Merge pull request #692 from MHRA/timlee/automate-prod-releases

Automate prod release

.github/workflows/doc-index-updater-release.yaml

@@ -0,0 +1,89 @@
+name: doc-index-updater-release
+
+on:
+  push:
+    tags:
+      - diu.v*
+
+env:
+  NONPROD_IMAGE: mhraproductsnonprodregistry.azurecr.io/products/doc-index-updater
+  PROD_IMAGE: mhraproductsproductionregistry.azurecr.io/products/doc-index-updater
+
+jobs:
+  build-and-test:
+    name: Create release and deploy to production
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Clone repo
+        uses: actions/checkout@v2
+
+      - name: Docker login to nonprod
+        uses: azure/docker-login@v1
+        with:
+          login-server: mhraproductsnonprodregistry.azurecr.io
+          username: mhraproductsnonprodregistry
+          password: ${{ secrets.REGISTRY_PASSWORD }}
+
+      - name: Fetch image for tagged commit
+        working-directory: ./products/medicines/doc-index-updater
+        run: |
+          TAG="$(git rev-parse --short=7 ${{ github.sha }})"
+          make docker-pull image=$NONPROD_IMAGE tag=$TAG
+          echo ::set-env name=TAG::$TAG
+
+      - name: Docker login to prod
+        uses: azure/docker-login@v1
+        with:
+          login-server: mhraproductsproductionregistry.azurecr.io
+          username: mhraproductsproductionregistry
+          password: ${{ secrets.PROD_REGISTRY_PASSWORD }}
+
+      - name: Push image for tagged commit
+        working-directory: ./products/medicines/doc-index-updater
+        run: |
+          make docker-push image=$PROD_IMAGE tag=$TAG
+          DIGEST="$(docker inspect --format='{{index .RepoDigests 0}}' ${PROD_IMAGE}:${TAG})"
+          echo ::set-env name=DIGEST::$DIGEST
+
+      - name: Create Release
+        id: create_release
+        uses: actions/create-release@latest
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          tag_name: ${{ github.ref }}
+          release_name: Doc-Index-Updater release ${{ github.ref }}
+          body: |
+            Release of Document Index Updater
+          draft: false
+          prerelease: false
+
+      - name: Clone Deployments repo
+        uses: actions/checkout@v2
+        with:
+          repository: MHRA/deployments
+          path: deployments
+          token: ${{ secrets.DEPLOYMENTS_REPO_TOKEN }}
+
+      - name: Update image tag
+        uses: stefanprodan/kube-tools@v1
+        with:
+          kustomize: 3.4.0
+          command: |
+            set -eux
+            cd deployments/doc-index-updater/overlays/prod
+
+            kustomize edit set image $DIGEST
+
+            git config --local user.email "CD.no.reply@mhra.gov.uk"
+            git config --local user.name "MHRA CI/CD"
+            git diff-index --quiet HEAD || git commit -am "CI: Update production image for $TAG"
+            declare -i n
+            n=0
+            until [ $n -ge 5 ]
+            do
+              git push && break
+              n+=1
+              git pull --rebase
+            done

.github/workflows/learning-web-release.yaml

@@ -0,0 +1,81 @@
+name: learning-web-master
+
+on:
+  push:
+    tags:
+      - learningweb.v*
+
+env:
+  GATSBY_GOOGLE_ANALYTICS_TRACKING_ID: UA-6838115-15
+  GATSBY_GOOGLE_TAG_MANAGER_ID: GTM-WJ5TW34
+
+jobs:
+  build:
+    name: Create release and deploy to production
+    runs-on: ubuntu-latest
+    steps:
+      - name: Clone repo
+        uses: actions/checkout@v2
+
+      - name: Setup node.js
+        uses: actions/setup-node@v1
+        with:
+          node-version: "13.11"
+
+      - name: Install modules
+        working-directory: learning/web
+        run: yarn install --frozen-lockfile
+
+      - name: Run tests with coverage
+        working-directory: learning/web
+        run: yarn test:ci
+
+      - name: Build
+        working-directory: learning/web
+        run: yarn build
+        env:
+          PATH_PREFIX: ""
+
+      - name: Run cypress end-to-end tests
+        working-directory: learning/web
+        run: mkdir -p cypress/screenshots && yarn test-e2e
+
+      - name: Upload cypress screenshots
+        uses: actions/upload-artifact@v1
+        if: failure()
+        with:
+          name: learning-cypress-screenshots
+          path: learning/web/cypress/screenshots
+
+      - name: Upload cypress videos
+        uses: actions/upload-artifact@v1
+        if: always()
+        with:
+          name: learning-cypress-videos
+          path: learning/web/cypress/videos
+
+      - name: Accessibility check
+        working-directory: learning/web
+        run: yarn a11y
+        env:
+          ROOT_URL_DOMAIN: localhost
+
+      - name: Create Release
+        id: create_release
+        uses: actions/create-release@latest
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          tag_name: ${{ github.ref }}
+          release_name: Learning website release ${{ github.ref }}
+          body: |
+            Release of Learning website
+          draft: false
+          prerelease: false
+
+      - name: Deploy learning web to static site in azure storage
+        uses: lauchacarro/Azure-Storage-Action@master
+        with:
+          enabled-static-website: true
+          folder: learning/web/public
+          connection-string: ${{ secrets.AZURE_STORAGE_PROD_LEARNING_WEB_CONNECTION_STRING }}

.github/workflows/medicines-web-release.yaml

@@ -0,0 +1,90 @@
+name: medicines-web-release
+
+on:
+  push:
+    tags:
+      - medicinesweb.v*
+
+env:
+  AZURE_SEARCH_API_VERSION: 2017-11-11
+  AZURE_SEARCH_EXACTNESS_BOOST: 4
+  AZURE_SEARCH_INDEX: products-index
+  AZURE_SEARCH_KEY: 650538997E243D9CE334050D9119BA90
+  AZURE_SEARCH_SCORING_PROFILE: preferKeywords
+  AZURE_SEARCH_SERVICE: mhraproductsproduction
+  AZURE_SEARCH_WORD_FUZZINESS: 1
+  GOOGLE_GTM_CONTAINER_ID: GTM-WJ5TW34
+  GOOGLE_TRACKING_ID: UA-6838115-13
+  GOOGLE_USE_DEBUG: false
+  ROOT_URL_DOMAIN: .windows.net
+
+jobs:
+  build:
+    name: Build, test, create release and deploy to production
+    runs-on: ubuntu-latest
+    steps:
+      - name: Clone repo
+        uses: actions/checkout@v2
+
+      - name: Setup node.js
+        uses: actions/setup-node@v1
+        with:
+          node-version: "13.11"
+
+      - name: Install modules
+        working-directory: medicines/web
+        run: yarn install --frozen-lockfile
+
+      - name: Run tests with coverage
+        working-directory: medicines/web
+        run: yarn test:ci
+
+      - name: Build and export
+        working-directory: medicines/web
+        run: yarn build && yarn export
+
+      - name: Run cypress end-to-end tests
+        working-directory: medicines/web
+        run: mkdir -p cypress/screenshots && yarn test-e2e
+        env:
+          ROOT_URL_DOMAIN: localhost
+
+      - name: Upload cypress screenshots
+        uses: actions/upload-artifact@v1
+        if: failure()
+        with:
+          name: medicines-cypress-screenshots
+          path: medicines/web/cypress/screenshots
+
+      - name: Upload cypress videos
+        uses: actions/upload-artifact@v1
+        if: always()
+        with:
+          name: medicines-cypress-videos
+          path: medicines/web/cypress/videos
+
+      - name: Accessibility check
+        working-directory: medicines/web
+        run: yarn a11y
+        env:
+          ROOT_URL_DOMAIN: localhost
+
+      - name: Create Release
+        id: create_release
+        uses: actions/create-release@latest
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          tag_name: ${{ github.ref }}
+          release_name: Medicines website release ${{ github.ref }}
+          body: |
+            Release of Medicines website
+          draft: false
+          prerelease: false
+
+      - name: Deploy products web to static site in azure storage
+        uses: lauchacarro/Azure-Storage-Action@master
+        with:
+          enabled-static-website: true
+          folder: medicines/web/dist
+          connection-string: ${{ secrets. AZURE_STORAGE_PROD_PRODUCTS_WEB_CONNECTION_STRING }}

learning/README.md

@@ -9,6 +9,12 @@ This site is for healthcare professionals responsible for prescribing, supplying
 - [import](./import) - helper functions to import code from the old site
 - [web](./web) - everything related to the front-end of the site
 
+## Releasing
+
+To create a new release and deployment to production, create and push a new tag of the form `learningweb.v0.0.0` (e.g. `learningweb.v1.3.0`), incrementing as required from the most recent . The `learning-web-release` workflow will then automate the creation of a new deployment in Github, build and test the tagged commit and then push the code to the production storage container. You can then update the release notes with any useful detail in Github.
+
+Clearing the CDN is still a manual step, as it requires an elevated permission to the current production storage account. It's on the roadmap to migrate the production storage account to the same subscription as the rest of the infrastructure in this repository, after which clearing the CDN can be automated as part of the same release workflow.
+
 ## Contributor guidelines
 
 See [contributor guidelines](./docs/contributor-guidelines).

medicines/README.md

@@ -21,6 +21,12 @@ This site allows users to find:
 - [search](./search) - code for the search service, which holds a searchable index for all public files
 - [web](./web) - everything related to the front-end of the site
 
+## Releasing
+
+To create a new release and deployment to production, create and push a new tag of the form `medicinesweb.v0.0.0` (e.g. `medicinesweb.v1.3.0`), incrementing as required from the most recent . The `medicines-web-release` workflow will then automate the creation of a new deployment in Github, build and test the tagged commit and then push the code to the production storage container. You can then update the release notes with any useful detail in Github.
+
+Clearing the CDN is still a manual step, as it requires an elevated permission to the current production storage account. It's on the roadmap to migrate the production storage account to the same subscription as the rest of the infrastructure in this repository, after which clearing the CDN can be automated as part of the same release workflow.
+
 ## Contributor guidelines
 
 See [contributor guidelines](./docs/contributor-guidelines).

medicines/doc-index-updater/Makefile

@@ -66,7 +66,7 @@ docker-run: ## Run Docker image
 
 .PHONY: docker-pull
 docker-pull: ## Pull Docker image
-	docker pull $(image)
+	docker pull $(image):$(tag)
 
 .PHONY: docker-push
 docker-push: ## Push Docker image

medicines/doc-index-updater/README.md

@@ -91,3 +91,7 @@ make test TEST=<arguments>
 There's a dashboard set up in Azure to monitor latency, traffic, errors and saturation.
 
 To find it, go to [Shared Dashboards in the Azure Portal](https://portal.azure.com/#blade/HubsExtension/BrowseResourceBlade/resourceType/Microsoft.Portal%2Fdashboards).
+
+## Releasing
+
+To create a new release and deployment to production, create and push a new tag of the form `diu.v0.0.0` (e.g. `diu.v1.3.0`), incrementing as required from the most recent . The `doc-index-updater-release` workflow will then automate the creation of a new deployment in Github, add the image for the tagged commit to the production container registry and update the image for production in the `deployments` repo. This will trigger ArgoCD to update the image in production. You can then update the release notes with any useful detail in Github.