Skip to content

Merge pull request #472 from Health-Education-England/feat/updateGmcU… #594

Merge pull request #472 from Health-Education-England/feat/updateGmcU…

Merge pull request #472 from Health-Education-England/feat/updateGmcU… #594

Workflow file for this run

name: Deploy
permissions:
id-token: write
contents: read
on:
push:
branches:
- main
workflow_dispatch:
jobs:
build:
name: Build
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Set up JDK
uses: actions/setup-java@v3
with:
cache: maven
distribution: temurin
java-version: 11
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v2
with:
aws-region: eu-west-1
role-to-assume: arn:aws:iam::430723991443:role/github-actions-deployer-role
- name: Add CodeArtifact env var
run: echo "CODEARTIFACT_AUTH_TOKEN=$(aws codeartifact get-authorization-token --domain hee --domain-owner 430723991443 --query authorizationToken --output text)" >> $GITHUB_ENV
- name: maven-settings-xml-action
uses: whelk-io/maven-settings-xml-action@v21
with:
servers: '[{ "id": "hee--Health-Education-England", "username": "aws", "password": "${env.CODEARTIFACT_AUTH_TOKEN}" }]'
repositories: '[{ "id": "hee--Health-Education-England", "url": "https://hee-430723991443.d.codeartifact.eu-west-1.amazonaws.com/maven/Health-Education-England/" }]'
- name: Build with Maven
run: mvn clean install
- name: Upload build artifact
uses: actions/upload-artifact@v3
with:
name: app-jar
path: ./application/target/revalidation-uber.jar
analyze:
name: Perform quality analysis
needs: [ build ]
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Download build artifact
uses: actions/download-artifact@v3
with:
name: app-jar
path: build/reports
- name: Set up JDK
uses: actions/setup-java@v3
with:
cache: maven
distribution: temurin
java-version: 11
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v2
with:
aws-region: eu-west-1
role-to-assume: arn:aws:iam::430723991443:role/github-actions-deployer-role
- name: Add CodeArtifact env var
run: echo "CODEARTIFACT_AUTH_TOKEN=$(aws codeartifact get-authorization-token --domain hee --domain-owner 430723991443 --query authorizationToken --output text)" >> $GITHUB_ENV
- name: maven-settings-xml-action
uses: whelk-io/maven-settings-xml-action@v21
with:
servers: '[{ "id": "hee--Health-Education-England", "username": "aws", "password": "${env.CODEARTIFACT_AUTH_TOKEN}" }]'
repositories: '[{ "id": "hee--Health-Education-England", "url": "https://hee-430723991443.d.codeartifact.eu-west-1.amazonaws.com/maven/Health-Education-England/" }]'
- name: Build with Maven
run: mvn clean install
- name: Run quality analysis
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: mvn sonar:sonar
backup-artifacts:
name: Backup build artifacts
needs: build
runs-on: ubuntu-latest
steps:
- name: Download build artifacts
uses: actions/download-artifact@v3
with:
path: build-artifacts
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v2
with:
aws-region: eu-west-2
role-to-assume: arn:aws:iam::430723991443:role/github-actions-deployer-role
- name: Backup build artifacts
run: |
workflow=$(echo ${{ github.workflow }} | sed -e 's/\W/-/g' -e 's/\(.*\)/\L\1/')
aws s3 sync build-artifacts s3://tis-build-artifacts/${{ github.event.repository.name }}/$workflow/${{ github.run_number }}
dockerize:
name: Dockerize
needs: build
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/main'
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Download build artifact
uses: actions/download-artifact@v3
with:
name: app-jar
path: application/target
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v2
with:
aws-region: eu-west-2
role-to-assume: arn:aws:iam::430723991443:role/github-actions-deployer-role
- name: Log in to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Build, tag and push image to Amazon ECR
env:
ECR_REPOSITORY: ${{ github.event.repository.name }}
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
IMAGE_TAG: ${{ github.sha }}
run: |
docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:latest .
docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest
deploy:
name: Deploy
needs: dockerize
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v2
with:
aws-region: eu-west-2
role-to-assume: arn:aws:iam::430723991443:role/github-actions-deployer-role
- name: Log in to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Fill in the new image ID in the Amazon ECS task definition
id: task-def
uses: aws-actions/amazon-ecs-render-task-definition@v1
with:
task-definition: .aws/task-definition.json
container-name: ${{ github.event.repository.name }}
image: ${{ steps.login-ecr.outputs.registry }}/${{ github.event.repository.name }}:${{ github.sha }}
- name: Deploy Amazon ECS task definition
id: ecs-deploy
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
with:
task-definition: ${{ steps.task-def.outputs.task-definition }}
service: ${{ github.event.repository.name }}
cluster: revalidation-preprod
wait-for-service-stability: true
- name: Verify ECS deployment
run: |
CURRENT_TASK_DEF_ARN=$(aws ecs describe-services --cluster revalidation-preprod --service ${{ github.event.repository.name }} --query services[0].deployments[0].taskDefinition | jq -r ".")
NEW_TASK_DEF_ARN=${{ steps.ecs-deploy.outputs.task-definition-arn }}
echo "Current task arn: $CURRENT_TASK_DEF_ARN"
echo "New task arn: $NEW_TASK_DEF_ARN"
if [ "$CURRENT_TASK_DEF_ARN" != "$NEW_TASK_DEF_ARN" ]; then
echo "Deployment failed."
exit 1
fi
- name: Push stable tag image to Amazon ECR
env:
ECR_REPOSITORY: ${{ github.event.repository.name }}
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
IMAGE_TAG: ${{ github.sha }}
run: |
docker pull $ECR_REGISTRY/$ECR_REPOSITORY:${{ github.sha }}
docker tag $ECR_REGISTRY/$ECR_REPOSITORY:${{ github.sha }} $ECR_REGISTRY/$ECR_REPOSITORY:stable
docker push --all-tags $ECR_REGISTRY/$ECR_REPOSITORY
- name: Slack Notification success
if: success()
uses: rtCamp/[email protected]
env:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
SLACK_TITLE: 'tis-revalidation-recommendation has been deployed through the pipeline'
- name: Slack Notification failure
if: failure()
uses: rtCamp/[email protected]
env:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
SLACK_TITLE: "tis-revalidation-recommendation build has failed in the pipeline"
SLACK_COLOR: "#fc1303"