From 4aa670aa4020ea9750d66ecf666289b5642f4f05 Mon Sep 17 00:00:00 2001 From: Robert Kibble Date: Wed, 18 Oct 2023 08:47:36 +0100 Subject: [PATCH 1/4] FS-3337 Split copilot and add post-deploy --- .github/workflows/copilot_deploy.yml | 102 +++++++++++++++++++++++++++ .github/workflows/deploy.yml | 77 -------------------- 2 files changed, 102 insertions(+), 77 deletions(-) create mode 100644 .github/workflows/copilot_deploy.yml diff --git a/.github/workflows/copilot_deploy.yml b/.github/workflows/copilot_deploy.yml new file mode 100644 index 00000000..b5aed618 --- /dev/null +++ b/.github/workflows/copilot_deploy.yml @@ -0,0 +1,102 @@ +name: Deploy to Gov PaaS + +on: + workflow_dispatch: + inputs: + environment: + description: Which AWS Account to use + type: choice + required: true + options: + - test + - uat + run_performance_tests: + required: false + default: false + type: boolean + description: Run performance tests + run_e2e_tests: + required: false + default: false + type: boolean + description: Run e2e tests + push: + paths: # Ignore README markdown and only deploy when something in the copilot folder has changed + - 'copilot/**' + - '!**/README.md' + pull_request: + types: + - closed # Further protection - only allow this workflow to run automatically on closed pull requests + +jobs: + paketo_build: + permissions: + packages: write + uses: communitiesuk/funding-service-design-workflows/.github/workflows/package.yml@main + with: + version_to_build: $(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,') + owner: ${{ github.repository_owner }} + application: funding-service-design-assessment + assets_required: true + pre_deploy_tests: + if: ${{ github.event.inputs.copilot }} + secrets: + E2E_PAT: ${{secrets.E2E_PAT}} + uses: communitiesuk/funding-design-service-workflows/.github/workflows/pre-deploy.yml@main + with: + postgres_unit_testing: false + copilot_build: + if: github.event.pull_request.merged == true + permissions: + id-token: write # This is required for requesting the JWT + contents: read # This is required for actions/checkout + runs-on: ubuntu-latest + environment: ${{ inputs.environment || 'test' }} + steps: + - name: Git clone the repository + uses: actions/checkout@v3 + + - name: Get current date + id: currentdatetime + run: echo "datetime=$(date +'%Y%m%d%H%M%S')" >> $GITHUB_OUTPUT + + - name: configure aws credentials + uses: aws-actions/configure-aws-credentials@v2 + with: + role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT }}:role/GithubCopilotDeploy + role-session-name: ASSESSMENT_COPILOT_${{ steps.currentdatetime.outputs.datetime }} + aws-region: eu-west-2 + + - name: Install AWS Copilot CLI + run: | + curl -Lo aws-copilot https://github.com/aws/copilot-cli/releases/latest/download/copilot-linux && chmod +x aws-copilot && sudo mv aws-copilot /usr/local/bin/copilot + + - name: Inject Git SHA into manifest + run: | + yq -i '.variables.GITHUB_SHA = "${{ github.sha }}"' copilot/fsd-assessment/manifest.yml + + - name: Inject RSA256_PUBLIC_KEY_BASE64 into manifest + run: | + yq -i '.variables.RSA256_PUBLIC_KEY_BASE64 = "${{ secrets.RSA256_PUBLIC_KEY_BASE64 }}"' copilot/fsd-assessment/manifest.yml + + - name: Inject replacement image into manifest + run: | + yq -i '.image.location = "ghcr.io/communitiesuk/funding-service-design-assessment:${{ github.ref_name }}"' copilot/fsd-assessment/manifest.yml + + - name: Replace AUTHENTICATOR_HOST variable + if: ${{ inputs.environment == 'prod' }} + run: | + yq -i '.variables.AUTHENTICATOR_HOST = "https://authenticator.${{ inputs.environment }}.levellingup.gov.uk"' copilot/fsd-assessment/manifest.yml + + - name: Copilot deploy + run: | + copilot deploy --env ${{ inputs.environment || 'test' }} + post_deploy_tests: + needs: copilot_build + secrets: + E2E_PAT: ${{secrets.E2E_PAT}} + uses: communitiesuk/funding-service-design-workflows/.github/workflows/post-deploy.yml + with: + run_performance_tests: ${{ inputs.run_performance_tests }} + run_e2e_tests: ${{ inputs.run_e2e_tests }} + app_name: assessment diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index a180d426..e8cfe0b9 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -1,20 +1,6 @@ name: Deploy to Gov PaaS on: - workflow_dispatch: - inputs: - environment: - description: Which AWS Account to use - type: choice - required: true - options: - - test - - uat - copilot: - description: Whether to deploy - type: boolean - required: false - default: false push: paths-ignore: - '**/README.md' @@ -38,66 +24,3 @@ jobs: CF_PASSWORD: ${{secrets.CF_PASSWORD}} E2E_PAT: ${{secrets.E2E_PAT}} RSA256_PUBLIC_KEY_BASE64: ${{secrets.RSA256_PUBLIC_KEY_BASE64}} - paketo_build: - permissions: - packages: write - uses: communitiesuk/funding-service-design-workflows/.github/workflows/package.yml@main - with: - version_to_build: $(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,') - owner: ${{ github.repository_owner }} - application: funding-service-design-assessment - assets_required: true - pre_deploy_tests: - if: ${{ github.event.inputs.copilot }} - secrets: - E2E_PAT: ${{secrets.E2E_PAT}} - uses: communitiesuk/funding-design-service-workflows/.github/workflows/pre-deploy.yml@main - with: - postgres_unit_testing: false - copilot_build: - if: ${{ github.event.inputs.copilot }} - concurrency: deploy-${{ inputs.environment || 'test' }} - permissions: - id-token: write # This is required for requesting the JWT - contents: read # This is required for actions/checkout - runs-on: ubuntu-latest - environment: ${{ inputs.environment || 'test' }} - steps: - - name: Git clone the repository - uses: actions/checkout@v3 - - - name: Get current date - id: currentdatetime - run: echo "datetime=$(date +'%Y%m%d%H%M%S')" >> $GITHUB_OUTPUT - - - name: configure aws credentials - uses: aws-actions/configure-aws-credentials@v2 - with: - role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT }}:role/GithubCopilotDeploy - role-session-name: ASSESSMENT_COPILOT_${{ steps.currentdatetime.outputs.datetime }} - aws-region: eu-west-2 - - - name: Install AWS Copilot CLI - run: | - curl -Lo aws-copilot https://github.com/aws/copilot-cli/releases/latest/download/copilot-linux && chmod +x aws-copilot && sudo mv aws-copilot /usr/local/bin/copilot - - - name: Inject Git SHA into manifest - run: | - yq -i '.variables.GITHUB_SHA = "${{ github.sha }}"' copilot/fsd-assessment/manifest.yml - - - name: Inject RSA256_PUBLIC_KEY_BASE64 into manifest - run: | - yq -i '.variables.RSA256_PUBLIC_KEY_BASE64 = "${{ secrets.RSA256_PUBLIC_KEY_BASE64 }}"' copilot/fsd-assessment/manifest.yml - - - name: Inject replacement image into manifest - run: | - yq -i '.image.location = "ghcr.io/communitiesuk/funding-service-design-assessment:${{ github.ref_name }}"' copilot/fsd-assessment/manifest.yml - - - name: Replace AUTHENTICATOR_HOST variable - if: ${{ inputs.environment == 'prod' }} - run: | - yq -i '.variables.AUTHENTICATOR_HOST = "https://authenticator.${{ inputs.environment }}.levellingup.gov.uk"' copilot/fsd-assessment/manifest.yml - - - name: Copilot deploy - run: | - copilot deploy --env ${{ inputs.environment || 'test' }} From 1cedcfab60968f545ac8f22fcd1ad5ca5f9181d8 Mon Sep 17 00:00:00 2001 From: Robert Kibble Date: Wed, 18 Oct 2023 08:54:26 +0100 Subject: [PATCH 2/4] Change name for copilot deploy --- .github/workflows/copilot_deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/copilot_deploy.yml b/.github/workflows/copilot_deploy.yml index b5aed618..f20c3688 100644 --- a/.github/workflows/copilot_deploy.yml +++ b/.github/workflows/copilot_deploy.yml @@ -1,4 +1,4 @@ -name: Deploy to Gov PaaS +name: Deploy to AWS on: workflow_dispatch: From 96046b55f66b7974c6f3f811aa860196fa5c75e9 Mon Sep 17 00:00:00 2001 From: Robert Kibble Date: Wed, 18 Oct 2023 08:55:23 +0100 Subject: [PATCH 3/4] Change name for copilot deploy --- .github/workflows/copilot_deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/copilot_deploy.yml b/.github/workflows/copilot_deploy.yml index f20c3688..423d48a5 100644 --- a/.github/workflows/copilot_deploy.yml +++ b/.github/workflows/copilot_deploy.yml @@ -95,7 +95,7 @@ jobs: needs: copilot_build secrets: E2E_PAT: ${{secrets.E2E_PAT}} - uses: communitiesuk/funding-service-design-workflows/.github/workflows/post-deploy.yml + uses: communitiesuk/funding-service-design-workflows/.github/workflows/post-deploy.yml@main with: run_performance_tests: ${{ inputs.run_performance_tests }} run_e2e_tests: ${{ inputs.run_e2e_tests }} From 67b0adbd93844e79aa4c87384560616526b3cb0f Mon Sep 17 00:00:00 2001 From: Robert Kibble Date: Wed, 18 Oct 2023 12:07:24 +0100 Subject: [PATCH 4/4] Remove if copilot since this is only for that --- .github/workflows/copilot_deploy.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/copilot_deploy.yml b/.github/workflows/copilot_deploy.yml index 423d48a5..02b724aa 100644 --- a/.github/workflows/copilot_deploy.yml +++ b/.github/workflows/copilot_deploy.yml @@ -39,7 +39,6 @@ jobs: application: funding-service-design-assessment assets_required: true pre_deploy_tests: - if: ${{ github.event.inputs.copilot }} secrets: E2E_PAT: ${{secrets.E2E_PAT}} uses: communitiesuk/funding-design-service-workflows/.github/workflows/pre-deploy.yml@main