From 890eb34d24abc880b79220037b15bab013c2652c Mon Sep 17 00:00:00 2001 From: awshuss Date: Fri, 17 Nov 2023 08:04:51 +0000 Subject: [PATCH] Added workflows --- .../non-prod-selfserve-web-build-deploy.yaml | 398 +++++++++--------- .../workflows/qa-selfserve-web-approval.yaml | 4 +- 2 files changed, 201 insertions(+), 201 deletions(-) diff --git a/.github/workflows/non-prod-selfserve-web-build-deploy.yaml b/.github/workflows/non-prod-selfserve-web-build-deploy.yaml index 3a5bbbe1e..94e56cdef 100644 --- a/.github/workflows/non-prod-selfserve-web-build-deploy.yaml +++ b/.github/workflows/non-prod-selfserve-web-build-deploy.yaml @@ -19,217 +19,219 @@ permissions: jobs: - # security: - # uses: dvsa/.github/.github/workflows/php-security.yml@v3.2.0 - # secrets: - # SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + # # security: + # # uses: dvsa/.github/.github/workflows/php-security.yml@v3.2.0 + # # secrets: + # # SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + + # # static-analysis: + # # uses: dvsa/.github/.github/workflows/php-static.yml@v3.2.0 + # # # with: + # # # php-version: '7.4' + + # # tests: + # # uses: dvsa/.github/.github/workflows/php-tests.yml@v3.2.0 + # # with: + # # php-versions: "[\"7.4\"]" + # # # fail-fast: false + + # unit-tests: + + # name: Run Unit Tests + # runs-on: ubuntu-latest + + # steps: + + # - name: Checkout the repository to this runner + # uses: actions/checkout@v3 + + # - name: Run unit tests + # run: | + # echo 'Run unit tests' + # ls -la ./ + + # build-test-push-sign-image: + + # name: Build, Push & Sign Image + # runs-on: ubuntu-latest + + # steps: + + # - name: Checkout the repository to this runner + # uses: actions/checkout@v3 + + # - name: Build SelfServe Web artifact + # uses: dvsa/olcs-selfserve/.github/actions/build-ssweb@feature/AddWorkflows + + # - name: Set BASE_IMAGE & SSWEB_IMAGE_TAG + # run: | + # envsubst < dockerfile | tee dockerfile.tmp + # mv dockerfile.tmp dockerfile + # BASE_IMAGE=$(head -n1 dockerfile) + # echo "BASE_IMAGE=${BASE_IMAGE#* }" >> $GITHUB_ENV + # echo "SSWEB_IMAGE_TAG=approved-ssweb-${BASE_IMAGE#*:}-$(git rev-parse --short HEAD)" >> $GITHUB_ENV + + # - name: Configure AWS credentials on Shared Core ECR + # uses: aws-actions/configure-aws-credentials@v4.0.1 + # with: + # role-to-assume: ${{ secrets.DVSA_AWS_ROLE_SHAREDCORECR }} + # role-session-name: GitHub_to_AWS_via_FederatedOIDC + # aws-region: ${{ env.AWS_REGION }} + + # - name: Login to Shared Core ECR + # id: login-ecr-sharedcoreecr + # uses: aws-actions/amazon-ecr-login@v2.0.1 + + # - name: Verify base image + # uses: dvsa/.github/.github/actions/image-integrity@feature/AddMiscAuxilaryWorkflows + # with: + # ecr_tagged_image: $BASE_IMAGE + # image_sign_inspect: 'true' + + # - name: Build SelfServe Web image + # run: | + # # notation inspect $BASE_IMAGE + # docker build -t ${SSWEB_NONPROD_TOOLING_REPO_URL}:${SSWEB_IMAGE_TAG} \ + # --build-arg DVSA_AWS_SHAREDCOREECR_ID=${{secrets.DVSA_AWS_SHAREDCOREECR_ID}} . + + # - name: Snyk scan SelfServe Web image + # id: scan-api-image + # uses: snyk/actions/docker@master + # env: + # SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + # with: + # image: ${SSWEB_NONPROD_TOOLING_REPO_URL}:${SSWEB_IMAGE_TAG} + # args: --file=dockerfile --severity-threshold=critical + # continue-on-error: true + + # - name: Configure AWS credentials on Non Production SSWEB ECR + # uses: aws-actions/configure-aws-credentials@v4.0.1 + # with: + # role-to-assume: ${{ secrets.VOL_AWS_ROLE_TOOLING_NONPROD }} + # role-session-name: GitHub_to_AWS_via_FederatedOIDC + # aws-region: ${{ env.AWS_REGION }} + + # - name: Login to Non Production SSWEB ECR + # id: login-ecr-ssweb-tooling-non-prod + # uses: aws-actions/amazon-ecr-login@v2.0.1 + + # - name: Push SelfServe Web image + # if: github.ref == 'refs/heads/master' + # id: push-image + # run: | + # echo "image_tag=${SSWEB_IMAGE_TAG}" >> $GITHUB_OUTPUT + # docker push ${SSWEB_NONPROD_TOOLING_REPO_URL}:${SSWEB_IMAGE_TAG} + + # - name: Sign SelfServe Web image + # if: github.ref == 'refs/heads/master' + # uses: dvsa/.gitub/.github/actions/image-integrity@feature/AddMiscAuxilaryWorkflows + # with: + # aws_signer_profile_arn: ${{ secrets.DVSA_AWS_SSWEB_NONPROD_TOOLING_IMAGE_SIGNING_PROFILE }} + # ecr_tagged_image: ${SSWEB_NONPROD_TOOLING_REPO_URL}:${SSWEB_IMAGE_TAG} + # image_sign_create: 'true' + + # outputs: + # image_tag: ${{ steps.push-image.outputs.image_tag }} + + # deploy-on-non-prod-cluster: + + # name: Deploy on Non Prod Cluster + # if: github.ref == 'refs/heads/master' - # static-analysis: - # uses: dvsa/.github/.github/workflows/php-static.yml@v3.2.0 - # # with: - # # php-version: '7.4' - - # tests: - # uses: dvsa/.github/.github/workflows/php-tests.yml@v3.2.0 - # with: - # php-versions: "[\"7.4\"]" - # # fail-fast: false - - unit-tests: - - name: Run Unit Tests - runs-on: ubuntu-latest - - steps: - - - name: Checkout the repository to this runner - uses: actions/checkout@v3 - - - name: Run unit tests - run: | - echo 'Run unit tests' - ls -la ./ - - build-test-push-sign-image: - - name: Build, Push & Sign Image - runs-on: ubuntu-latest - - steps: - - - name: Checkout the repository to this runner - uses: actions/checkout@v3 - - - name: Build SelfServe Web artifact - uses: dvsa/olcs-selfserve/.github/actions/build-ssweb@feature/AddWorkflows - - - name: Set BASE_IMAGE & SSWEB_IMAGE_TAG - run: | - envsubst < dockerfile | tee dockerfile.tmp - mv dockerfile.tmp dockerfile - BASE_IMAGE=$(head -n1 dockerfile) - echo "BASE_IMAGE=${BASE_IMAGE#* }" >> $GITHUB_ENV - echo "SSWEB_IMAGE_TAG=approved-ssweb-${BASE_IMAGE#*:}-$(git rev-parse --short HEAD)" >> $GITHUB_ENV - - - name: Configure AWS credentials on Shared Core ECR - uses: aws-actions/configure-aws-credentials@v4.0.1 - with: - role-to-assume: ${{ secrets.DVSA_AWS_ROLE_SHAREDCORECR }} - role-session-name: GitHub_to_AWS_via_FederatedOIDC - aws-region: ${{ env.AWS_REGION }} - - - name: Login to Shared Core ECR - id: login-ecr-sharedcoreecr - uses: aws-actions/amazon-ecr-login@v2.0.1 - - - name: Verify base image - uses: dvsa/olcs-backend/.github/actions/image-integrity@feature/AWSRESET1-514 - with: - ecr_tagged_image: $BASE_IMAGE - image_sign_inspect: 'true' - - - name: Build SelfServe Web image - run: | - # notation inspect $BASE_IMAGE - docker build -t ${SSWEB_NONPROD_TOOLING_REPO_URL}:${SSWEB_IMAGE_TAG} \ - --build-arg DVSA_AWS_SHAREDCOREECR_ID=${{secrets.DVSA_AWS_SHAREDCOREECR_ID}} . - - - name: Snyk scan SelfServe Web image - id: scan-api-image - uses: snyk/actions/docker@master - env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - with: - image: ${SSWEB_NONPROD_TOOLING_REPO_URL}:${SSWEB_IMAGE_TAG} - args: --file=dockerfile --severity-threshold=critical - continue-on-error: true - - - name: Configure AWS credentials on Non Production SSWEB ECR - uses: aws-actions/configure-aws-credentials@v4.0.1 - with: - role-to-assume: ${{ secrets.VOL_AWS_ROLE_TOOLING_NONPROD }} - role-session-name: GitHub_to_AWS_via_FederatedOIDC - aws-region: ${{ env.AWS_REGION }} - - - name: Login to Non Production SSWEB ECR - id: login-ecr-ssweb-tooling-non-prod - uses: aws-actions/amazon-ecr-login@v2.0.1 - - - name: Push SelfServe Web image - # if: github.ref == 'refs/heads/master' - id: push-image - run: | - echo "image_tag=${SSWEB_IMAGE_TAG}" >> $GITHUB_OUTPUT - docker push ${SSWEB_NONPROD_TOOLING_REPO_URL}:${SSWEB_IMAGE_TAG} - - - name: Sign SelfServe Web image - uses: dvsa/olcs-backend/.github/actions/image-integrity@feature/AWSRESET1-514 - with: - aws_signer_profile_arn: ${{ secrets.DVSA_AWS_SSWEB_NONPROD_TOOLING_IMAGE_SIGNING_PROFILE }} - ecr_tagged_image: ${SSWEB_NONPROD_TOOLING_REPO_URL}:${SSWEB_IMAGE_TAG} - image_sign_create: 'true' - - outputs: - image_tag: ${{ steps.push-image.outputs.image_tag }} - - deploy-on-non-prod-cluster: - - name: Deploy on Non Prod Cluster - # if: github.ref == 'refs/heads/master' + # needs: + # - unit-tests + # # - security + # # - static-analysis + # # - tests + # - build-test-push-sign-image - needs: - - unit-tests - # - security - # - static-analysis - # - tests - - build-test-push-sign-image + # runs-on: ubuntu-latest - runs-on: ubuntu-latest + # steps: - steps: + # - name: Deploy + # run: | + # echo 'Deploy on Non Prod' - - name: Deploy - run: | - echo 'Deploy on Non Prod' + # # uses: ./.github/workflows/trigger-github-workflow.yaml + # # with: + # # branch: 'feature/AWSRESET1-514' + # # git_repository: 'dvsa/dvsa-container-registry' + # # workflow_name: 'CD NON PROD SELFSERVE WEB' + # # input_arguments: 'ssweb_image_tag=${{ needs.build-test-push-sign-image.outputs.image_tag }}' + # # secrets: + # # gh_token: ${{ secrets.DVSA_VOL_TERRAFORM_ACCESS_TOKEN }} - # uses: ./.github/workflows/trigger-github-workflow.yaml - # with: - # branch: 'feature/AWSRESET1-514' - # git_repository: 'dvsa/dvsa-container-registry' - # workflow_name: 'CD NON PROD SELFSERVE WEB' - # input_arguments: 'ssweb_image_tag=${{ needs.build-test-push-sign-image.outputs.image_tag }}' - # secrets: - # gh_token: ${{ secrets.DVSA_VOL_TERRAFORM_ACCESS_TOKEN }} + # automation-tests: - automation-tests: + # name: Run Automation Tests + # if: github.ref == 'refs/heads/master' + # runs-on: ubuntu-latest - name: Run Automation Tests - # if: github.ref == 'refs/heads/master' - runs-on: ubuntu-latest + # needs: + # - deploy-on-non-prod-cluster - needs: - - deploy-on-non-prod-cluster + # steps: - steps: + # - name: Run automation tests + # run: | + # echo 'Run automation tests' - - name: Run automation tests - run: | - echo 'Run automation tests' + # build-nonprod-approved-image: - build-nonprod-approved-image: + # name: Build Non PROD Approved Image + # if: github.ref == 'refs/heads/master' + # runs-on: ubuntu-latest - name: Build Non PROD Approved Image + # needs: + # - build-test-push-sign-image + # # - deploy-on-non-prod-cluster + # - automation-tests + + # steps: + + # - name: SSWEB_IMAGE_TAG & NONPROD_SSWEB_IMAGE_TAG + # run: | + # echo "SSWEB_IMAGE_TAG=${{ needs.build-test-push-sign-image.outputs.image_tag }}" >> $GITHUB_ENV + # echo "NONPROD_SSWEB_IMAGE_TAG=nonprod-${{ needs.build-test-push-sign-image.outputs.image_tag }}" >> $GITHUB_ENV + + # - name: Configure AWS credentials on Non Production SSWEB ECR + # uses: aws-actions/configure-aws-credentials@v4.0.1 + # with: + # role-to-assume: ${{ secrets.VOL_AWS_ROLE_TOOLING_NONPROD }} + # role-session-name: GitHub_to_AWS_via_FederatedOIDC + # aws-region: ${{ env.AWS_REGION }} + + # - name: Login to Non Production SSWEB ECR + # id: login-ecr-ssweb-tooling-non-prod + # uses: aws-actions/amazon-ecr-login@v2.0.1 + + # - name: Push SelfServe Web image + # if: github.ref == 'refs/heads/master' + # id: push-approved-image + # run: | + # echo "approved_image_tag=${NONPROD_SSWEB_IMAGE_TAG}" >> $GITHUB_OUTPUT + # docker pull ${SSWEB_NONPROD_TOOLING_REPO_URL}:${SSWEB_IMAGE_TAG} + # docker tag ${SSWEB_NONPROD_TOOLING_REPO_URL}:${SSWEB_IMAGE_TAG} ${SSWEB_NONPROD_TOOLING_REPO_URL}:${NONPROD_SSWEB_IMAGE_TAG} + # docker push ${SSWEB_NONPROD_TOOLING_REPO_URL}:${NONPROD_SSWEB_IMAGE_TAG} + + # outputs: + # approved_image_tag: ${{ steps.push-approved-image.outputs.approved_image_tag }} + + qa-approval: + + name: QA SelfServe Web Image Approval # if: github.ref == 'refs/heads/master' - runs-on: ubuntu-latest needs: - - build-test-push-sign-image - # - deploy-on-non-prod-cluster - - automation-tests - - steps: - - - name: SSWEB_IMAGE_TAG & NONPROD_SSWEB_IMAGE_TAG - run: | - echo "SSWEB_IMAGE_TAG=${{ needs.build-test-push-sign-image.outputs.image_tag }}" >> $GITHUB_ENV - echo "NONPROD_SSWEB_IMAGE_TAG=nonprod-${{ needs.build-test-push-sign-image.outputs.image_tag }}" >> $GITHUB_ENV - - - name: Configure AWS credentials on Non Production SSWEB ECR - uses: aws-actions/configure-aws-credentials@v4.0.1 - with: - role-to-assume: ${{ secrets.VOL_AWS_ROLE_TOOLING_NONPROD }} - role-session-name: GitHub_to_AWS_via_FederatedOIDC - aws-region: ${{ env.AWS_REGION }} - - - name: Login to Non Production SSWEB ECR - id: login-ecr-ssweb-tooling-non-prod - uses: aws-actions/amazon-ecr-login@v2.0.1 - - - name: Push SelfServe Web image - # if: github.ref == 'refs/heads/master' - id: push-approved-image - run: | - echo "approved_image_tag=${NONPROD_SSWEB_IMAGE_TAG}" >> $GITHUB_OUTPUT - docker pull ${SSWEB_NONPROD_TOOLING_REPO_URL}:${SSWEB_IMAGE_TAG} - docker tag ${SSWEB_NONPROD_TOOLING_REPO_URL}:${SSWEB_IMAGE_TAG} ${SSWEB_NONPROD_TOOLING_REPO_URL}:${NONPROD_SSWEB_IMAGE_TAG} - docker push ${SSWEB_NONPROD_TOOLING_REPO_URL}:${NONPROD_SSWEB_IMAGE_TAG} - - outputs: - approved_image_tag: ${{ steps.push-approved-image.outputs.approved_image_tag }} - - # qa-approval: - - # name: QA SelfServe Web Image Approval - # if: github.ref == 'refs/heads/master' - - # needs: - # - build-nonprod-approved-image - - # uses: ./.github/workflows/trigger-github-workflow.yaml - # with: - # branch: 'feature/AWSRESET1-514' - # git_repository: 'dvsa/olcs-backend' - # workflow_name: 'CD QA SELFSERVE WEB' - # input_arguments: 'ssweb_image_tag=${{ needs.build-nonprod-approved-image.outputs.approved_image_tag }}' - # secrets: - # gh_token: ${{ secrets.DVSA_VOL_TERRAFORM_ACCESS_TOKEN }} + - build-nonprod-approved-image + + uses: dvsa/.github/.github/workflows/trigger-github-workflow.yaml@feature/AddMiscAuxilaryWorkflows + with: + branch: 'feature/AddWorkflows' + git_repository: 'dvsa/olcs-selfserve' + workflow_name: 'qa-selfserve-web-approval.yaml' + input_arguments: 'ssweb_image_tag=${{ needs.build-nonprod-approved-image.outputs.approved_image_tag }}' + # input_arguments: 'ssweb_image_tag=${{ needs.build-nonprod-approved-image.outputs.approved_image_tag }}' + secrets: + gh_token: ${{ secrets.DVSA_VOL_TERRAFORM_ACCESS_TOKEN }} diff --git a/.github/workflows/qa-selfserve-web-approval.yaml b/.github/workflows/qa-selfserve-web-approval.yaml index 88e4a5299..88ac62b97 100644 --- a/.github/workflows/qa-selfserve-web-approval.yaml +++ b/.github/workflows/qa-selfserve-web-approval.yaml @@ -86,7 +86,6 @@ jobs: steps: - name: Set NONPROD_SSWEB_IMAGE_TAG & PROD_SSWEB_IMAGE_TAG - # if: github.ref == 'refs/heads/master' run: | inputImageTag=${{ github.event.inputs.SSWEB_image_tag }} echo "NONPROD_SSWEB_IMAGE_TAG=${inputImageTag}" >> $GITHUB_ENV @@ -104,7 +103,6 @@ jobs: uses: aws-actions/amazon-ecr-login@v2.0.1 - name: Tag & Push PROD Approved SelfServe Web image - # if: github.ref == 'refs/heads/master' id: push-image run: | docker pull ${SSWEB_NONPROD_TOOLING_REPO_URL}:${NONPROD_SSWEB_IMAGE_TAG} @@ -112,7 +110,7 @@ jobs: docker push ${SSWEB_PROD_TOOLING_REPO_URL}:${PROD_SSWEB_IMAGE_TAG} - name: Sign PROD SelfServe Web image - uses: dvsa/olcs-backend/.github/actions/image-integrity@feature/AWSRESET1-514 + uses: dvsa/olcs-selfserve/.github/actions/image-integrity@feature/AddMiscAuxilaryWorkflows with: aws_signer_profile_arn: ${{ secrets.DVSA_AWS_SSWEB_NONPROD_TOOLING_IMAGE_SIGNING_PROFILE }} ecr_tagged_image: ${SSWEB_PROD_TOOLING_REPO_URL}:${PROD_SSWEB_IMAGE_TAG}