Skip to content
This repository has been archived by the owner on Aug 16, 2024. It is now read-only.

CD QA SELFSERVE WEB

CD QA SELFSERVE WEB #8

name: CD QA SELFSERVE WEB
run-name: CD QA SELFSERVE WEB
on:
workflow_dispatch:
inputs:
ssweb_image_tag:
description: 'Tag of SelfServe Web Image'
required: true
env:
AWS_REGION : ${{ vars.DVSA_AWS_REGION }}
SSWEB_NONPROD_TOOLING_REPO_URL: ${{ secrets.SSWEB_NONPROD_TOOLING_ECR_REPO_URL }}
SSWEB_PROD_TOOLING_REPO_URL: ${{ secrets.SSWEB_PROD_TOOLING_ECR_REPO_URL }}
# Permission can be added at job level or workflow level
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
jobs:
deploy-on-qa-cluster:
name: Deploy on QA Cluster
# if: github.ref == 'refs/heads/master'
runs-on: ubuntu-latest
steps:
- name: Configure AWS credentials on Non Production SSWEB ECR
uses: aws-actions/[email protected]
with:
role-to-assume: ${{ secrets.VOL_AWS_ROLE_TOOLING_NONPROD }}
role-session-name: GitHub_to_AWS_via_FederatedOIDC
aws-region: ${{ env.AWS_REGION}}
- name: Login to Non Production SSWEB ECR
id: login-ecr-ssweb-tooling-non-prod
uses: aws-actions/[email protected]
- name: Validate SelfServe Web Image
uses: dvsa/.github/.github/actions/image-integrity@feature/AddMiscAuxilaryWorkflows
with:
ecr_tagged_image: ${{ secrets.SSWEB_NONPROD_TOOLING_ECR_REPO_URL }}:${{ github.event.inputs.SSWEB_image_tag }}
image_sign_inspect: 'true'
- name: Deploy on QA
run: |
echo 'Deploy on QA'
# uses: dvsa/.github/.github/workflows/trigger-github-workflow.yaml@feature/AddMiscAuxilaryWorkflows
# with:
# branch: 'feature/AWSRESET1-514'
# git_repository: 'dvsa/dvsa-container-registry'
# workflow_name: 'CD NON-PROD SELFSERVE WEB'
# input_arguments: 'ssweb_image_tag=${{ github.event.inputs.ssweb_image_tag }}'
# secrets:
# gh_token: ${{ secrets.DVSA_VOL_TERRAFORM_ACCESS_TOKEN }}
qa-automation-tests:
name: Run QA Automation Tests
# if: github.ref == 'refs/heads/master'
runs-on: ubuntu-latest
needs:
- deploy-on-qa-cluster
steps:
- name: Run automation tests
run: |
echo 'Run automation tests'
prod-approve-image:
name: Approval PROD SelfServe Web Image
# if: github.ref == 'refs/heads/master'
runs-on: ubuntu-latest
needs:
- qa-automation-tests
steps:
- name: Set NONPROD_SSWEB_IMAGE_TAG & PROD_SSWEB_IMAGE_TAG
run: |
inputImageTag=${{ github.event.inputs.SSWEB_image_tag }}
echo "NONPROD_SSWEB_IMAGE_TAG=${inputImageTag}" >> $GITHUB_ENV
echo "PROD_SSWEB_IMAGE_TAG=${inputImageTag#non}" >> $GITHUB_ENV
- name: Configure AWS credentials on SSWEB Non Production Tooling ECR
uses: aws-actions/[email protected]
with:
role-to-assume: ${{ secrets.VOL_AWS_ROLE_TOOLING_NONPROD }}
role-session-name: GitHub_to_AWS_via_FederatedOIDC
aws-region: ${{ vars.DVSA_AWS_REGION}}
- name: Login to ECR
id: login-ecr-ssweb-tooling-non-prod
uses: aws-actions/[email protected]
- name: Tag & Push PROD Approved SelfServe Web image
id: push-image
run: |
docker pull ${SSWEB_NONPROD_TOOLING_REPO_URL}:${NONPROD_SSWEB_IMAGE_TAG}
docker tag ${SSWEB_NONPROD_TOOLING_REPO_URL}:${NONPROD_SSWEB_IMAGE_TAG} ${SSWEB_PROD_TOOLING_REPO_URL}:${PROD_SSWEB_IMAGE_TAG}
docker push ${SSWEB_PROD_TOOLING_REPO_URL}:${PROD_SSWEB_IMAGE_TAG}
- name: Sign PROD SelfServe Web image
uses: dvsa/.github/.github/actions/image-integrity@feature/AddMiscAuxilaryWorkflows
with:
aws_signer_profile_arn: ${{ secrets.DVSA_AWS_SSWEB_NONPROD_TOOLING_IMAGE_SIGNING_PROFILE }}
ecr_tagged_image: ${SSWEB_PROD_TOOLING_REPO_URL}:${PROD_SSWEB_IMAGE_TAG}
image_sign_create: 'true'