MLPAB-1478 - Use VPC Endpoints #3824
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "[Workflow] PR" | |
on: | |
pull_request: | |
branches: | |
- main | |
permissions: | |
id-token: write | |
contents: write | |
security-events: write | |
pull-requests: write | |
actions: none | |
checks: none | |
deployments: none | |
issues: write | |
packages: none | |
repository-projects: none | |
statuses: none | |
defaults: | |
run: | |
shell: bash | |
jobs: | |
detect_changes: | |
name: Detect Changes | |
uses: ./.github/workflows/detect_changes_to_app_job.yml | |
create_tags: | |
name: Create Tags | |
needs: detect_changes | |
uses: ./.github/workflows/tags_job.yml | |
with: | |
changes_detected: ${{ needs.detect_changes.outputs.changes_detected }} | |
go_unit_tests: | |
name: Run Go unit tests | |
if: needs.detect_changes.outputs.changes_detected == 'true' | |
needs: create_tags | |
uses: ./.github/workflows/go-unit-tests.yml | |
with: | |
tag: ${{ needs.create_tags.outputs.version_tag }} | |
commit_sha: ${{ github.event.pull_request.head.sha }} | |
branch: ${{ github.head_ref }} | |
secrets: | |
pact_broker_password: ${{ secrets.PACT_BROKER_PASSWORD }} | |
docker_build_scan_push: | |
name: Docker Build, Scan and Push | |
if: needs.detect_changes.outputs.changes_detected == 'true' && | |
(needs.go_unit_tests.result == 'success' || needs.go_unit_tests.result == 'skipped') | |
uses: ./.github/workflows/docker_job.yml | |
needs: [ | |
go_unit_tests, | |
create_tags | |
] | |
with: | |
tag: ${{ needs.create_tags.outputs.version_tag }} | |
terraform_account_workflow_development: | |
name: TF Plan Dev Account | |
uses: ./.github/workflows/terraform_account_job.yml | |
with: | |
workspace_name: development | |
secrets: | |
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} | |
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} | |
terraform_account_workflow_preproduction: | |
name: TF Plan Preprod Account | |
needs: terraform_account_workflow_development | |
uses: ./.github/workflows/terraform_account_job.yml | |
with: | |
workspace_name: preproduction | |
secrets: | |
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} | |
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} | |
terraform_account_workflow_production: | |
name: TF Plan Prod Account | |
needs: terraform_account_workflow_development | |
uses: ./.github/workflows/terraform_account_job.yml | |
with: | |
workspace_name: production | |
secrets: | |
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} | |
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} | |
ui_tests_image: | |
name: Run Cypress UI Tests On Images | |
if: needs.detect_changes.outputs.changes_detected == 'true' && | |
(needs.docker_build_scan_push.result == 'success' || needs.docker_build_scan_push.result == 'skipped') | |
uses: ./.github/workflows/ui_test_job.yml | |
needs: [docker_build_scan_push, create_tags] | |
with: | |
run_against_image: true | |
tag: ${{ needs.create_tags.outputs.version_tag }} | |
smoke: ${{ contains(fromJSON('["MLPAB-1419-use-a-single-persistent-environment-for-weblate-changes-optimise-workflow", "weblate-pr"]'), github.head_ref) }} | |
secrets: | |
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} | |
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} | |
cypress_record_key: ${{ secrets.CYPRESS_RECORD_KEY }} | |
github_access_token: ${{ secrets.GITHUB_TOKEN }} | |
pr_deploy: | |
name: PR Environment Deploy | |
if: always() && | |
(needs.go_unit_tests.result == 'success' || needs.go_unit_tests.result == 'skipped') && | |
(needs.docker_build_scan_push.result == 'success' || needs.docker_build_scan_push.result == 'skipped') && | |
(needs.ui_tests_image.result == 'success' || needs.ui_tests_image.result == 'skipped') | |
needs: [ | |
create_tags, | |
go_unit_tests, | |
docker_build_scan_push, | |
ui_tests_image | |
] | |
uses: ./.github/workflows/terraform_environment_job.yml | |
with: | |
workspace_name: ${{ needs.create_tags.outputs.environment_workspace_name }} | |
version_tag: ${{ needs.create_tags.outputs.version_tag }} | |
secrets: | |
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} | |
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} | |
ssh_deploy_key: ${{ secrets.OPG_MODERNISING_LPA_DEPLOY_KEY_PRIVATE_KEY }} | |
github_access_token: ${{ secrets.GITHUB_TOKEN }} | |
pagerduty_api_key: ${{ secrets.PAGERDUTY_API_KEY }} | |
ui_tests_pr_env: | |
name: Run Cypress UI Tests On PR Environment | |
if: always() && | |
needs.pr_deploy.result == 'success' | |
uses: ./.github/workflows/ui_test_job.yml | |
needs: [pr_deploy, create_tags] | |
with: | |
run_against_image: false | |
base_url: "https://${{ needs.pr_deploy.outputs.url }}" | |
tag: ${{ needs.create_tags.outputs.version_tag }} | |
smoke: false | |
environment_config_json: ${{ needs.pr_deploy.outputs.environment_config_json }} | |
secrets: | |
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} | |
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} | |
cypress_record_key: ${{ secrets.CYPRESS_RECORD_KEY }} | |
github_access_token: ${{ secrets.GITHUB_TOKEN }} | |
always_remove_ingress: | |
name: Remove CI ingress from environment | |
if: always() | |
uses: ./.github/workflows/remove_ingress_job.yml | |
needs: [ui_tests_pr_env, pr_deploy] | |
with: | |
environment_config_json: ${{ needs.pr_deploy.outputs.environment_config_json }} | |
secrets: | |
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} | |
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} | |
end_of_pr_workflow: | |
name: End of PR Workflow | |
if: always() && | |
needs.pr_deploy.result == 'success' && | |
needs.create_tags.result == 'success' && | |
needs.ui_tests_pr_env.result == 'success' | |
runs-on: ubuntu-latest | |
environment: | |
name: "dev_${{ needs.create_tags.outputs.environment_workspace_name }}" | |
url: "https://${{ needs.pr_deploy.outputs.url }}" | |
needs: [pr_deploy, create_tags, ui_tests_pr_env] | |
steps: | |
- name: End of PR Workflow | |
run: | | |
echo "${{ needs.pr_deploy.outputs.terraform_workspace_name }} PR environment tested, built and deployed" | |
echo "Tag Deployed: ${{ needs.pr_deploy.outputs.terraform_container_version }}" | |
echo "URL: https://${{ needs.pr_deploy.outputs.url }}" |