Skip to content

Migrate gcp wif

Migrate gcp wif #3901

name: Build and deploy to AKS cluster
on:
push:
branches: [master]
pull_request:
types: [labeled, opened, reopened, synchronize]
workflow_dispatch:
inputs:
environment:
description: "Deploy environment"
required: true
type: choice
default: review
options:
- review
- test
- production
docker-image-tag:
description: "Docker image tag to deploy (optional)"
required: true
type: string
pull-request-number:
description: "Pull request number (required for review environment)"
required: false
type: string
concurrency: deploy-${{ github.ref }}
permissions:
packages: write
pull-requests: write
jobs:
build:
if: ${{ github.event_name != 'workflow_dispatch' }}
runs-on: ubuntu-latest
outputs:
docker-image-tag: ${{ steps.build-image.outputs.tag }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Build and push docker image
id: build-image
uses: DFE-Digital/github-actions/build-docker-image@master
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
target: web
context: .
snyk-token: ${{ secrets.SNYK_TOKEN }}
deploy_review:
name: Deploy to review environment
concurrency: deploy_review_${{ github.event.pull_request.number }}
runs-on: ubuntu-latest
if: ${{ github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'deploy') }}
needs: [build]
environment:
name: review
permissions:
pull-requests: write
id-token: write
steps:
- name: Checkout code
uses: actions/checkout@v4
- uses: ./.github/actions/deploy-environment
id: deploy
with:
environment: review
docker-image: ${{ needs.build.outputs.docker-image-tag }}
azure-credentials: ${{ secrets.AZURE_CREDENTIALS }}
pull-request-number: ${{ github.event.pull_request.number }}
aks-namespace: srtl-development
aks-deployment: claim-additional-payments-for-teaching-review-${{ github.event.pull_request.number }}
prepare-database: ${{ github.event.pull_request.number != '' }}
- name: Post comment to Pull Request ${{ github.event.number }}
if: ${{ github.event_name == 'pull_request' }}
uses: marocchino/sticky-pull-request-comment@v2
with:
header: aks
message: |
### Deployments
| Journey | URL |
| ------------------- | -------------------------------------------------------------------|
| Additional Payments | <${{ env.APP_URL }}/additional-payments/claim> |
| Student Loans | <${{ env.APP_URL }}/student-loans/claim> |
| Further Education | <${{ env.APP_URL }}/further-education-payments/landing-page> |
| Early Years Payment | <${{ env.APP_URL }}/early-years-payment/landing-page> |
| Relocation Payments | <${{ env.APP_URL }}/get-a-teacher-relocation-payment/landing-page> |
| Admin | <${{ env.APP_URL }}/admin> |
deploy:
name: Deploy to ${{ matrix.environment }}
runs-on: ubuntu-latest
concurrency: deploy_${{ matrix.environment }}
if: github.ref == 'refs/heads/master' && github.event_name == 'push'
needs: [build]
environment:
name: ${{ matrix.environment }}
url: ${{ steps.deploy.outputs.environment_url }}
outputs:
environment_url: ${{ steps.deploy.outputs.environment_url }}
strategy:
max-parallel: 1
matrix:
environment: [test, production]
permissions:
id-token: write
steps:
- name: Checkout code
uses: actions/checkout@v4
- uses: azure/login@v2
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- uses: ./.github/actions/deploy-environment
id: deploy
with:
environment: ${{ matrix.environment }}
docker-image: ${{ needs.build.outputs.docker-image-tag }}
azure-credentials: ${{ secrets.AZURE_CREDENTIALS }}
aks-namespace: srtl-${{ matrix.environment }}
aks-deployment: claim-additional-payments-for-teaching-${{ matrix.environment }}
- name: Install Ruby
uses: ruby/setup-ruby@v1
with:
bundler-cache: true
- name: Run smoke tests
shell: bash
run: bundle exec rspec spec/smoke -t smoke:true -b
env:
RAILS_ENV: test
SMOKE_TEST_APP_HOST: ${{ vars.SMOKE_TEST_APP_HOST }}
BASIC_AUTH_USERNAME: ${{ secrets.BASIC_AUTH_USERNAME }}
BASIC_AUTH_PASSWORD: ${{ secrets.BASIC_AUTH_PASSWORD }}
- name: Notify on failure
if: failure()
uses: rtCamp/action-slack-notify@master
env:
SLACK_COLOR: failure
SLACK_TITLE: Failure deploying release to ${{ matrix.environment }}
SLACK_MESSAGE:
Failure deploying release to ${{ matrix.environment }} - Docker tag ${{ needs.build.outputs.docker-image-tag
}}
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
manual_deploy:
name: Deploy to ${{ inputs.environment }}
if: ${{ github.event_name == 'workflow_dispatch' }}
runs-on: ubuntu-latest
concurrency: deploy_${{ inputs.environment }}
environment:
name: ${{ inputs.environment }}
url: ${{ steps.deploy_manual.outputs.environment_url }}
outputs:
environment_url: ${{ steps.deploy_manual.outputs.environment_url }}
permissions:
id-token: write
steps:
- name: Checkout code
uses: actions/checkout@v4
- uses: azure/login@v2
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Set env vars
shell: bash
run: |
if [ ${{ inputs.environment }} == 'review' ]; then
AKS_NAMESPACE=srtl-development
AKS_DEPLOYMENT=claim-additional-payments-for-teaching-review-${{ inputs.pull-request-number }}
else
AKS_NAMESPACE=srtl-${{ inputs.environment }}
AKS_DEPLOYMENT=claim-additional-payments-for-teaching-${{ inputs.environment }}
fi
echo "AKS_NAMESPACE=$AKS_NAMESPACE" >> $GITHUB_ENV
echo "AKS_DEPLOYMENT=$AKS_DEPLOYMENT" >> $GITHUB_ENV
- uses: ./.github/actions/deploy-environment
id: deploy_manual
with:
environment: ${{ inputs.environment }}
docker-image: ${{ inputs.docker-image-tag }}
azure-credentials: ${{ secrets.AZURE_CREDENTIALS }}
aks-namespace: ${{ env.AKS_NAMESPACE }}
aks-deployment: ${{ env.AKS_DEPLOYMENT }}
pull-request-number: ${{ inputs.pull-request-number }}
- name: Install Ruby
if: ${{ inputs.environment != 'review' }}
uses: ruby/setup-ruby@v1
with:
bundler-cache: true
- name: Run smoke tests
if: ${{ inputs.environment != 'review' }}
shell: bash
run: bundle exec rspec spec/smoke -t smoke:true -b
env:
RAILS_ENV: test
SMOKE_TEST_APP_HOST: ${{ vars.SMOKE_TEST_APP_HOST }}
BASIC_AUTH_USERNAME: ${{ secrets.BASIC_AUTH_USERNAME }}
BASIC_AUTH_PASSWORD: ${{ secrets.BASIC_AUTH_PASSWORD }}