This repository has been archived by the owner on Aug 16, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
6 changed files
with
70 additions
and
142 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,17 +1,17 @@ | ||
# Build VOL API Artifact | ||
Action to build VOL API artifact | ||
# Build SelfServe Web Artifact | ||
Action to buildSelfServe Web artifact | ||
|
||
#### Prerequisites | ||
Git checkout | ||
|
||
#### Context | ||
This action allows the workflow to build VOL API artifact | ||
This action allows the workflow to build SelfServe Web artifact | ||
|
||
#### Outputs | ||
VOL_API_Artifact | ||
|
||
#### Usage | ||
#### Usage | ||
```yaml | ||
- name: Build VOL API artifact | ||
uses: dvsa/olcs-backend/.github/actions/build-vol-api@main | ||
uses: dvsa/olcs-backend/.github/actions/build-ssweb@main | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,124 +1,119 @@ | ||
name: QA VOL selfserve ARTIFACT APPROVAL | ||
run-name: QA VOL selfserve ARTIFACT APPROVAL | ||
name: CD QA SELFSERVE WEB | ||
run-name: CD QA SELFSERVE WEB | ||
|
||
on: | ||
workflow_dispatch: | ||
inputs: | ||
vol_selfserve_image_tag: | ||
description: 'Tag of VOL selfserve Image' | ||
required: true | ||
pull_request: | ||
# workflow_dispatch: | ||
# inputs: | ||
# ssweb_image_tag: | ||
# description: 'Tag of SelfServe Web Image' | ||
# required: true | ||
|
||
env: | ||
AWS_REGION : ${{ vars.DVSA_AWS_REGION }} | ||
AWS_ACCOUNT_ID_VOL_NP_TOOLING: ${{ vars.VOL_AWS_ACCOUNT_TOOLING_NONPROD }} | ||
VOL_NONPROD_TOOLING_REPO_URL: ${{ secrets.VOL_NONPROD_TOOLING_ECR_REPO_URL }} | ||
VOL_PROD_TOOLING_REPO_URL: ${{ secrets.VOL_PROD_TOOLING_ECR_REPO_URL }} | ||
SSWEB_NONPROD_TOOLING_REPO_URL: ${{ secrets.SSWEB_NONPROD_TOOLING_ECR_REPO_URL }} | ||
SSWEB_PROD_TOOLING_REPO_URL: ${{ secrets.SSWEB_PROD_TOOLING_ECR_REPO_URL }} | ||
|
||
# Permission can be added at job level or workflow level | ||
# Permission can be added at job level or workflow level | ||
permissions: | ||
id-token: write # This is required for requesting the JWT | ||
contents: read # This is required for actions/checkout | ||
|
||
jobs: | ||
|
||
validate-nonprod-vol-selfserve-image: | ||
name: Validate VOL selfserve Image | ||
uses: ./.github/workflows/image-sign-validation.yaml | ||
secrets: | ||
aws_role_arn: ${{ secrets.VOL_AWS_ROLE_TOOLING_NONPROD }} | ||
ecr_tagged_image: ${{ secrets.VOL_NONPROD_TOOLING_ECR_REPO_URL }}:${{ github.event.inputs.vol_selfserve_image_tag }} | ||
|
||
deploy-on-qa-cluster: | ||
|
||
name: Deploy on QA Cluster | ||
if: github.ref == 'refs/heads/master' | ||
runs-on: ubuntu-latest | ||
needs: | ||
- validate-nonprod-vol-selfserve-image | ||
|
||
steps: | ||
|
||
- name: Trigger workflow 'nonprod-vol-selfserve-manual-cd' | ||
if: github.event_name == 'pull_request' | ||
- name: Validate SelfServe Web Image | ||
# if: github.ref == 'refs/heads/master' | ||
|
||
uses: dvsa/.github/.github/actions/image-integrity@feature/AddMiscAuxilaryWorkflows | ||
with: | ||
ecr_tagged_image: ${{ secrets.SSWEB_NONPROD_TOOLING_ECR_REPO_URL }}:${{ github.event.inputs.SSWEB_image_tag }} | ||
image_sign_inspect: 'true' | ||
|
||
- name: Deploy on QA | ||
run: | | ||
echo "Here: ${{ github.event.inputs.vol_selfserve_image_tag }}" | ||
# uses: actions/[email protected] | ||
# with: | ||
# github-token: ${{ secrets.GITHUB_TOKEN }} | ||
# script: | | ||
# await github.rest.actions.createWorkflowDispatch({ | ||
# owner: 'dvsa', | ||
# repo: 'dvsa-container-registry', | ||
# workflow_id: 'workflows/nonprod-vol-selfserve-manual-cd.yaml', | ||
# ref: 'feature/AWSRESET1-514', | ||
# inputs: { | ||
# vol_selfserve_image_tag: 'vol-selfserve-7.4.33-alpine-fpm-ddea10a', | ||
# }, | ||
# }); | ||
# # script: | | ||
# # await github.rest.actions.createWorkflowDispatch({ | ||
# # owner: 'dvsa' | ||
# # repo: 'dvsa-container-registry', | ||
# # workflow_id: 'nonprod-vol-selfserve-manual-cd.yaml', | ||
# # ref: 'feature/AWSRESET1-514' | ||
# # inputs: { | ||
# # vol_selfserve_image_tag: ${{ needs.build-test-push-sign-image.outputs.image_tag }} | ||
# # } | ||
# # }) | ||
echo 'Deploy on QA' | ||
# uses: dvsa/.github/.github/workflows/trigger-github-workflow.yaml@feature/AddMiscAuxilaryWorkflows | ||
# with: | ||
# branch: 'feature/AWSRESET1-514' | ||
# git_repository: 'dvsa/dvsa-container-registry' | ||
# workflow_name: 'CD NON-PROD SELFSERVE WEB' | ||
# input_arguments: 'ssweb_image_tag=${{ github.event.inputs.ssweb_image_tag }}' | ||
# secrets: | ||
# gh_token: ${{ secrets.DVSA_VOL_TERRAFORM_ACCESS_TOKEN }} | ||
|
||
|
||
qa-automation-tests: | ||
|
||
name: Run QA Automation Tests | ||
if: github.ref == 'refs/heads/master' | ||
runs-on: ubuntu-latest | ||
|
||
needs: | ||
- deploy-on-qa-cluster | ||
|
||
steps: | ||
|
||
- name: Run automation tests | ||
# if: github.ref == 'refs/heads/main' | ||
run: | | ||
echo 'Run automation tests' | ||
approve-image: | ||
name: PROD Approval For VOL Image | ||
prod-approve-image: | ||
|
||
name: Approval PROD SelfServe Web Image | ||
if: github.ref == 'refs/heads/master' | ||
runs-on: ubuntu-latest | ||
|
||
needs: | ||
- qa-automation-tests | ||
|
||
steps: | ||
|
||
- name: Set VOL_selfserve_IMAGE_TAG | ||
# if: github.ref == 'refs/heads/main' | ||
- name: Set NONPROD_SSWEB_IMAGE_TAG & PROD_SSWEB_IMAGE_TAG | ||
if: github.ref == 'refs/heads/master' | ||
run: | | ||
echo "VOL_selfserve_IMAGE_TAG=${VOL_selfserve_IMAGE_TAG}" >> $GITHUB_ENV | ||
inputImageTag=${{ github.event.inputs.SSWEB_image_tag }} | ||
echo "NONPROD_SSWEB_IMAGE_TAG=${inputImageTag}" >> $GITHUB_ENV | ||
echo "PROD_SSWEB_IMAGE_TAG=${inputImageTag#non}" >> $GITHUB_ENV | ||
- name: Setup Notation CLI | ||
uses: notaryproject/notation-action/setup@v1 | ||
with: | ||
version: 1.0.0 | ||
|
||
- name: Configure AWS credentials on VOL Non Production Tooling ECR | ||
- name: Set up Notation AWS Signer plugin | ||
run: | | ||
wget https://d2hvyiie56hcat.cloudfront.net/linux/amd64/installer/deb/latest/aws-signer-notation-cli_amd64.deb | ||
sudo dpkg -i aws-signer-notation-cli_amd64.deb | ||
- name: Configure AWS credentials on SSWEB Non Production Tooling ECR | ||
uses: aws-actions/[email protected] | ||
with: | ||
role-to-assume: ${{ secrets.VOL_AWS_ROLE_TOOLING_NONPROD }} | ||
role-session-name: GitHub_to_AWS_via_FederatedOIDC | ||
aws-region: ${{ vars.DVSA_AWS_REGION}} | ||
|
||
- name: Login to ECR | ||
id: login-ecr-vol-tooling-non-prod | ||
id: login-ecr-ssweb-tooling-non-prod | ||
uses: aws-actions/[email protected] | ||
|
||
- name: Tag & Push VOL selfserve image as PROD Approved | ||
# if: github.ref == 'refs/heads/main' | ||
- name: Tag & Push PROD Approved SelfServe Web image | ||
if: github.ref == 'refs/heads/master' | ||
id: push-image | ||
run: | | ||
docker pull ${VOL_NONPROD_TOOLING_REPO_URL}:${{ github.event.inputs.vol_selfserve_image_tag }} | ||
docker tag ${VOL_NONPROD_TOOLING_REPO_URL}:${{ github.event.inputs.vol_selfserve_image_tag }} ${VOL_PROD_TOOLING_REPO_URL}:${VOL_selfserve_IMAGE_TAG} | ||
# docker push ${VOL_PROD_TOOLING_REPO_URL}:${VOL_selfserve_IMAGE_TAG} | ||
|
||
# - name: Sign VOL selfserve image | ||
# # if: github.ref == 'refs/heads/main' | ||
# run: | | ||
# notation sign ${VOL_PROD_TOOLING_REPO_URL}:${VOL_selfserve_IMAGE_TAG} \ | ||
# --plugin "com.amazonaws.signer.notation.plugin" --id "${{ secrets.DVSA_AWS_NONPRODVOLTOOLING_IMAGE_SIGNING_PROFILE }}" | ||
docker pull ${SSWEB_NONPROD_TOOLING_REPO_URL}:${NONPROD_SSWEB_IMAGE_TAG} | ||
docker tag ${SSWEB_NONPROD_TOOLING_REPO_URL}:${NONPROD_SSWEB_IMAGE_TAG} ${SSWEB_PROD_TOOLING_REPO_URL}:${PROD_SSWEB_IMAGE_TAG} | ||
docker push ${SSWEB_PROD_TOOLING_REPO_URL}:${PROD_SSWEB_IMAGE_TAG} | ||
- name: Sign PROD SelfServe Web image | ||
if: github.ref == 'refs/heads/master' | ||
run: | | ||
notation sign ${SSWEB_PROD_TOOLING_REPO_URL}:${PROD_SSWEB_IMAGE_TAG} \ | ||
--plugin "com.amazonaws.signer.notation.plugin" --id "${{ secrets.DVSA_AWS_NONPRODVOLTOOLING_IMAGE_SIGNING_PROFILE }}" |