Skip to content

Merge pull request #934 from DFE-Digital/dependabot/bundler/puma-6.4.0 #3660

Merge pull request #934 from DFE-Digital/dependabot/bundler/puma-6.4.0

Merge pull request #934 from DFE-Digital/dependabot/bundler/puma-6.4.0 #3660

name: Build and Deploy
on:
push:
branches:
- main
pull_request:
branches:
- main
types:
- labeled
- synchronize
- reopened
- opened
- converted_to_draft
workflow_dispatch:
inputs:
environment:
required: true
type: choice
options:
- dev
- test
- preprod
jobs:
build_image:
name: Image build and push
if: contains(github.event.pull_request.labels.*.name, 'deploy') || github.event_name != 'pull_request'
runs-on: ubuntu-latest
outputs:
image_name_tag: ${{ steps.build_image.outputs.ghcr_image_name_tag }}
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/build-image
id: build_image
with:
github_username: ${{ github.actor }}
github_token: ${{ secrets.GITHUB_TOKEN }}
registry: ghcr.io
deploy_review_app:
name: Deploy to review environment
runs-on: ubuntu-latest
if: contains(github.event.pull_request.labels.*.name, 'deploy')
concurrency: deploy_review_${{ github.event.pull_request.number }}
needs: [build_image]
environment:
name: review
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/deploy-environment
id: deploy
with:
environment_name: review
image_name_tag: ${{ needs.build_image.outputs.image_name_tag }}
image_tag: ${{ github.sha }}
azure_credentials: ${{ secrets.AZURE_CREDENTIALS }}
site_up_retries: 150
startup_command: "sh /app/bin/start-review-app.sh"
- name: Post URL to Pull Request comment
uses: marocchino/sticky-pull-request-comment@v2
with:
message: |
Review app deployed to <${{ steps.deploy.outputs.environment_url }}>
- uses: ./.github/actions/smoke-test
id: smoke-test
with:
environment: review
azure_credentials: ${{ secrets.AZURE_CREDENTIALS }}
url: ${{ steps.deploy.outputs.environment_url }}
set_matrix:
name: Set deployment matrix
runs-on: ubuntu-latest
needs: [build_image]
outputs:
deployment_matrix: ${{ steps.set-matrix.outputs.deployment_matrix }}
steps:
- id: set-matrix
run: |
if [ "${{ github.event_name }}" == "workflow_dispatch" ]; then
DEPLOYMENT_MATRIX="{ 'environment': ['${{ github.event.inputs.environment }}'] }"
else
DEPLOYMENT_MATRIX="{ 'environment': ['dev', 'test', 'preprod'] }"
fi
echo "deployment_matrix=$DEPLOYMENT_MATRIX" >> $GITHUB_OUTPUT
deploy_non_prod:
name: Deploy to ${{ matrix.environment }} environment
runs-on: ubuntu-latest
if: (github.ref == 'refs/heads/main' && github.event_name == 'push') || github.event_name == 'workflow_dispatch'
concurrency: deploy_${{ matrix.environment }}
needs: [build_image, set_matrix]
strategy:
fail-fast: false # this is necessary to prevent early terminiation of terraform deployments that will result in tfstate locks
max-parallel: 3
matrix: ${{ fromJson(needs.set_matrix.outputs.deployment_matrix) }}
environment:
name: ${{ matrix.environment }}
url: ${{ steps.deploy.outputs.environment_url }}
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/deploy-environment
id: deploy
with:
environment_name: ${{ matrix.environment }}
image_name_tag: ${{ needs.build_image.outputs.image_name_tag }}
image_tag: ${{ github.sha }}
azure_credentials: ${{ secrets.AZURE_CREDENTIALS }}
- uses: ./.github/actions/smoke-test
id: smoke-test
with:
environment: ${{ matrix.environment }}
azure_credentials: ${{ secrets.AZURE_CREDENTIALS }}
url: ${{ steps.deploy.outputs.environment_url }}
deploy_prod:
name: Deploy to production environment
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/main' && github.event_name == 'push'
concurrency: deploy_prod
needs: [build_image, deploy_non_prod]
environment:
name: production
url: ${{ steps.deploy.outputs.environment_url }}
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/deploy-environment
id: deploy
with:
environment_name: production
image_name_tag: ${{ needs.build_image.outputs.image_name_tag }}
image_tag: ${{ github.sha }}
azure_credentials: ${{ secrets.AZURE_CREDENTIALS }}
notify_slack_of_failures:
name: Notify Slack of failures
runs-on: ubuntu-latest
needs: [build_image, deploy_review_app, set_matrix, deploy_non_prod, deploy_prod]
environment: ${{ needs.deploy_nonprod.outputs.environment_name || 'dev' }}
env:
ENVIRONMENT_NAME: ${{ needs.deploy_nonprod.outputs.environment_name || 'dev' }}
if: failure()
steps:
- uses: actions/checkout@v4
- name: Set Environment variables
shell: bash
working-directory: terraform
run: |
if ${{ needs.build_image.result == 'failure' }}
then
job=build_image
elif ${{ needs.deploy_review_app.result == 'failure' }}
then
job=deploy_review_app
review=true
elif ${{ needs.set_matrix.result == 'failure' }}
then
job=set_matrix
elif ${{ needs.deploy_non_prod.result == 'failure' }}
then
job=deploy_non_prod
elif ${{ needs.deploy_prod.result == 'failure' }}
then
job=deploy_prod
fi
tf_vars_file=workspace_variables/${{ env.ENVIRONMENT_NAME }}.tfvars.json
echo "KEY_VAULT_NAME=$(jq -r '.key_vault_name' ${tf_vars_file})" >> $GITHUB_ENV
echo "JOB=${job}" >> $GITHUB_ENV
echo "REVIEW=${review}" >> $GITHUB_ENV
- uses: Azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- uses: DfE-Digital/keyvault-yaml-secret@v1
id: get_monitoring_secret
with:
keyvault: ${{ env.KEY_VAULT_NAME }}
secret: MONITORING
key: SLACK_WEBHOOK
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Notify Slack channel on job failure
uses: rtCamp/action-slack-notify@v2
env:
SLACK_USERNAME: CI Deployment
SLACK_TITLE: Deployment of refer-serious-misconduct ${{ env.REVIEW && 'review' }} failed
SLACK_MESSAGE: Job ${{ env.JOB }} failed
SLACK_WEBHOOK: ${{ steps.get_monitoring_secret.outputs.SLACK_WEBHOOK }}
SLACK_COLOR: failure
SLACK_FOOTER: Sent from Build and Deploy workflow