Merge pull request #1211 from DFE-Digital/aks-pipeline2

AKS pipeline for RSM review app
DFE-Digital · Oct 18, 2024 · a16ff6e · a16ff6e
2 parents bdc8180 + 11bd67c
commit a16ff6e
Show file tree

Hide file tree

Showing 7 changed files with 170 additions and 2 deletions.
diff --git a/.github/actions/deploy-environment-aks/action.yml b/.github/actions/deploy-environment-aks/action.yml
@@ -0,0 +1,56 @@
+name: Deploy environment to AKS
+description: Deploys an application environment to AKS
+
+inputs:
+  environment:
+    description: The name of the environment
+    required: true
+  image-tag:
+    description: The image tag to deploy
+    required: true
+  azure-credentials:
+    description: JSON object containing a service principal that can read from Azure Key Vault
+    required: true
+  pull-request-number:
+    description: The pull request number which triggered this deploy.
+    required: false
+
+outputs:
+  environment_url:
+    description: The base URL for the deployed environment
+    value: ${{ steps.set_outputs.outputs.ENVIRONMENT_URL }}
+
+runs:
+  using: composite
+
+  steps:
+    - uses: hashicorp/setup-terraform@v3
+      with:
+        terraform_version: 1.6.4
+        terraform_wrapper: false
+
+    - uses: DFE-Digital/github-actions/set-kubelogin-environment@master
+      with:
+        azure-credentials: ${{ inputs.azure-credentials }}
+
+    - name: Terraform Apply
+      shell: bash
+      run: |
+        make ci ${{ inputs.environment }} aks-terraform-apply
+      env:
+        DOCKER_IMAGE_TAG: ${{ inputs.image-tag }}
+        PR_NUMBER: ${{ inputs.pull-request-number }}
+
+    - name: Extract Terraform outputs
+      shell: bash
+      id: set_outputs
+      run: |
+        environment_url=$(terraform -chdir=terraform/application output -raw url)
+        echo "ENVIRONMENT_URL=$environment_url" >> $GITHUB_OUTPUT
+
+    - name: Run smoke tests
+      shell: bash
+      run: |
+        environment_url=$(terraform -chdir=terraform/application output -raw url)
+        echo "Check health for $environment_url/health/all.json..."
+        curl -sS --fail "$environment_url/health/all.json" > /dev/null && echo "Health check passed for $environment_url" || echo "Health check failed for $environment_url"
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
@@ -0,0 +1,27 @@
+### Context
+
+<!-- Why are you making this change? -->
+
+### Changes proposed in this pull request
+
+<!-- Include a summary of the change. -->
+<!-- Why this particular solution? -->
+<!-- What assumptions have you made? -->
+<!-- Are there any side effects to note? -->
+<!-- If there are UI changes, please include Before and After screenshots. -->
+
+### Guidance to review
+
+<!-- How could someone else check this work? -->
+<!-- Which parts do you want more feedback on? -->
+
+### Link to Trello card
+
+<!-- http://trello.com/123-example-card -->
+
+### Checklist
+
+- [ ] Attach to Trello card
+- [ ] Rebased main
+- [ ] Cleaned commit history
+- [ ] Tested by running locally
diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml
@@ -26,7 +26,7 @@ on:
 jobs:
   build_image:
     name: Image build and push
-    if: contains(github.event.pull_request.labels.*.name, 'deploy') || github.event_name != 'pull_request'
+    if: contains(github.event.pull_request.labels.*.name, 'deploy') || contains(github.event.pull_request.labels.*.name, 'deploy-aks') || github.event_name != 'pull_request'
     runs-on: ubuntu-latest
     outputs:
       image_name_tag: ${{ steps.build_image.outputs.ghcr_image_name_tag }}
@@ -75,6 +75,37 @@ jobs:
           azure_credentials: ${{ secrets.AZURE_CREDENTIALS }}
           url: ${{ steps.deploy.outputs.environment_url }}
 
+  deploy_review_app_aks:
+    name: Deploy to review environment to AKS
+    runs-on: ubuntu-latest
+    if: contains(github.event.pull_request.labels.*.name, 'deploy-aks')
+    concurrency: deploy_review_${{ github.event.pull_request.number }}
+    needs: [build_image]
+    environment:
+      name: aks-review
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: ./.github/actions/deploy-environment-aks
+        id: deploy_aks
+        with:
+          environment: aks-review
+          image-tag: ${{ github.sha }}
+          azure-credentials: ${{ secrets.AZURE_CREDENTIALS }}
+          pull-request-number: ${{ github.event.pull_request.number }}
+
+      - name: Post comment to Pull Request ${{ github.event.pull_request.number }}
+        uses: marocchino/sticky-pull-request-comment@v2
+        with:
+          header: aks
+          message: |
+            ### Deployments
+
+            | App               | URL                                                                                                                                       |
+            | ----------------- | ------------------------------------------------------------------------------------------------------------------------------------------|
+            | Refer Serious Misconduct      | <https://refer-serious-misconduct-pr-${{ github.event.pull_request.number }}.test.teacherservices.cloud>            |
+
   set_matrix:
     name: Set deployment matrix
     runs-on: ubuntu-latest

diff --git a/.github/workflows/delete-review-app.yml b/.github/workflows/delete-review-app.yml
@@ -15,6 +15,7 @@ jobs:
     name: Delete Review App ${{ github.event.pull_request.number }}
     concurrency: deploy_review_${{ github.event.pull_request.number }}
     runs-on: ubuntu-latest
+    if: contains(github.event.pull_request.labels.*.name, 'deploy')
     environment: review
     steps:
       - uses: actions/checkout@v4
@@ -129,3 +130,46 @@ jobs:
           az storage blob delete -c ${{ env.tf_state_container }} --name ${{ env.TF_STATE_FILE }} \
           --account-key ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} \
           --account-name ${{ env.storage_account_name }}
+
+  delete-review-app-aks:
+    name: Delete Review App AKS ${{ github.event.pull_request.number }}
+    concurrency: deploy_review_${{ github.event.pull_request.number }}
+    if: contains(github.event.pull_request.labels.*.name, 'deploy-aks') ||  ${{ github.event_name }} == 'workflow_dispatch'
+    runs-on: ubuntu-latest
+    environment: aks-review
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: set PR_NUMBER
+        id: config
+        run: |
+          if [ ${{ github.event_name }} == 'workflow_dispatch' ]; then
+            PR_NUMBER=${{ github.event.inputs.pr_number }}
+          else
+            PR_NUMBER=${{ github.event.pull_request.number }}
+          fi
+          echo "PR_NUMBER=$PR_NUMBER" >> $GITHUB_ENV
+
+      - uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: 1.6.4
+          terraform_wrapper: false
+
+      - uses: DFE-Digital/github-actions/set-kubelogin-environment@master
+        with:
+          azure-credentials: ${{ secrets.AZURE_CREDENTIALS }}
+
+      - name: Terraform Destroy
+        run: |
+          make ci aks-review aks-terraform-destroy PR_NUMBER=${{ env.PR_NUMBER }}
+        env:
+          PR_NUMBER: ${{ env.PR_NUMBER }}
+
+      - name: Post Pull Request Comment
+        if: ${{ github.event_name == 'pull_request' }}
+        uses: marocchino/sticky-pull-request-comment@v2
+        with:
+          header: aks
+          message: |
+            Review app refer serious misconduct deployed to <https://refer-serious-misconduct-${{ env.PR_NUMBER }}.test.teacherservices.cloud> was deleted
diff --git a/terraform/application/application.tf b/terraform/application/application.tf
@@ -42,6 +42,7 @@ module "web_application" {
   kubernetes_secret_name     = module.application_configuration.kubernetes_secret_name
 
   docker_image = var.docker_image
+  command      = var.webapp_startup_command
 
   send_traffic_to_maintenance_page = var.send_traffic_to_maintenance_page
 }

diff --git a/terraform/application/config/review.tfvars.json b/terraform/application/config/review.tfvars.json
@@ -2,5 +2,10 @@
   "cluster": "test",
   "namespace": "tra-development",
   "deploy_azure_backing_services": false,
-  "enable_postgres_ssl": false
+  "enable_postgres_ssl": false,
+  "webapp_startup_command": [
+    "/bin/sh",
+    "-c",
+    "bundle exec rails db:schema_load_or_migrate && bundle exec rails runner \"%i(eligibility_screener referral_form).each {|flag| FeatureFlags::FeatureFlag.activate(flag)}\" && bundle exec rails server -b 0.0.0.0"
+  ]
 }
diff --git a/terraform/application/variables.tf b/terraform/application/variables.tf
@@ -73,6 +73,10 @@ variable "worker_memory_max" {
 variable "worker_replicas" {
   default = 1
 }
+variable "webapp_startup_command" {
+  default     = null
+  description = "Override Dockerfile startup command"
+}
 
 locals {
   postgres_ssl_mode                = var.enable_postgres_ssl ? "require" : "disable"