Skip to content

Deployment to dev of develop by hamzakhan24-nhs #746

Deployment to dev of develop by hamzakhan24-nhs

Deployment to dev of develop by hamzakhan24-nhs #746

name: Persistent Environment Deploy
run-name: Deployment to ${{ inputs.environment }} of ${{ inputs.branch_name }} by ${{ github.actor }}
on:
workflow_dispatch:
inputs:
environment:
description: "Environment to deploy to"
required: true
default: "dev"
type: environment
branch_name:
description: Branch to deploy
required: true
permissions:
id-token: write
contents: read
actions: write
jobs:
build:
name: Build - ${{ inputs.branch_name }}
runs-on: [self-hosted, ci]
steps:
- name: Git clone - ${{ inputs.branch_name }}
uses: actions/checkout@v4
with:
ref: ${{ inputs.branch_name }}
- name: Setup asdf cache
uses: actions/cache@v4
with:
path: ~/.asdf
key: ${{ runner.os }}-asdf-${{ hashFiles('**/.tool-versions') }}
restore-keys: |
${{ runner.os }}-asdf-
- name: Install asdf
uses: asdf-vm/actions/[email protected]
- name: Install zip
run: sudo apt-get install zip
- name: Setup Python environment
run: |
poetry install --no-root
source $(poetry env info --path)/bin/activate
- name: Run Linting
run: make lint
- name: Run Unit Tests
run: make test
- name: Build Project
run: make build
- name: Configure Management Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: eu-west-2
role-to-assume: ${{ secrets.MGMT_ROLE_ARN }}
role-session-name: github-actions-ci-${{ inputs.environment }}-${{ github.run_id }}
- name: Add S3 Permissions to Lambda
run: |
account=$(echo '${{ inputs.environment }}' | cut -d '-' -f1)
inactive_stack=$(poetry run python ./scripts/get_env_config.py inactive-stack ${{ inputs.environment }})
make get-s3-perms ENV=${account} TF_WORKSPACE_NAME=${inactive_stack}
- name: Save Build Artifacts
uses: actions/upload-artifact@v4
with:
name: build-artifacts
path: |
dist/*.zip
!dist/nrlf_permissions.zip
- name: Save NRLF Permissions cache
uses: actions/cache/save@v4
with:
key: ${{ github.run_id }}-nrlf-permissions
path: dist/nrlf_permissions.zip
terraform-plan:
name: Terraform Plan - ${{ inputs.environment }}
needs: [build]
environment: ${{ inputs.environment }}
runs-on: [self-hosted, ci]
steps:
- name: Git clone - ${{ inputs.branch_name }}
uses: actions/checkout@v4
with:
ref: ${{ inputs.branch_name }}
- name: Setup asdf cache
uses: actions/cache@v4
with:
path: ~/.asdf
key: ${{ runner.os }}-asdf-${{ hashFiles('**/.tool-versions') }}
restore-keys: |
${{ runner.os }}-asdf-
- name: Install asdf
uses: asdf-vm/actions/[email protected]
- name: Configure Management Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: eu-west-2
role-to-assume: ${{ secrets.MGMT_ROLE_ARN }}
role-session-name: github-actions-ci-${{ inputs.environment }}-${{ github.run_id }}
- name: Retrieve Server Certificates
run: |
account=$(echo '${{ inputs.environment }}' | cut -d '-' -f1)
make truststore-pull-server ENV=${account}
- name: Download build artifacts
uses: actions/download-artifact@v4
with:
name: build-artifacts
path: dist
- name: Install zip
run: sudo apt-get install zip
- name: Setup Python environment
run: |
poetry install --no-root
source $(poetry env info --path)/bin/activate
- name: Restore NRLF permissions cache
uses: actions/cache/restore@v4
with:
key: ${{ github.run_id }}-nrlf-permissions
path: dist/nrlf_permissions.zip
fail-on-cache-miss: true
- name: Terraform Init
run: |
inactive_stack=$(poetry run python ./scripts/get_env_config.py inactive-stack ${{ inputs.environment }})
terraform -chdir=terraform/infrastructure init
terraform -chdir=terraform/infrastructure workspace new ${inactive_stack} || \
terraform -chdir=terraform/infrastructure workspace select ${inactive_stack}
- name: Terraform Plan
run: |
inactive_stack=$(poetry run python ./scripts/get_env_config.py inactive-stack ${{ inputs.environment }})
terraform -chdir=terraform/infrastructure plan \
--var-file=etc/${{ vars.ACCOUNT_NAME }}.tfvars \
--var assume_role_arn=${{ secrets.DEPLOY_ROLE_ARN }} \
--var use_shared_resources=$(poetry run python scripts/are_resources_shared_for_stack.py ${inactive_stack}) \
-out tfplan
- name: Save Terraform Plan
run: |
terraform -chdir=terraform/infrastructure show -no-color tfplan > terraform/infrastructure/tfplan.txt
aws s3 cp terraform/infrastructure/tfplan s3://nhsd-nrlf--mgmt--github-ci-logging/${{ inputs.environment }}/${{ github.run_id }}/tfplan
aws s3 cp terraform/infrastructure/tfplan.txt s3://nhsd-nrlf--mgmt--github-ci-logging/${{ inputs.environment }}/${{ github.run_id }}/tfplan.txt
terraform-apply:
name: Terraform Apply - ${{ inputs.environment }}
needs: [terraform-plan]
runs-on: [self-hosted, ci]
environment: ${{ inputs.environment }}
steps:
- name: Git clone - ${{ inputs.branch_name }}
uses: actions/checkout@v4
with:
ref: ${{ inputs.branch_name }}
- name: Setup asdf cache
uses: actions/cache@v4
with:
path: ~/.asdf
key: ${{ runner.os }}-asdf-${{ hashFiles('**/.tool-versions') }}
restore-keys: |
${{ runner.os }}-asdf-
- name: Install asdf
uses: asdf-vm/actions/[email protected]
- name: Download build artifacts
uses: actions/download-artifact@v4
with:
name: build-artifacts
path: dist
- name: Restore NRLF permissions cache
uses: actions/cache/restore@v4
with:
key: ${{ github.run_id }}-nrlf-permissions
path: dist/nrlf_permissions.zip
fail-on-cache-miss: true
- name: Configure Management Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: eu-west-2
role-to-assume: ${{ secrets.MGMT_ROLE_ARN }}
role-session-name: github-actions-ci-${{ inputs.environment }}-${{ github.run_id}}
- name: Download Terraform Plan artifact
run: aws s3 cp s3://nhsd-nrlf--mgmt--github-ci-logging/${{ inputs.environment }}/${{ github.run_id }}/tfplan terraform/infrastructure/tfplan
- name: Retrieve Server Certificates
run: |
account=$(echo '${{ inputs.environment }}' | cut -d '-' -f1)
make truststore-pull-server ENV=${account}
- name: Install zip
run: sudo apt-get install zip
- name: Setup Python environment
run: |
poetry install --no-root
source $(poetry env info --path)/bin/activate
- name: Terraform Init
run: |
inactive_stack=$(poetry run python ./scripts/get_env_config.py inactive-stack ${{ inputs.environment }})
terraform -chdir=terraform/infrastructure init
terraform -chdir=terraform/infrastructure workspace new ${inactive_stack} || \
terraform -chdir=terraform/infrastructure workspace select ${inactive_stack}
- name: Terraform Apply
run: terraform -chdir=terraform/infrastructure apply tfplan
- name: Update environment config version
run: |
short_commit_ref="$(echo ${{ github.sha }} | cut -c1-8)"
deployed_version="${{ inputs.branch_name }}@${short_commit_ref}"
poetry run python ./scripts/set_env_config.py inactive-version ${deployed_version} ${{ inputs.environment }}
- name: Smoke Test
run: |
account=$(echo '${{ inputs.environment }}' | cut -d '-' -f1)
make ENV=${account} truststore-pull-client
make ENV=${{ inputs.environment }} test-smoke-internal
activate-stack:
name: Activate - ${{ inputs.environment }}
needs: [terraform-apply]
runs-on: [self-hosted, ci]
environment: ${{ inputs.environment }}
steps:
- name: Git clone - ${{ inputs.branch_name }}
uses: actions/checkout@v4
with:
ref: ${{ inputs.branch_name }}
- name: Setup asdf cache
uses: actions/cache@v4
with:
path: ~/.asdf
key: ${{ runner.os }}-asdf-${{ hashFiles('**/.tool-versions') }}
restore-keys: |
${{ runner.os }}-asdf-
- name: Install asdf
uses: asdf-vm/actions/[email protected]
- name: Configure Management Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: eu-west-2
role-to-assume: ${{ secrets.MGMT_ROLE_ARN }}
role-session-name: github-actions-ci-${{ inputs.environment }}-${{ github.run_id}}
- name: Install zip
run: sudo apt-get install zip
- name: Setup Python environment
run: |
poetry install --no-root
source $(poetry env info --path)/bin/activate
- name: Activate Stack
run: |
inactive_stack=$(poetry run python ./scripts/get_env_config.py inactive-stack ${{ inputs.environment }})
poetry run python ./scripts/activate_stack.py ${inactive_stack} ${{ inputs.environment }}
post-release-verify:
name: Verify - ${{ inputs.environment }}
needs: [activate-stack]
runs-on: [self-hosted, ci]
environment: ${{ inputs.environment }}
steps:
- name: Git clone - ${{ inputs.branch_name }}
uses: actions/checkout@v4
with:
ref: ${{ inputs.branch_name }}
- name: Setup asdf cache
uses: actions/cache@v4
with:
path: ~/.asdf
key: ${{ runner.os }}-asdf-${{ hashFiles('**/.tool-versions') }}
restore-keys: |
${{ runner.os }}-asdf-
- name: Install asdf
uses: asdf-vm/actions/[email protected]
- name: Configure Management Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: eu-west-2
role-to-assume: ${{ secrets.MGMT_ROLE_ARN }}
role-session-name: github-actions-ci-${{ inputs.environment }}-${{ github.run_id}}
- name: Install zip
run: sudo apt-get install zip
- name: Setup Python environment
run: |
poetry install --no-root
source $(poetry env info --path)/bin/activate
- name: "Smoke Test"
run: |
make ENV=${{ inputs.environment }} test-smoke-public
rollback-stack:
name: Rollback - ${{ inputs.environment }}
needs: [post-release-verify]
if: always() && ( needs.post-release-verify.result == 'failure' )
runs-on: [self-hosted, ci]
environment: ${{ inputs.environment }}
steps:
- name: Git clone - ${{ inputs.branch_name }}
uses: actions/checkout@v4
with:
ref: ${{ inputs.branch_name }}
- name: Setup asdf cache
uses: actions/cache@v4
with:
path: ~/.asdf
key: ${{ runner.os }}-asdf-${{ hashFiles('**/.tool-versions') }}
restore-keys: |
${{ runner.os }}-asdf-
- name: Install asdf
uses: asdf-vm/actions/[email protected]
- name: Configure Management Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: eu-west-2
role-to-assume: ${{ secrets.MGMT_ROLE_ARN }}
role-session-name: github-actions-ci-${{ inputs.environment }}-${{ github.run_id}}
- name: Install zip
run: sudo apt-get install zip
- name: Setup Python environment
run: |
poetry install --no-root
source $(poetry env info --path)/bin/activate
- name: Deactivate Stack
run: |
inactive_stack_name=$(poetry run python ./scripts/get_env_config.py inactive-stack ${{ inputs.environment }})
poetry run python ./scripts/activate_stack.py ${inactive_stack_name} ${{ inputs.environment }}