Bau concurrency workflow

.github/workflows/copilot_deploy.yml

@@ -35,7 +35,17 @@ on:
       - closed # Further protection - only allow this workflow to run automatically on closed pull requests
 
 jobs:
+  tag_version:
+    runs-on: ubuntu-latest
+    outputs:
+      version_to_tag: ${{ steps.assessment_tagging.outputs.tag_value }}
+    steps:
+      - id: assessment_tagging
+        run: |
+          echo "tag_value=$(echo '${{ github.ref }}' | sed -e 's,.*/\(.*\),\1,')" >> $GITHUB_OUTPUT
+
   paketo_build:
+    needs: [ tag_version ]
     permissions:
       packages: write
     uses: communitiesuk/funding-service-design-workflows/.github/workflows/package.yml@main
@@ -44,74 +54,90 @@ jobs:
       owner: ${{ github.repository_owner }}
       application: funding-service-design-assessment
       assets_required: true
+
   pre_deploy_tests:
     secrets:
       E2E_PAT: ${{secrets.E2E_PAT}}
     uses: communitiesuk/funding-design-service-workflows/.github/workflows/pre-deploy.yml@main
     with:
       postgres_unit_testing: false
 
-  dev_copilot_deploy:
-    if: inputs.environment == 'dev' || inputs.environment == ''
-    needs: [pre_deploy_tests, paketo_build]
-    concurrency: deploy-dev
-    secrets:
-      AWS_ACCOUNT: ${{ secrets.AWS_ACCOUNT }}
-    uses: ./.github/workflows/environment.yml
-    permissions:
-      id-token: write # This is required for requesting the JWT
-      contents: read  # This is required for actions/checkout
-    with:
-      workspace: 'dev'
+  copilot_environments_workflow_setup:
+    runs-on: ubuntu-latest
+    outputs:
+      matrix: ${{ steps.copilot_env_matrix.outputs.env_list }}
+    steps:
+      - id: copilot_env_matrix
+        run: |
+          if [ "${{ inputs.environment }}" != '' ]; then
+            echo "env_list=[\"${{ inputs.environment }}\"]" >> $GITHUB_OUTPUT
+          elif [ "${{ github.ref }}" == 'refs/heads/main' ]; then
+            echo "env_list=[\"dev\", \"test\", \"uat\", \"production\"]" >> $GITHUB_OUTPUT
+          else
+            echo "env_list=[\"dev\", \"test\"]" >> $GITHUB_OUTPUT
+          fi
 
-  test_copilot_deploy:
-    if: inputs.environment == 'test' || inputs.environment == ''
-    needs: [pre_deploy_tests, paketo_build]
-    concurrency: deploy-test
-    secrets:
-      AWS_ACCOUNT: ${{ secrets.AWS_ACCOUNT }}
-    uses: ./.github/workflows/environment.yml
+  copilot_env_deploy:
+    concurrency:
+      group: '${{ github.workflow }} @ ${{ github.ref }}'
+      cancel-in-progress: false
     permissions:
       id-token: write # This is required for requesting the JWT
       contents: read  # This is required for actions/checkout
-    with:
-      workspace: 'test'
+    needs: [ tag_version, pre_deploy_tests, paketo_build, copilot_environments_workflow_setup ]
+    runs-on: ubuntu-latest
+    continue-on-error: true
+    strategy:
+      max-parallel: 1
+      matrix:
+        value: ${{ fromJSON(needs.copilot_environments_workflow_setup.outputs.matrix) }}
+      fail-fast: false
+    environment: ${{ matrix.value }}
+    steps:
+    - name: Git clone the repository
+      uses: actions/checkout@v4
 
-  # Allow the capability to override UAT with another branch, but ideally uat and production should be in sync as much as possible
-  uat_copilot_deploy:
-    if: inputs.environment == 'uat' || inputs.environment == ''
-    needs: [pre_deploy_tests, paketo_build]
-    concurrency: deploy-uat
-    secrets:
-      AWS_ACCOUNT: ${{ secrets.AWS_ACCOUNT }}
-    uses: ./.github/workflows/environment.yml
-    permissions:
-      id-token: write # This is required for requesting the JWT
-      contents: read  # This is required for actions/checkout
-    with:
-      workspace: 'uat'
+    - name: Get current date
+      shell: bash
+      id: currentdatetime
+      run: echo "datetime=$(date +'%Y%m%d%H%M%S')" >> $GITHUB_OUTPUT
 
-  # Only run this if the branch being deployed is main
-  production_copilot_deploy:
-    if: (inputs.environment == 'production' || inputs.environment == '') && github.ref == 'refs/heads/main'
-    needs: [pre_deploy_tests, paketo_build]
-    concurrency: deploy-production
-    secrets:
-      AWS_ACCOUNT: ${{ secrets.AWS_ACCOUNT }}
-      RSA256_PUBLIC_KEY_BASE64: ${{ secrets.RSA256_PUBLIC_KEY_BASE64 }}
-    uses: ./.github/workflows/environment.yml
-    permissions:
-      id-token: write # This is required for requesting the JWT
-      contents: read  # This is required for actions/checkout
-    with:
-      workspace: 'production'
+    - name: configure aws credentials
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT }}:role/GithubCopilotDeploy
+        role-session-name: NOTIFICATION_${{ matrix.value }}_COPILOT_${{ steps.currentdatetime.outputs.datetime }}
+        aws-region: eu-west-2
+
+    - name: Install AWS Copilot CLI
+      shell: bash
+      run: |
+        curl -Lo aws-copilot https://github.com/aws/copilot-cli/releases/latest/download/copilot-linux && chmod +x aws-copilot && sudo mv aws-copilot /usr/local/bin/copilot
+
+    - name: Inject Git SHA into manifest
+      run: |
+        yq -i '.variables.GITHUB_SHA = "${{ github.sha }}"'  copilot/fsd-assessment/manifest.yml
+
+    - name: Inject replacement image into manifest
+      run: |
+        yq -i '.image.location = "ghcr.io/communitiesuk/funding-service-design-assessment:${{ github.ref_name == 'main' && 'latest' || github.ref_name }}"'  copilot/fsd-assessment/manifest.yml
+
+    - name: Inject RSA256_PUBLIC_KEY_BASE64 into manifest
+      run: |
+        yq -i '.variables.RSA256_PUBLIC_KEY_BASE64 = "${{ secrets.RSA256_PUBLIC_KEY_BASE64 }}"'  copilot/fsd-assessment/manifest.yml
+
+    - name: Copilot ${{ matrix.value }} deploy
+      id: deploy_build
+      run: |
+        copilot svc deploy --env ${{ matrix.value }} --app pre-award
 
   post_deploy_tests:
-    needs: copilot_build
+    needs: copilot_env_deploy
+    if: inputs.environment == 'test' || inputs.environment == 'dev' || inputs.environment == ''
     secrets:
       E2E_PAT: ${{secrets.E2E_PAT}}
     uses: communitiesuk/funding-service-design-workflows/.github/workflows/post-deploy.yml@main
     with:
-      run_performance_tests: ${{ inputs.run_performance_tests }}
-      run_e2e_tests: ${{ inputs.run_e2e_tests }}
+      run_performance_tests: ${{ inputs.run_performance_tests || false }}
+      run_e2e_tests: ${{ inputs.run_e2e_tests || true }}
       app_name: assessment