From 0d236b65b6d52305176d3035f3961446018bc2f9 Mon Sep 17 00:00:00 2001 From: Neill Turner Date: Fri, 18 Oct 2024 16:53:56 +0100 Subject: [PATCH 1/4] Pull request template --- .github/pull_request_template.md | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 .github/pull_request_template.md diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md new file mode 100644 index 000000000..8362fbd7b --- /dev/null +++ b/.github/pull_request_template.md @@ -0,0 +1,27 @@ +### Context + + + +### Changes proposed in this pull request + + + + + + + +### Guidance to review + + + + +### Link to Trello card + + + +### Checklist + +- [ ] Attach to Trello card +- [ ] Rebased main +- [ ] Cleaned commit history +- [ ] Tested by running locally From f68114cf198858538b8ffa418e7dc69051126445 Mon Sep 17 00:00:00 2001 From: Neill Turner Date: Fri, 18 Oct 2024 16:55:05 +0100 Subject: [PATCH 2/4] AKS deployment github action --- .../actions/deploy-environment-aks/action.yml | 56 +++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 .github/actions/deploy-environment-aks/action.yml diff --git a/.github/actions/deploy-environment-aks/action.yml b/.github/actions/deploy-environment-aks/action.yml new file mode 100644 index 000000000..ad0d05ede --- /dev/null +++ b/.github/actions/deploy-environment-aks/action.yml @@ -0,0 +1,56 @@ +name: Deploy environment to AKS +description: Deploys an application environment to AKS + +inputs: + environment: + description: The name of the environment + required: true + image-tag: + description: The image tag to deploy + required: true + azure-credentials: + description: JSON object containing a service principal that can read from Azure Key Vault + required: true + pull-request-number: + description: The pull request number which triggered this deploy. + required: false + +outputs: + environment_url: + description: The base URL for the deployed environment + value: ${{ steps.set_outputs.outputs.ENVIRONMENT_URL }} + +runs: + using: composite + + steps: + - uses: hashicorp/setup-terraform@v3 + with: + terraform_version: 1.6.4 + terraform_wrapper: false + + - uses: DFE-Digital/github-actions/set-kubelogin-environment@master + with: + azure-credentials: ${{ inputs.azure-credentials }} + + - name: Terraform Apply + shell: bash + run: | + make ci ${{ inputs.environment }} aks-terraform-apply + env: + DOCKER_IMAGE_TAG: ${{ inputs.image-tag }} + PR_NUMBER: ${{ inputs.pull-request-number }} + + - name: Extract Terraform outputs + shell: bash + id: set_outputs + run: | + environment_url=$(terraform -chdir=terraform/application output -raw url) + echo "ENVIRONMENT_URL=$environment_url" >> $GITHUB_OUTPUT + + - name: Run smoke tests + shell: bash + run: | + environment_url=$(terraform -chdir=terraform/application output -raw url) + echo "Check health for $environment_url/health/all.json..." + curl -sS --fail "$environment_url/health/all.json" > /dev/null && echo "Health check passed for $environment_url" || echo "Health check failed for $environment_url" From 3f2da6099af6f5a407bbfe09595c12e482ecbfb0 Mon Sep 17 00:00:00 2001 From: Neill Turner Date: Fri, 18 Oct 2024 16:56:10 +0100 Subject: [PATCH 3/4] Deploy and delete review apps workflows --- .github/workflows/build-and-deploy.yml | 33 ++++++++++++++++++- .github/workflows/delete-review-app.yml | 44 +++++++++++++++++++++++++ 2 files changed, 76 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml index b0017dc62..aab532c02 100644 --- a/.github/workflows/build-and-deploy.yml +++ b/.github/workflows/build-and-deploy.yml @@ -26,7 +26,7 @@ on: jobs: build_image: name: Image build and push - if: contains(github.event.pull_request.labels.*.name, 'deploy') || github.event_name != 'pull_request' + if: contains(github.event.pull_request.labels.*.name, 'deploy') || contains(github.event.pull_request.labels.*.name, 'deploy-aks') || github.event_name != 'pull_request' runs-on: ubuntu-latest outputs: image_name_tag: ${{ steps.build_image.outputs.ghcr_image_name_tag }} @@ -75,6 +75,37 @@ jobs: azure_credentials: ${{ secrets.AZURE_CREDENTIALS }} url: ${{ steps.deploy.outputs.environment_url }} + deploy_review_app_aks: + name: Deploy to review environment to AKS + runs-on: ubuntu-latest + if: contains(github.event.pull_request.labels.*.name, 'deploy-aks') + concurrency: deploy_review_${{ github.event.pull_request.number }} + needs: [build_image] + environment: + name: aks-review + + steps: + - uses: actions/checkout@v4 + + - uses: ./.github/actions/deploy-environment-aks + id: deploy_aks + with: + environment: aks-review + image-tag: ${{ github.sha }} + azure-credentials: ${{ secrets.AZURE_CREDENTIALS }} + pull-request-number: ${{ github.event.pull_request.number }} + + - name: Post comment to Pull Request ${{ github.event.pull_request.number }} + uses: marocchino/sticky-pull-request-comment@v2 + with: + header: aks + message: | + ### Deployments + + | App | URL | + | ----------------- | ------------------------------------------------------------------------------------------------------------------------------------------| + | Refer Serious Misconduct | | + set_matrix: name: Set deployment matrix runs-on: ubuntu-latest diff --git a/.github/workflows/delete-review-app.yml b/.github/workflows/delete-review-app.yml index 3b06948cb..109259553 100644 --- a/.github/workflows/delete-review-app.yml +++ b/.github/workflows/delete-review-app.yml @@ -15,6 +15,7 @@ jobs: name: Delete Review App ${{ github.event.pull_request.number }} concurrency: deploy_review_${{ github.event.pull_request.number }} runs-on: ubuntu-latest + if: contains(github.event.pull_request.labels.*.name, 'deploy') environment: review steps: - uses: actions/checkout@v4 @@ -129,3 +130,46 @@ jobs: az storage blob delete -c ${{ env.tf_state_container }} --name ${{ env.TF_STATE_FILE }} \ --account-key ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} \ --account-name ${{ env.storage_account_name }} + + delete-review-app-aks: + name: Delete Review App AKS ${{ github.event.pull_request.number }} + concurrency: deploy_review_${{ github.event.pull_request.number }} + if: contains(github.event.pull_request.labels.*.name, 'deploy-aks') || ${{ github.event_name }} == 'workflow_dispatch' + runs-on: ubuntu-latest + environment: aks-review + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: set PR_NUMBER + id: config + run: | + if [ ${{ github.event_name }} == 'workflow_dispatch' ]; then + PR_NUMBER=${{ github.event.inputs.pr_number }} + else + PR_NUMBER=${{ github.event.pull_request.number }} + fi + echo "PR_NUMBER=$PR_NUMBER" >> $GITHUB_ENV + + - uses: hashicorp/setup-terraform@v3 + with: + terraform_version: 1.6.4 + terraform_wrapper: false + + - uses: DFE-Digital/github-actions/set-kubelogin-environment@master + with: + azure-credentials: ${{ secrets.AZURE_CREDENTIALS }} + + - name: Terraform Destroy + run: | + make ci aks-review aks-terraform-destroy PR_NUMBER=${{ env.PR_NUMBER }} + env: + PR_NUMBER: ${{ env.PR_NUMBER }} + + - name: Post Pull Request Comment + if: ${{ github.event_name == 'pull_request' }} + uses: marocchino/sticky-pull-request-comment@v2 + with: + header: aks + message: | + Review app refer serious misconduct deployed to was deleted From 11bd67c74912e571f9e046904025daa6347d7b00 Mon Sep 17 00:00:00 2001 From: Neill Turner Date: Fri, 18 Oct 2024 16:57:42 +0100 Subject: [PATCH 4/4] Override review apps startup command --- terraform/application/application.tf | 1 + terraform/application/config/review.tfvars.json | 7 ++++++- terraform/application/variables.tf | 4 ++++ 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/terraform/application/application.tf b/terraform/application/application.tf index a858c7839..e7e0e72c6 100644 --- a/terraform/application/application.tf +++ b/terraform/application/application.tf @@ -42,6 +42,7 @@ module "web_application" { kubernetes_secret_name = module.application_configuration.kubernetes_secret_name docker_image = var.docker_image + command = var.webapp_startup_command send_traffic_to_maintenance_page = var.send_traffic_to_maintenance_page } diff --git a/terraform/application/config/review.tfvars.json b/terraform/application/config/review.tfvars.json index 2c0e750ee..94b6abe79 100644 --- a/terraform/application/config/review.tfvars.json +++ b/terraform/application/config/review.tfvars.json @@ -2,5 +2,10 @@ "cluster": "test", "namespace": "tra-development", "deploy_azure_backing_services": false, - "enable_postgres_ssl": false + "enable_postgres_ssl": false, + "webapp_startup_command": [ + "/bin/sh", + "-c", + "bundle exec rails db:schema_load_or_migrate && bundle exec rails runner \"%i(eligibility_screener referral_form).each {|flag| FeatureFlags::FeatureFlag.activate(flag)}\" && bundle exec rails server -b 0.0.0.0" + ] } diff --git a/terraform/application/variables.tf b/terraform/application/variables.tf index de3ac1539..3960f0554 100644 --- a/terraform/application/variables.tf +++ b/terraform/application/variables.tf @@ -73,6 +73,10 @@ variable "worker_memory_max" { variable "worker_replicas" { default = 1 } +variable "webapp_startup_command" { + default = null + description = "Override Dockerfile startup command" +} locals { postgres_ssl_mode = var.enable_postgres_ssl ? "require" : "disable"