Skip to content

[WD] Deploy to UR Environment #44

[WD] Deploy to UR Environment

[WD] Deploy to UR Environment #44

name: "[WD] Deploy to UR Environment"
on:
workflow_dispatch:
inputs:
tag_to_deploy:
description: 'Tag to deploy to ur environment'
required: true
type: string
permissions:
id-token: write
contents: write
security-events: write
pull-requests: write
actions: none
checks: none
deployments: none
issues: write
packages: none
repository-projects: none
statuses: none
defaults:
run:
shell: bash
jobs:
fetch_s3_av_version:
name: Fetch the S3 AV Zip version tag
runs-on: ubuntu-latest
steps:
- name: Configure AWS Credentials
uses: aws-actions/[email protected]
with:
aws-region: eu-west-1
role-to-assume: arn:aws:iam::311462405659:role/modernising-lpa-github-actions-ssm-get-parameter
role-duration-seconds: 900
role-session-name: GithubActionsSSMGetParameter
- name: Pull S3 AV Zip tag
id: pull_s3_av_tag
run: |
key="/opg-s3-antivirus/zip-version-main"
value=$(aws ssm get-parameter --name "$key" --query 'Parameter.Value' --output text 2>/dev/null || true)
echo "Using $key: $value"
echo "tag=${value}" >> $GITHUB_OUTPUT
outputs:
s3_av_scanner_zip_tag: ${{ steps.pull_s3_av_tag.outputs.tag }}
docker_build_scan_push:
name: Docker Build, Scan and Push
uses: ./.github/workflows/docker_job.yml
with:
tag: ur-${{ inputs.tag_to_deploy }}
checkout_tag : ${{ inputs.tag_to_deploy }}
branch_name: ${{ github.head_ref }}
ui_tests_image:
name: Run Cypress UI Tests On ur Images
uses: ./.github/workflows/ui_test_job.yml
needs: [docker_build_scan_push]
with:
run_against_image: true
tag: ur-${{ inputs.tag_to_deploy}}
checkout_tag: ${{ inputs.tag_to_deploy}}
specs: 'cypress/e2e/**/*.cy.js'
secrets:
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }}
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }}
cypress_record_key: ${{ secrets.CYPRESS_RECORD_KEY }}
github_access_token: ${{ secrets.GITHUB_TOKEN }}
deploy:
name: ur Environment Deploy
needs: [ui_tests_image, fetch_s3_av_version]
uses: ./.github/workflows/terraform_environment_job.yml
with:
workspace_name: ur
version_tag: ur-${{ inputs.tag_to_deploy}}
checkout_tag: ${{ inputs.tag_to_deploy}}
s3_av_scanner_zip_tag: ${{ needs.fetch_s3_av_version.outputs.s3_av_scanner_zip_tag }}
secrets:
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }}
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }}
ssh_deploy_key: ${{ secrets.OPG_MODERNISING_LPA_DEPLOY_KEY_PRIVATE_KEY }}
github_access_token: ${{ secrets.GITHUB_TOKEN }}
pagerduty_api_key: ${{ secrets.PAGERDUTY_API_KEY }}
ui_tests_env:
name: Run Cypress UI Tests On ur Environment
uses: ./.github/workflows/ui_test_job.yml
needs: [deploy]
with:
run_against_image: false
base_url: "https://${{ needs.deploy.outputs.url }}"
tag: ur-${{ inputs.tag_to_deploy}}
checkout_tag: ${{ inputs.tag_to_deploy}}
environment_config_json: ${{ needs.deploy.outputs.environment_config_json }}
specs: 'cypress/smoke/*.cy.js'
secrets:
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }}
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }}
cypress_record_key: ${{ secrets.CYPRESS_RECORD_KEY }}
github_access_token: ${{ secrets.GITHUB_TOKEN }}
always_remove_ingress:
name: Remove CI ingress from ur environment
if: always()
uses: ./.github/workflows/remove_ingress_job.yml
needs: [ui_tests_env, deploy]
with:
environment_config_json: ${{ needs.deploy.outputs.environment_config_json }}
secrets:
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }}
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }}
end_of_deployment_workflow:
name: End of ur Deployment Workflow
runs-on: ubuntu-latest
environment:
name: "ur"
url: "https://${{ needs.deploy.outputs.url }}"
needs: [ui_tests_env]
steps:
- name: End of ur Deployment Workflow
run: |
echo "${{ needs.deploy.outputs.terraform_workspace_name }} environment tested, built and deployed"
echo "Tag Deployed: ${{ needs.deploy.outputs.terraform_container_version }}"
echo "URL: https://${{ needs.deploy.outputs.url }}"