Merge pull request #2074 from ministryofjustice/renovate-pdf-minor-pa… #557
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "[Workflow] Path to Live" | |
concurrency: | |
group: ${{ github.ref }}-${{ github.workflow }} | |
defaults: | |
run: | |
shell: bash | |
on: | |
push: | |
branches: | |
- main | |
paths: | |
- "service-*/**" | |
- "cypress/**" | |
- "terraform/**" | |
- "scripts/**" | |
- "shared/**" | |
- ".github/workflows/**" | |
permissions: | |
contents: write | |
security-events: write | |
pull-requests: read | |
actions: none | |
checks: none | |
deployments: none | |
issues: none | |
packages: none | |
repository-projects: none | |
statuses: none | |
jobs: | |
set_variables: | |
name: Set variables | |
runs-on: ubuntu-latest | |
outputs: | |
short_sha: ${{ steps.short_sha.outputs.short_sha }} | |
semver_tag: ${{ steps.semver_tag.outputs.created_tag }} | |
environment_terraform_version: ${{ steps.terraform_version_environment.outputs.version }} | |
account_terraform_version: ${{ steps.terraform_version_account.outputs.version }} | |
region_terraform_version: ${{ steps.terraform_version_region.outputs.version }} | |
permissions: | |
contents: write | |
steps: | |
- name: Checkout | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 | |
with: | |
fetch-depth: 2 | |
- name: Set output to penultimate short SHA | |
id: short_sha | |
run: | | |
echo "short_sha=$(git rev-list --no-merges -n 1 HEAD | cut -c1-7)" >> $GITHUB_OUTPUT | |
- name: Set terraform version - environment | |
id: terraform_version_environment | |
uses: ministryofjustice/opg-github-actions/.github/actions/[email protected] | |
with: | |
terraform_directory: "./terraform/environment" | |
- name : Set terraform version - account | |
id: terraform_version_account | |
uses: ministryofjustice/opg-github-actions/.github/actions/[email protected] | |
with: | |
terraform_directory: "./terraform/account" | |
- name: Set terraform version - region | |
id: terraform_version_region | |
uses: ministryofjustice/opg-github-actions/.github/actions/[email protected] | |
with: | |
terraform_directory: "./terraform/region" | |
- name: Bump version and push tag | |
uses: ministryofjustice/opg-github-actions/.github/actions/[email protected] | |
id: semver_tag | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
with_v: true | |
default_bump: minor | |
docker_build_scan_push: | |
name: Docker Build, Scan and Push | |
uses: ./.github/workflows/docker_job.yml | |
needs: | |
- set_variables | |
with: | |
tag: main-${{ needs.set_variables.outputs.semver_tag }} | |
secrets: inherit | |
terraform_account_preproduction: | |
name: TF Preproduction - Account | |
needs: | |
- set_variables | |
uses: ministryofjustice/opg-github-workflows/.github/workflows/[email protected] | |
with: | |
terraform_version: ${{ needs.set_variables.outputs.account_terraform_version }} | |
terraform_workspace: preproduction | |
is_ephemeral: false | |
terraform_apply: true | |
terraform_directory: ./terraform/account | |
secrets: | |
GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
PAGERDUTY_TOKEN: ${{ secrets.PAGERDUTY_TOKEN }} | |
AWS_ACCESS_KEY_ID_ACTIONS: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} | |
AWS_SECRET_ACCESS_KEY_ACTIONS: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} | |
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} | |
terraform_region_preproduction: | |
name: TF Preproduction - Region | |
uses: ministryofjustice/opg-github-workflows/.github/workflows/[email protected] | |
needs: | |
- set_variables | |
with: | |
terraform_version: ${{ needs.set_variables.outputs.environment_terraform_version }} | |
terraform_workspace: preproduction | |
is_ephemeral: false | |
terraform_apply: true | |
terraform_directory: ./terraform/region | |
secrets: | |
GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
PAGERDUTY_TOKEN: ${{ secrets.PAGERDUTY_TOKEN }} | |
AWS_ACCESS_KEY_ID_ACTIONS: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} | |
AWS_SECRET_ACCESS_KEY_ACTIONS: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} | |
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} | |
terraform_environment_preproduction: | |
name: TF Preproduction - Environment | |
uses: ministryofjustice/opg-github-workflows/.github/workflows/[email protected] | |
with: | |
terraform_version: ${{ needs.set_variables.outputs.environment_terraform_version }} | |
terraform_workspace: preproduction | |
is_ephemeral: false | |
terraform_apply: true | |
use_ssh_private_key: true | |
terraform_directory: ./terraform/environment | |
terraform_variables: "-var container_version=main-${{ needs.set_variables.outputs.semver_tag }}" | |
persist_artifacts: true | |
needs: | |
- docker_build_scan_push | |
- set_variables | |
secrets: | |
GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
PAGERDUTY_TOKEN: ${{ secrets.PAGERDUTY_TOKEN }} | |
AWS_ACCESS_KEY_ID_ACTIONS: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} | |
AWS_SECRET_ACCESS_KEY_ACTIONS: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} | |
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} | |
run_preproduction_seed_db_task: | |
name: Run preproduction DB seeding | |
uses: ./.github/workflows/workflow_start_task.yml | |
with: | |
account_id: "987830934591" | |
task_name: "seeding" | |
needs: | |
- terraform_environment_preproduction | |
secrets: inherit | |
preprod_terraform_outputs: | |
name: Render terraform outputs | |
runs-on: ubuntu-latest | |
outputs: | |
admin_fqdn: ${{ steps.admin_fqdn.outputs.value }} | |
front_fqdn: ${{ steps.front_fqdn.outputs.value }} | |
needs: | |
- terraform_environment_preproduction | |
steps: | |
- name: Checkout | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
- name: Download Terraform Task definition | |
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # tag=v3.0.2 | |
with: | |
name: terraform-artifact | |
path: /tmp/ | |
- name: Terraform Outputs from JSON | |
id: set_var | |
run: | | |
content=$(cat /tmp/environment_pipeline_tasks_config.json) | |
content="${content//'%'/'%25'}" | |
content="${content//$'\n'/'%0A'}" | |
content="${content//$'\r'/'%0D'}" | |
echo "configJson=${content}" >> $GITHUB_OUTPUT | |
- name: Extract Admin FQDN from JSON | |
id: admin_fqdn | |
env: | |
configJson: ${{steps.set_var.outputs.configJson}} | |
run: | | |
echo "value=${{ fromJson(env.configJson).admin_fqdn }}" >> $GITHUB_OUTPUT | |
- name: Extract Front FQDN from JSON | |
id: front_fqdn | |
run: | | |
echo "value=${{ fromJson(steps.set_var.outputs.configJson).front_fqdn }}" >> $GITHUB_OUTPUT | |
cypress_tests_Signup_StichedPF: | |
name: Run Cypress tests - @Signup,@StitchedPF | |
uses: ./.github/workflows/cypress_tests.yml | |
needs: | |
- preprod_terraform_outputs | |
- run_preproduction_seed_db_task | |
with: | |
admin_url: https://${{ needs.preprod_terraform_outputs.outputs.admin_fqdn }} | |
front_url: https://${{ needs.preprod_terraform_outputs.outputs.front_fqdn }} | |
account_id: "987830934591" | |
cypress_tags: "@Signup,@StitchedPF" | |
secrets: inherit | |
cypress_tests_Signup_StichedHW: | |
name: Run Cypress tests - @Signup,@StitchedHW | |
uses: ./.github/workflows/cypress_tests.yml | |
needs: | |
- preprod_terraform_outputs | |
- run_preproduction_seed_db_task | |
with: | |
admin_url: https://${{ needs.preprod_terraform_outputs.outputs.admin_fqdn }} | |
front_url: https://${{ needs.preprod_terraform_outputs.outputs.front_fqdn }} | |
account_id: "987830934591" | |
cypress_tags: "@Signup,@StitchedHW" | |
secrets: inherit | |
cypress_tests_SignupIncluded: | |
name: Run Cypress tests - @SignupIncluded | |
uses: ./.github/workflows/cypress_tests.yml | |
needs: | |
- preprod_terraform_outputs | |
- run_preproduction_seed_db_task | |
with: | |
admin_url: https://${{ needs.preprod_terraform_outputs.outputs.admin_fqdn }} | |
front_url: https://${{ needs.preprod_terraform_outputs.outputs.front_fqdn }} | |
account_id: "987830934591" | |
cypress_tags: "@SignupIncluded" | |
secrets: inherit | |
# Remaining tests should ultimately just exclude SignUp and anything already done as part of stitched run. | |
# TODO CorrespondentReuse needs refactoring so that it can be included as part of the stitchedClone run. | |
cypress_tests_Remaining: | |
name: Run Cypress tests - Remaining | |
uses: ./.github/workflows/cypress_tests.yml | |
needs: | |
- preprod_terraform_outputs | |
- run_preproduction_seed_db_task | |
with: | |
admin_url: https://${{ needs.preprod_terraform_outputs.outputs.admin_fqdn }} | |
front_url: https://${{ needs.preprod_terraform_outputs.outputs.front_fqdn }} | |
account_id: "987830934591" | |
cypress_tags: "@Signup,not @Signup and not @PartOfStitchedRun and not @StitchedHW and not @StitchedPF and not @StitchedClone and not @CorrespondentReuse and not @SignupIncluded and not @AdminSystemMessage and not @CheckoutPaymentGateway" | |
secrets: inherit | |
locust_tests: | |
name: Run locust tests | |
uses: ./.github/workflows/locust_tests.yml | |
needs: | |
- preprod_terraform_outputs | |
- run_preproduction_seed_db_task | |
with: | |
front_url: https://${{ needs.preprod_terraform_outputs.outputs.front_fqdn }} | |
account_id: "987830934591" | |
secrets: inherit | |
slack_msg_production_deploy_begin: | |
name: Annouce Production Deployment | |
runs-on: ubuntu-latest | |
outputs: | |
ts: ${{ steps.slack.outputs.ts }} | |
thread_ts: ${{ steps.slack.outputs.thread_ts }} | |
needs: | |
- cypress_tests_Signup_StichedPF | |
- cypress_tests_Signup_StichedHW | |
- cypress_tests_SignupIncluded | |
- cypress_tests_Remaining | |
- set_variables | |
steps: | |
- id: slack | |
uses: slackapi/slack-github-action@70cd7be8e40a46e8b0eced40b0de447bdb42f68e # v1.26.0 | |
with: | |
channel-id: "C9PNCT2KS" | |
payload: | | |
{ | |
"icon_emoji": ":robot_face:", | |
"blocks": [ | |
{ | |
"type": "header", | |
"text": { | |
"type": "plain_text", | |
"text": "Production Deployment", | |
"emoji": true | |
} | |
}, | |
{ | |
"type": "section", | |
"fields": [ | |
{ | |
"type": "mrkdwn", | |
"text": "*Status:*\nStarted :hourglass_flowing_sand:" | |
}, | |
{ | |
"type": "mrkdwn", | |
"text": "*Started by:*\n ${{ github.triggering_actor }}" | |
} | |
] | |
}, | |
{ | |
"type": "section", | |
"fields": [ | |
{ | |
"type": "mrkdwn", | |
"text": "*Commit:*\n <https://github.com/ministryofjustice/opg-lpa/commit/${{ github.sha }}|${{ needs.set_variables.outputs.short_sha }}>" | |
} | |
] | |
}, | |
{ | |
"type": "section", | |
"text": { | |
"type": "mrkdwn", | |
"text": "<https://github.com/ministryofjustice/opg-lpa/actions/runs/${{github.run_id}}|View workflow>" | |
} | |
} | |
] | |
} | |
env: | |
SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN}} | |
terraform_account_production: | |
name: TF Production - Account | |
uses: ministryofjustice/opg-github-workflows/.github/workflows/[email protected] | |
needs: | |
- slack_msg_production_deploy_begin | |
- set_variables | |
with: | |
terraform_version: ${{ needs.set_variables.outputs.account_terraform_version }} | |
terraform_workspace: production | |
is_ephemeral: false | |
terraform_apply: true | |
terraform_directory: ./terraform/account | |
secrets: | |
GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
PAGERDUTY_TOKEN: ${{ secrets.PAGERDUTY_TOKEN }} | |
AWS_ACCESS_KEY_ID_ACTIONS: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} | |
AWS_SECRET_ACCESS_KEY_ACTIONS: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} | |
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} | |
terraform_region_production: | |
name: TF Production - Region | |
uses: ministryofjustice/opg-github-workflows/.github/workflows/[email protected] | |
needs: | |
- slack_msg_production_deploy_begin | |
- set_variables | |
with: | |
terraform_version: ${{ needs.set_variables.outputs.region_terraform_version }} | |
terraform_workspace: production | |
is_ephemeral: false | |
terraform_apply: true | |
terraform_directory: ./terraform/region | |
secrets: | |
GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
PAGERDUTY_TOKEN: ${{ secrets.PAGERDUTY_TOKEN }} | |
AWS_ACCESS_KEY_ID_ACTIONS: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} | |
AWS_SECRET_ACCESS_KEY_ACTIONS: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} | |
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} | |
terraform_environment_production: | |
name: TF Production - Environment | |
uses: ministryofjustice/opg-github-workflows/.github/workflows/[email protected] | |
with: | |
terraform_version: ${{ needs.set_variables.outputs.environment_terraform_version }} | |
terraform_workspace: production | |
is_ephemeral: false | |
terraform_apply: true | |
terraform_directory: ./terraform/environment | |
use_ssh_private_key: true | |
persist_artifacts: true | |
terraform_variables: "-var container_version=main-${{ needs.set_variables.outputs.semver_tag }}" | |
needs: | |
- docker_build_scan_push | |
- slack_msg_production_deploy_begin | |
- set_variables | |
secrets: | |
GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
PAGERDUTY_TOKEN: ${{ secrets.PAGERDUTY_TOKEN }} | |
AWS_ACCESS_KEY_ID_ACTIONS: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} | |
AWS_SECRET_ACCESS_KEY_ACTIONS: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} | |
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} | |
run_smoke_tests: | |
runs-on: ubuntu-latest | |
outputs: | |
smoke_test_status: ${{ steps.smoke_tests.outputs.smoke_test_status }} | |
needs: | |
- terraform_environment_production | |
- terraform_region_production | |
- terraform_account_production | |
steps: | |
- name: Checkout | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
- name: Download Terraform Task definition | |
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # tag=v3.0.2 | |
with: | |
name: terraform-artifact | |
path: /tmp/ | |
- name: Setup Python | |
uses: actions/setup-python@b64ffcaf5b410884ad320a9cfac8866006a109aa # v4.8.0 | |
with: | |
python-version: '3.9' | |
- name: Install dependencies | |
run: | | |
python -m pip install --upgrade pip | |
pip install -r scripts/pipeline/requirements.txt | |
- name: Run smoke tests | |
id: smoke_tests | |
run: | | |
if python scripts/pipeline/healthcheck_test/healthcheck_test.py; then | |
echo "smoke_test_status=passed" >> $GITHUB_OUTPUT | |
else | |
echo "smoke_test_status=failed" >> $GITHUB_OUTPUT | |
fi | |
slack_msg_production_deployed: | |
name: Post-Deployment Slack message | |
runs-on: ubuntu-latest | |
if: always() | |
needs: | |
- slack_msg_production_deploy_begin | |
- run_smoke_tests | |
- set_variables | |
steps: | |
- uses: slackapi/slack-github-action@70cd7be8e40a46e8b0eced40b0de447bdb42f68e # v1.26.0 | |
if: needs.run_smoke_tests.outputs.smoke_test_status == 'passed' | |
with: | |
channel-id: "C9PNCT2KS" | |
update-ts: ${{ needs.slack_msg_production_deploy_begin.outputs.ts }} | |
payload: | | |
{ | |
"icon_emoji": ":robot_face:", | |
"blocks": [ | |
{ | |
"type": "header", | |
"text": { | |
"type": "plain_text", | |
"text": "Production Deployment", | |
"emoji": true | |
} | |
}, | |
{ | |
"type": "section", | |
"fields": [ | |
{ | |
"type": "mrkdwn", | |
"text": "*Status:*\nComplete :white_check_mark:" | |
}, | |
{ | |
"type": "mrkdwn", | |
"text": "*Started by:*\n ${{ github.triggering_actor }}" | |
} | |
] | |
}, | |
{ | |
"type": "section", | |
"fields": [ | |
{ | |
"type": "mrkdwn", | |
"text": "*Commit:*\n <https://github.com/ministryofjustice/opg-lpa/commit/${{ github.sha }}|${{ needs.set_variables.outputs.short_sha }}>" | |
} | |
] | |
}, | |
{ | |
"type": "section", | |
"text": { | |
"type": "mrkdwn", | |
"text": "<https://github.com/ministryofjustice/opg-lpa/actions/runs/${{github.run_id}}|View workflow>" | |
} | |
} | |
] | |
} | |
env: | |
SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} | |
- uses: slackapi/slack-github-action@70cd7be8e40a46e8b0eced40b0de447bdb42f68e # v1.26.0 | |
if: needs.run_smoke_tests.outputs.smoke_test_status != 'passed' | |
with: | |
channel-id: "C9PNCT2KS" | |
update-ts: ${{ needs.slack_msg_production_deploy_begin.outputs.ts }} | |
payload: | | |
{ | |
"icon_emoji": ":robot_face:", | |
"blocks": [ | |
{ | |
"type": "header", | |
"text": { | |
"type": "plain_text", | |
"text": "Production Deployment", | |
"emoji": true | |
} | |
}, | |
{ | |
"type": "section", | |
"fields": [ | |
{ | |
"type": "mrkdwn", | |
"text": "*Status:*\nFailed! :x:" | |
}, | |
{ | |
"type": "mrkdwn", | |
"text": "*Started by:*\n ${{ github.triggering_actor }}" | |
} | |
] | |
}, | |
{ | |
"type": "section", | |
"fields": [ | |
{ | |
"type": "mrkdwn", | |
"text": "*Commit:*\n <https://github.com/ministryofjustice/opg-lpa/commit/${{ github.sha }}|${{ needs.set_variables.outputs.short_sha }}>" | |
} | |
] | |
}, | |
{ | |
"type": "section", | |
"text": { | |
"type": "mrkdwn", | |
"text": "<https://github.com/ministryofjustice/opg-lpa/actions/runs/${{github.run_id}}|View workflow>" | |
} | |
} | |
] | |
} | |
env: | |
SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} | |
- uses: slackapi/slack-github-action@70cd7be8e40a46e8b0eced40b0de447bdb42f68e # v1.26.0 | |
if: needs.run_smoke_tests.outputs.smoke_test_status != 'passed' | |
with: | |
channel-id: "C9PNCT2KS" | |
payload: | | |
{ | |
"icon_emoji": ":warning:", | |
"blocks": [ | |
{ | |
"type": "section", | |
"text": { | |
"type": "mrkdwn", | |
"text": "Production Make deployment failed. Please check the <https://github.com/ministryofjustice/opg-lpa/actions/runs/${{github.run_id}}|workflow> for more details. <!here>" | |
} | |
} | |
] | |
} | |
env: | |
SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} |