [create_tags, terraform_account_workflow_production, docker_build_scan_push] | |
uses: ./.github/workflows/terraform_environment_job.yml | |
with: | |
workspace_name: production | |
version_tag: ${{ needs.create_tags.outputs.version_tag }} | |
public_access_enabled: false | |
s3_av_scanner_zip_tag: ${{ needs.create_tags.outputs.s3_av_scanner_zip_tag }} | |
secrets: | |
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} | |
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} | |
ssh_deploy_key: ${{ secrets.OPG_MODERNISING_LPA_DEPLOY_KEY_PRIVATE_KEY }} | |
github_access_token: ${{ secrets.GITHUB_TOKEN }} | |
pagerduty_api_key: ${{ secrets.PAGERDUTY_API_KEY }} | |
demo_deploy: | |
name: Production Deploy | |
needs: [create_tags, terraform_account_workflow_production, docker_build_scan_push] | |
uses: ./.github/workflows/terraform_environment_job.yml | |
with: | |
workspace_name: demo | |
version_tag: ${{ needs.create_tags.outputs.version_tag }} | |
public_access_enabled: false | |
s3_av_scanner_zip_tag: ${{ needs.create_tags.outputs.s3_av_scanner_zip_tag }} | |
secrets: | |
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} | |
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} | |
ssh_deploy_key: ${{ secrets.OPG_MODERNISING_LPA_DEPLOY_KEY_PRIVATE_KEY }} | |
github_access_token: ${{ secrets.GITHUB_TOKEN }} | |
pagerduty_api_key: ${{ secrets.PAGERDUTY_API_KEY }} | |
end_of_main_workflow: | |
name: End of Main Workflow | |
if: github.ref == 'refs/heads/main' | |
runs-on: ubuntu-latest | |
environment: production | |
needs: [production_deploy] | |
steps: | |
- name: End of Path to Live Workflow | |
run: | | |
echo "production environment tested, built and deployed" |