This repository has been archived by the owner on Aug 16, 2024. It is now read-only.
CD QA SELFSERVE WEB #1
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CD QA SELFSERVE WEB | |
run-name: CD QA SELFSERVE WEB | |
on: | |
pull_request: | |
# workflow_dispatch: | |
# inputs: | |
# ssweb_image_tag: | |
# description: 'Tag of SelfServe Web Image' | |
# required: true | |
env: | |
AWS_REGION : ${{ vars.DVSA_AWS_REGION }} | |
SSWEB_NONPROD_TOOLING_REPO_URL: ${{ secrets.SSWEB_NONPROD_TOOLING_ECR_REPO_URL }} | |
SSWEB_PROD_TOOLING_REPO_URL: ${{ secrets.SSWEB_PROD_TOOLING_ECR_REPO_URL }} | |
# Permission can be added at job level or workflow level | |
permissions: | |
id-token: write # This is required for requesting the JWT | |
contents: read # This is required for actions/checkout | |
jobs: | |
deploy-on-qa-cluster: | |
name: Deploy on QA Cluster | |
if: github.ref == 'refs/heads/master' | |
runs-on: ubuntu-latest | |
steps: | |
- name: Validate SelfServe Web Image | |
# if: github.ref == 'refs/heads/master' | |
uses: dvsa/.github/.github/actions/image-integrity@feature/AddMiscAuxilaryWorkflows | |
with: | |
ecr_tagged_image: ${{ secrets.SSWEB_NONPROD_TOOLING_ECR_REPO_URL }}:${{ github.event.inputs.SSWEB_image_tag }} | |
image_sign_inspect: 'true' | |
- name: Deploy on QA | |
run: | | |
echo 'Deploy on QA' | |
# uses: dvsa/.github/.github/workflows/trigger-github-workflow.yaml@feature/AddMiscAuxilaryWorkflows | |
# with: | |
# branch: 'feature/AWSRESET1-514' | |
# git_repository: 'dvsa/dvsa-container-registry' | |
# workflow_name: 'CD NON-PROD SELFSERVE WEB' | |
# input_arguments: 'ssweb_image_tag=${{ github.event.inputs.ssweb_image_tag }}' | |
# secrets: | |
# gh_token: ${{ secrets.DVSA_VOL_TERRAFORM_ACCESS_TOKEN }} | |
qa-automation-tests: | |
name: Run QA Automation Tests | |
if: github.ref == 'refs/heads/master' | |
runs-on: ubuntu-latest | |
needs: | |
- deploy-on-qa-cluster | |
steps: | |
- name: Run automation tests | |
run: | | |
echo 'Run automation tests' | |
prod-approve-image: | |
name: Approval PROD SelfServe Web Image | |
if: github.ref == 'refs/heads/master' | |
runs-on: ubuntu-latest | |
needs: | |
- qa-automation-tests | |
steps: | |
- name: Set NONPROD_SSWEB_IMAGE_TAG & PROD_SSWEB_IMAGE_TAG | |
if: github.ref == 'refs/heads/master' | |
run: | | |
inputImageTag=${{ github.event.inputs.SSWEB_image_tag }} | |
echo "NONPROD_SSWEB_IMAGE_TAG=${inputImageTag}" >> $GITHUB_ENV | |
echo "PROD_SSWEB_IMAGE_TAG=${inputImageTag#non}" >> $GITHUB_ENV | |
- name: Setup Notation CLI | |
uses: notaryproject/notation-action/setup@v1 | |
with: | |
version: 1.0.0 | |
- name: Set up Notation AWS Signer plugin | |
run: | | |
wget https://d2hvyiie56hcat.cloudfront.net/linux/amd64/installer/deb/latest/aws-signer-notation-cli_amd64.deb | |
sudo dpkg -i aws-signer-notation-cli_amd64.deb | |
- name: Configure AWS credentials on SSWEB Non Production Tooling ECR | |
uses: aws-actions/[email protected] | |
with: | |
role-to-assume: ${{ secrets.VOL_AWS_ROLE_TOOLING_NONPROD }} | |
role-session-name: GitHub_to_AWS_via_FederatedOIDC | |
aws-region: ${{ vars.DVSA_AWS_REGION}} | |
- name: Login to ECR | |
id: login-ecr-ssweb-tooling-non-prod | |
uses: aws-actions/[email protected] | |
- name: Tag & Push PROD Approved SelfServe Web image | |
if: github.ref == 'refs/heads/master' | |
id: push-image | |
run: | | |
docker pull ${SSWEB_NONPROD_TOOLING_REPO_URL}:${NONPROD_SSWEB_IMAGE_TAG} | |
docker tag ${SSWEB_NONPROD_TOOLING_REPO_URL}:${NONPROD_SSWEB_IMAGE_TAG} ${SSWEB_PROD_TOOLING_REPO_URL}:${PROD_SSWEB_IMAGE_TAG} | |
docker push ${SSWEB_PROD_TOOLING_REPO_URL}:${PROD_SSWEB_IMAGE_TAG} | |
- name: Sign PROD SelfServe Web image | |
if: github.ref == 'refs/heads/master' | |
run: | | |
notation sign ${SSWEB_PROD_TOOLING_REPO_URL}:${PROD_SSWEB_IMAGE_TAG} \ | |
--plugin "com.amazonaws.signer.notation.plugin" --id "${{ secrets.DVSA_AWS_NONPRODVOLTOOLING_IMAGE_SIGNING_PROFILE }}" |