CICD: Added Workflows & Docker Manifests

dvsa · Nov 18, 2023 · 748dc57 · 748dc57
1 parent bfbfd3c
commit 748dc57
Show file tree

Hide file tree

Showing 5 changed files with 113 additions and 96 deletions.
diff --git a/.github/actions/build-ssweb/README.md b/.github/actions/build-ssweb/README.md
@@ -1,5 +1,5 @@
 # Build SelfServe Web Artifact
-Action to buildSelfServe Web artifact
+Action to build SelfServe Web artifact
 
 ####  Prerequisites
 Git checkout
@@ -12,6 +12,6 @@ VOL_API_Artifact
 
 ####  Usage
 ```yaml
-- name: Build VOL API artifact
-  uses: dvsa/olcs-backend/.github/actions/build-ssweb@main
+- name: Build SelfServe artifact
+  uses: dvsa/olcs-selfserve/.github/actions/build-ssweb@main
 ```
diff --git a/.github/actions/build-ssweb/action.yaml b/.github/actions/build-ssweb/action.yaml
@@ -4,10 +4,6 @@ description: Build VOL SSWEB FE
 runs:
   using: 'composite'
   steps:
-    - uses: hashicorp/setup-terraform@v2
-      with:
-        terraform_version:  ${{ inputs.terraform_version }}
-        terraform_wrapper: false
 
     # Create s3 bucket in vol-non-prod tooling & vol-prod tooling to get the composer
     - name: Download the compose file

diff --git a/.github/workflows/non-prod-selfserve-web-build-deploy.yaml b/.github/workflows/non-prod-selfserve-web-build-deploy.yaml
@@ -2,10 +2,9 @@ name: CI/CD NON PROD SELFSERVE WEB
 run-name: CI/CD NON PROD SELFSERVE WEB
 
 on:
-  pull_request:
-  # push:
-  #   branches:
-  #     - master
+  push:
+    branches:
+      - master
 
 env:
   AWS_REGION : ${{ vars.DVSA_AWS_REGION }}
@@ -54,12 +53,23 @@ jobs:
 
     name: Build, Push & Sign Image
     runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        php: 
+        - '7.4'
 
     steps:
 
     - name: Checkout the repository to this runner
       uses: actions/checkout@v3
 
+    - name: Setup PHP
+      uses: shivammathur/setup-php@v2
+      with:
+        php-version: ${{ matrix.php }}
+        tools: composer:v2
+        coverage: none
+
     - name: Build SelfServe Web artifact
       uses: dvsa/olcs-selfserve/.github/actions/build-ssweb@feat/awsreset-container
 
@@ -90,7 +100,6 @@ jobs:
 
     - name: Build SelfServe Web image
       run: |
-        # notation inspect $BASE_IMAGE
         docker build -t ${SSWEB_NONPROD_TOOLING_REPO_URL}:${SSWEB_IMAGE_TAG} \
           --build-arg DVSA_AWS_SHAREDCOREECR_ID=${{secrets.DVSA_AWS_SHAREDCOREECR_ID}} .
 
@@ -116,14 +125,14 @@ jobs:
       uses: aws-actions/[email protected]
 
     - name: Push SelfServe Web image
-      # if: github.ref == 'refs/heads/master'
+      if: github.ref == 'refs/heads/master'
       id: push-image
       run: |
         echo "image_tag=${SSWEB_IMAGE_TAG}" >> $GITHUB_OUTPUT
         docker push ${SSWEB_NONPROD_TOOLING_REPO_URL}:${SSWEB_IMAGE_TAG}
 
     - name: Sign SelfServe Web image
-      # if: github.ref == 'refs/heads/master'
+      if: github.ref == 'refs/heads/master'
       uses: dvsa/.github/.github/actions/image-integrity@feature/AddMiscAuxilaryWorkflows
       with:
         aws_signer_profile_arn: ${{ secrets.DVSA_AWS_SSWEB_NONPROD_TOOLING_IMAGE_SIGNING_PROFILE }}
@@ -140,104 +149,104 @@ jobs:
     outputs:
       image_tag: ${{ steps.push-image.outputs.image_tag }}
 
-  # deploy-on-non-prod-cluster:
+  deploy-on-non-prod-cluster:
 
-  #   name: Deploy on Non Prod Cluster
-  #   # if: github.ref == 'refs/heads/master'
+    name: Deploy on Non Prod Cluster
+    if: github.ref == 'refs/heads/master'
 
-  #   needs:
-  #   - unit-tests
-  #   # - security
-  #   # - static-analysis
-  #   # - tests
-  #   -  build-test-push-sign-image
+    needs:
+    - unit-tests
+    # - security
+    # - static-analysis
+    # - tests
+    -  build-test-push-sign-image
 
-  #   runs-on: ubuntu-latest
+    runs-on: ubuntu-latest
 
-  #   steps:
+    steps:
 
-  #   - name: Deploy
-  #     run: |
-  #      echo 'Deploy on Non Prod'
+    - name: Deploy
+      run: |
+       echo 'Deploy on Non Prod'
 
-  #   # uses: ./.github/workflows/trigger-github-workflow.yaml
-  #   # with:
-  #   #   branch: 'feature/AWSRESET1-514'
-  #   #   git_repository: 'dvsa/dvsa-container-registry'
-  #   #   workflow_name: 'CD NON PROD SELFSERVE WEB'
-  #   #   input_arguments: 'ssweb_image_tag=${{ needs.build-test-push-sign-image.outputs.image_tag }}'
-  #   # secrets:
-  #   #   gh_token: ${{ secrets.DVSA_VOL_TERRAFORM_ACCESS_TOKEN }}
+    # uses: dvsa/.github/.github/workflows/trigger-github-workflow.yaml@feature/AddMiscAuxilaryWorkflows
+    # with:
+    #   branch: 'feature/AWSRESET1-514'
+    #   git_repository: 'dvsa/dvsa-container-registry'
+    #   workflow_name: 'CD NON PROD SELFSERVE WEB'
+    #   input_arguments: 'ssweb_image_tag=${{ needs.build-test-push-sign-image.outputs.image_tag }}'
+    # secrets:
+    #   gh_token: ${{ secrets.DVSA_VOL_TERRAFORM_ACCESS_TOKEN }}
 
-  # automation-tests:
+  automation-tests:
 
-  #   name: Run Automation Tests
-  #   # if: github.ref == 'refs/heads/master'
-  #   runs-on: ubuntu-latest
+    name: Run Automation Tests
+    if: github.ref == 'refs/heads/master'
+    runs-on: ubuntu-latest
 
-  #   needs:
-  #   - deploy-on-non-prod-cluster
+    needs:
+    - deploy-on-non-prod-cluster
 
-  #   steps:
+    steps:
 
-  #   - name: Run automation tests
-  #     run: |
-  #      echo 'Run automation tests'
+    - name: Run automation tests
+      run: |
+       echo 'Run automation tests'
 
-  # build-nonprod-approved-image:
+  build-nonprod-approved-image:
 
-  #   name: Build Non PROD Approved Image
-  #   # if: github.ref == 'refs/heads/master'
-  #   runs-on: ubuntu-latest
+    name: Build Non PROD Approved Image
+    if: github.ref == 'refs/heads/master'
+    runs-on: ubuntu-latest
 
-  #   needs:
-  #   - build-test-push-sign-image
-  #   # - deploy-on-non-prod-cluster
-  #   - automation-tests
+    needs:
+    - build-test-push-sign-image
+    - deploy-on-non-prod-cluster
+    - automation-tests
 
-  #   steps:
+    steps:
 
-  #   - name: SSWEB_IMAGE_TAG & NONPROD_SSWEB_IMAGE_TAG
-  #     run: |
-  #       echo "SSWEB_IMAGE_TAG=${{ needs.build-test-push-sign-image.outputs.image_tag }}" >> $GITHUB_ENV
-  #       echo "NONPROD_SSWEB_IMAGE_TAG=nonprod-${{ needs.build-test-push-sign-image.outputs.image_tag }}" >> $GITHUB_ENV
+    - name: SSWEB_IMAGE_TAG & NONPROD_SSWEB_IMAGE_TAG
+      run: |
+        echo "SSWEB_IMAGE_TAG=${{ needs.build-test-push-sign-image.outputs.image_tag }}" >> $GITHUB_ENV
+        echo "NONPROD_SSWEB_IMAGE_TAG=nonprod-${{ needs.build-test-push-sign-image.outputs.image_tag }}" >> $GITHUB_ENV
 
-  #   - name: Configure AWS credentials on Non Production SSWEB ECR
-  #     uses: aws-actions/[email protected]
-  #     with:
-  #       role-to-assume: ${{ secrets.VOL_AWS_ROLE_TOOLING_NONPROD }}
-  #       role-session-name: GitHub_to_AWS_via_FederatedOIDC
-  #       aws-region: ${{ env.AWS_REGION }}
+    - name: Configure AWS credentials on Non Production SSWEB ECR
+      uses: aws-actions/[email protected]
+      with:
+        role-to-assume: ${{ secrets.VOL_AWS_ROLE_TOOLING_NONPROD }}
+        role-session-name: GitHub_to_AWS_via_FederatedOIDC
+        aws-region: ${{ env.AWS_REGION }}
 
-  #   - name: Login to Non Production SSWEB ECR
-  #     id: login-ecr-ssweb-tooling-non-prod
-  #     uses: aws-actions/[email protected]
+    - name: Login to Non Production SSWEB ECR
+      id: login-ecr-ssweb-tooling-non-prod
+      uses: aws-actions/[email protected]
 
-  #   - name: Push SelfServe Web image
-  #     # if: github.ref == 'refs/heads/master'
-  #     id: push-approved-image
-  #     run: |
-  #       echo "approved_image_tag=${NONPROD_SSWEB_IMAGE_TAG}" >> $GITHUB_OUTPUT
-  #       docker pull ${SSWEB_NONPROD_TOOLING_REPO_URL}:${SSWEB_IMAGE_TAG}
-  #       docker tag ${SSWEB_NONPROD_TOOLING_REPO_URL}:${SSWEB_IMAGE_TAG} ${SSWEB_NONPROD_TOOLING_REPO_URL}:${NONPROD_SSWEB_IMAGE_TAG}
-  #       docker push ${SSWEB_NONPROD_TOOLING_REPO_URL}:${NONPROD_SSWEB_IMAGE_TAG}
+    - name: Push SelfServe Web image
+      if: github.ref == 'refs/heads/master'
+      id: push-approved-image
+      run: |
+        echo "approved_image_tag=${NONPROD_SSWEB_IMAGE_TAG}" >> $GITHUB_OUTPUT
+        docker pull ${SSWEB_NONPROD_TOOLING_REPO_URL}:${SSWEB_IMAGE_TAG}
+        docker tag ${SSWEB_NONPROD_TOOLING_REPO_URL}:${SSWEB_IMAGE_TAG} ${SSWEB_NONPROD_TOOLING_REPO_URL}:${NONPROD_SSWEB_IMAGE_TAG}
+        docker push ${SSWEB_NONPROD_TOOLING_REPO_URL}:${NONPROD_SSWEB_IMAGE_TAG}
 
-  #   outputs:
-  #     approved_image_tag: ${{ steps.push-approved-image.outputs.approved_image_tag }}
+    outputs:
+      approved_image_tag: ${{ steps.push-approved-image.outputs.approved_image_tag }}
 
-  # qa-approval:
+  qa-approval:
 
-  #   name: QA SelfServe Web Image Approval
-  #   # if: github.ref == 'refs/heads/master'
+    name: QA SelfServe Web Image Approval
+    if: github.ref == 'refs/heads/master'
 
-  #   needs:
-  #   -  build-nonprod-approved-image
+    needs:
+    -  build-nonprod-approved-image
 
-  #   uses: dvsa/.github/.github/workflows/trigger-github-workflow.yaml@feature/AddMiscAuxilaryWorkflows
-  #   with:
-  #     branch: 'feat/awsreset-container'
-  #     git_repository: 'dvsa/olcs-selfserve'
-  #     workflow_name: 'qa-selfserve-web-approval.yaml'
-  #     input_arguments: 'ssweb_image_tag=${{ needs.build-nonprod-approved-image.outputs.approved_image_tag }}'
-  #   secrets:
-  #     gh_token: ${{ secrets.DVSA_VOL_TERRAFORM_ACCESS_TOKEN }}
+    uses: dvsa/.github/.github/workflows/trigger-github-workflow.yaml@feature/AddMiscAuxilaryWorkflows
+    with:
+      branch: 'feat/awsreset-container'
+      git_repository: 'dvsa/olcs-selfserve'
+      workflow_name: 'qa-selfserve-web-approval.yaml'
+      input_arguments: 'ssweb_image_tag=${{ needs.build-nonprod-approved-image.outputs.approved_image_tag }}'
+    secrets:
+      gh_token: ${{ secrets.DVSA_VOL_TERRAFORM_ACCESS_TOKEN }}
diff --git a/.github/workflows/qa-selfserve-web-approval.yaml b/.github/workflows/qa-selfserve-web-approval.yaml
@@ -42,7 +42,7 @@ jobs:
     - name: Validate SelfServe Web Image
       uses: dvsa/.github/.github/actions/image-integrity@feature/AddMiscAuxilaryWorkflows
       with:
-        ecr_tagged_image:  ${{ secrets.SSWEB_NONPROD_TOOLING_ECR_REPO_URL }}:${{ github.event.inputs.SSWEB_image_tag }}
+        ecr_tagged_image:  ${{ secrets.SSWEB_NONPROD_TOOLING_ECR_REPO_URL }}:${{ github.event.inputs.ssweb_image_tag }}
         image_sign_inspect: 'true'  
 
     - name: Deploy on QA
@@ -58,7 +58,6 @@ jobs:
     # secrets:
     #   gh_token: ${{ secrets.DVSA_VOL_TERRAFORM_ACCESS_TOKEN }}
 
-
   qa-automation-tests:
 
     name: Run QA Automation Tests
@@ -96,20 +95,22 @@ jobs:
       with:
         role-to-assume: ${{ secrets.VOL_AWS_ROLE_TOOLING_NONPROD }}
         role-session-name: GitHub_to_AWS_via_FederatedOIDC
-        aws-region: ${{ vars.DVSA_AWS_REGION}}
+        aws-region: ${{ env.AWS_REGION }}
 
     - name: Login to ECR
       id: login-ecr-ssweb-tooling-non-prod
       uses: aws-actions/[email protected]
 
     - name: Tag & Push PROD Approved SelfServe Web image
+      if: github.ref == 'refs/heads/master'
       id: push-image
       run: |
         docker pull ${SSWEB_NONPROD_TOOLING_REPO_URL}:${NONPROD_SSWEB_IMAGE_TAG}
         docker tag ${SSWEB_NONPROD_TOOLING_REPO_URL}:${NONPROD_SSWEB_IMAGE_TAG} ${SSWEB_PROD_TOOLING_REPO_URL}:${PROD_SSWEB_IMAGE_TAG}
         docker push ${SSWEB_PROD_TOOLING_REPO_URL}:${PROD_SSWEB_IMAGE_TAG}
 
     - name: Sign PROD SelfServe Web image
+      if: github.ref == 'refs/heads/master'
       uses: dvsa/.github/.github/actions/image-integrity@feature/AddMiscAuxilaryWorkflows
       with:
         aws_signer_profile_arn: ${{ secrets.DVSA_AWS_SSWEB_NONPROD_TOOLING_IMAGE_SIGNING_PROFILE }}

diff --git a/.github/workflows/static-selfserve-web-build-deploy.yaml b/.github/workflows/static-selfserve-web-build-deploy.yaml
@@ -5,8 +5,8 @@ on:
   pull_request_review:
     types: [edited, submitted]
   pull_request:
-    # branches:
-    #   - master
+    branches:
+      - master
 
 env:
   AWS_REGION : ${{ vars.DVSA_AWS_REGION }}
@@ -69,12 +69,23 @@ jobs:
     name: Build, Push & Sign Image
     if: github.event_name == 'pull_request' && github.event_name != 'pull_request_review'
     runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        php: 
+        - '7.4'
 
     steps:
 
     - name: Checkout the repository to this runner
       uses: actions/checkout@v3
 
+    - name: Setup PHP
+      uses: shivammathur/setup-php@v2
+      with:
+        php-version: ${{ matrix.php }}
+        tools: composer:v2
+        coverage: none
+
     - name: Build SelfServe Web artifact
       uses: dvsa/olcs-selfserve/.github/actions/build-ssweb@feat/awsreset-container