Skip to content

Move-QTS-and-PGCE-pages-into-train-to-be-a-teacher #13233

Move-QTS-and-PGCE-pages-into-train-to-be-a-teacher

Move-QTS-and-PGCE-pages-into-train-to-be-a-teacher #13233

Workflow file for this run

name: Build and Deploy
on:
workflow_dispatch:
pull_request:
types: [assigned, opened, synchronize, reopened]
push:
branches: [ master ]
permissions:
contents: write
deployments: write
issues: write
packages: write
pull-requests: write
jobs:
build_base:
name: Build base image
runs-on: ubuntu-latest
outputs:
DOCKER_IMAGE_TEST: ${{ steps.docker.outputs.DOCKER_IMAGE_TEST }}
steps:
- name: Check out the repo
uses: actions/checkout@v4
- name: set-up-environment
uses: DFE-Digital/github-actions/set-up-environment@master
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@master
with:
version: v0.9.1 # More recent buildx versions generate an OCI manifest which is incompatible with Cloud Foundry
- name: Get Short SHA
id: sha
run: |
echo "short=$(echo $GITHUB_SHA | cut -c -7)" >> $GITHUB_OUTPUT
- name: Set docker images variables
id: docker
run: |
if [ "${{github.ref}}" == "refs/heads/master" ]
then
GIT_BRANCH=master
else
GIT_REF=${{ github.head_ref }}
GIT_BRANCH=${GIT_REF##*/}
fi
echo "BRANCH_TAG=$GIT_BRANCH" >> $GITHUB_ENV
echo "DOCKER_IMAGE_TEST=${{ env.DOCKER_REPOSITORY }}:base-sha-${{steps.sha.outputs.short }}" >> $GITHUB_OUTPUT
- name: Login to Docker registry
uses: docker/login-action@v3.0.0
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push base image
uses: docker/build-push-action@v5
with:
target: base
context: .
cache-from: |
type=registry,ref=${{ env.DOCKER_REPOSITORY }}:base-${{ env.BRANCH_TAG }}
type=registry,ref=${{ env.DOCKER_REPOSITORY}}:base-master
tags: |
${{ env.DOCKER_REPOSITORY }}:base-${{ env.BRANCH_TAG }}
${{ env.DOCKER_REPOSITORY }}:base-sha-${{ steps.sha.outputs.short }}
push: true
build-args: |
BUILDKIT_INLINE_CACHE=1
- uses: Azure/login@v1
if: failure() && github.ref == 'refs/heads/master'
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- uses: DfE-Digital/keyvault-yaml-secret@v1
if: failure() && github.ref == 'refs/heads/master'
id: keyvault-yaml-secret
with:
keyvault: ${{ secrets.KEY_VAULT}}
secret: INFRA-KEYS
key: SLACK-WEBHOOK
- name: Slack Notification
if: failure() && github.ref == 'refs/heads/master'
uses: rtCamp/action-slack-notify@master
env:
SLACK_COLOR: ${{env.SLACK_ERROR}}
SLACK_MESSAGE: 'There has been a failure building the application'
SLACK_TITLE: 'Failure Building Application'
SLACK_WEBHOOK: ${{ steps.keyvault-yaml-secret.outputs.SLACK-WEBHOOK }}
build_release:
name: Build release image
needs: [build_base]
runs-on: ubuntu-latest
outputs:
DOCKER_IMAGE: ${{ steps.docker.outputs.DOCKER_IMAGE }}
steps:
- name: Check out the repo
uses: actions/checkout@v4
- name: set-up-environment
uses: DFE-Digital/github-actions/set-up-environment@master
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@master
with:
version: v0.9.1 # More recent buildx versions generate an OCI manifest which is incompatible with Cloud Foundry
- name: Get Short SHA
id: sha
run: |
echo "short=$(echo $GITHUB_SHA | cut -c -7)" >> $GITHUB_OUTPUT
- name: Set docker images variables
id: docker
run: |
if [ "${{github.ref}}" == "refs/heads/master" ]
then
GIT_BRANCH=master
else
GIT_REF=${{ github.head_ref }}
GIT_BRANCH=${GIT_REF##*/}
fi
echo "BRANCH_TAG=$GIT_BRANCH" >> $GITHUB_ENV
echo "DOCKER_IMAGE=${{ env.DOCKER_REPOSITORY }}:sha-${{steps.sha.outputs.short }}" >> $GITHUB_OUTPUT
- name: Login to Docker registry
uses: docker/login-action@v3.0.0
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push release image
uses: docker/build-push-action@v5
with:
target: release
context: .
cache-from: |
type=registry,ref=${{ env.DOCKER_REPOSITORY }}:base-${{ env.BRANCH_TAG }}
type=registry,ref=${{ env.DOCKER_REPOSITORY}}:base-master
type=registry,ref=${{ env.DOCKER_REPOSITORY }}:release-build-${{ env.BRANCH_TAG }}
type=registry,ref=${{ env.DOCKER_REPOSITORY}}:release-build-master
type=registry,ref=${{ env.DOCKER_REPOSITORY }}:${{ env.BRANCH_TAG }}
type=registry,ref=${{ env.DOCKER_REPOSITORY}}:master
tags: |
${{ env.DOCKER_REPOSITORY }}:${{ env.BRANCH_TAG }}
${{ env.DOCKER_REPOSITORY }}:sha-${{ steps.sha.outputs.short }}
push: true
build-args: |
BUILDKIT_INLINE_CACHE=1
SHA=${{ steps.sha.outputs.short }}
- name: Push release-build image
uses: docker/build-push-action@v5
with:
target: release-build
context: .
cache-from: |
type=registry,ref=${{ env.DOCKER_REPOSITORY }}:release-build-${{ env.BRANCH_TAG }}
type=registry,ref=${{ env.DOCKER_REPOSITORY}}:release-build-master
type=registry,ref=${{ env.DOCKER_REPOSITORY }}:base-${{ env.BRANCH_TAG }}
type=registry,ref=${{ env.DOCKER_REPOSITORY}}:base-master
tags: |
${{ env.DOCKER_REPOSITORY }}:release-build-${{ env.BRANCH_TAG }}
${{ env.DOCKER_REPOSITORY }}:release-build-sha-${{ steps.sha.outputs.short }}
push: true
build-args: |
BUILDKIT_INLINE_CACHE=1
SHA=${{ steps.sha.outputs.short }}
- uses: Azure/login@v1
if: failure() && github.ref == 'refs/heads/master'
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- uses: DfE-Digital/keyvault-yaml-secret@v1
if: failure() && github.ref == 'refs/heads/master'
id: keyvault-yaml-secret
with:
keyvault: ${{ secrets.KEY_VAULT}}
secret: INFRA-KEYS
key: SLACK-WEBHOOK
- name: Slack Notification
if: failure() && github.ref == 'refs/heads/master'
uses: rtCamp/action-slack-notify@master
env:
SLACK_COLOR: ${{env.SLACK_ERROR}}
SLACK_MESSAGE: 'There has been a failure building the application'
SLACK_TITLE: 'Failure Building Application'
SLACK_WEBHOOK: ${{ steps.keyvault-yaml-secret.outputs.SLACK-WEBHOOK }}
linting:
name: Linting
runs-on: ubuntu-latest
needs: [ build_base ]
if: github.ref != 'refs/heads/master'
env:
DOCKER_IMAGE_TEST: ${{needs.build_base.outputs.DOCKER_IMAGE_TEST}}
steps:
- name: Check out the repo
uses: actions/checkout@v4
- name: set-up-environment
uses: DFE-Digital/github-actions/set-up-environment@master
- name: Lint SCSS
uses: actions-hub/stylelint@master
env:
PATTERN: "**/*.scss"
- name: Lint Ruby
run: |-
docker run -t --rm -v ${PWD}/out:/app/out -e RAILS_ENV=test ${{env.DOCKER_IMAGE_TEST}} \
rubocop --format json --out=/app/out/rubocop-result.json
- name: Keep Rubocop output
if: always()
uses: actions/upload-artifact@v3
with:
name: rubocop_results
path: ${{ github.workspace }}/out/rubocop-result.json
- name: Lint ERB Templates
run: |-
docker run -t --rm ${{env.DOCKER_IMAGE_TEST}} bundle exec erblint --lint-all
- name: Lint Markdown
run: |-
docker run -t --rm -v ${PWD}/out:/app/out ${{env.DOCKER_IMAGE_TEST}} sh -c "bundle exec mdl app/views/**/*.md | tee /app/out/mdl-result.txt"
- name: ESLint - JavaScript linting
run: |-
docker run -t --rm -e RAILS_ENV=test -e NODE_ENV=test -e CI=true \
${{env.DOCKER_IMAGE_TEST}} sh -c "yarn && yarn js-lint"
javascript_tests:
name: Javascript Tests
runs-on: ubuntu-latest
needs: [ build_base ]
env:
DOCKER_IMAGE_TEST: ${{needs.build_base.outputs.DOCKER_IMAGE_TEST}}
steps:
- name: Check out the repo
uses: actions/checkout@v4
- name: set-up-environment
uses: DFE-Digital/github-actions/set-up-environment@master
- name: Run Javascript Tests
run: |-
docker run -t --rm -e RAILS_ENV=test -e NODE_ENV=test -e CI=true \
${{env.DOCKER_IMAGE_TEST}} sh -c "yarn && yarn spec"
feature_tests:
name: Unit Tests
runs-on: ubuntu-latest
needs: [ build_base ]
services:
postgres:
image: postgres:13.10
env:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
ports:
- 5432:5432
env:
DOCKER_IMAGE_TEST: ${{needs.build_base.outputs.DOCKER_IMAGE_TEST}}
strategy:
fail-fast: false
matrix:
ci_node_total: [6]
ci_node_index: [0, 1, 2, 3, 4, 5]
steps:
- name: Check out the repo
uses: actions/checkout@v4
- name: set-up-environment
uses: DFE-Digital/github-actions/set-up-environment@master
- uses: Azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- uses: DfE-Digital/keyvault-yaml-secret@v1
id: keyvault-yaml-secret
with:
keyvault: ${{ secrets.KEY_VAULT}}
secret: INFRA-KEYS
key: SLACK-WEBHOOK
- name: Prepare DB
run: |-
docker run --net=host -t --rm -e RAILS_ENV=test -e DATABASE_URL="postgresql://postgres:postgres@localhost" ${{ env.DOCKER_IMAGE_TEST }} \
bundle exec rails db:prepare
- name: Run Specs
run: |-
docker run --net=host -t --rm -v ${PWD}/out:/app/out -v ${PWD}/coverage/coverage-${{ matrix.ci_node_index }}:/app/coverage \
-e CI_NODE_TOTAL -e CI_NODE_INDEX -e RAILS_ENV=test -e DATABASE_URL="postgresql://postgres:postgres@localhost" ${{ env.DOCKER_IMAGE_TEST }} \
bundle exec rake 'knapsack:rspec[--format RspecSonarqubeFormatter --out /app/out/test-report-${{ matrix.ci_node_index }}.xml --format progress]' spec
env:
CI_NODE_TOTAL: ${{ matrix.ci_node_total }}
CI_NODE_INDEX: ${{ matrix.ci_node_index }}
- name: Keep Code Coverage Report
if: always()
uses: actions/upload-artifact@v3
with:
name: code_coverage
path: ${{ github.workspace }}/coverage
- name: Keep Unit Tests Results
if: always()
uses: actions/upload-artifact@v3
with:
name: unit_tests
path: ${{ github.workspace }}/out/*
sonarscanner:
name: Sonar Scanner
runs-on: ubuntu-latest
needs: [ build_base, feature_tests ]
if: github.ref != 'refs/heads/master'
env:
DOCKER_IMAGE_TEST: ${{needs.build_base.outputs.DOCKER_IMAGE_TEST}}
steps:
- name: Check out the repo
uses: actions/checkout@v4
- name: set-up-environment
uses: DFE-Digital/github-actions/set-up-environment@master
- uses: Azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- uses: DfE-Digital/keyvault-yaml-secret@v1
id: keyvault-yaml-secret
with:
keyvault: ${{ secrets.KEY_VAULT}}
secret: INFRA-KEYS
key: SONAR-TOKEN
- name: Setup sonarqube
uses: warchant/setup-sonar-scanner@v7
- name: Download Artifacts
uses: actions/download-artifact@v3
- name: Combine Coverage Reports
run: |-
docker run -t --rm -v ${{github.workspace}}/code_coverage:/app/coverage -e RAILS_ENV=test -e COVERAGE_DIR \
${{env.DOCKER_IMAGE_TEST}} bundle exec rake coverage:collate
env:
COVERAGE_DIR: /app/coverage
- name: Fix report file paths
run: |
sudo sed -i "s?\"/app/?\"${PWD}/?" ${{github.workspace}}/code_coverage/coverage.json
- name: Run sonarqube
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: sonar-scanner
-Dsonar.login=${{ steps.keyvault-yaml-secret.outputs.SONAR-TOKEN }}
-Dsonar.organization=dfe-digital
-Dsonar.host.url=https://sonarcloud.io/
-Dsonar.projectKey=DFE-Digital_get-into-teaching-app
-Dsonar.testExecutionReportPaths=${{github.workspace}}/unit_tests/test-report-0.xml,\
${{github.workspace}}/unit_tests/test-report-1.xml,\
${{github.workspace}}/unit_tests/test-report-2.xml,\
${{github.workspace}}/unit_tests/test-report-3.xml,\
${{github.workspace}}/unit_tests/test-report-4.xml,\
${{github.workspace}}/unit_tests/test-report-5.xml
-Dsonar.ruby.coverage.reportPaths=${{github.workspace}}/code_coverage/coverage.json
-Dsonar.ruby.rubocop.reportPaths=${{github.workspace}}/rubocop_results/rubocop-result.json
review:
name: Review Deployment Process
needs: [ build_release ]
if: github.ref != 'refs/heads/master'
runs-on: ubuntu-latest
concurrency: Review_${{github.event.number}}
environment:
name: Review
steps:
- name: Check out the repo
uses: actions/checkout@v4
- name: set-up-environment
uses: DFE-Digital/github-actions/set-up-environment@master
- uses: Azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- uses: DfE-Digital/keyvault-yaml-secret@v1
id: keyvault-yaml-secret
with:
keyvault: ${{ secrets.KEY_VAULT}}
secret: INFRA-KEYS
key: SLACK-WEBHOOK
- name: Deploy to Review
uses: ./.github/workflows/actions/deploy
id: deploy
with:
environment: Review
sha: ${{ github.sha }}
pr: ${{github.event.number}}
AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
KEY_VAULT: ${{ secrets.KEY_VAULT }}
ARM_ACCESS_KEY: ${{ secrets.ARM_ACCESS_KEY }}
- name: Post sticky pull request comment
uses: marocchino/sticky-pull-request-comment@v2
with:
recreate: true
header: PAAS
message: Review app deployed to https://${{env.REVIEW_APPLICATION}}-${{github.event.number}}.${{env.DOMAIN}}
- name: Add Review Label
if: contains(github.event.pull_request.user.login, 'dependabot') == false
uses: actions-ecosystem/action-add-labels@v1
with:
labels: Review
review_aks:
name: Review AKS Deployment Process
needs: [ build_release ]
if: github.ref != 'refs/heads/master'
runs-on: ubuntu-latest
continue-on-error: true
concurrency: Review_aks_${{github.event.number}}
environment:
name: review_aks
steps:
- name: Check out the repo
uses: actions/checkout@v4
- name: set-up-environment
uses: DFE-Digital/github-actions/set-up-environment@master
with:
var_file: .github/common_environment_aks.yml
- name: Setup Environment Variables
if: github.actor == 'dependabot[bot]'
id: variables
shell: bash
run: |
secret_suffix="_AKS_REVIEW"
echo "SECRET_SUFFIX=$secret_suffix" >> $GITHUB_ENV
- uses: Azure/login@v1
with:
creds: ${{ secrets[format('AZURE_CREDENTIALS{0}', env.SECRET_SUFFIX)] }}
- name: Fetch secrets from key vault
uses: azure/CLI@v1
id: keyvault-yaml-secret
with:
inlineScript: |
SLACK_WEBHOOK=$(az keyvault secret show --name "SLACK-WEBHOOK" --vault-name "${{ secrets[format('KEY_VAULT{0}', env.SECRET_SUFFIX)] }}" --query "value" -o tsv)
echo "::add-mask::$SLACK_WEBHOOK"
echo "SLACK_WEBHOOK=$SLACK_WEBHOOK" >> $GITHUB_OUTPUT
- name: Deploy to Review AKS
uses: ./.github/workflows/actions/deploy_v2
id: deploy_v2
with:
environment: review_aks
sha: ${{ github.sha }}
pr: ${{github.event.number}}
AZURE_CREDENTIALS: ${{ secrets[format('AZURE_CREDENTIALS{0}', env.SECRET_SUFFIX)] }}
KEY_VAULT: ${{ secrets[format('KEY_VAULT{0}', env.SECRET_SUFFIX)] }}
ARM_ACCESS_KEY: ${{ secrets[format('ARM_ACCESS_KEY{0}', env.SECRET_SUFFIX)] }}
- name: Post sticky pull request comment
uses: marocchino/sticky-pull-request-comment@v2
with:
recreate: true
header: AKS
message: AKS Review app deployed to https://${{env.REVIEW_APPLICATION}}-${{github.event.number}}.test.${{env.DOMAIN}}
- name: Add Review_v2 Label
if: contains(github.event.pull_request.user.login, 'dependabot') == false
uses: actions-ecosystem/action-add-labels@v1
with:
labels: Review_v2
development:
name: Development Deployment
needs: [ feature_tests, javascript_tests, build_release ]
if: github.ref == 'refs/heads/master'
concurrency: Development
runs-on: ubuntu-latest
outputs:
release_tag: ${{steps.tag_version.outputs.pr_number}}
release_sha: ${{github.sha }}
steps:
- name: Check out the repo
uses: actions/checkout@v4
- name: set-up-environment
uses: DFE-Digital/github-actions/set-up-environment@master
- uses: Azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- uses: DfE-Digital/keyvault-yaml-secret@v1
id: keyvault-yaml-secret
with:
keyvault: ${{ secrets.KEY_VAULT}}
secret: INFRA-KEYS
key: SLACK-WEBHOOK
- name: Deploy to Development
uses: ./.github/workflows/actions/deploy
id: deploy
with:
environment: Development
sha: ${{ github.sha }}
AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
KEY_VAULT: ${{ secrets.KEY_VAULT }}
ARM_ACCESS_KEY: ${{ secrets.ARM_ACCESS_KEY }}
- name: Generate Tag from PR Number
id: tag_version
uses: DFE-Digital/github-actions/GenerateReleaseFromSHA@master
with:
sha: ${{github.sha}}
- name: Create a GitHub Release
id: release
if: steps.tag_version.outputs.pr_found == 1
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ steps.tag_version.outputs.pr_number }}
body: ${{ steps.tag_version.outputs.pr_number }}
release_name: Release ${{ steps.tag_version.outputs.pr_number }}
commitish: ${{ github.sha}}
prerelease: false
- name: Copy PR Info to Release
if: steps.release.outputs.id
uses: DFE-Digital/github-actions/CopyPRtoRelease@master
with:
PR_NUMBER: ${{ steps.tag_version.outputs.pr_number }}
RELEASE_ID: ${{ steps.release.outputs.id }}
TOKEN: ${{secrets.GITHUB_TOKEN}}
development_aks:
name: Development AKS Deployment
needs: [ feature_tests, javascript_tests, build_release ]
if: github.ref == 'refs/heads/master'
concurrency: Development_aks
continue-on-error: true
runs-on: ubuntu-latest
environment:
name: development_aks
outputs:
release_tag: ${{steps.tag_version.outputs.pr_number}}
release_sha: ${{github.sha }}
steps:
- name: Check out the repo
uses: actions/checkout@v4
- name: set-up-environment
uses: DFE-Digital/github-actions/set-up-environment@master
with:
var_file: .github/common_environment_aks.yml
- uses: Azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Fetch secrets from key vault
uses: azure/CLI@v1
id: keyvault-yaml-secret
with:
inlineScript: |
SLACK_WEBHOOK=$(az keyvault secret show --name "SLACK-WEBHOOK" --vault-name "${{ secrets.KEY_VAULT}}" --query "value" -o tsv)
echo "::add-mask::$SLACK_WEBHOOK"
echo "SLACK_WEBHOOK=$SLACK_WEBHOOK" >> $GITHUB_OUTPUT
- name: Deploy to Development AKS
uses: ./.github/workflows/actions/deploy_v2
id: deploy_v2
with:
environment: development_aks
sha: ${{ github.sha }}
AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
KEY_VAULT: ${{ secrets.KEY_VAULT }}
ARM_ACCESS_KEY: ${{ secrets.ARM_ACCESS_KEY }}
# Uncomment below when PaaS dev deploy step is removed
# - name: Generate Tag from PR Number
# id: tag_version
# uses: DFE-Digital/github-actions/GenerateReleaseFromSHA@master
# with:
# sha: ${{github.sha}}
# - name: Create a GitHub Release
# id: release
# if: steps.tag_version.outputs.pr_found == 1
# uses: actions/create-release@v1
# env:
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# with:
# tag_name: ${{ steps.tag_version.outputs.pr_number }}
# body: ${{ steps.tag_version.outputs.pr_number }}
# release_name: Release ${{ steps.tag_version.outputs.pr_number }}
# commitish: ${{ github.sha}}
# prerelease: false
# - name: Copy PR Info to Release
# if: steps.release.outputs.id
# uses: DFE-Digital/github-actions/CopyPRtoRelease@master
# with:
# PR_NUMBER: ${{ steps.tag_version.outputs.pr_number }}
# RELEASE_ID: ${{ steps.release.outputs.id }}
# TOKEN: ${{secrets.GITHUB_TOKEN}}
owasp:
name: OWASP Checks
needs: [ development ]
runs-on: ubuntu-latest
steps:
- name: Check out the repo
uses: actions/checkout@v4
- name: Vunerability Test
uses: ./.github/workflows/actions/owasp
id: deploy
with:
environment: Development
AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
KEY_VAULT: ${{ secrets.KEY_VAULT }}
ARM_ACCESS_KEY: ${{ secrets.ARM_ACCESS_KEY }}
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
owasp_aks:
name: OWASP AKS Checks
needs: [ development_aks ]
runs-on: ubuntu-latest
environment:
name: development_aks
continue-on-error: true
steps:
- name: Check out the repo
uses: actions/checkout@v4
- name: Vunerability Test
uses: ./.github/workflows/actions/owasp_v2
id: deploy
with:
environment: development_aks
AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
KEY_VAULT: ${{ secrets.KEY_VAULT }}
ARM_ACCESS_KEY: ${{ secrets.ARM_ACCESS_KEY }}
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
qa:
name: Quality Assurance Deployment
needs: [ feature_tests, javascript_tests, build_release ]
if: github.ref == 'refs/heads/master'
concurrency: QA
runs-on: ubuntu-latest
environment:
name: Test
steps:
- name: Check out the repo
uses: actions/checkout@v4
- name: set-up-environment
uses: DFE-Digital/github-actions/set-up-environment@master
- uses: Azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- uses: DfE-Digital/keyvault-yaml-secret@v1
id: keyvault-yaml-secret
with:
keyvault: ${{ secrets.KEY_VAULT}}
secret: INFRA-KEYS
key: SLACK-WEBHOOK
- name: Deploy to Test
uses: ./.github/workflows/actions/deploy
id: deploy
with:
environment: Test
sha: ${{ github.sha }}
AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
KEY_VAULT: ${{ secrets.KEY_VAULT }}
ARM_ACCESS_KEY: ${{ secrets.ARM_ACCESS_KEY }}
- name: Slack Notification
if: failure()
uses: rtCamp/action-slack-notify@master
env:
SLACK_COLOR: ${{env.SLACK_ERROR}}
SLACK_TITLE: Failure in Post-Development Deploy
SLACK_MESSAGE: Failure with initialising QA deployment for ${{env.APPLICATION}}
SLACK_WEBHOOK: ${{ steps.keyvault-yaml-secret.outputs.SLACK-WEBHOOK }}
test_aks:
name: Test AKS Deployment
needs: [ feature_tests, javascript_tests, build_release ]
if: github.ref == 'refs/heads/master'
concurrency: test_aks
continue-on-error: true
runs-on: ubuntu-latest
environment:
name: test_aks
steps:
- name: Check out the repo
uses: actions/checkout@v4
- name: set-up-environment
uses: DFE-Digital/github-actions/set-up-environment@master
with:
var_file: .github/common_environment_aks.yml
- uses: Azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Fetch secrets from key vault
uses: azure/CLI@v1
id: keyvault-yaml-secret
with:
inlineScript: |
SLACK_WEBHOOK=$(az keyvault secret show --name "SLACK-WEBHOOK" --vault-name "${{ secrets.KEY_VAULT}}" --query "value" -o tsv)
echo "::add-mask::$SLACK_WEBHOOK"
echo "SLACK_WEBHOOK=$SLACK_WEBHOOK" >> $GITHUB_OUTPUT
- name: Deploy to Test AKS
uses: ./.github/workflows/actions/deploy_v2
id: deploy_v2
with:
environment: test_aks
sha: ${{ github.sha }}
AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
KEY_VAULT: ${{ secrets.KEY_VAULT }}
ARM_ACCESS_KEY: ${{ secrets.ARM_ACCESS_KEY }}
- name: Slack Notification
if: failure()
uses: rtCamp/action-slack-notify@master
env:
SLACK_COLOR: ${{env.SLACK_ERROR}}
SLACK_TITLE: Failure in Post-Development Deploy
SLACK_MESSAGE: Failure with initialising AKS Test deployment for ${{env.APPLICATION}}
SLACK_WEBHOOK: ${{ steps.keyvault-yaml-secret.outputs.SLACK-WEBHOOK }}
integration:
name: Run Integration Tests on QA
runs-on: ubuntu-latest
needs: [ build_base, qa ]
services:
postgres:
image: postgres:13.10
env:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
ports:
- 5432:5432
env:
DOCKER_IMAGE_TEST: ${{needs.build_base.outputs.DOCKER_IMAGE_TEST}}
steps:
- name: Check out the repo
uses: actions/checkout@v4
- name: set-up-environment
uses: DFE-Digital/github-actions/set-up-environment@master
- uses: Azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- uses: DfE-Digital/keyvault-yaml-secret@v1
id: keyvault-yaml-secret
with:
keyvault: ${{ secrets.KEY_VAULT}}
secret: INFRA-KEYS
key: HTTP-USERNAME, HTTP-PASSWORD, MAILSAC-API-KEY
- name: Prepare DB
run: |-
docker run --net=host -t --rm -e RAILS_ENV=test -e DATABASE_URL="postgresql://postgres:postgres@localhost" ${{ env.DOCKER_IMAGE_TEST }} \
bundle exec rails db:prepare
- name: Run Integration Tests
run: |-
docker run --net=host -t --rm -e RAILS_ENV=test -e NODE_ENV=test -e CI=true -e HTTP_USERNAME -e HTTP_PASSWORD -e MAILSAC_API_KEY -e DATABASE_URL="postgresql://postgres:postgres@localhost" \
${{env.DOCKER_IMAGE_TEST}} bundle exec rspec --tag integration
env:
HTTP_USERNAME: ${{ steps.keyvault-yaml-secret.outputs.HTTP-USERNAME }}
HTTP_PASSWORD: ${{ steps.keyvault-yaml-secret.outputs.HTTP-PASSWORD }}
MAILSAC_API_KEY: ${{ steps.keyvault-yaml-secret.outputs.MAILSAC-API-KEY }}
integration_aks:
name: Run Integration Tests on AKS test
runs-on: ubuntu-latest
needs: [ build_base, test_aks ]
environment:
name: test_aks
services:
postgres:
image: postgres:13.10
env:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
ports:
- 5432:5432
env:
DOCKER_IMAGE_TEST: ${{needs.build_base.outputs.DOCKER_IMAGE_TEST}}
steps:
- name: Check out the repo
uses: actions/checkout@v4
- name: set-up-environment
uses: DFE-Digital/github-actions/set-up-environment@master
with:
var_file: .github/common_environment_aks.yml
- uses: Azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Fetch secrets from key vault
uses: azure/CLI@v1
id: keyvault-yaml-secret
with:
inlineScript: |
HTTP_USERNAME=$(az keyvault secret show --name "HTTP-USERNAME" --vault-name "${{ secrets.KEY_VAULT}}" --query "value" -o tsv)
echo "::add-mask::$HTTP_USERNAME"
echo "HTTP_USERNAME=$HTTP_USERNAME" >> $GITHUB_OUTPUT
HTTP_PASSWORD=$(az keyvault secret show --name "HTTP-PASSWORD" --vault-name "${{ secrets.KEY_VAULT}}" --query "value" -o tsv)
echo "::add-mask::$HTTP_PASSWORD"
echo "HTTP_PASSWORD=$HTTP_PASSWORD" >> $GITHUB_OUTPUT
MAILSAC_API_KEY=$(az keyvault secret show --name "MAILSAC-API-KEY" --vault-name "${{ secrets.KEY_VAULT}}" --query "value" -o tsv)
echo "::add-mask::$MAILSAC_API_KEY"
echo "MAILSAC_API_KEY=$MAILSAC_API_KEY" >> $GITHUB_OUTPUT
- name: Prepare DB
run: |-
docker run --net=host -t --rm -e RAILS_ENV=test -e DATABASE_URL="postgresql://postgres:postgres@localhost" ${{ env.DOCKER_IMAGE_TEST }} \
bundle exec rails db:prepare
# Uncomment this step when test is migrated to AKS
# as need to update config.x.integration_host in config/environments/test.rb
# - name: Run Integration Tests
# run: |-
# docker run --net=host -t --rm -e RAILS_ENV=test -e NODE_ENV=test -e CI=true -e HTTP_USERNAME -e HTTP_PASSWORD -e MAILSAC_API_KEY -e DATABASE_URL="postgresql://postgres:postgres@localhost" \
# ${{env.DOCKER_IMAGE_TEST}} bundle exec rspec --tag integration
# env:
# HTTP_USERNAME: ${{ steps.keyvault-yaml-secret.outputs.HTTP_USERNAME }}
# HTTP_PASSWORD: ${{ steps.keyvault-yaml-secret.outputs.HTTP_PASSWORD }}
# MAILSAC_API_KEY: ${{ steps.keyvault-yaml-secret.outputs.MAILSAC_API_KEY }}
production:
name: Production Deployment
runs-on: ubuntu-latest
needs: [ integration, development ]
concurrency: Production
environment:
name: Production
steps:
- name: Check out the repo
uses: actions/checkout@v4
- name: set-up-environment
uses: DFE-Digital/github-actions/set-up-environment@master
- uses: Azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- uses: DfE-Digital/keyvault-yaml-secret@v1
id: keyvault-yaml-secret
with:
keyvault: ${{ secrets.KEY_VAULT}}
secret: INFRA-KEYS
key: SLACK-WEBHOOK, SLACK-RELEASE-NOTE-WEBHOOK
- name: Get Release Id from Tag
id: tag_id
uses: DFE-Digital/github-actions/DraftReleaseByTag@master
with:
TAG: ${{needs.development.outputs.release_tag}}
TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Publish Release
if: steps.tag_id.outputs.release_id
uses: eregon/publish-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
release_id: ${{steps.tag_id.outputs.release_id}}
- name: Deploy to Production
uses: ./.github/workflows/actions/deploy
id: deploy
with:
environment: Production
sha: ${{ github.sha }}
AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
KEY_VAULT: ${{ secrets.KEY_VAULT }}
ARM_ACCESS_KEY: ${{ secrets.ARM_ACCESS_KEY }}
- name: Slack Release Notification
if: steps.tag_id.outputs.release_id
uses: rtCamp/action-slack-notify@master
env:
SLACK_COLOR: ${{env.SLACK_SUCCESS}}
SLACK_TITLE: "Release Published: ${{steps.tag_id.outputs.release_name}}"
SLACK_MESSAGE: ${{ fromJson( steps.tag_id.outputs.release_body) }}
SLACK_WEBHOOK: ${{ steps.keyvault-yaml-secret.outputs.SLACK-RELEASE-NOTE-WEBHOOK }}
MSG_MINIMAL: true
- name: Slack Notification
if: failure()
uses: rtCamp/action-slack-notify@master
env:
SLACK_COLOR: ${{env.SLACK_FAILURE}}
SLACK_TITLE: Production Release ${{github.event.title}}
SLACK_MESSAGE: Failure deploying Production release
SLACK_WEBHOOK: ${{ steps.keyvault-yaml-secret.outputs.SLACK-WEBHOOK }}
production_aks:
name: Production AKS Deployment
runs-on: ubuntu-latest
needs: [ integration, development_aks ]
concurrency: production_aks
continue-on-error: true
environment:
name: production_aks
steps:
- name: Check out the repo
uses: actions/checkout@v4
- name: set-up-environment
uses: DFE-Digital/github-actions/set-up-environment@master
with:
var_file: .github/common_environment_aks.yml
- uses: Azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Fetch secrets from key vault
uses: azure/CLI@v1
id: keyvault-yaml-secret
with:
inlineScript: |
SLACK_WEBHOOK=$(az keyvault secret show --name "SLACK-WEBHOOK" --vault-name "${{ secrets.KEY_VAULT}}" --query "value" -o tsv)
echo "::add-mask::$SLACK_WEBHOOK"
echo "SLACK_WEBHOOK=$SLACK_WEBHOOK" >> $GITHUB_OUTPUT
SLACK_RELEASE_NOTE_WEBHOOK=$(az keyvault secret show --name "SLACK-RELEASE-NOTE-WEBHOOK" --vault-name "${{ secrets.KEY_VAULT}}" --query "value" -o tsv)
echo "::add-mask::$SLACK_RELEASE_NOTE_WEBHOOK"
echo "SLACK_RELEASE_NOTE_WEBHOOK=$SLACK_RELEASE_NOTE_WEBHOOK" >> $GITHUB_OUTPUT
- name: Get Release Id from Tag
id: tag_id
uses: DFE-Digital/github-actions/DraftReleaseByTag@master
with:
TAG: ${{needs.development_aks.outputs.release_tag}}
TOKEN: ${{ secrets.GITHUB_TOKEN }}
# Uncomment when migrated from PaaS
#
# - name: Publish Release
# if: steps.tag_id.outputs.release_id
# uses: eregon/publish-release@v1
# env:
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# with:
# release_id: ${{steps.tag_id.outputs.release_id}}
- name: Deploy to Production AKS
uses: ./.github/workflows/actions/deploy_v2
id: deploy_v2
with:
environment: production_aks
sha: ${{ github.sha }}
AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
KEY_VAULT: ${{ secrets.KEY_VAULT }}
ARM_ACCESS_KEY: ${{ secrets.ARM_ACCESS_KEY }}
# Uncomment when migrated from PaaS
#
# - name: Slack Release Notification
# if: steps.tag_id.outputs.release_id
# uses: rtCamp/action-slack-notify@master
# env:
# SLACK_COLOR: ${{env.SLACK_SUCCESS}}
# SLACK_TITLE: "Release Published: ${{steps.tag_id.outputs.release_name}}"
# SLACK_MESSAGE: ${{ fromJson( steps.tag_id.outputs.release_body) }}
# SLACK_WEBHOOK: ${{ steps.keyvault-yaml-secret.outputs.SLACK-RELEASE-NOTE-WEBHOOK }}
# MSG_MINIMAL: true
- name: Slack Notification
if: failure()
uses: rtCamp/action-slack-notify@master
env:
SLACK_COLOR: ${{env.SLACK_FAILURE}}
SLACK_TITLE: Production Release ${{github.event.title}}
SLACK_MESSAGE: Failure deploying Production AKS release
SLACK_WEBHOOK: ${{ steps.keyvault-yaml-secret.outputs.SLACK-WEBHOOK }}