-
Notifications
You must be signed in to change notification settings - Fork 2
130 lines (119 loc) · 4.46 KB
/
dispatch_deploy_to_ur_environment.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
name: "[WD] Deploy to UR Environment"
on:
workflow_dispatch:
inputs:
tag_to_deploy:
description: 'Tag to deploy to ur environment'
required: true
type: string
permissions:
id-token: write
contents: write
security-events: write
pull-requests: write
actions: none
checks: none
deployments: none
issues: write
packages: none
repository-projects: none
statuses: none
defaults:
run:
shell: bash
jobs:
fetch_s3_av_version:
name: Fetch the S3 AV Zip version tag
runs-on: ubuntu-latest
steps:
- name: Configure AWS Credentials
uses: aws-actions/[email protected]
with:
aws-region: eu-west-1
role-to-assume: arn:aws:iam::311462405659:role/modernising-lpa-github-actions-ssm-get-parameter
role-duration-seconds: 900
role-session-name: GithubActionsSSMGetParameter
- name: Pull S3 AV Zip tag
id: pull_s3_av_tag
run: |
key="/opg-s3-antivirus/zip-version-main"
value=$(aws ssm get-parameter --name "$key" --query 'Parameter.Value' --output text 2>/dev/null || true)
echo "Using $key: $value"
echo "tag=${value}" >> $GITHUB_OUTPUT
outputs:
s3_av_scanner_zip_tag: ${{ steps.pull_s3_av_tag.outputs.tag }}
docker_build_scan_push:
name: Docker Build, Scan and Push
uses: ./.github/workflows/docker_job.yml
with:
tag: ur-${{ inputs.tag_to_deploy }}
checkout_tag : ${{ inputs.tag_to_deploy }}
branch_name: ${{ github.head_ref }}
ui_tests_image:
name: Run Cypress UI Tests On ur Images
uses: ./.github/workflows/ui_test_job.yml
needs: [docker_build_scan_push]
with:
run_against_image: true
tag: ur-${{ inputs.tag_to_deploy}}
checkout_tag: ${{ inputs.tag_to_deploy}}
specs: 'cypress/e2e/**/*.cy.js'
secrets:
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }}
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }}
cypress_record_key: ${{ secrets.CYPRESS_RECORD_KEY }}
github_access_token: ${{ secrets.GITHUB_TOKEN }}
deploy:
name: ur Environment Deploy
needs: [ui_tests_image, fetch_s3_av_version]
uses: ./.github/workflows/terraform_environment_job.yml
with:
workspace_name: ur
version_tag: ur-${{ inputs.tag_to_deploy}}
checkout_tag: ${{ inputs.tag_to_deploy}}
s3_av_scanner_zip_tag: ${{ needs.fetch_s3_av_version.outputs.s3_av_scanner_zip_tag }}
secrets:
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }}
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }}
ssh_deploy_key: ${{ secrets.OPG_MODERNISING_LPA_DEPLOY_KEY_PRIVATE_KEY }}
github_access_token: ${{ secrets.GITHUB_TOKEN }}
pagerduty_api_key: ${{ secrets.PAGERDUTY_API_KEY }}
ui_tests_env:
name: Run Cypress UI Tests On ur Environment
uses: ./.github/workflows/ui_test_job.yml
needs: [deploy]
with:
run_against_image: false
base_url: "https://${{ needs.deploy.outputs.url }}"
tag: ur-${{ inputs.tag_to_deploy}}
checkout_tag: ${{ inputs.tag_to_deploy}}
environment_config_json: ${{ needs.deploy.outputs.environment_config_json }}
specs: 'cypress/smoke/*.cy.js'
secrets:
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }}
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }}
cypress_record_key: ${{ secrets.CYPRESS_RECORD_KEY }}
github_access_token: ${{ secrets.GITHUB_TOKEN }}
always_remove_ingress:
name: Remove CI ingress from ur environment
if: always()
uses: ./.github/workflows/remove_ingress_job.yml
needs: [ui_tests_env, deploy]
with:
environment_config_json: ${{ needs.deploy.outputs.environment_config_json }}
secrets:
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }}
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }}
end_of_deployment_workflow:
name: End of ur Deployment Workflow
runs-on: ubuntu-latest
environment:
name: "ur"
url: "https://${{ needs.deploy.outputs.url }}"
needs: [ui_tests_env]
steps:
- name: End of ur Deployment Workflow
run: |
echo "${{ needs.deploy.outputs.terraform_workspace_name }} environment tested, built and deployed"
echo "Tag Deployed: ${{ needs.deploy.outputs.terraform_container_version }}"
echo "URL: https://${{ needs.deploy.outputs.url }}"