Update 2024 campaign images #13925

Workflow file for this run

	name: Build and Deploy

	on:
	workflow_dispatch:
	pull_request:
	types: [assigned, opened, synchronize, reopened]
	push:
	branches: [ master ]

	permissions:
	contents: write
	deployments: write
	issues: write
	packages: write
	pull-requests: write

	env:
	code-coverage-artifact-name: code_coverage_${{github.run_number}}_${{github.run_attempt}}
	unit-tests-artifact-name: unit_tests_${{github.run_number}}_${{github.run_attempt}}
	rubocop-artifact-name: rubocop_results_${{github.run_number}}_${{github.run_attempt}}

	jobs:
	build_base:
	name: Build base image
	runs-on: ubuntu-latest
	outputs:
	DOCKER_IMAGE_TEST: ${{ steps.docker.outputs.DOCKER_IMAGE_TEST }}

	steps:
	- name: Check out the repo
	uses: actions/checkout@v4

	- name: set-up-environment
	uses: DFE-Digital/github-actions/set-up-environment@master
	with:
	var_file: .github/common_environment_aks.yml

	- name: Set up Docker Buildx
	id: buildx
	uses: docker/setup-buildx-action@master
	with:
	version: v0.9.1 # More recent buildx versions generate an OCI manifest which is incompatible with Cloud Foundry

	- name: Get Short SHA
	id: sha
	run: \|
	echo "short=$(echo $GITHUB_SHA \| cut -c -7)" >> $GITHUB_OUTPUT

	- name: Set docker images variables
	id: docker
	run: \|
	if [ "${{github.ref}}" == "refs/heads/master" ]
	then
	GIT_BRANCH=master
	else
	GIT_REF=${{ github.head_ref }}
	GIT_BRANCH=${GIT_REF##*/}
	fi

	echo "BRANCH_TAG=$GIT_BRANCH" >> $GITHUB_ENV
	echo "DOCKER_IMAGE_TEST=${{ env.DOCKER_REPOSITORY }}:base-sha-${{steps.sha.outputs.short }}" >> $GITHUB_OUTPUT

	- name: Login to Docker registry
	uses: docker/login-action@v3.0.0
	with:
	registry: ghcr.io
	username: ${{ github.repository_owner }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Build and push base image
	uses: docker/build-push-action@v5
	with:
	target: base
	context: .
	cache-from: \|
	type=registry,ref=${{ env.DOCKER_REPOSITORY }}:base-${{ env.BRANCH_TAG }}
	type=registry,ref=${{ env.DOCKER_REPOSITORY}}:base-master
	tags: \|
	${{ env.DOCKER_REPOSITORY }}:base-${{ env.BRANCH_TAG }}
	${{ env.DOCKER_REPOSITORY }}:base-sha-${{ steps.sha.outputs.short }}
	push: true
	build-args: \|
	BUILDKIT_INLINE_CACHE=1

	- uses: Azure/login@v1
	if: failure() && github.ref == 'refs/heads/master'
	with:
	creds: ${{ secrets.AZURE_CREDENTIALS_AKS_REVIEW }}

	- name: Fetch secrets from key vault
	if: failure() && github.ref == 'refs/heads/master'
	uses: azure/CLI@v1
	id: keyvault-yaml-secret
	with:
	inlineScript: \|
	SLACK_WEBHOOK=$(az keyvault secret show --name "SLACK-WEBHOOK" --vault-name "${{ secrets.KEY_VAULT_AKS_REVIEW }}" --query "value" -o tsv)
	echo "::add-mask::$SLACK_WEBHOOK"
	echo "SLACK_WEBHOOK=$SLACK_WEBHOOK" >> $GITHUB_OUTPUT

	- name: Slack Notification
	if: failure() && github.ref == 'refs/heads/master'
	uses: rtCamp/action-slack-notify@master
	env:
	SLACK_COLOR: ${{env.SLACK_ERROR}}
	SLACK_MESSAGE: 'There has been a failure building the application'
	SLACK_TITLE: 'Failure Building Application'
	SLACK_WEBHOOK: ${{ steps.keyvault-yaml-secret.outputs.SLACK_WEBHOOK }}

	build_release:
	name: Build release image
	needs: [build_base]
	runs-on: ubuntu-latest
	outputs:
	DOCKER_IMAGE: ${{ steps.docker.outputs.DOCKER_IMAGE }}

	steps:
	- name: Check out the repo
	uses: actions/checkout@v4

	- name: set-up-environment
	uses: DFE-Digital/github-actions/set-up-environment@master
	with:
	var_file: .github/common_environment_aks.yml

	- name: Set up Docker Buildx
	id: buildx
	uses: docker/setup-buildx-action@master
	with:
	version: v0.9.1 # More recent buildx versions generate an OCI manifest which is incompatible with Cloud Foundry

	- name: Get Short SHA
	id: sha
	run: \|
	echo "short=$(echo $GITHUB_SHA \| cut -c -7)" >> $GITHUB_OUTPUT

	- name: Set docker images variables
	id: docker
	run: \|
	if [ "${{github.ref}}" == "refs/heads/master" ]
	then
	GIT_BRANCH=master
	else
	GIT_REF=${{ github.head_ref }}
	GIT_BRANCH=${GIT_REF##*/}
	fi

	echo "BRANCH_TAG=$GIT_BRANCH" >> $GITHUB_ENV
	echo "DOCKER_IMAGE=${{ env.DOCKER_REPOSITORY }}:sha-${{steps.sha.outputs.short }}" >> $GITHUB_OUTPUT

	- name: Login to Docker registry
	uses: docker/login-action@v3.0.0
	with:
	registry: ghcr.io
	username: ${{ github.repository_owner }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Build and push release image
	uses: docker/build-push-action@v5
	with:
	target: release
	context: .
	cache-from: \|
	type=registry,ref=${{ env.DOCKER_REPOSITORY }}:base-${{ env.BRANCH_TAG }}
	type=registry,ref=${{ env.DOCKER_REPOSITORY}}:base-master
	type=registry,ref=${{ env.DOCKER_REPOSITORY }}:release-build-${{ env.BRANCH_TAG }}
	type=registry,ref=${{ env.DOCKER_REPOSITORY}}:release-build-master
	type=registry,ref=${{ env.DOCKER_REPOSITORY }}:${{ env.BRANCH_TAG }}
	type=registry,ref=${{ env.DOCKER_REPOSITORY}}:master
	tags: \|
	${{ env.DOCKER_REPOSITORY }}:${{ env.BRANCH_TAG }}
	${{ env.DOCKER_REPOSITORY }}:sha-${{ steps.sha.outputs.short }}
	push: true
	build-args: \|
	BUILDKIT_INLINE_CACHE=1
	SHA=${{ steps.sha.outputs.short }}

	- name: Push release-build image
	uses: docker/build-push-action@v5
	with:
	target: release-build
	context: .
	cache-from: \|
	type=registry,ref=${{ env.DOCKER_REPOSITORY }}:release-build-${{ env.BRANCH_TAG }}
	type=registry,ref=${{ env.DOCKER_REPOSITORY}}:release-build-master
	type=registry,ref=${{ env.DOCKER_REPOSITORY }}:base-${{ env.BRANCH_TAG }}
	type=registry,ref=${{ env.DOCKER_REPOSITORY}}:base-master
	tags: \|
	${{ env.DOCKER_REPOSITORY }}:release-build-${{ env.BRANCH_TAG }}
	${{ env.DOCKER_REPOSITORY }}:release-build-sha-${{ steps.sha.outputs.short }}
	push: true
	build-args: \|
	BUILDKIT_INLINE_CACHE=1
	SHA=${{ steps.sha.outputs.short }}

	- uses: Azure/login@v1
	if: failure() && github.ref == 'refs/heads/master'
	with:
	creds: ${{ secrets.AZURE_CREDENTIALS_AKS_REVIEW }}

	- name: Fetch secrets from key vault
	if: failure() && github.ref == 'refs/heads/master'
	uses: azure/CLI@v1
	id: keyvault-yaml-secret
	with:
	inlineScript: \|
	SLACK_WEBHOOK=$(az keyvault secret show --name "SLACK-WEBHOOK" --vault-name "${{ secrets.KEY_VAULT_AKS_REVIEW }}" --query "value" -o tsv)
	echo "::add-mask::$SLACK_WEBHOOK"
	echo "SLACK_WEBHOOK=$SLACK_WEBHOOK" >> $GITHUB_OUTPUT

	- name: Slack Notification
	if: failure() && github.ref == 'refs/heads/master'
	uses: rtCamp/action-slack-notify@master
	env:
	SLACK_COLOR: ${{env.SLACK_ERROR}}
	SLACK_MESSAGE: 'There has been a failure building the application'
	SLACK_TITLE: 'Failure Building Application'
	SLACK_WEBHOOK: ${{ steps.keyvault-yaml-secret.outputs.SLACK_WEBHOOK }}



	linting:
	name: Linting
	runs-on: ubuntu-latest
	needs: [ build_base ]
	if: github.ref != 'refs/heads/master'
	env:
	DOCKER_IMAGE_TEST: ${{needs.build_base.outputs.DOCKER_IMAGE_TEST}}
	steps:
	- name: Check out the repo
	uses: actions/checkout@v4

	- name: set-up-environment
	uses: DFE-Digital/github-actions/set-up-environment@master
	with:
	var_file: .github/common_environment_aks.yml

	# - name: Lint SCSS
	# uses: actions-hub/stylelint@master
	# env:
	# PATTERN: "*/.scss"

	- name: Lint Ruby
	run: \|-
	docker run -t --rm -v ${PWD}/out:/app/out -e RAILS_ENV=test ${{env.DOCKER_IMAGE_TEST}} \
	rubocop --format json --out=/app/out/rubocop-result.json

	- name: Keep Rubocop output
	if: always()
	uses: actions/upload-artifact@v4
	with:
	name: ${{ env.rubocop-artifact-name }}
	path: ${{ github.workspace }}/out/rubocop-result.json

	- name: Lint ERB Templates
	run: \|-
	docker run -t --rm ${{env.DOCKER_IMAGE_TEST}} bundle exec erblint --lint-all

	- name: Lint Markdown
	run: \|-
	docker run -t --rm -v ${PWD}/out:/app/out ${{env.DOCKER_IMAGE_TEST}} sh -c "bundle exec mdl app/views/*/.md \| tee /app/out/mdl-result.txt"

	- name: ESLint - JavaScript linting
	run: \|-
	docker run -t --rm -e RAILS_ENV=test -e NODE_ENV=test -e CI=true \
	${{env.DOCKER_IMAGE_TEST}} sh -c "yarn && yarn js-lint"

	javascript_tests:
	name: Javascript Tests
	runs-on: ubuntu-latest
	needs: [ build_base ]
	env:
	DOCKER_IMAGE_TEST: ${{needs.build_base.outputs.DOCKER_IMAGE_TEST}}
	steps:
	- name: Check out the repo
	uses: actions/checkout@v4

	- name: set-up-environment
	uses: DFE-Digital/github-actions/set-up-environment@master
	with:
	var_file: .github/common_environment_aks.yml

	- name: Run Javascript Tests
	run: \|-
	docker run -t --rm -e RAILS_ENV=test -e NODE_ENV=test -e CI=true \
	${{env.DOCKER_IMAGE_TEST}} sh -c "yarn && yarn spec"

	feature_tests:
	name: Unit Tests
	runs-on: ubuntu-latest
	needs: [ build_base ]
	services:
	postgres:
	image: postgres:13.10
	env:
	POSTGRES_USER: postgres
	POSTGRES_PASSWORD: postgres
	options: >-
	--health-cmd pg_isready
	--health-interval 10s
	--health-timeout 5s
	--health-retries 5
	ports:
	- 5432:5432
	env:
	DOCKER_IMAGE_TEST: ${{needs.build_base.outputs.DOCKER_IMAGE_TEST}}
	strategy:
	fail-fast: false
	matrix:
	ci_node_total: [6]
	ci_node_index: [0, 1, 2, 3, 4, 5]
	steps:
	- name: Check out the repo
	uses: actions/checkout@v4

	- name: set-up-environment
	uses: DFE-Digital/github-actions/set-up-environment@master
	with:
	var_file: .github/common_environment_aks.yml

	- uses: Azure/login@v1
	with:
	creds: ${{ secrets.AZURE_CREDENTIALS_AKS_REVIEW }}

	- name: Fetch secrets from key vault
	uses: azure/CLI@v1
	id: keyvault-yaml-secret
	with:
	inlineScript: \|
	SLACK_WEBHOOK=$(az keyvault secret show --name "SLACK-WEBHOOK" --vault-name "${{ secrets.KEY_VAULT_AKS_REVIEW }}" --query "value" -o tsv)
	echo "::add-mask::$SLACK_WEBHOOK"
	echo "SLACK_WEBHOOK=$SLACK_WEBHOOK" >> $GITHUB_OUTPUT

	- name: Prepare DB
	run: \|-
	docker run --net=host -t --rm -e RAILS_ENV=test -e DATABASE_URL="postgresql://postgres:postgres@localhost" ${{ env.DOCKER_IMAGE_TEST }} \
	bundle exec rails db:prepare

	- name: Run Specs
	run: \|-
	docker run --net=host -t --rm -v ${PWD}/out:/app/out -v ${PWD}/coverage/coverage-${{ matrix.ci_node_index }}:/app/coverage \
	-e CI_NODE_TOTAL -e CI_NODE_INDEX -e RAILS_ENV=test -e DATABASE_URL="postgresql://postgres:postgres@localhost" ${{ env.DOCKER_IMAGE_TEST }} \
	bundle exec rake 'knapsack:rspec[--format RspecSonarqubeFormatter --out /app/out/test-report-${{ matrix.ci_node_index }}.xml --format progress]' spec
	env:
	CI_NODE_TOTAL: ${{ matrix.ci_node_total }}
	CI_NODE_INDEX: ${{ matrix.ci_node_index }}

	- name: Keep Code Coverage Report
	if: always()
	uses: actions/upload-artifact@v4
	with:
	name: ${{ env.code-coverage-artifact-name }}_${{ matrix.ci_node_index }}
	path: ${{ github.workspace }}/coverage

	- name: Keep Unit Tests Results
	if: always()
	uses: actions/upload-artifact@v4
	with:
	name: ${{ env.unit-tests-artifact-name }}_${{ matrix.ci_node_index }}
	path: ${{ github.workspace }}/out/*


	sonarscanner:
	name: Sonar Scanner
	runs-on: ubuntu-latest
	needs: [ build_base, feature_tests ]
	if: github.ref != 'refs/heads/master'
	env:
	DOCKER_IMAGE_TEST: ${{needs.build_base.outputs.DOCKER_IMAGE_TEST}}
	steps:
	- name: Check out the repo
	uses: actions/checkout@v4

	- name: set-up-environment
	uses: DFE-Digital/github-actions/set-up-environment@master
	with:
	var_file: .github/common_environment_aks.yml

	- uses: Azure/login@v1
	with:
	creds: ${{ secrets.AZURE_CREDENTIALS_AKS_REVIEW }}

	- name: Fetch secrets from key vault
	uses: azure/CLI@v1
	id: keyvault-yaml-secret
	with:
	inlineScript: \|
	SONAR_TOKEN=$(az keyvault secret show --name "SONAR-TOKEN" --vault-name "${{ secrets.KEY_VAULT_AKS_REVIEW }}" --query "value" -o tsv)
	echo "::add-mask::$SONAR_TOKEN"
	echo "SONAR_TOKEN=$SONAR_TOKEN" >> $GITHUB_OUTPUT

	- name: Setup sonarqube
	uses: warchant/setup-sonar-scanner@v7

	- name: Download Artifacts
	uses: actions/download-artifact@v4

	- name: Combine Coverage Reports
	run: \|-
	# Copy files from separate artifacts into one directory
	mkdir ${{github.workspace}}/code_coverage
	cp -r ${{github.workspace}}/${{ env.code-coverage-artifact-name }}_*/ ${{github.workspace}}/code_coverage

	docker run -t --rm -v ${{github.workspace}}/code_coverage:${COVERAGE_DIR} -e RAILS_ENV=test -e COVERAGE_DIR \
	${{env.DOCKER_IMAGE_TEST}} bundle exec rake coverage:collate
	env:
	COVERAGE_DIR: /app/coverage

	- name: Fix report file paths
	run: \|
	sudo sed -i "s?\"/app/?\"${PWD}/?" ${{github.workspace}}/code_coverage/coverage.json

	- name: Run sonarqube
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	run: sonar-scanner
	-Dsonar.login=${{ steps.keyvault-yaml-secret.outputs.SONAR_TOKEN }}
	-Dsonar.organization=dfe-digital
	-Dsonar.host.url=https://sonarcloud.io/
	-Dsonar.projectKey=DFE-Digital_get-into-teaching-app
	-Dsonar.testExecutionReportPaths=${{github.workspace}}/${{env.unit-tests-artifact-name}}_0/test-report-0.xml,\
	${{github.workspace}}/${{env.unit-tests-artifact-name}}_1/test-report-1.xml,\
	${{github.workspace}}/${{env.unit-tests-artifact-name}}_2/test-report-2.xml,\
	${{github.workspace}}/${{env.unit-tests-artifact-name}}_3/test-report-3.xml,\
	${{github.workspace}}/${{env.unit-tests-artifact-name}}_4/test-report-4.xml,\
	${{github.workspace}}/${{env.unit-tests-artifact-name}}_5/test-report-5.xml
	-Dsonar.ruby.coverage.reportPaths=${{github.workspace}}/code_coverage/coverage.json
	-Dsonar.ruby.rubocop.reportPaths=${{github.workspace}}/${{env.rubocop-artifact-name}}/rubocop-result.json

	review_aks:
	name: Review AKS Deployment Process
	needs: [ build_release ]
	if: github.ref != 'refs/heads/master'
	runs-on: ubuntu-latest
	continue-on-error: true
	concurrency: Review_aks_${{github.event.number}}
	environment:
	name: review_aks
	steps:
	- name: Check out the repo
	uses: actions/checkout@v4

	- name: set-up-environment
	uses: DFE-Digital/github-actions/set-up-environment@master
	with:
	var_file: .github/common_environment_aks.yml

	- name: Setup Environment Variables
	if: github.actor == 'dependabot[bot]'
	id: variables
	shell: bash
	run: \|
	secret_suffix="_AKS_REVIEW"
	echo "SECRET_SUFFIX=$secret_suffix" >> $GITHUB_ENV

	- uses: Azure/login@v1
	with:
	creds: ${{ secrets[format('AZURE_CREDENTIALS{0}', env.SECRET_SUFFIX)] }}

	- name: Fetch secrets from key vault
	uses: azure/CLI@v1
	id: keyvault-yaml-secret
	with:
	inlineScript: \|
	SLACK_WEBHOOK=$(az keyvault secret show --name "SLACK-WEBHOOK" --vault-name "${{ secrets[format('KEY_VAULT{0}', env.SECRET_SUFFIX)] }}" --query "value" -o tsv)
	echo "::add-mask::$SLACK_WEBHOOK"
	echo "SLACK_WEBHOOK=$SLACK_WEBHOOK" >> $GITHUB_OUTPUT

	- name: Deploy to Review AKS
	uses: ./.github/workflows/actions/deploy_v2
	id: deploy_v2
	with:
	environment: review_aks
	sha: ${{ github.sha }}
	pr: ${{github.event.number}}
	AZURE_CREDENTIALS: ${{ secrets[format('AZURE_CREDENTIALS{0}', env.SECRET_SUFFIX)] }}
	KEY_VAULT: ${{ secrets[format('KEY_VAULT{0}', env.SECRET_SUFFIX)] }}
	ARM_ACCESS_KEY: ${{ secrets[format('ARM_ACCESS_KEY{0}', env.SECRET_SUFFIX)] }}

	- name: Post sticky pull request comment
	uses: marocchino/sticky-pull-request-comment@v2
	with:
	recreate: true
	header: AKS
	message: AKS Review app deployed to https://${{env.REVIEW_APPLICATION}}-${{github.event.number}}.test.${{env.DOMAIN}}

	- name: Add Review_v2 Label
	if: contains(github.event.pull_request.user.login, 'dependabot') == false
	uses: actions-ecosystem/action-add-labels@v1
	with:
	labels: Review_v2

	development_aks:
	name: Development AKS Deployment
	needs: [ feature_tests, javascript_tests, build_release ]
	if: github.ref == 'refs/heads/master'
	concurrency: Development_aks
	runs-on: ubuntu-latest
	environment:
	name: development_aks
	outputs:
	release_tag: ${{steps.tag_version.outputs.pr_number}}
	release_sha: ${{github.sha }}
	steps:
	- name: Check out the repo
	uses: actions/checkout@v4

	- name: set-up-environment
	uses: DFE-Digital/github-actions/set-up-environment@master
	with:
	var_file: .github/common_environment_aks.yml

	- uses: Azure/login@v1
	with:
	creds: ${{ secrets.AZURE_CREDENTIALS }}

	- name: Fetch secrets from key vault
	uses: azure/CLI@v1
	id: keyvault-yaml-secret
	with:
	inlineScript: \|
	SLACK_WEBHOOK=$(az keyvault secret show --name "SLACK-WEBHOOK" --vault-name "${{ secrets.KEY_VAULT}}" --query "value" -o tsv)
	echo "::add-mask::$SLACK_WEBHOOK"
	echo "SLACK_WEBHOOK=$SLACK_WEBHOOK" >> $GITHUB_OUTPUT

	- name: Deploy to Development AKS
	uses: ./.github/workflows/actions/deploy_v2
	id: deploy_v2
	with:
	environment: development_aks
	sha: ${{ github.sha }}
	AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
	KEY_VAULT: ${{ secrets.KEY_VAULT }}
	ARM_ACCESS_KEY: ${{ secrets.ARM_ACCESS_KEY }}

	- name: Generate Tag from PR Number
	id: tag_version
	uses: DFE-Digital/github-actions/GenerateReleaseFromSHA@master
	with:
	sha: ${{github.sha}}

	- name: Create a GitHub Release
	id: release
	if: steps.tag_version.outputs.pr_found == 1
	uses: actions/create-release@v1
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	with:
	tag_name: ${{ steps.tag_version.outputs.pr_number }}
	body: ${{ steps.tag_version.outputs.pr_number }}
	release_name: Release ${{ steps.tag_version.outputs.pr_number }}
	commitish: ${{ github.sha}}
	prerelease: false

	- name: Copy PR Info to Release
	if: steps.release.outputs.id
	uses: DFE-Digital/github-actions/CopyPRtoRelease@master
	with:
	PR_NUMBER: ${{ steps.tag_version.outputs.pr_number }}
	RELEASE_ID: ${{ steps.release.outputs.id }}
	TOKEN: ${{secrets.GITHUB_TOKEN}}

	owasp_aks:
	name: OWASP AKS Checks
	needs: [ development_aks ]
	runs-on: ubuntu-latest
	environment:
	name: development_aks
	continue-on-error: true
	steps:
	- name: Check out the repo
	uses: actions/checkout@v4

	- name: Vunerability Test
	uses: ./.github/workflows/actions/owasp_v2
	id: deploy
	with:
	environment: development_aks
	AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
	KEY_VAULT: ${{ secrets.KEY_VAULT }}
	ARM_ACCESS_KEY: ${{ secrets.ARM_ACCESS_KEY }}
	GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}

	test_aks:
	name: Test AKS Deployment
	needs: [ feature_tests, javascript_tests, build_release ]
	if: github.ref == 'refs/heads/master'
	concurrency: test_aks
	runs-on: ubuntu-latest
	environment:
	name: test_aks
	steps:
	- name: Check out the repo
	uses: actions/checkout@v4

	- name: set-up-environment
	uses: DFE-Digital/github-actions/set-up-environment@master
	with:
	var_file: .github/common_environment_aks.yml

	- uses: Azure/login@v1
	with:
	creds: ${{ secrets.AZURE_CREDENTIALS }}

	- name: Fetch secrets from key vault
	uses: azure/CLI@v1
	id: keyvault-yaml-secret
	with:
	inlineScript: \|
	SLACK_WEBHOOK=$(az keyvault secret show --name "SLACK-WEBHOOK" --vault-name "${{ secrets.KEY_VAULT}}" --query "value" -o tsv)
	echo "::add-mask::$SLACK_WEBHOOK"
	echo "SLACK_WEBHOOK=$SLACK_WEBHOOK" >> $GITHUB_OUTPUT

	- name: Deploy to Test AKS
	uses: ./.github/workflows/actions/deploy_v2
	id: deploy_v2
	with:
	environment: test_aks
	sha: ${{ github.sha }}
	AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
	KEY_VAULT: ${{ secrets.KEY_VAULT }}
	ARM_ACCESS_KEY: ${{ secrets.ARM_ACCESS_KEY }}

	- name: Slack Notification
	if: failure()
	uses: rtCamp/action-slack-notify@master
	env:
	SLACK_COLOR: ${{env.SLACK_ERROR}}
	SLACK_TITLE: Failure in Post-Development Deploy
	SLACK_MESSAGE: Failure with initialising AKS Test deployment for ${{env.APPLICATION}}
	SLACK_WEBHOOK: ${{ steps.keyvault-yaml-secret.outputs.SLACK-WEBHOOK }}

	integration_aks:
	name: Run Integration Tests on AKS test
	runs-on: ubuntu-latest
	needs: [ build_base, test_aks ]
	environment:
	name: test_aks
	services:
	postgres:
	image: postgres:13.10
	env:
	POSTGRES_USER: postgres
	POSTGRES_PASSWORD: postgres
	options: >-
	--health-cmd pg_isready
	--health-interval 10s
	--health-timeout 5s
	--health-retries 5
	ports:
	- 5432:5432
	env:
	DOCKER_IMAGE_TEST: ${{needs.build_base.outputs.DOCKER_IMAGE_TEST}}
	steps:
	- name: Check out the repo
	uses: actions/checkout@v4

	- name: set-up-environment
	uses: DFE-Digital/github-actions/set-up-environment@master
	with:
	var_file: .github/common_environment_aks.yml

	- uses: Azure/login@v1
	with:
	creds: ${{ secrets.AZURE_CREDENTIALS }}

	- name: Fetch secrets from key vault
	uses: azure/CLI@v1
	id: keyvault-yaml-secret
	with:
	inlineScript: \|
	HTTP_USERNAME=$(az keyvault secret show --name "HTTP-USERNAME" --vault-name "${{ secrets.KEY_VAULT}}" --query "value" -o tsv)
	echo "::add-mask::$HTTP_USERNAME"
	echo "HTTP_USERNAME=$HTTP_USERNAME" >> $GITHUB_OUTPUT
	HTTP_PASSWORD=$(az keyvault secret show --name "HTTP-PASSWORD" --vault-name "${{ secrets.KEY_VAULT}}" --query "value" -o tsv)
	echo "::add-mask::$HTTP_PASSWORD"
	echo "HTTP_PASSWORD=$HTTP_PASSWORD" >> $GITHUB_OUTPUT
	MAILSAC_API_KEY=$(az keyvault secret show --name "MAILSAC-API-KEY" --vault-name "${{ secrets.KEY_VAULT}}" --query "value" -o tsv)
	echo "::add-mask::$MAILSAC_API_KEY"
	echo "MAILSAC_API_KEY=$MAILSAC_API_KEY" >> $GITHUB_OUTPUT

	- name: Prepare DB
	run: \|-
	docker run --net=host -t --rm -e RAILS_ENV=test -e DATABASE_URL="postgresql://postgres:postgres@localhost" ${{ env.DOCKER_IMAGE_TEST }} \
	bundle exec rails db:prepare

	- name: Run Integration Tests
	run: \|-
	docker run --net=host -t --rm -e RAILS_ENV=test -e NODE_ENV=test -e CI=true -e HTTP_USERNAME -e HTTP_PASSWORD -e MAILSAC_API_KEY -e DATABASE_URL="postgresql://postgres:postgres@localhost" \
	${{env.DOCKER_IMAGE_TEST}} bundle exec rspec --tag integration
	env:
	HTTP_USERNAME: ${{ steps.keyvault-yaml-secret.outputs.HTTP_USERNAME }}
	HTTP_PASSWORD: ${{ steps.keyvault-yaml-secret.outputs.HTTP_PASSWORD }}
	MAILSAC_API_KEY: ${{ steps.keyvault-yaml-secret.outputs.MAILSAC_API_KEY }}

	production_aks:
	name: Production AKS Deployment
	runs-on: ubuntu-latest
	needs: [ integration_aks, development_aks ]
	concurrency: production_aks
	environment:
	name: production_aks
	steps:
	- name: Check out the repo
	uses: actions/checkout@v4

	- name: set-up-environment
	uses: DFE-Digital/github-actions/set-up-environment@master
	with:
	var_file: .github/common_environment_aks.yml

	- uses: Azure/login@v1
	with:
	creds: ${{ secrets.AZURE_CREDENTIALS }}

	- name: Fetch secrets from key vault
	uses: azure/CLI@v1
	id: keyvault-yaml-secret
	with:
	inlineScript: \|
	SLACK_WEBHOOK=$(az keyvault secret show --name "SLACK-WEBHOOK" --vault-name "${{ secrets.KEY_VAULT}}" --query "value" -o tsv)
	echo "::add-mask::$SLACK_WEBHOOK"
	echo "SLACK_WEBHOOK=$SLACK_WEBHOOK" >> $GITHUB_OUTPUT
	SLACK_RELEASE_NOTE_WEBHOOK=$(az keyvault secret show --name "SLACK-RELEASE-NOTE-WEBHOOK" --vault-name "${{ secrets.KEY_VAULT}}" --query "value" -o tsv)
	echo "::add-mask::$SLACK_RELEASE_NOTE_WEBHOOK"
	echo "SLACK_RELEASE_NOTE_WEBHOOK=$SLACK_RELEASE_NOTE_WEBHOOK" >> $GITHUB_OUTPUT

	- name: Get Release Id from Tag
	id: tag_id
	uses: DFE-Digital/github-actions/DraftReleaseByTag@master
	with:
	TAG: ${{needs.development_aks.outputs.release_tag}}
	TOKEN: ${{ secrets.GITHUB_TOKEN }}

	- name: Publish Release
	if: steps.tag_id.outputs.release_id
	uses: eregon/publish-release@v1
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	with:
	release_id: ${{steps.tag_id.outputs.release_id}}

	- name: Deploy to Production AKS
	uses: ./.github/workflows/actions/deploy_v2
	id: deploy_v2
	with:
	environment: production_aks
	sha: ${{ github.sha }}
	AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
	KEY_VAULT: ${{ secrets.KEY_VAULT }}
	ARM_ACCESS_KEY: ${{ secrets.ARM_ACCESS_KEY }}

	- name: Slack Release Notification
	if: steps.tag_id.outputs.release_id
	uses: rtCamp/action-slack-notify@master
	env:
	SLACK_COLOR: ${{env.SLACK_SUCCESS}}
	SLACK_TITLE: "Release Published: ${{steps.tag_id.outputs.release_name}}"
	SLACK_MESSAGE: ${{ fromJson( steps.tag_id.outputs.release_body) }}
	SLACK_WEBHOOK: ${{ steps.keyvault-yaml-secret.outputs.SLACK_RELEASE_NOTE_WEBHOOK }}
	MSG_MINIMAL: true

	- name: Slack Notification
	if: failure()
	uses: rtCamp/action-slack-notify@master
	env:
	SLACK_COLOR: ${{env.SLACK_FAILURE}}
	SLACK_TITLE: Production Release ${{github.event.title}}
	SLACK_MESSAGE: Failure deploying Production AKS release
	SLACK_WEBHOOK: ${{ steps.keyvault-yaml-secret.outputs.SLACK_WEBHOOK }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update 2024 campaign images #13925

Workflow file

Update 2024 campaign images #13925

Jobs

Run details

Workflow file for this run