Skip to content

New deployment from UKHSA-Internal/data-dashboard-infra #1679

New deployment from UKHSA-Internal/data-dashboard-infra

New deployment from UKHSA-Internal/data-dashboard-infra #1679

Workflow file for this run

name: Production Workflow
run-name: New deployment from ${{ github.event.client_payload.repository || github.repository }}
on:
push:
branches:
- "main"
repository_dispatch:
types: [trigger-deployments]
workflow_dispatch:
env:
AWS_REGION: "eu-west-2"
permissions:
id-token: write
contents: read
jobs:
terraform_plan:
name: Terraform plan
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
- name: Configure AWS credentials for tools account
uses: ./.github/actions/configure-aws-credentials
with:
aws-region: ${{ env.AWS_REGION }}
tools-account-role: ${{ secrets.UHD_TERRAFORM_IAM_ROLE }}
- uses: ./.github/actions/setup-terraform
- uses: ./.github/actions/setup-zsh
- name: Terraform plan
run: |
source uhd.sh
uhd terraform init
uhd terraform plan:layer 10-account prod
uhd terraform plan:layer 20-app prod
shell: zsh {0}
terraform_apply:
name: Terraform apply
runs-on: ubuntu-latest
needs: ["terraform_plan"]
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
- name: Configure AWS credentials for tools account
uses: ./.github/actions/configure-aws-credentials
with:
aws-region: ${{ env.AWS_REGION }}
tools-account-role: ${{ secrets.UHD_TERRAFORM_IAM_ROLE }}
role-duration-seconds: "7200"
- uses: ./.github/actions/setup-terraform
- uses: ./.github/actions/setup-zsh
- name: Terraform apply
run: |
source uhd.sh
uhd terraform init
uhd terraform apply:layer 10-account prod
uhd terraform apply:layer 20-app prod
shell: zsh {0}
push_docker_images:
name: Push docker images
runs-on: ubuntu-latest
needs: ["terraform_apply"]
steps:
- uses: actions/checkout@v4
- name: Configure AWS credentials for tools account
uses: ./.github/actions/configure-aws-credentials
with:
aws-region: ${{ env.AWS_REGION }}
tools-account-role: ${{ secrets.UHD_TERRAFORM_IAM_ROLE }}
- uses: ./.github/actions/setup-zsh
- name: Pull / push docker images
run: |
source uhd.sh
uhd docker update prod prod
shell: zsh {0}
restart_services:
name: Restart services
runs-on: ubuntu-latest
needs: ["push_docker_images"]
steps:
- uses: actions/checkout@v4
- name: Configure AWS credentials for tools account
uses: ./.github/actions/configure-aws-credentials
with:
aws-region: ${{ env.AWS_REGION }}
tools-account-role: ${{ secrets.UHD_TERRAFORM_IAM_ROLE }}
- uses: ./.github/actions/setup-zsh
- name: Terraform output
run: |
source uhd.sh
uhd terraform init:layer 20-app
uhd terraform output:layer 20-app prod
shell: zsh {0}
- name: Configure AWS credentials for prod account
uses: ./.github/actions/configure-aws-credentials
with:
account-name: 'prod'
aws-region: ${{ env.AWS_REGION }}
prod-account-role: ${{ secrets.UHD_TERRAFORM_ROLE_PROD }}
- name: Restart ECS services
run: |
source uhd.sh
uhd ecs restart-services
shell: zsh {0}
- name: Redeploy lambda functions
run: |
source uhd.sh
uhd lambda restart-functions
shell: zsh {0}
trigger-smoke-tests:
name: Trigger smoke tests
needs: [restart_services]
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v4
- uses: ./.github/actions/trigger-smoke-tests
with:
token: ${{ secrets.DEPLOYMENT_TRIGGER_TOKEN }}
fast_forward_env_branches:
name: Fast forward env branches
runs-on: ubuntu-latest
permissions:
contents: write
outputs:
deploy_dev: ${{ steps.fast_forward_merge.outputs.deploy_dev }}
deploy_dpd: ${{ steps.fast_forward_merge.outputs.deploy_dpd }}
deploy_test: ${{ steps.fast_forward_merge.outputs.deploy_test }}
deploy_staging: ${{ steps.fast_forward_merge.outputs.deploy_staging }}
deploy_perf: ${{ steps.fast_forward_merge.outputs.deploy_perf }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: ./.github/actions/setup-zsh
- name: Fast forward env branches
id: fast_forward_merge
run: |
- scripts/fast-forward-env-branches.sh
shell: zsh {0}
env:
GH_TOKEN: ${{ github.token }}
deploy_dev:
needs: fast_forward_env_branches
if: ${{needs.fast_forward_env_branches.outputs.deploy_dev}}
uses: ./.github/workflows/well-known-environment.yml
with:
branch: env/dev/dev
secrets: inherit
deploy_dpd:
needs: fast_forward_env_branches
if: ${{needs.fast_forward_env_branches.outputs.deploy_dpd}}
uses: ./.github/workflows/well-known-environment.yml
with:
branch: env/dev/dpd
secrets: inherit
deploy_test:
needs: fast_forward_env_branches
if: ${{needs.fast_forward_env_branches.outputs.deploy_test}}
uses: ./.github/workflows/well-known-environment.yml
with:
branch: env/test/test
secrets: inherit
# deploy_perf:
# needs: fast_forward_env_branches
# if: ${{needs.fast_forward_env_branches.outputs.deploy_perf}}
# uses: ./.github/workflows/well-known-environment.yml
# with:
# branch: env/test/perf
# secrets: inherit
deploy_staging:
needs: fast_forward_env_branches
if: ${{needs.fast_forward_env_branches.outputs.deploy_staging}}
uses: ./.github/workflows/well-known-environment.yml
with:
branch: env/uat/staging
secrets: inherit