Merge pull request #1302 from DFE-Digital/dependency-update-sep-18 #71
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and Deploy | |
on: | |
workflow_dispatch: | |
inputs: | |
environment: | |
description: Environment to deploy to | |
required: true | |
type: choice | |
default: development_aks | |
options: | |
- development_aks | |
- test_aks | |
- production_aks | |
pull_request: | |
types: [assigned, opened, synchronize, reopened, ready_for_review] | |
push: | |
branches: | |
- master | |
jobs: | |
build: | |
name: Build and push to Github Container Registry | |
runs-on: ubuntu-latest | |
environment: ${{ github.event.inputs.environment }} | |
outputs: | |
image: ${{steps.docker_image.outputs.IMAGE}} | |
image_tag_sha: "sha-${{ steps.vars.outputs.sha_short }}" | |
steps: | |
- name: Check out the repo | |
uses: actions/checkout@v3 | |
- name: set-up-environment | |
uses: DFE-Digital/github-actions/set-up-environment@master | |
- uses: Azure/login@v1 | |
with: | |
creds: ${{ secrets.AZURE_CREDENTIALS }} | |
- name: Fetch secrets from key vault | |
uses: azure/CLI@v1 | |
id: fetch-secrets | |
with: | |
inlineScript: | | |
SECRET_VALUE=$(az keyvault secret show --name "SLACK-WEBHOOK" --vault-name "${{ secrets.INFRA_KEY_VAULT}}" --query "value" -o tsv) | |
echo "::add-mask::$SECRET_VALUE" | |
echo "SLACK-WEBHOOK=$SECRET_VALUE" >> $GITHUB_OUTPUT | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@master | |
with: | |
version: v0.9.1 # More recent buildx versions generate an OCI manifest which is incompatible with Cloud Foundry | |
- name: Get Short SHA | |
id: vars | |
run: | | |
echo "sha_short=$(echo $GITHUB_SHA | cut -c -7)" >> $GITHUB_OUTPUT | |
- name: Cache Docker layers | |
uses: actions/cache@v3 | |
with: | |
path: /tmp/.buildx-cache | |
key: ${{ runner.os }}-buildx-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-buildx- | |
- name: Login to Github Container Registry | |
uses: docker/login-action@v2 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build | |
uses: docker/build-push-action@v4 | |
with: | |
push: ${{ github.ref == 'refs/heads/master' }} | |
builder: ${{ steps.buildx.outputs.name }} | |
cache-from: type=local,src=/tmp/.buildx-cache | |
cache-to: type=local,dest=/tmp/.buildx-cache | |
tags: | | |
${{env.DOCKER_REPOSITORY}}:sha-${{ steps.vars.outputs.sha_short }} | |
build-args: GIT_COMMIT_SHA=${{ steps.vars.outputs.sha_short }} | |
- name: Slack Notification | |
if: failure() && github.ref == 'refs/heads/master' | |
uses: rtCamp/action-slack-notify@master | |
env: | |
SLACK_COLOR: ${{env.SLACK_FAILURE}} | |
SLACK_MESSAGE: 'The pipeline has failed to build the API image' | |
SLACK_TITLE: 'Failure to Build API ' | |
SLACK_WEBHOOK: "${{ steps.fetch-secrets.outputs.SLACK-WEBHOOK }}" | |
development: | |
name: Development Deployment | |
needs: build | |
if: github.ref == 'refs/heads/master' | |
runs-on: ubuntu-latest | |
environment: | |
name: development_aks | |
steps: | |
- name: Check out the repo | |
uses: actions/checkout@v3 | |
- name: set-up-environment | |
uses: DFE-Digital/github-actions/set-up-environment@master | |
- uses: Azure/login@v1 | |
with: | |
creds: ${{ secrets.AZURE_CREDENTIALS }} | |
- name: Fetch secrets from key vault | |
uses: azure/CLI@v1 | |
id: fetch-secrets | |
with: | |
inlineScript: | | |
SECRET_VALUE=$(az keyvault secret show --name "SLACK-WEBHOOK" --vault-name "${{ secrets.INFRA_KEY_VAULT}}" --query "value" -o tsv) | |
echo "::add-mask::$SECRET_VALUE" | |
echo "SLACK-WEBHOOK=$SECRET_VALUE" >> $GITHUB_OUTPUT | |
- name: Trigger Development Deployment | |
uses: ./.github/workflows/actions/deploy_v2 | |
id: deploy | |
with: | |
environment: development_aks | |
sha: ${{needs.build.outputs.image_tag_sha}} | |
azure-credentials: ${{ secrets.AZURE_CREDENTIALS }} | |
- name: Generate Tag from PR Number | |
id: tag_version | |
uses: DFE-Digital/github-actions/GenerateReleaseFromSHA@master | |
with: | |
sha: ${{github.sha}} | |
- name: Create a GitHub Release | |
id: release | |
if: steps.tag_version.outputs.pr_found == 1 | |
uses: actions/create-release@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
tag_name: ${{ steps.tag_version.outputs.pr_number }} | |
release_name: Release ${{ steps.tag_version.outputs.pr_number }} | |
commitish: ${{github.sha}} | |
prerelease: false | |
draft: false | |
- name: Copy PR Info to Release | |
if: steps.release.outputs.id | |
uses: DFE-Digital/github-actions/CopyPRtoRelease@master | |
with: | |
PR_NUMBER: ${{ steps.tag_version.outputs.pr_number }} | |
RELEASE_ID: ${{ steps.release.outputs.id }} | |
TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Slack Notification | |
if: failure() && github.ref == 'refs/heads/master' | |
uses: rtCamp/action-slack-notify@master | |
env: | |
SLACK_COLOR: ${{env.SLACK_FAILURE}} | |
SLACK_MESSAGE: 'Deployment to the development environment has failed' | |
SLACK_TITLE: 'Deployment to the development environment has failed' | |
SLACK_WEBHOOK: '${{ steps.fetch-secrets.outputs.SLACK-WEBHOOK }}' | |
test: | |
name: Test Deployment | |
needs: build | |
if: github.ref == 'refs/heads/master' | |
runs-on: ubuntu-latest | |
environment: | |
name: test_aks | |
steps: | |
- name: Check out the repo | |
uses: actions/checkout@v3 | |
- name: set-up-environment | |
uses: DFE-Digital/github-actions/set-up-environment@master | |
- uses: Azure/login@v1 | |
with: | |
creds: ${{ secrets.AZURE_CREDENTIALS }} | |
- name: Fetch secrets from key vault | |
uses: azure/CLI@v1 | |
id: fetch-secrets | |
with: | |
inlineScript: | | |
SECRET_VALUE=$(az keyvault secret show --name "SLACK-WEBHOOK" --vault-name "${{ secrets.INFRA_KEY_VAULT}}" --query "value" -o tsv) | |
echo "::add-mask::$SECRET_VALUE" | |
echo "SLACK-WEBHOOK=$SECRET_VALUE" >> $GITHUB_OUTPUT | |
- name: Trigger Test Deployment | |
uses: ./.github/workflows/actions/deploy_v2 | |
id: deploy | |
with: | |
environment: test_aks | |
sha: ${{needs.build.outputs.image_tag_sha}} | |
azure-credentials: ${{ secrets.AZURE_CREDENTIALS }} | |
- name: Slack Notification | |
if: failure() && github.ref == 'refs/heads/master' | |
uses: rtCamp/action-slack-notify@master | |
env: | |
SLACK_COLOR: ${{env.SLACK_FAILURE}} | |
SLACK_MESSAGE: 'Deployment to the test environment has failed' | |
SLACK_TITLE: 'Deployment to the test environment has failed' | |
SLACK_WEBHOOK: "${{ steps.fetch-secrets.outputs.SLACK-WEBHOOK }}" |