Merge pull request #20 from nhsuk/ci-terraform-deployments

CI terraform deployments
nhsuk · Jun 2, 2021 · ea14de1 · ea14de1
2 parents 913a521 + 05f70b4
commit ea14de1
Show file tree

Hide file tree

Showing 13 changed files with 378 additions and 215 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,5 @@
 local.settings.json
 node_modules/
 globalConfig.json
+terraform/.terraform*
+dist/
diff --git a/AzureResourceGroup/template.json b/AzureResourceGroup/template.json
diff --git a/azure-pipeline-templates/deploy.yaml b/azure-pipeline-templates/deploy.yaml
@@ -0,0 +1,31 @@
+steps:
+
+# Since this is a deployment stage, we need to checkout the code. Non-deployment stages do this by default
+- checkout: self
+
+- task: AzureCLI@2
+  inputs:
+    azureSubscription: 'nhsuk-user-feedback-${{parameters.environment}}'
+    scriptType: 'bash'
+    scriptLocation: 'inlineScript'
+    addSpnToEnvironment: true # adds $servicePrincipalId, $servicePrincipalKey and $tenantId to the env vars
+    inlineScript: |
+        set -e
+        # Set variables that terraform uses for azure authentication.
+        # Make these variables available to future jobs.
+        echo "##vso[task.setvariable variable=ARM_SUBSCRIPTION_ID]$(az account show --query 'id' --output tsv)"
+        echo "##vso[task.setvariable variable=ARM_TENANT_ID]$tenantId"
+        echo "##vso[task.setvariable variable=ARM_CLIENT_ID]$servicePrincipalId"
+        echo "##vso[task.setvariable variable=ARM_CLIENT_SECRET]$servicePrincipalKey"
+  displayName: 'Get Azure auth variables'
+
+- task: AzureCLI@2
+  inputs:
+    azureSubscription: 'nhsuk-user-feedback-${{parameters.environment}}'
+    scriptType: 'bash'
+    scriptLocation: 'inlineScript'
+    inlineScript: |
+      ./scripts/deploy.sh \
+        --env=${{parameters.environment}} \
+        --region=${{parameters.region}}
+  displayName: 'Run deploy script'
diff --git a/azure-pipelines.yml b/azure-pipelines.yml
@@ -3,16 +3,17 @@
 trigger:
   branches:
     include:
-      - master
-      - refs/tags/*
+    - master
+    - refs/tags/*
+
 pr:
 - master
 
-
 pool:
-  vmImage: 'ubuntu-latest'
+  vmImage: ubuntu-latest
 
 stages:
+
 - stage: Test
   jobs:
   - job: Test
@@ -24,33 +25,57 @@ stages:
       displayName: 'Install Node.js'
 
     - script: |
-        npm install
+        npm ci
         npm test
       displayName: 'npm test'
 
-- stage: Build
-  displayName: Build stage
+- stage: DevDeployment
+  displayName: 'Dev Deployment'
+  condition: and(succeeded(), startsWith(variables['Build.SourceBranch'], 'refs/heads/master'))
+  dependsOn:
+  - Test
   jobs:
-  - job: Build
+  - deployment: Deployment
+    environment: 'dev'
+    strategy:
+      runOnce:
+        deploy:
+          steps:
+          - template: azure-pipeline-templates/deploy.yaml
+            parameters:
+              environment: 'dev'
+              region: 'uks'
 
-    steps:
-    - task: NodeTool@0
-      inputs:
-        versionSpec: '10.x'
-      displayName: 'Install Node.js'
-
-    - script: |
-        npm install --production
-      displayName: 'npm install'
+- stage: StagDeployment
+  displayName: 'Stag Deployment'
+  condition: and(succeeded(), startsWith(variables['Build.SourceBranch'], 'refs/tags/'))
+  dependsOn:
+  - Test
+  jobs:
+  - deployment: Deployment
+    environment: 'staging'
+    strategy:
+      runOnce:
+        deploy:
+          steps:
+          - template: azure-pipeline-templates/deploy.yaml
+            parameters:
+              environment: 'stag'
+              region: 'uks'
 
-    - task: ArchiveFiles@2
-      displayName: 'Archive files'
-      inputs:
-        rootFolderOrFile: '$(System.DefaultWorkingDirectory)'
-        includeRootFolder: false
-        archiveType: zip
-        archiveFile: $(Build.ArtifactStagingDirectory)/$(Build.BuildId).zip
-        replaceExistingArchive: true
-
-    - upload: $(Build.ArtifactStagingDirectory)/$(Build.BuildId).zip
-      artifact: drop
+- stage: ProdDeployment
+  displayName: 'Prod Deployment'
+  dependsOn:
+  - StagDeployment
+  - Test
+  jobs:
+  - deployment: Deployment
+    environment: 'production'
+    strategy:
+      runOnce:
+        deploy:
+          steps:
+          - template: azure-pipeline-templates/deploy.yaml
+            parameters:
+              environment: 'prod'
+              region: 'uks'
diff --git a/scripts/create_terraform_state.sh b/scripts/create_terraform_state.sh
@@ -0,0 +1,53 @@
+#!/bin/bash
+
+for i in "$@"
+do
+case $i in
+    --env=*)
+    ENV="${i#*=}"
+    shift # past argument=value
+    ;;
+    --region=*)
+    REGION="${i#*=}"
+    shift # past argument=value
+    ;;
+    *)
+          # unknown option
+    ;;
+esac
+done
+
+if [[ -z "$ENV" ]]; then
+    echo "--env option must be provided"
+    exit 1
+fi
+if [[ -z "$REGION" ]]; then
+    echo "--region option must be provided"
+    exit 1
+fi
+
+echo "ENV = $ENV"
+echo "REGION = $REGION"
+
+set -e
+
+
+RESOURCE_GROUP_NAME="nhsuk-user-feedback-rg-tfstate-$ENV-$REGION"
+STORAGE_ACCOUNT_NAME="nhsukfeedbacktstate$ENV"
+CONTAINER_NAME="tstate"
+
+# This resource group should have been created for you by the infrastructure team
+# az group create --name $RESOURCE_GROUP_NAME --location $REGION
+
+# Create storage account
+az storage account create --resource-group $RESOURCE_GROUP_NAME --name $STORAGE_ACCOUNT_NAME --sku Standard_LRS --encryption-services blob
+
+# Get storage account key
+ACCOUNT_KEY=$(az storage account keys list --resource-group $RESOURCE_GROUP_NAME --account-name $STORAGE_ACCOUNT_NAME --query '[0].value' -o tsv)
+
+# Create blob container
+az storage container create --name $CONTAINER_NAME --account-name $STORAGE_ACCOUNT_NAME --account-key $ACCOUNT_KEY
+
+echo "storage_account_name: $STORAGE_ACCOUNT_NAME"
+echo "container_name: $CONTAINER_NAME"
+echo "access_key: $ACCOUNT_KEY"