-
Notifications
You must be signed in to change notification settings - Fork 1
221 lines (185 loc) · 6.28 KB
/
deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
name: Deploy
on:
workflow_dispatch:
inputs:
environment:
description: "Deploy environment"
required: true
default: development
type: environment
options:
- development
- test
- preproduction
- production
push:
branches:
- main
pull_request:
branches:
- main
types:
- labeled
- synchronize
- reopened
- opened
jobs:
docker:
name: Build and push Docker image
runs-on: ubuntu-latest
environment: development
if: contains(github.event.pull_request.labels.*.name, 'deploy') || github.event_name != 'pull_request'
outputs:
image: ${{ steps.build-docker-image.outputs.image }}
steps:
- uses: actions/checkout@v4
- id: key-vault-name
shell: bash
run: echo "value=$(make -s development print-infrastructure-key-vault-name)" >> $GITHUB_OUTPUT
- uses: Azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- uses: Azure/get-keyvault-secrets@v1
id: key-vault-secrets
with:
keyvault: ${{ steps.key-vault-name.outputs.value }}
secrets: "SNYK-TOKEN"
- uses: DFE-Digital/github-actions/build-docker-image@master
id: build-docker-image
with:
docker-repository: ghcr.io/dfe-digital/apply-for-qualified-teacher-status
github-token: ${{ secrets.GITHUB_TOKEN }}
snyk-token: ${{ steps.key-vault-secrets.outputs.SNYK-TOKEN }}
rspec:
name: Rspec
runs-on: ubuntu-latest
services:
postgres:
image: postgres
env:
POSTGRES_PASSWORD: postgres
POSTGRES_USER: postgres
ports:
- 5432:5432
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-retries 5
--health-timeout 5s
redis:
image: redis
ports:
- 6379:6379
options: >-
--health-cmd "redis-cli ping"
--health-interval 10s
--health-timeout 5s
--health-retries 5
env:
DATABASE_URL: postgres://postgres:postgres@localhost:5432/apply_for_qts_test
RAILS_ENV: test
REDIS_URL: redis://localhost:6379/0
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Prepare application environment
uses: ./.github/actions/prepare-app-env
- name: Build frontend
run: yarn build && yarn build:css
- name: Setup DB
run: bin/rails db:test:prepare
- name: Run DfE Analytics
run: bin/bundle exec rails dfe:analytics:check
- name: Run tests
run: bin/test
deploy_review:
name: Deploy to review environment
concurrency: deploy_review_${{ github.event.pull_request.number }}
needs: [docker, rspec]
runs-on: ubuntu-latest
if: contains(github.event.pull_request.labels.*.name, 'deploy')
environment: review
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/deploy-environment
id: deploy
with:
environment: review
docker-image: ${{ needs.docker.outputs.image }}
azure-credentials: ${{ secrets.AZURE_CREDENTIALS }}
pull-request-number: ${{ github.event.pull_request.number }}
- name: Post sticky pull request comment
if: github.event_name == 'pull_request'
uses: marocchino/sticky-pull-request-comment@v2
with:
message: |
Review app deployed to ${{ steps.deploy.outputs.url }}/personas
deploy_non_production:
name: Deploy to ${{ matrix.environment }} environment
runs-on: ubuntu-latest
needs: [docker, rspec]
if: github.ref == 'refs/heads/main' && github.event_name == 'push'
concurrency: deploy_${{ matrix.environment }}
strategy:
max-parallel: 1
matrix:
environment: [development, test, preproduction]
environment:
name: ${{ matrix.environment }}
url: ${{ steps.deploy.outputs.url }}
outputs:
environment_name: ${{ matrix.environment }}
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/deploy-environment
id: deploy
with:
environment: ${{ matrix.environment }}
docker-image: ${{ needs.docker.outputs.image }}
azure-credentials: ${{ secrets.AZURE_CREDENTIALS }}
deploy_production:
name: Deploy to production environment
needs: [docker, rspec, deploy_non_production]
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/main' && github.event_name == 'push'
environment:
name: production
url: ${{ steps.deploy.outputs.url }}
concurrency: deploy_production
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/deploy-environment
id: deploy
with:
environment: production
docker-image: ${{ needs.docker.outputs.image }}
azure-credentials: ${{ secrets.AZURE_CREDENTIALS }}
smoke-test-credentials-required: "false"
notify_slack_of_failures:
name: Notify Slack of failures
runs-on: ubuntu-latest
environment: development
if: ${{ failure() && github.ref == 'refs/heads/main' && github.event_name == 'push' }}
needs: [docker, rspec, deploy_non_production]
steps:
- uses: actions/checkout@v4
- id: key-vault-name
shell: bash
run: echo "value=$(make -s development print-infrastructure-key-vault-name)" >> $GITHUB_OUTPUT
- uses: Azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- uses: Azure/get-keyvault-secrets@v1
id: key-vault-secrets
with:
keyvault: ${{ steps.key-vault-name.outputs.value }}
secrets: "SLACK-WEBHOOK"
- name: Notify Slack channel on job failure
uses: rtCamp/action-slack-notify@v2
env:
SLACK_TITLE: Deployment of apply-for-qualified-teacher-status to ${{ needs.deploy_non_production.outputs.environment_name }} failed
SLACK_MESSAGE: |
Deployment to ${{ needs.deploy_non_production.outputs.environment_name }} environment failed
SLACK_WEBHOOK: ${{ steps.key-vault-secrets.outputs.SLACK-WEBHOOK }}
SLACK_COLOR: failure
SLACK_FOOTER: Sent from notify_slack_of_failures job in deploy workflow