Deploy #9144
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deploy | |
on: | |
workflow_dispatch: | |
inputs: | |
environment: | |
description: "Deploy environment" | |
required: true | |
default: development | |
type: environment | |
options: | |
- development | |
- test | |
- preproduction | |
- production | |
push: | |
branches: | |
- main | |
pull_request: | |
branches: | |
- main | |
types: | |
- labeled | |
- synchronize | |
- reopened | |
- opened | |
jobs: | |
docker: | |
name: Build and push Docker image | |
runs-on: ubuntu-latest | |
environment: development | |
if: contains(github.event.pull_request.labels.*.name, 'deploy') || github.event_name != 'pull_request' | |
outputs: | |
image: ${{ steps.build-docker-image.outputs.image }} | |
steps: | |
- uses: actions/checkout@v4 | |
- id: key-vault-name | |
shell: bash | |
run: echo "value=$(make -s development print-infrastructure-key-vault-name)" >> $GITHUB_OUTPUT | |
- uses: Azure/login@v2 | |
with: | |
creds: ${{ secrets.AZURE_CREDENTIALS }} | |
- uses: Azure/get-keyvault-secrets@v1 | |
id: key-vault-secrets | |
with: | |
keyvault: ${{ steps.key-vault-name.outputs.value }} | |
secrets: "SNYK-TOKEN" | |
- uses: DFE-Digital/github-actions/build-docker-image@master | |
id: build-docker-image | |
with: | |
docker-repository: ghcr.io/dfe-digital/apply-for-qualified-teacher-status | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
snyk-token: ${{ steps.key-vault-secrets.outputs.SNYK-TOKEN }} | |
rspec: | |
name: Rspec | |
runs-on: ubuntu-latest | |
services: | |
postgres: | |
image: postgres | |
env: | |
POSTGRES_PASSWORD: postgres | |
POSTGRES_USER: postgres | |
ports: | |
- 5432:5432 | |
options: >- | |
--health-cmd pg_isready | |
--health-interval 10s | |
--health-retries 5 | |
--health-timeout 5s | |
redis: | |
image: redis | |
ports: | |
- 6379:6379 | |
options: >- | |
--health-cmd "redis-cli ping" | |
--health-interval 10s | |
--health-timeout 5s | |
--health-retries 5 | |
env: | |
DATABASE_URL: postgres://postgres:postgres@localhost:5432/apply_for_qts_test | |
RAILS_ENV: test | |
REDIS_URL: redis://localhost:6379/0 | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Prepare application environment | |
uses: ./.github/actions/prepare-app-env | |
- name: Build frontend | |
run: yarn build && yarn build:css | |
- name: Setup DB | |
run: bin/rails db:test:prepare | |
- name: Run DfE Analytics | |
run: bin/bundle exec rails dfe:analytics:check | |
- name: Run tests | |
run: bin/test | |
deploy_review: | |
name: Deploy to review environment | |
concurrency: deploy_review_${{ github.event.pull_request.number }} | |
needs: [docker, rspec] | |
runs-on: ubuntu-latest | |
if: contains(github.event.pull_request.labels.*.name, 'deploy') | |
environment: review | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/actions/deploy-environment | |
id: deploy | |
with: | |
environment: review | |
docker-image: ${{ needs.docker.outputs.image }} | |
azure-credentials: ${{ secrets.AZURE_CREDENTIALS }} | |
pull-request-number: ${{ github.event.pull_request.number }} | |
- name: Post sticky pull request comment | |
if: github.event_name == 'pull_request' | |
uses: marocchino/sticky-pull-request-comment@v2 | |
with: | |
message: | | |
Review app deployed to ${{ steps.deploy.outputs.url }}/personas | |
deploy_non_production: | |
name: Deploy to ${{ matrix.environment }} environment | |
runs-on: ubuntu-latest | |
needs: [docker, rspec] | |
if: github.ref == 'refs/heads/main' && github.event_name == 'push' | |
concurrency: deploy_${{ matrix.environment }} | |
strategy: | |
max-parallel: 1 | |
matrix: | |
environment: [development, test, preproduction] | |
environment: | |
name: ${{ matrix.environment }} | |
url: ${{ steps.deploy.outputs.url }} | |
outputs: | |
environment_name: ${{ matrix.environment }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/actions/deploy-environment | |
id: deploy | |
with: | |
environment: ${{ matrix.environment }} | |
docker-image: ${{ needs.docker.outputs.image }} | |
azure-credentials: ${{ secrets.AZURE_CREDENTIALS }} | |
deploy_production: | |
name: Deploy to production environment | |
needs: [docker, rspec, deploy_non_production] | |
runs-on: ubuntu-latest | |
if: github.ref == 'refs/heads/main' && github.event_name == 'push' | |
environment: | |
name: production | |
url: ${{ steps.deploy.outputs.url }} | |
concurrency: deploy_production | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/actions/deploy-environment | |
id: deploy | |
with: | |
environment: production | |
docker-image: ${{ needs.docker.outputs.image }} | |
azure-credentials: ${{ secrets.AZURE_CREDENTIALS }} | |
smoke-test-credentials-required: "false" | |
notify_slack_of_failures: | |
name: Notify Slack of failures | |
runs-on: ubuntu-latest | |
environment: development | |
if: ${{ failure() && github.ref == 'refs/heads/main' && github.event_name == 'push' }} | |
needs: [docker, rspec, deploy_non_production] | |
steps: | |
- uses: actions/checkout@v4 | |
- id: key-vault-name | |
shell: bash | |
run: echo "value=$(make -s development print-infrastructure-key-vault-name)" >> $GITHUB_OUTPUT | |
- uses: Azure/login@v2 | |
with: | |
creds: ${{ secrets.AZURE_CREDENTIALS }} | |
- uses: Azure/get-keyvault-secrets@v1 | |
id: key-vault-secrets | |
with: | |
keyvault: ${{ steps.key-vault-name.outputs.value }} | |
secrets: "SLACK-WEBHOOK" | |
- name: Notify Slack channel on job failure | |
uses: rtCamp/action-slack-notify@v2 | |
env: | |
SLACK_TITLE: Deployment of apply-for-qualified-teacher-status to ${{ needs.deploy_non_production.outputs.environment_name }} failed | |
SLACK_MESSAGE: | | |
Deployment to ${{ needs.deploy_non_production.outputs.environment_name }} environment failed | |
SLACK_WEBHOOK: ${{ steps.key-vault-secrets.outputs.SLACK-WEBHOOK }} | |
SLACK_COLOR: failure | |
SLACK_FOOTER: Sent from notify_slack_of_failures job in deploy workflow |