diff --git a/.github/workflows/aws-deploy.yml b/.github/workflows/aws-deploy.yml index 0e458500..5a3cdefc 100644 --- a/.github/workflows/aws-deploy.yml +++ b/.github/workflows/aws-deploy.yml @@ -17,14 +17,202 @@ on: version: description: 'Version Number' required: false - zap_scan: - description: 'Run ZAP Scan' - type: boolean - required: false +# push: +# branches: +# - main +# pull_request: + +concurrency: ${{ github.event.inputs.environment }} + +env: + DOCKER_TAGS: ${{ secrets.DOCKER_TAGS }} + IMAGE_ID: ${{ secrets.AWS_ECR_URI }} + IMAGE_NAME: bcer-api + TFC_WORKSPACE: ${{ github.event.inputs.environment }} + TF_VERSION: 1.3.7 + TG_SRC_PATH: Terraform + TG_VERSION: 0.44.5 + +permissions: + id-token: write # This is required for requesting the JWT + contents: read # This is required for actions/checkout + jobs: - nothing: - name: nothing + docker_push: + name: Docker Push + environment: ${{ github.event.inputs.environment }} + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + ref: FEATURE/aws + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v2 + with: + role-to-assume: ${{ secrets.TERRAFORM_DEPLOY_ROLE_ARN }} + aws-region: ca-central-1 + + - name: Amazon ECR Login + uses: aws-actions/amazon-ecr-login@v1 + with: + mask-password: 'true' + + - name: Cache + uses: actions/cache@v3 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx- + + - name: Docker Setup Buildx + uses: docker/setup-buildx-action@v2 + + - name: Build and push Docker images (run migrations) + if: inputs.migrations == true + uses: docker/build-push-action@v4 + with: + builder: ${{ steps.buildx.outputs.name }} + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache + context: packages/bcer-api/app + file: packages/bcer-api/app/Dockerfile.aws.migrations + push: true + tags: ${{ env.DOCKER_TAGS }} + + - name: Build and push Docker images + if: inputs.migrations == false + uses: docker/build-push-action@v4 + with: + builder: ${{ steps.buildx.outputs.name }} + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache + context: packages/bcer-api/app + file: packages/bcer-api/app/Dockerfile.aws + push: true + tags: ${{ env.DOCKER_TAGS }} + + terraform_apply: + name: Terraform Apply + environment: ${{ github.event.inputs.environment }} + runs-on: ubuntu-latest + needs: docker_push + steps: + - name: Set TF_VAR_TIMESTAMP + run: echo "TF_VAR_TIMESTAMP=$(date --rfc-3339=seconds)" >> $GITHUB_ENV + + - name: Checkout + uses: actions/checkout@v3 + with: + ref: ${{ github.event.workflow_run.head_branch }} + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v2 + with: + role-to-assume: ${{ secrets.TERRAFORM_DEPLOY_ROLE_ARN }} + aws-region: ca-central-1 + + - name: HashiCorp - Setup Terraform + uses: hashicorp/setup-terraform@v2 + with: + terraform_version: ${{ env.TF_VERSION }} + + - name: Terragrunt installer + uses: autero1/action-terragrunt@v1.3.2 + with: + terragrunt_version: ${{ env.TG_VERSION }} + + - name: Terragrunt Apply + working-directory: ${{ env.TG_SRC_PATH }}/${{ env.TFC_WORKSPACE }} + env: + app_image: ${{ env.IMAGE_ID }}:${{ github.sha }} + LICENSE_PLATE: ${{ secrets.MY_LICENSE_PLATE }} + run: | + terragrunt run-all apply --terragrunt-non-interactive + + build_jobs: + name: Build Jobs + if: inputs.frontends == true + environment: ${{ github.event.inputs.environment }} runs-on: ubuntu-latest + needs: terraform_apply steps: - name: Checkout uses: actions/checkout@v3 + with: + ref: ${{ github.event.workflow_run.head_branch }} + + - name: Use Node.js 14 + uses: actions/setup-node@v3 + with: + node-version: 14 + + - name: Build project shared components + run: | + cd packages/bcer-shared-components + npm install + npm run build + + - name: Copy env file to retailer app + run: | + cd packages/bcer-retailer-app + cp .config/.env.aws.${{ github.event.inputs.environment }} app/.env + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v2 + with: + role-to-assume: ${{ secrets.TERRAFORM_DEPLOY_ROLE_ARN }} + aws-region: ca-central-1 + + - name: Build project retailer app + run: | + cd packages/bcer-retailer-app/app + npm install + npm run build + + - name: Upload to S3 bucket retail app + run: | + cd packages/bcer-retailer-app/app/build + aws s3 sync . s3://bcer-${{ github.event.inputs.environment }}/retailer --delete + env: + AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }} + AWS_REGION: ca-central-1 + + - name: Copy env file to bcer-data-portal + run: | + cd packages/bcer-data-portal + cp .config/.env.aws.${{ github.event.inputs.environment }} app/.env + + - name: Build project data portal frontend + run: | + cd packages/bcer-data-portal/app + npm install + npm run build + + - name: Upload to S3 bucket data portal + run: | + cd packages/bcer-data-portal/app/build + aws s3 sync . s3://bcer-${{ github.event.inputs.environment }}/portal --delete + env: + AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }} + AWS_REGION: ca-central-1 +# ----------------------------Commenting out while trying to get rollback working------------------------------- +# bump_version: +# runs-on: ubuntu-latest +# permissions: write-all + +# steps: +# - uses: actions/checkout@v3 +# with: +# fetch-depth: '0' + +# - name: Bump version and push tag +# uses: anothrNick/github-tag-action@1.59.0 # Don't use @master unless you're happy to test the latest version +# env: +# DEFAULT_BUMP: major +# DEFAULT_BRANCH: main +# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} +# RELEASE_BRANCHES : main +# WITH_V: true