Skip to content
This repository has been archived by the owner on Aug 16, 2024. It is now read-only.

Commit

Permalink
Added workflows
Browse files Browse the repository at this point in the history
  • Loading branch information
awshuss committed Nov 17, 2023
1 parent 123dc36 commit aa227c2
Show file tree
Hide file tree
Showing 6 changed files with 70 additions and 142 deletions.
10 changes: 5 additions & 5 deletions .github/actions/build-ssweb/README.md
Original file line number Diff line number Diff line change
@@ -1,17 +1,17 @@
# Build VOL API Artifact
Action to build VOL API artifact
# Build SelfServe Web Artifact
Action to buildSelfServe Web artifact

#### Prerequisites
Git checkout

#### Context
This action allows the workflow to build VOL API artifact
This action allows the workflow to build SelfServe Web artifact

#### Outputs
VOL_API_Artifact

#### Usage
#### Usage
```yaml
- name: Build VOL API artifact
uses: dvsa/olcs-backend/.github/actions/build-vol-api@main
uses: dvsa/olcs-backend/.github/actions/build-ssweb@main
```
4 changes: 2 additions & 2 deletions .github/actions/build-ssweb/action.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,10 @@ description: Build VOL SSWEB FE

runs:
using: 'composite'
steps:
steps:
- uses: hashicorp/setup-terraform@v2
with:
terraform_version: ${{ inputs.terraform_version }}
terraform_version: ${{ inputs.terraform_version }}
terraform_wrapper: false

# Create s3 bucket in vol-non-prod tooling & vol-prod tooling to get the composer
Expand Down
17 changes: 0 additions & 17 deletions .github/actions/image-integrity/README.md

This file was deleted.

50 changes: 0 additions & 50 deletions .github/actions/image-integrity/action.yaml

This file was deleted.

2 changes: 1 addition & 1 deletion .github/workflows/non-prod-selfserve-web-build-deploy.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ env:
SSWEB_NONPROD_TOOLING_REPO_URL: ${{ secrets.SSWEB_NONPROD_TOOLING_ECR_REPO_URL }}
AWS_ACCOUNT_ID_SHAREDCOREECR: ${{ vars.AWS_ACCOUNT_ID_SHAREDCOREECR }}

# Permission can be added at job level or workflow level
# Permission can be added at job level or workflow level
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
Expand Down
129 changes: 62 additions & 67 deletions .github/workflows/qa-selfserve-web-approval.yaml
Original file line number Diff line number Diff line change
@@ -1,124 +1,119 @@
name: QA VOL selfserve ARTIFACT APPROVAL
run-name: QA VOL selfserve ARTIFACT APPROVAL
name: CD QA SELFSERVE WEB
run-name: CD QA SELFSERVE WEB

on:
workflow_dispatch:
inputs:
vol_selfserve_image_tag:
description: 'Tag of VOL selfserve Image'
required: true
pull_request:
# workflow_dispatch:
# inputs:
# ssweb_image_tag:
# description: 'Tag of SelfServe Web Image'
# required: true

env:
AWS_REGION : ${{ vars.DVSA_AWS_REGION }}
AWS_ACCOUNT_ID_VOL_NP_TOOLING: ${{ vars.VOL_AWS_ACCOUNT_TOOLING_NONPROD }}
VOL_NONPROD_TOOLING_REPO_URL: ${{ secrets.VOL_NONPROD_TOOLING_ECR_REPO_URL }}
VOL_PROD_TOOLING_REPO_URL: ${{ secrets.VOL_PROD_TOOLING_ECR_REPO_URL }}
SSWEB_NONPROD_TOOLING_REPO_URL: ${{ secrets.SSWEB_NONPROD_TOOLING_ECR_REPO_URL }}
SSWEB_PROD_TOOLING_REPO_URL: ${{ secrets.SSWEB_PROD_TOOLING_ECR_REPO_URL }}

# Permission can be added at job level or workflow level
# Permission can be added at job level or workflow level
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout

jobs:

validate-nonprod-vol-selfserve-image:
name: Validate VOL selfserve Image
uses: ./.github/workflows/image-sign-validation.yaml
secrets:
aws_role_arn: ${{ secrets.VOL_AWS_ROLE_TOOLING_NONPROD }}
ecr_tagged_image: ${{ secrets.VOL_NONPROD_TOOLING_ECR_REPO_URL }}:${{ github.event.inputs.vol_selfserve_image_tag }}

deploy-on-qa-cluster:

name: Deploy on QA Cluster
if: github.ref == 'refs/heads/master'
runs-on: ubuntu-latest
needs:
- validate-nonprod-vol-selfserve-image

steps:

- name: Trigger workflow 'nonprod-vol-selfserve-manual-cd'
if: github.event_name == 'pull_request'
- name: Validate SelfServe Web Image
# if: github.ref == 'refs/heads/master'

uses: dvsa/.github/.github/actions/image-integrity@feature/AddMiscAuxilaryWorkflows
with:
ecr_tagged_image: ${{ secrets.SSWEB_NONPROD_TOOLING_ECR_REPO_URL }}:${{ github.event.inputs.SSWEB_image_tag }}
image_sign_inspect: 'true'

- name: Deploy on QA
run: |
echo "Here: ${{ github.event.inputs.vol_selfserve_image_tag }}"
# uses: actions/[email protected]
# with:
# github-token: ${{ secrets.GITHUB_TOKEN }}
# script: |
# await github.rest.actions.createWorkflowDispatch({
# owner: 'dvsa',
# repo: 'dvsa-container-registry',
# workflow_id: 'workflows/nonprod-vol-selfserve-manual-cd.yaml',
# ref: 'feature/AWSRESET1-514',
# inputs: {
# vol_selfserve_image_tag: 'vol-selfserve-7.4.33-alpine-fpm-ddea10a',
# },
# });
# # script: |
# # await github.rest.actions.createWorkflowDispatch({
# # owner: 'dvsa'
# # repo: 'dvsa-container-registry',
# # workflow_id: 'nonprod-vol-selfserve-manual-cd.yaml',
# # ref: 'feature/AWSRESET1-514'
# # inputs: {
# # vol_selfserve_image_tag: ${{ needs.build-test-push-sign-image.outputs.image_tag }}
# # }
# # })
echo 'Deploy on QA'
# uses: dvsa/.github/.github/workflows/trigger-github-workflow.yaml@feature/AddMiscAuxilaryWorkflows
# with:
# branch: 'feature/AWSRESET1-514'
# git_repository: 'dvsa/dvsa-container-registry'
# workflow_name: 'CD NON-PROD SELFSERVE WEB'
# input_arguments: 'ssweb_image_tag=${{ github.event.inputs.ssweb_image_tag }}'
# secrets:
# gh_token: ${{ secrets.DVSA_VOL_TERRAFORM_ACCESS_TOKEN }}


qa-automation-tests:

name: Run QA Automation Tests
if: github.ref == 'refs/heads/master'
runs-on: ubuntu-latest

needs:
- deploy-on-qa-cluster

steps:

- name: Run automation tests
# if: github.ref == 'refs/heads/main'
run: |
echo 'Run automation tests'
approve-image:
name: PROD Approval For VOL Image
prod-approve-image:

name: Approval PROD SelfServe Web Image
if: github.ref == 'refs/heads/master'
runs-on: ubuntu-latest

needs:
- qa-automation-tests

steps:

- name: Set VOL_selfserve_IMAGE_TAG
# if: github.ref == 'refs/heads/main'
- name: Set NONPROD_SSWEB_IMAGE_TAG & PROD_SSWEB_IMAGE_TAG
if: github.ref == 'refs/heads/master'
run: |
echo "VOL_selfserve_IMAGE_TAG=${VOL_selfserve_IMAGE_TAG}" >> $GITHUB_ENV
inputImageTag=${{ github.event.inputs.SSWEB_image_tag }}
echo "NONPROD_SSWEB_IMAGE_TAG=${inputImageTag}" >> $GITHUB_ENV
echo "PROD_SSWEB_IMAGE_TAG=${inputImageTag#non}" >> $GITHUB_ENV
- name: Setup Notation CLI
uses: notaryproject/notation-action/setup@v1
with:
version: 1.0.0

- name: Configure AWS credentials on VOL Non Production Tooling ECR
- name: Set up Notation AWS Signer plugin
run: |
wget https://d2hvyiie56hcat.cloudfront.net/linux/amd64/installer/deb/latest/aws-signer-notation-cli_amd64.deb
sudo dpkg -i aws-signer-notation-cli_amd64.deb
- name: Configure AWS credentials on SSWEB Non Production Tooling ECR
uses: aws-actions/[email protected]
with:
role-to-assume: ${{ secrets.VOL_AWS_ROLE_TOOLING_NONPROD }}
role-session-name: GitHub_to_AWS_via_FederatedOIDC
aws-region: ${{ vars.DVSA_AWS_REGION}}

- name: Login to ECR
id: login-ecr-vol-tooling-non-prod
id: login-ecr-ssweb-tooling-non-prod
uses: aws-actions/[email protected]

- name: Tag & Push VOL selfserve image as PROD Approved
# if: github.ref == 'refs/heads/main'
- name: Tag & Push PROD Approved SelfServe Web image
if: github.ref == 'refs/heads/master'
id: push-image
run: |
docker pull ${VOL_NONPROD_TOOLING_REPO_URL}:${{ github.event.inputs.vol_selfserve_image_tag }}
docker tag ${VOL_NONPROD_TOOLING_REPO_URL}:${{ github.event.inputs.vol_selfserve_image_tag }} ${VOL_PROD_TOOLING_REPO_URL}:${VOL_selfserve_IMAGE_TAG}
# docker push ${VOL_PROD_TOOLING_REPO_URL}:${VOL_selfserve_IMAGE_TAG}

# - name: Sign VOL selfserve image
# # if: github.ref == 'refs/heads/main'
# run: |
# notation sign ${VOL_PROD_TOOLING_REPO_URL}:${VOL_selfserve_IMAGE_TAG} \
# --plugin "com.amazonaws.signer.notation.plugin" --id "${{ secrets.DVSA_AWS_NONPRODVOLTOOLING_IMAGE_SIGNING_PROFILE }}"
docker pull ${SSWEB_NONPROD_TOOLING_REPO_URL}:${NONPROD_SSWEB_IMAGE_TAG}
docker tag ${SSWEB_NONPROD_TOOLING_REPO_URL}:${NONPROD_SSWEB_IMAGE_TAG} ${SSWEB_PROD_TOOLING_REPO_URL}:${PROD_SSWEB_IMAGE_TAG}
docker push ${SSWEB_PROD_TOOLING_REPO_URL}:${PROD_SSWEB_IMAGE_TAG}
- name: Sign PROD SelfServe Web image
if: github.ref == 'refs/heads/master'
run: |
notation sign ${SSWEB_PROD_TOOLING_REPO_URL}:${PROD_SSWEB_IMAGE_TAG} \
--plugin "com.amazonaws.signer.notation.plugin" --id "${{ secrets.DVSA_AWS_NONPRODVOLTOOLING_IMAGE_SIGNING_PROFILE }}"

0 comments on commit aa227c2

Please sign in to comment.