Deploy #604
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy | |
| permissions: | |
| id-token: write | |
| contents: read | |
| on: | |
| push: | |
| branches: | |
| - main | |
| workflow_dispatch: | |
| jobs: | |
| build: | |
| name: Build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Set up JDK | |
| uses: actions/setup-java@v3 | |
| with: | |
| cache: maven | |
| distribution: temurin | |
| java-version: 17 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| aws-region: eu-west-1 | |
| role-to-assume: arn:aws:iam::430723991443:role/github-actions-deployer-role | |
| - name: Add CodeArtifact env var | |
| run: echo "CODEARTIFACT_AUTH_TOKEN=$(aws codeartifact get-authorization-token --domain hee --domain-owner 430723991443 --query authorizationToken --output text)" >> $GITHUB_ENV | |
| - name: maven-settings-xml-action | |
| uses: whelk-io/maven-settings-xml-action@v21 | |
| with: | |
| servers: '[{ "id": "hee--Health-Education-England", "username": "aws", "password": "${env.CODEARTIFACT_AUTH_TOKEN}" }]' | |
| repositories: '[{ "id": "hee--Health-Education-England", "url": "https://hee-430723991443.d.codeartifact.eu-west-1.amazonaws.com/maven/Health-Education-England/" }]' | |
| - name: Build with Maven | |
| run: mvn clean install | |
| - name: Upload build artifact | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: app-jar | |
| path: ./application/target/revalidation-uber.jar | |
| analyze: | |
| name: Perform quality analysis | |
| needs: [ build ] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Download build artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: app-jar | |
| path: build/reports | |
| - name: Set up JDK | |
| uses: actions/setup-java@v3 | |
| with: | |
| cache: maven | |
| distribution: temurin | |
| java-version: 17 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| aws-region: eu-west-1 | |
| role-to-assume: arn:aws:iam::430723991443:role/github-actions-deployer-role | |
| - name: Add CodeArtifact env var | |
| run: echo "CODEARTIFACT_AUTH_TOKEN=$(aws codeartifact get-authorization-token --domain hee --domain-owner 430723991443 --query authorizationToken --output text)" >> $GITHUB_ENV | |
| - name: maven-settings-xml-action | |
| uses: whelk-io/maven-settings-xml-action@v21 | |
| with: | |
| servers: '[{ "id": "hee--Health-Education-England", "username": "aws", "password": "${env.CODEARTIFACT_AUTH_TOKEN}" }]' | |
| repositories: '[{ "id": "hee--Health-Education-England", "url": "https://hee-430723991443.d.codeartifact.eu-west-1.amazonaws.com/maven/Health-Education-England/" }]' | |
| - name: Build with Maven | |
| run: mvn clean install | |
| - name: Run quality analysis | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| run: mvn sonar:sonar | |
| backup-artifacts: | |
| name: Backup build artifacts | |
| needs: build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Download build artifacts | |
| uses: actions/download-artifact@v3 | |
| with: | |
| path: build-artifacts | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| aws-region: eu-west-2 | |
| role-to-assume: arn:aws:iam::430723991443:role/github-actions-deployer-role | |
| - name: Backup build artifacts | |
| run: | | |
| workflow=$(echo ${{ github.workflow }} | sed -e 's/\W/-/g' -e 's/\(.*\)/\L\1/') | |
| aws s3 sync build-artifacts s3://tis-build-artifacts/${{ github.event.repository.name }}/$workflow/${{ github.run_number }} | |
| dockerize: | |
| name: Dockerize | |
| needs: build | |
| runs-on: ubuntu-latest | |
| if: github.ref == 'refs/heads/main' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Download build artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: app-jar | |
| path: application/target | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| aws-region: eu-west-2 | |
| role-to-assume: arn:aws:iam::430723991443:role/github-actions-deployer-role | |
| - name: Log in to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v1 | |
| - name: Build, tag and push image to Amazon ECR | |
| env: | |
| ECR_REPOSITORY: ${{ github.event.repository.name }} | |
| ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| IMAGE_TAG: ${{ github.sha }} | |
| run: | | |
| docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG . | |
| docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | |
| docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:latest . | |
| docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest | |
| deploy: | |
| name: Deploy | |
| needs: dockerize | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| aws-region: eu-west-2 | |
| role-to-assume: arn:aws:iam::430723991443:role/github-actions-deployer-role | |
| - name: Log in to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v1 | |
| - name: Fill in the new image ID in the Amazon ECS task definition | |
| id: task-def | |
| uses: aws-actions/amazon-ecs-render-task-definition@v1 | |
| with: | |
| task-definition: .aws/task-definition.json | |
| container-name: ${{ github.event.repository.name }} | |
| image: ${{ steps.login-ecr.outputs.registry }}/${{ github.event.repository.name }}:${{ github.sha }} | |
| - name: Deploy Amazon ECS task definition | |
| id: ecs-deploy | |
| uses: aws-actions/amazon-ecs-deploy-task-definition@v1 | |
| with: | |
| task-definition: ${{ steps.task-def.outputs.task-definition }} | |
| service: ${{ github.event.repository.name }} | |
| cluster: revalidation-preprod | |
| wait-for-service-stability: true | |
| - name: Verify ECS deployment | |
| run: | | |
| CURRENT_TASK_DEF_ARN=$(aws ecs describe-services --cluster revalidation-preprod --service ${{ github.event.repository.name }} --query services[0].deployments[0].taskDefinition | jq -r ".") | |
| NEW_TASK_DEF_ARN=${{ steps.ecs-deploy.outputs.task-definition-arn }} | |
| echo "Current task arn: $CURRENT_TASK_DEF_ARN" | |
| echo "New task arn: $NEW_TASK_DEF_ARN" | |
| if [ "$CURRENT_TASK_DEF_ARN" != "$NEW_TASK_DEF_ARN" ]; then | |
| echo "Deployment failed." | |
| exit 1 | |
| fi | |
| - name: Push stable tag image to Amazon ECR | |
| env: | |
| ECR_REPOSITORY: ${{ github.event.repository.name }} | |
| ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| IMAGE_TAG: ${{ github.sha }} | |
| run: | | |
| docker pull $ECR_REGISTRY/$ECR_REPOSITORY:${{ github.sha }} | |
| docker tag $ECR_REGISTRY/$ECR_REPOSITORY:${{ github.sha }} $ECR_REGISTRY/$ECR_REPOSITORY:stable | |
| docker push --all-tags $ECR_REGISTRY/$ECR_REPOSITORY | |
| - name: Slack Notification success | |
| if: success() | |
| uses: rtCamp/[email protected] | |
| env: | |
| SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} | |
| SLACK_TITLE: 'tis-revalidation-recommendation has been deployed through the pipeline' | |
| - name: Slack Notification failure | |
| if: failure() | |
| uses: rtCamp/[email protected] | |
| env: | |
| SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} | |
| SLACK_TITLE: "tis-revalidation-recommendation build has failed in the pipeline" | |
| SLACK_COLOR: "#fc1303" |