From e60280b017e48048dcf6cc16814da2eb3ce22194 Mon Sep 17 00:00:00 2001 From: Robert Kibble Date: Tue, 7 Nov 2023 12:33:55 +0000 Subject: [PATCH 1/6] BAU - amend workflows for correct deployments on commits --- .github/workflows/copilot_deploy.yml | 100 ++++++++++++++------------- .github/workflows/environment.yml | 49 ------------- 2 files changed, 53 insertions(+), 96 deletions(-) delete mode 100644 .github/workflows/environment.yml diff --git a/.github/workflows/copilot_deploy.yml b/.github/workflows/copilot_deploy.yml index 0fbaa2a..d032e8a 100644 --- a/.github/workflows/copilot_deploy.yml +++ b/.github/workflows/copilot_deploy.yml @@ -50,59 +50,65 @@ jobs: # Note - no db-name, so defaults to postgres_db postgres_unit_testing: true - dev_copilot_deploy: - if: inputs.environment == 'dev' || inputs.environment == '' - needs: [pre_deploy_tests, paketo_build] - concurrency: deploy-dev - secrets: - AWS_ACCOUNT: ${{ secrets.AWS_ACCOUNT }} - uses: ./.github/workflows/environment.yml - permissions: - id-token: write # This is required for requesting the JWT - contents: read # This is required for actions/checkout - with: - workspace: 'dev' + copilot_environments_workflow_setup: + runs-on: ubuntu-latest + outputs: + matrix: ${{ steps.copilot_env_matrix.outputs.env_list }} + steps: + - id: copilot_env_matrix + run: | + if [ "${{ inputs.environment }}" != '' ]; then + echo "env_list=[\"${{ inputs.environment }}\"]" >> $GITHUB_OUTPUT + elif [ "${{ github.ref }}" == 'refs/heads/main' ]; then + echo "env_list=[\"dev\", \"test\", \"uat\", \"production\"]" >> $GITHUB_OUTPUT + else + echo "env_list=[\"dev\", \"test\"]" >> $GITHUB_OUTPUT + fi - test_copilot_deploy: - if: inputs.environment == 'test' || inputs.environment == '' - needs: [pre_deploy_tests, paketo_build] - concurrency: deploy-test - secrets: - AWS_ACCOUNT: ${{ secrets.AWS_ACCOUNT }} - uses: ./.github/workflows/environment.yml + copilot_environments_deploy: + concurrency: account-store-environment-deploy permissions: id-token: write # This is required for requesting the JWT contents: read # This is required for actions/checkout - with: - workspace: 'test' + needs: [ pre_deploy_tests, paketo_build, copilot_environments_workflow_setup ] + runs-on: ubuntu-latest + strategy: + matrix: + value: ${{ fromJSON(needs.copilot_environments_workflow_setup.outputs.matrix) }} + environment: ${{ matrix.value }} + steps: + - name: Git clone the repository + uses: actions/checkout@v4 - # Allow the capability to override UAT with another branch, but ideally uat and production should be in sync as much as possible - uat_copilot_deploy: - if: inputs.environment == 'uat' || inputs.environment == '' - needs: [pre_deploy_tests, paketo_build] - concurrency: deploy-uat - secrets: - AWS_ACCOUNT: ${{ secrets.AWS_ACCOUNT }} - uses: ./.github/workflows/environment.yml - permissions: - id-token: write # This is required for requesting the JWT - contents: read # This is required for actions/checkout - with: - workspace: 'uat' + - name: Get current date + shell: bash + id: currentdatetime + run: echo "datetime=$(date +'%Y%m%d%H%M%S')" >> $GITHUB_OUTPUT - # Only run this if the branch being deployed is main - production_copilot_deploy: - if: (inputs.environment == 'production' || inputs.environment == '') && github.ref == 'refs/heads/main' - needs: [pre_deploy_tests, paketo_build] - concurrency: deploy-production - secrets: - AWS_ACCOUNT: ${{ secrets.AWS_ACCOUNT }} - uses: ./.github/workflows/environment.yml - permissions: - id-token: write # This is required for requesting the JWT - contents: read # This is required for actions/checkout - with: - workspace: 'production' + - name: configure aws credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT }}:role/GithubCopilotDeploy + role-session-name: NOTIFICATION_${{ matrix.value }}_COPILOT_${{ steps.currentdatetime.outputs.datetime }} + aws-region: eu-west-2 + + - name: Install AWS Copilot CLI + shell: bash + run: | + curl -Lo aws-copilot https://github.com/aws/copilot-cli/releases/latest/download/copilot-linux && chmod +x aws-copilot && sudo mv aws-copilot /usr/local/bin/copilot + + - name: Inject Git SHA into manifest + run: | + yq -i '.variables.GITHUB_SHA = "${{ github.sha }}"' copilot/fsd-account-store/manifest.yml + + - name: Inject replacement image into manifest + run: | + yq -i '.image.location = "ghcr.io/communitiesuk/funding-service-design-account-store:${{ github.ref_name == 'main' && 'latest' || github.ref_name }}"' copilot/fsd-account-store/manifest.yml + + - name: Copilot ${{ matrix.value }} deploy + id: deploy_build + run: | + copilot svc deploy --env ${{ matrix.value }} --app pre-award # Can we realistically run E2E at this stage, or just plump for application on the grounds it checks account-store is operational? post_deploy_tests: diff --git a/.github/workflows/environment.yml b/.github/workflows/environment.yml deleted file mode 100644 index 5e852fa..0000000 --- a/.github/workflows/environment.yml +++ /dev/null @@ -1,49 +0,0 @@ -name: Environment Deployment -on: - workflow_call: - inputs: - workspace: - required: true - type: string - secrets: - AWS_ACCOUNT: - required: true - -jobs: - copilot_deploy: - permissions: - id-token: write # This is required for requesting the JWT - contents: read # This is required for actions/checkout - runs-on: ubuntu-latest - environment: ${{ inputs.workspace }} - steps: - - name: Git clone the repository - uses: actions/checkout@v3 - - - name: Get current date - id: currentdatetime - run: echo "datetime=$(date +'%Y%m%d%H%M%S')" >> $GITHUB_OUTPUT - - - name: configure aws credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT }}:role/GithubCopilotDeploy - role-session-name: ACCOUNT_STORE_${{ inputs.workspace }}_COPILOT_${{ steps.currentdatetime.outputs.datetime }} - aws-region: eu-west-2 - - - name: Install AWS Copilot CLI - run: | - curl -Lo aws-copilot https://github.com/aws/copilot-cli/releases/latest/download/copilot-linux && chmod +x aws-copilot && sudo mv aws-copilot /usr/local/bin/copilot - - - name: Inject Git SHA into manifest - run: | - yq -i '.variables.GITHUB_SHA = "${{ github.sha }}"' copilot/fsd-account-store/manifest.yml - - - name: Inject replacement image into manifest - run: | - yq -i '.image.location = "ghcr.io/communitiesuk/funding-service-design-account-store:${{ github.ref_name == 'main' && 'latest' || github.ref_name }}"' copilot/fsd-account-store/manifest.yml - - - name: Copilot ${{ inputs.workspace }} deploy - id: deploy_build - run: | - copilot svc deploy --env ${{ inputs.workspace }} From 7bdee9b4d8bd7e6411b1185bf0fe0c3f199df3c9 Mon Sep 17 00:00:00 2001 From: Robert Kibble Date: Tue, 7 Nov 2023 12:36:14 +0000 Subject: [PATCH 2/6] Fix dependency --- .github/workflows/copilot_deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/copilot_deploy.yml b/.github/workflows/copilot_deploy.yml index d032e8a..df82760 100644 --- a/.github/workflows/copilot_deploy.yml +++ b/.github/workflows/copilot_deploy.yml @@ -112,7 +112,7 @@ jobs: # Can we realistically run E2E at this stage, or just plump for application on the grounds it checks account-store is operational? post_deploy_tests: - needs: test_copilot_deploy + needs: copilot_environments_deploy secrets: E2E_PAT: ${{secrets.E2E_PAT}} uses: communitiesuk/funding-service-design-workflows/.github/workflows/post-deploy.yml@main From 80a4de500b23faf8269b87268a5505969f2e50fa Mon Sep 17 00:00:00 2001 From: Robert Kibble Date: Tue, 7 Nov 2023 14:14:51 +0000 Subject: [PATCH 3/6] Only run post-deploy on test --- .github/workflows/copilot_deploy.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/copilot_deploy.yml b/.github/workflows/copilot_deploy.yml index df82760..475e826 100644 --- a/.github/workflows/copilot_deploy.yml +++ b/.github/workflows/copilot_deploy.yml @@ -113,6 +113,7 @@ jobs: # Can we realistically run E2E at this stage, or just plump for application on the grounds it checks account-store is operational? post_deploy_tests: needs: copilot_environments_deploy + if: inputs.environment == 'test' || inputs.environment == '' secrets: E2E_PAT: ${{secrets.E2E_PAT}} uses: communitiesuk/funding-service-design-workflows/.github/workflows/post-deploy.yml@main From 8a7411e8048acea3cc51a1fc2a3dc452fe041b0e Mon Sep 17 00:00:00 2001 From: Robert Kibble Date: Tue, 7 Nov 2023 14:21:22 +0000 Subject: [PATCH 4/6] Only run post-deploy on test/dev --- .github/workflows/copilot_deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/copilot_deploy.yml b/.github/workflows/copilot_deploy.yml index 475e826..0e38649 100644 --- a/.github/workflows/copilot_deploy.yml +++ b/.github/workflows/copilot_deploy.yml @@ -113,7 +113,7 @@ jobs: # Can we realistically run E2E at this stage, or just plump for application on the grounds it checks account-store is operational? post_deploy_tests: needs: copilot_environments_deploy - if: inputs.environment == 'test' || inputs.environment == '' + if: inputs.environment == 'test' || inputs.environment == 'dev' || inputs.environment == '' secrets: E2E_PAT: ${{secrets.E2E_PAT}} uses: communitiesuk/funding-service-design-workflows/.github/workflows/post-deploy.yml@main From 8af81eb810e9670bd7b86f3a10374d2c70534671 Mon Sep 17 00:00:00 2001 From: Robert Kibble Date: Tue, 7 Nov 2023 14:29:59 +0000 Subject: [PATCH 5/6] Only run post-deploy on test/dev --- .github/workflows/copilot_deploy.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/copilot_deploy.yml b/.github/workflows/copilot_deploy.yml index 0e38649..ee323f1 100644 --- a/.github/workflows/copilot_deploy.yml +++ b/.github/workflows/copilot_deploy.yml @@ -116,8 +116,9 @@ jobs: if: inputs.environment == 'test' || inputs.environment == 'dev' || inputs.environment == '' secrets: E2E_PAT: ${{secrets.E2E_PAT}} - uses: communitiesuk/funding-service-design-workflows/.github/workflows/post-deploy.yml@main + uses: communitiesuk/funding-service-design-workflows/.github/workflows/post-deploy.yml@BAU_support_post_deploy_envs #main with: run_performance_tests: ${{ inputs.run_performance_tests }} run_e2e_tests: ${{ inputs.run_e2e_tests }} app_name: application + environment: ${{ inputs.environment == '' && 'test' || inputs.environment }} From f5e913dbe183290b6ba8d68c76d45680956cf0df Mon Sep 17 00:00:00 2001 From: Robert Kibble Date: Tue, 7 Nov 2023 14:55:11 +0000 Subject: [PATCH 6/6] Only run post-deploy on test/dev --- .github/workflows/copilot_deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/copilot_deploy.yml b/.github/workflows/copilot_deploy.yml index ee323f1..b483524 100644 --- a/.github/workflows/copilot_deploy.yml +++ b/.github/workflows/copilot_deploy.yml @@ -116,7 +116,7 @@ jobs: if: inputs.environment == 'test' || inputs.environment == 'dev' || inputs.environment == '' secrets: E2E_PAT: ${{secrets.E2E_PAT}} - uses: communitiesuk/funding-service-design-workflows/.github/workflows/post-deploy.yml@BAU_support_post_deploy_envs #main + uses: communitiesuk/funding-service-design-workflows/.github/workflows/post-deploy.yml@main with: run_performance_tests: ${{ inputs.run_performance_tests }} run_e2e_tests: ${{ inputs.run_e2e_tests }}