From cee568c2e9c95bc8d782f97db23809cf3ccf30eb Mon Sep 17 00:00:00 2001 From: Andrew Pearce Date: Thu, 26 Sep 2024 10:19:09 +0100 Subject: [PATCH 1/6] use pull through cache --- .github/workflows/docker_job.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/docker_job.yml b/.github/workflows/docker_job.yml index 130de68c21..0ec1fe6300 100644 --- a/.github/workflows/docker_job.yml +++ b/.github/workflows/docker_job.yml @@ -101,7 +101,8 @@ jobs: id: trivy_scan uses: aquasecurity/trivy-action@0.24.0 env: - TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2 + TRIVY_DB_REPOSITORY: ${{ steps.login_ecr.outputs.registry }}/trivy-db-public-ecr/aquasecurity/trivy-db:2 + # TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2 with: image-ref: ${{ matrix.ecr_repository }}:${{ inputs.tag }} severity: 'HIGH,CRITICAL' From fddd416bf5797380cb5281d9e078ed519be3b5a0 Mon Sep 17 00:00:00 2001 From: Andrew Pearce Date: Thu, 26 Sep 2024 10:19:46 +0100 Subject: [PATCH 2/6] trigger a build --- cmd/mlpa/buildtrigger | 1 + 1 file changed, 1 insertion(+) create mode 100644 cmd/mlpa/buildtrigger diff --git a/cmd/mlpa/buildtrigger b/cmd/mlpa/buildtrigger new file mode 100644 index 0000000000..be31a82dcf --- /dev/null +++ b/cmd/mlpa/buildtrigger @@ -0,0 +1 @@ +trigger a build From f519836273c1b80cfa48d4d87395c9de546e58d7 Mon Sep 17 00:00:00 2001 From: Andrew Pearce Date: Thu, 26 Sep 2024 13:21:39 +0100 Subject: [PATCH 3/6] reduce jobs for qiucker feedback --- .github/workflows/workflow_pr.yml | 280 +++++++++++++++--------------- 1 file changed, 140 insertions(+), 140 deletions(-) diff --git a/.github/workflows/workflow_pr.yml b/.github/workflows/workflow_pr.yml index fd27f3930c..c22183d993 100644 --- a/.github/workflows/workflow_pr.yml +++ b/.github/workflows/workflow_pr.yml @@ -34,154 +34,154 @@ jobs: with: changes_detected: ${{ needs.detect_changes.outputs.changes_detected }} - go_unit_tests: - name: Run Go unit tests - if: needs.detect_changes.outputs.changes_detected == 'true' - needs: create_tags - uses: ./.github/workflows/go-unit-tests.yml - with: - tag: ${{ needs.create_tags.outputs.version_tag }} - commit_sha: ${{ github.event.pull_request.head.sha }} - branch: ${{ github.head_ref }} - secrets: - pact_broker_password: ${{ secrets.PACT_BROKER_PASSWORD }} - codecov_token: ${{ secrets.CODECOV_TOKEN }} + # go_unit_tests: + # name: Run Go unit tests + # if: needs.detect_changes.outputs.changes_detected == 'true' + # needs: create_tags + # uses: ./.github/workflows/go-unit-tests.yml + # with: + # tag: ${{ needs.create_tags.outputs.version_tag }} + # commit_sha: ${{ github.event.pull_request.head.sha }} + # branch: ${{ github.head_ref }} + # secrets: + # pact_broker_password: ${{ secrets.PACT_BROKER_PASSWORD }} + # codecov_token: ${{ secrets.CODECOV_TOKEN }} docker_build_scan_push: name: Docker Build, Scan and Push - if: needs.detect_changes.outputs.changes_detected == 'true' && - (needs.go_unit_tests.result == 'success' || needs.go_unit_tests.result == 'skipped') + # if: needs.detect_changes.outputs.changes_detected == 'true' && + # (needs.go_unit_tests.result == 'success' || needs.go_unit_tests.result == 'skipped') uses: ./.github/workflows/docker_job.yml needs: [ - go_unit_tests, + # go_unit_tests, create_tags ] with: tag: ${{ needs.create_tags.outputs.version_tag }} branch_name: ${{ github.head_ref }} - terraform_account_workflow_development: - name: TF Plan Dev Account - uses: ./.github/workflows/terraform_account_job.yml - with: - workspace_name: development - secrets: - aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} - aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} - pagerduty_api_key: ${{ secrets.PAGERDUTY_API_KEY }} - - terraform_account_workflow_preproduction: - name: TF Plan Preprod Account - needs: terraform_account_workflow_development - uses: ./.github/workflows/terraform_account_job.yml - with: - workspace_name: preproduction - secrets: - aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} - aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} - pagerduty_api_key: ${{ secrets.PAGERDUTY_API_KEY }} - - terraform_account_workflow_production: - name: TF Plan Prod Account - needs: terraform_account_workflow_development - uses: ./.github/workflows/terraform_account_job.yml - with: - workspace_name: production - secrets: - aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} - aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} - pagerduty_api_key: ${{ secrets.PAGERDUTY_API_KEY }} - - ui_tests_image: - name: Run Cypress UI Tests On Images - if: needs.detect_changes.outputs.changes_detected == 'true' && - (needs.docker_build_scan_push.result == 'success' || needs.docker_build_scan_push.result == 'skipped') - uses: ./.github/workflows/ui_test_job.yml - needs: [docker_build_scan_push, create_tags] - with: - run_against_image: true - tag: ${{ needs.create_tags.outputs.version_tag }} - specs: 'cypress/e2e/**/*.cy.js' - secrets: - aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} - aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} - cypress_record_key: ${{ secrets.CYPRESS_RECORD_KEY }} - github_access_token: ${{ secrets.GITHUB_TOKEN }} - - pr_deploy: - name: PR Environment Deploy - if: always() && - (needs.go_unit_tests.result == 'success' || needs.go_unit_tests.result == 'skipped') && - (needs.docker_build_scan_push.result == 'success' || needs.docker_build_scan_push.result == 'skipped') && - (needs.ui_tests_image.result == 'success' || needs.ui_tests_image.result == 'skipped') - needs: [ - create_tags, - go_unit_tests, - docker_build_scan_push, - ui_tests_image - ] - uses: ./.github/workflows/terraform_environment_job.yml - with: - workspace_name: ${{ needs.create_tags.outputs.environment_workspace_name }} - version_tag: ${{ needs.create_tags.outputs.version_tag }} - s3_av_scanner_zip_tag: ${{ needs.create_tags.outputs.s3_av_scanner_zip_tag }} - secrets: - aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} - aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} - ssh_deploy_key: ${{ secrets.OPG_MODERNISING_LPA_DEPLOY_KEY_PRIVATE_KEY }} - github_access_token: ${{ secrets.GITHUB_TOKEN }} - pagerduty_api_key: ${{ secrets.PAGERDUTY_API_KEY }} - - - ui_tests_pr_env: - name: Run Cypress UI Tests On PR Environment - if: always() && - needs.pr_deploy.result == 'success' - uses: ./.github/workflows/ui_test_job.yml - needs: [pr_deploy, create_tags] - with: - run_against_image: false - base_url: "https://${{ needs.pr_deploy.outputs.url }}" - tag: ${{ needs.create_tags.outputs.version_tag }} - environment_config_json: ${{ needs.pr_deploy.outputs.environment_config_json }} - specs: 'cypress/smoke/*.cy.js' - secrets: - aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} - aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} - cypress_record_key: ${{ secrets.CYPRESS_RECORD_KEY }} - github_access_token: ${{ secrets.GITHUB_TOKEN }} - - always_remove_ingress: - name: Remove CI ingress from environment - if: always() - uses: ./.github/workflows/remove_ingress_job.yml - needs: [ui_tests_pr_env, pr_deploy] - with: - environment_config_json: ${{ needs.pr_deploy.outputs.environment_config_json }} - secrets: - aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} - aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} - - end_of_pr_workflow: - name: End of PR Workflow - runs-on: ubuntu-latest - if: always() - environment: - name: "dev_${{ needs.create_tags.outputs.environment_workspace_name }}" - url: "https://${{ needs.pr_deploy.outputs.url }}" - needs: [pr_deploy, create_tags, ui_tests_pr_env] - steps: - - name: End of PR Workflow - run: | - echo "${{ needs.pr_deploy.outputs.terraform_workspace_name }} PR environment tested, built and deployed" - echo "Tag Deployed: ${{ needs.pr_deploy.outputs.terraform_container_version }}" - echo "URL: https://${{ needs.pr_deploy.outputs.url }}" - - if ${{ contains(needs.ui_tests_pr_env.result,'success') }} - then - echo "PR environment tested, built and deployed" - exit 0 - else - echo "PR environment tested, built and deployed but UI tests failed" - exit 1 - fi + # terraform_account_workflow_development: + # name: TF Plan Dev Account + # uses: ./.github/workflows/terraform_account_job.yml + # with: + # workspace_name: development + # secrets: + # aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} + # aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} + # pagerduty_api_key: ${{ secrets.PAGERDUTY_API_KEY }} + + # terraform_account_workflow_preproduction: + # name: TF Plan Preprod Account + # needs: terraform_account_workflow_development + # uses: ./.github/workflows/terraform_account_job.yml + # with: + # workspace_name: preproduction + # secrets: + # aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} + # aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} + # pagerduty_api_key: ${{ secrets.PAGERDUTY_API_KEY }} + + # terraform_account_workflow_production: + # name: TF Plan Prod Account + # needs: terraform_account_workflow_development + # uses: ./.github/workflows/terraform_account_job.yml + # with: + # workspace_name: production + # secrets: + # aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} + # aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} + # pagerduty_api_key: ${{ secrets.PAGERDUTY_API_KEY }} + + # ui_tests_image: + # name: Run Cypress UI Tests On Images + # if: needs.detect_changes.outputs.changes_detected == 'true' && + # (needs.docker_build_scan_push.result == 'success' || needs.docker_build_scan_push.result == 'skipped') + # uses: ./.github/workflows/ui_test_job.yml + # needs: [docker_build_scan_push, create_tags] + # with: + # run_against_image: true + # tag: ${{ needs.create_tags.outputs.version_tag }} + # specs: 'cypress/e2e/**/*.cy.js' + # secrets: + # aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} + # aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} + # cypress_record_key: ${{ secrets.CYPRESS_RECORD_KEY }} + # github_access_token: ${{ secrets.GITHUB_TOKEN }} + + # pr_deploy: + # name: PR Environment Deploy + # if: always() && + # (needs.go_unit_tests.result == 'success' || needs.go_unit_tests.result == 'skipped') && + # (needs.docker_build_scan_push.result == 'success' || needs.docker_build_scan_push.result == 'skipped') && + # (needs.ui_tests_image.result == 'success' || needs.ui_tests_image.result == 'skipped') + # needs: [ + # create_tags, + # go_unit_tests, + # docker_build_scan_push, + # ui_tests_image + # ] + # uses: ./.github/workflows/terraform_environment_job.yml + # with: + # workspace_name: ${{ needs.create_tags.outputs.environment_workspace_name }} + # version_tag: ${{ needs.create_tags.outputs.version_tag }} + # s3_av_scanner_zip_tag: ${{ needs.create_tags.outputs.s3_av_scanner_zip_tag }} + # secrets: + # aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} + # aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} + # ssh_deploy_key: ${{ secrets.OPG_MODERNISING_LPA_DEPLOY_KEY_PRIVATE_KEY }} + # github_access_token: ${{ secrets.GITHUB_TOKEN }} + # pagerduty_api_key: ${{ secrets.PAGERDUTY_API_KEY }} + + + # ui_tests_pr_env: + # name: Run Cypress UI Tests On PR Environment + # if: always() && + # needs.pr_deploy.result == 'success' + # uses: ./.github/workflows/ui_test_job.yml + # needs: [pr_deploy, create_tags] + # with: + # run_against_image: false + # base_url: "https://${{ needs.pr_deploy.outputs.url }}" + # tag: ${{ needs.create_tags.outputs.version_tag }} + # environment_config_json: ${{ needs.pr_deploy.outputs.environment_config_json }} + # specs: 'cypress/smoke/*.cy.js' + # secrets: + # aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} + # aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} + # cypress_record_key: ${{ secrets.CYPRESS_RECORD_KEY }} + # github_access_token: ${{ secrets.GITHUB_TOKEN }} + + # always_remove_ingress: + # name: Remove CI ingress from environment + # if: always() + # uses: ./.github/workflows/remove_ingress_job.yml + # needs: [ui_tests_pr_env, pr_deploy] + # with: + # environment_config_json: ${{ needs.pr_deploy.outputs.environment_config_json }} + # secrets: + # aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} + # aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} + + # end_of_pr_workflow: + # name: End of PR Workflow + # runs-on: ubuntu-latest + # if: always() + # environment: + # name: "dev_${{ needs.create_tags.outputs.environment_workspace_name }}" + # url: "https://${{ needs.pr_deploy.outputs.url }}" + # needs: [pr_deploy, create_tags, ui_tests_pr_env] + # steps: + # - name: End of PR Workflow + # run: | + # echo "${{ needs.pr_deploy.outputs.terraform_workspace_name }} PR environment tested, built and deployed" + # echo "Tag Deployed: ${{ needs.pr_deploy.outputs.terraform_container_version }}" + # echo "URL: https://${{ needs.pr_deploy.outputs.url }}" + + # if ${{ contains(needs.ui_tests_pr_env.result,'success') }} + # then + # echo "PR environment tested, built and deployed" + # exit 0 + # else + # echo "PR environment tested, built and deployed but UI tests failed" + # exit 1 + # fi From 6bb062b2e1989995412015746c8d3df78d04aedc Mon Sep 17 00:00:00 2001 From: Andrew Pearce Date: Thu, 26 Sep 2024 15:29:21 +0100 Subject: [PATCH 4/6] cleanup --- .github/workflows/docker_job.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/docker_job.yml b/.github/workflows/docker_job.yml index 0ec1fe6300..ebca2eb742 100644 --- a/.github/workflows/docker_job.yml +++ b/.github/workflows/docker_job.yml @@ -102,7 +102,6 @@ jobs: uses: aquasecurity/trivy-action@0.24.0 env: TRIVY_DB_REPOSITORY: ${{ steps.login_ecr.outputs.registry }}/trivy-db-public-ecr/aquasecurity/trivy-db:2 - # TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2 with: image-ref: ${{ matrix.ecr_repository }}:${{ inputs.tag }} severity: 'HIGH,CRITICAL' From 65ec5e286d52ad08df409c320a0eb36f59a447db Mon Sep 17 00:00:00 2001 From: Andrew Pearce Date: Thu, 26 Sep 2024 15:32:14 +0100 Subject: [PATCH 5/6] restore workflow --- .github/workflows/workflow_pr.yml | 280 +++++++++++++++--------------- 1 file changed, 140 insertions(+), 140 deletions(-) diff --git a/.github/workflows/workflow_pr.yml b/.github/workflows/workflow_pr.yml index c22183d993..fd27f3930c 100644 --- a/.github/workflows/workflow_pr.yml +++ b/.github/workflows/workflow_pr.yml @@ -34,154 +34,154 @@ jobs: with: changes_detected: ${{ needs.detect_changes.outputs.changes_detected }} - # go_unit_tests: - # name: Run Go unit tests - # if: needs.detect_changes.outputs.changes_detected == 'true' - # needs: create_tags - # uses: ./.github/workflows/go-unit-tests.yml - # with: - # tag: ${{ needs.create_tags.outputs.version_tag }} - # commit_sha: ${{ github.event.pull_request.head.sha }} - # branch: ${{ github.head_ref }} - # secrets: - # pact_broker_password: ${{ secrets.PACT_BROKER_PASSWORD }} - # codecov_token: ${{ secrets.CODECOV_TOKEN }} + go_unit_tests: + name: Run Go unit tests + if: needs.detect_changes.outputs.changes_detected == 'true' + needs: create_tags + uses: ./.github/workflows/go-unit-tests.yml + with: + tag: ${{ needs.create_tags.outputs.version_tag }} + commit_sha: ${{ github.event.pull_request.head.sha }} + branch: ${{ github.head_ref }} + secrets: + pact_broker_password: ${{ secrets.PACT_BROKER_PASSWORD }} + codecov_token: ${{ secrets.CODECOV_TOKEN }} docker_build_scan_push: name: Docker Build, Scan and Push - # if: needs.detect_changes.outputs.changes_detected == 'true' && - # (needs.go_unit_tests.result == 'success' || needs.go_unit_tests.result == 'skipped') + if: needs.detect_changes.outputs.changes_detected == 'true' && + (needs.go_unit_tests.result == 'success' || needs.go_unit_tests.result == 'skipped') uses: ./.github/workflows/docker_job.yml needs: [ - # go_unit_tests, + go_unit_tests, create_tags ] with: tag: ${{ needs.create_tags.outputs.version_tag }} branch_name: ${{ github.head_ref }} - # terraform_account_workflow_development: - # name: TF Plan Dev Account - # uses: ./.github/workflows/terraform_account_job.yml - # with: - # workspace_name: development - # secrets: - # aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} - # aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} - # pagerduty_api_key: ${{ secrets.PAGERDUTY_API_KEY }} - - # terraform_account_workflow_preproduction: - # name: TF Plan Preprod Account - # needs: terraform_account_workflow_development - # uses: ./.github/workflows/terraform_account_job.yml - # with: - # workspace_name: preproduction - # secrets: - # aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} - # aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} - # pagerduty_api_key: ${{ secrets.PAGERDUTY_API_KEY }} - - # terraform_account_workflow_production: - # name: TF Plan Prod Account - # needs: terraform_account_workflow_development - # uses: ./.github/workflows/terraform_account_job.yml - # with: - # workspace_name: production - # secrets: - # aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} - # aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} - # pagerduty_api_key: ${{ secrets.PAGERDUTY_API_KEY }} - - # ui_tests_image: - # name: Run Cypress UI Tests On Images - # if: needs.detect_changes.outputs.changes_detected == 'true' && - # (needs.docker_build_scan_push.result == 'success' || needs.docker_build_scan_push.result == 'skipped') - # uses: ./.github/workflows/ui_test_job.yml - # needs: [docker_build_scan_push, create_tags] - # with: - # run_against_image: true - # tag: ${{ needs.create_tags.outputs.version_tag }} - # specs: 'cypress/e2e/**/*.cy.js' - # secrets: - # aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} - # aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} - # cypress_record_key: ${{ secrets.CYPRESS_RECORD_KEY }} - # github_access_token: ${{ secrets.GITHUB_TOKEN }} - - # pr_deploy: - # name: PR Environment Deploy - # if: always() && - # (needs.go_unit_tests.result == 'success' || needs.go_unit_tests.result == 'skipped') && - # (needs.docker_build_scan_push.result == 'success' || needs.docker_build_scan_push.result == 'skipped') && - # (needs.ui_tests_image.result == 'success' || needs.ui_tests_image.result == 'skipped') - # needs: [ - # create_tags, - # go_unit_tests, - # docker_build_scan_push, - # ui_tests_image - # ] - # uses: ./.github/workflows/terraform_environment_job.yml - # with: - # workspace_name: ${{ needs.create_tags.outputs.environment_workspace_name }} - # version_tag: ${{ needs.create_tags.outputs.version_tag }} - # s3_av_scanner_zip_tag: ${{ needs.create_tags.outputs.s3_av_scanner_zip_tag }} - # secrets: - # aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} - # aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} - # ssh_deploy_key: ${{ secrets.OPG_MODERNISING_LPA_DEPLOY_KEY_PRIVATE_KEY }} - # github_access_token: ${{ secrets.GITHUB_TOKEN }} - # pagerduty_api_key: ${{ secrets.PAGERDUTY_API_KEY }} - - - # ui_tests_pr_env: - # name: Run Cypress UI Tests On PR Environment - # if: always() && - # needs.pr_deploy.result == 'success' - # uses: ./.github/workflows/ui_test_job.yml - # needs: [pr_deploy, create_tags] - # with: - # run_against_image: false - # base_url: "https://${{ needs.pr_deploy.outputs.url }}" - # tag: ${{ needs.create_tags.outputs.version_tag }} - # environment_config_json: ${{ needs.pr_deploy.outputs.environment_config_json }} - # specs: 'cypress/smoke/*.cy.js' - # secrets: - # aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} - # aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} - # cypress_record_key: ${{ secrets.CYPRESS_RECORD_KEY }} - # github_access_token: ${{ secrets.GITHUB_TOKEN }} - - # always_remove_ingress: - # name: Remove CI ingress from environment - # if: always() - # uses: ./.github/workflows/remove_ingress_job.yml - # needs: [ui_tests_pr_env, pr_deploy] - # with: - # environment_config_json: ${{ needs.pr_deploy.outputs.environment_config_json }} - # secrets: - # aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} - # aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} - - # end_of_pr_workflow: - # name: End of PR Workflow - # runs-on: ubuntu-latest - # if: always() - # environment: - # name: "dev_${{ needs.create_tags.outputs.environment_workspace_name }}" - # url: "https://${{ needs.pr_deploy.outputs.url }}" - # needs: [pr_deploy, create_tags, ui_tests_pr_env] - # steps: - # - name: End of PR Workflow - # run: | - # echo "${{ needs.pr_deploy.outputs.terraform_workspace_name }} PR environment tested, built and deployed" - # echo "Tag Deployed: ${{ needs.pr_deploy.outputs.terraform_container_version }}" - # echo "URL: https://${{ needs.pr_deploy.outputs.url }}" - - # if ${{ contains(needs.ui_tests_pr_env.result,'success') }} - # then - # echo "PR environment tested, built and deployed" - # exit 0 - # else - # echo "PR environment tested, built and deployed but UI tests failed" - # exit 1 - # fi + terraform_account_workflow_development: + name: TF Plan Dev Account + uses: ./.github/workflows/terraform_account_job.yml + with: + workspace_name: development + secrets: + aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} + aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} + pagerduty_api_key: ${{ secrets.PAGERDUTY_API_KEY }} + + terraform_account_workflow_preproduction: + name: TF Plan Preprod Account + needs: terraform_account_workflow_development + uses: ./.github/workflows/terraform_account_job.yml + with: + workspace_name: preproduction + secrets: + aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} + aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} + pagerduty_api_key: ${{ secrets.PAGERDUTY_API_KEY }} + + terraform_account_workflow_production: + name: TF Plan Prod Account + needs: terraform_account_workflow_development + uses: ./.github/workflows/terraform_account_job.yml + with: + workspace_name: production + secrets: + aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} + aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} + pagerduty_api_key: ${{ secrets.PAGERDUTY_API_KEY }} + + ui_tests_image: + name: Run Cypress UI Tests On Images + if: needs.detect_changes.outputs.changes_detected == 'true' && + (needs.docker_build_scan_push.result == 'success' || needs.docker_build_scan_push.result == 'skipped') + uses: ./.github/workflows/ui_test_job.yml + needs: [docker_build_scan_push, create_tags] + with: + run_against_image: true + tag: ${{ needs.create_tags.outputs.version_tag }} + specs: 'cypress/e2e/**/*.cy.js' + secrets: + aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} + aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} + cypress_record_key: ${{ secrets.CYPRESS_RECORD_KEY }} + github_access_token: ${{ secrets.GITHUB_TOKEN }} + + pr_deploy: + name: PR Environment Deploy + if: always() && + (needs.go_unit_tests.result == 'success' || needs.go_unit_tests.result == 'skipped') && + (needs.docker_build_scan_push.result == 'success' || needs.docker_build_scan_push.result == 'skipped') && + (needs.ui_tests_image.result == 'success' || needs.ui_tests_image.result == 'skipped') + needs: [ + create_tags, + go_unit_tests, + docker_build_scan_push, + ui_tests_image + ] + uses: ./.github/workflows/terraform_environment_job.yml + with: + workspace_name: ${{ needs.create_tags.outputs.environment_workspace_name }} + version_tag: ${{ needs.create_tags.outputs.version_tag }} + s3_av_scanner_zip_tag: ${{ needs.create_tags.outputs.s3_av_scanner_zip_tag }} + secrets: + aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} + aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} + ssh_deploy_key: ${{ secrets.OPG_MODERNISING_LPA_DEPLOY_KEY_PRIVATE_KEY }} + github_access_token: ${{ secrets.GITHUB_TOKEN }} + pagerduty_api_key: ${{ secrets.PAGERDUTY_API_KEY }} + + + ui_tests_pr_env: + name: Run Cypress UI Tests On PR Environment + if: always() && + needs.pr_deploy.result == 'success' + uses: ./.github/workflows/ui_test_job.yml + needs: [pr_deploy, create_tags] + with: + run_against_image: false + base_url: "https://${{ needs.pr_deploy.outputs.url }}" + tag: ${{ needs.create_tags.outputs.version_tag }} + environment_config_json: ${{ needs.pr_deploy.outputs.environment_config_json }} + specs: 'cypress/smoke/*.cy.js' + secrets: + aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} + aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} + cypress_record_key: ${{ secrets.CYPRESS_RECORD_KEY }} + github_access_token: ${{ secrets.GITHUB_TOKEN }} + + always_remove_ingress: + name: Remove CI ingress from environment + if: always() + uses: ./.github/workflows/remove_ingress_job.yml + needs: [ui_tests_pr_env, pr_deploy] + with: + environment_config_json: ${{ needs.pr_deploy.outputs.environment_config_json }} + secrets: + aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} + aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} + + end_of_pr_workflow: + name: End of PR Workflow + runs-on: ubuntu-latest + if: always() + environment: + name: "dev_${{ needs.create_tags.outputs.environment_workspace_name }}" + url: "https://${{ needs.pr_deploy.outputs.url }}" + needs: [pr_deploy, create_tags, ui_tests_pr_env] + steps: + - name: End of PR Workflow + run: | + echo "${{ needs.pr_deploy.outputs.terraform_workspace_name }} PR environment tested, built and deployed" + echo "Tag Deployed: ${{ needs.pr_deploy.outputs.terraform_container_version }}" + echo "URL: https://${{ needs.pr_deploy.outputs.url }}" + + if ${{ contains(needs.ui_tests_pr_env.result,'success') }} + then + echo "PR environment tested, built and deployed" + exit 0 + else + echo "PR environment tested, built and deployed but UI tests failed" + exit 1 + fi From d5e228d151ab09443757ef6a4ce1c60b54c1d52b Mon Sep 17 00:00:00 2001 From: Andrew Pearce Date: Thu, 26 Sep 2024 15:32:43 +0100 Subject: [PATCH 6/6] remove buildtrigger --- cmd/mlpa/buildtrigger | 1 - 1 file changed, 1 deletion(-) delete mode 100644 cmd/mlpa/buildtrigger diff --git a/cmd/mlpa/buildtrigger b/cmd/mlpa/buildtrigger deleted file mode 100644 index be31a82dcf..0000000000 --- a/cmd/mlpa/buildtrigger +++ /dev/null @@ -1 +0,0 @@ -trigger a build