From 3fc7009d9989b73fa38a1c91d60f0f4052026450 Mon Sep 17 00:00:00 2001 From: Nat Dean-Lewis Date: Wed, 11 Mar 2026 17:02:03 +0000 Subject: [PATCH] Revert "CLDC-4236: misc pipeline updates (#3227)" This reverts commit cee09718fd230695c420c441ec356822db6950cd. --- .../workflows/manual_review_code_pipeline.yml | 34 ++------- .github/workflows/production_pipeline.yml | 1 + .github/workflows/review_pipeline.yml | 70 +------------------ .../workflows/review_teardown_pipeline.yml | 67 ++---------------- 4 files changed, 12 insertions(+), 160 deletions(-) diff --git a/.github/workflows/manual_review_code_pipeline.yml b/.github/workflows/manual_review_code_pipeline.yml index 15e17b2ae..2ea0719ca 100644 --- a/.github/workflows/manual_review_code_pipeline.yml +++ b/.github/workflows/manual_review_code_pipeline.yml @@ -1,51 +1,29 @@ -name: Manual review app build and deploy +name: Manual review app code pipeline concurrency: - group: deploy-review${{ inputs.pr_number }} + group: review-${{ inputs.review_app_key }} on: workflow_dispatch: inputs: - pr_number: + review_app_key: required: true type: string - description: "The PR number of the review app to deploy code for. Note: this is NOT the ticket number" - -permissions: {} + description: "The review app ID to deploy code for." defaults: run: shell: bash jobs: - get_pr_head_sha: - name: Get PR HEAD SHA - runs-on: ubuntu-latest - outputs: - pr_head_sha: ${{ steps.get_sha.outputs.pr_head_sha }} - steps: - - name: Get PR HEAD SHA - id: get_sha - uses: actions/github-script@v7 - with: - script: | - const { data: pr } = await github.rest.pulls.get({ - owner: context.repo.owner, - repo: context.repo.repo, - pull_number: parseInt('${{ inputs.pr_number }}'), - }); - core.setOutput('pr_head_sha', pr.head.sha); - code: name: Deploy review app code - needs: [get_pr_head_sha] uses: ./.github/workflows/aws_deploy.yml with: aws_account_id: 837698168072 aws_role_prefix: core-dev - aws_task_prefix: core-review-${{ inputs.pr_number }} - concurrency_tag: ${{ inputs.pr_number }} + aws_task_prefix: core-review-${{ inputs.review_app_key }} + concurrency_tag: ${{ inputs.review_app_key }} environment: review - ref: ${{ needs.get_pr_head_sha.outputs.pr_head_sha }} permissions: id-token: write diff --git a/.github/workflows/production_pipeline.yml b/.github/workflows/production_pipeline.yml index 45a31167f..b4a188415 100644 --- a/.github/workflows/production_pipeline.yml +++ b/.github/workflows/production_pipeline.yml @@ -3,6 +3,7 @@ name: Production CI/CD Pipeline on: release: types: [released] + workflow_dispatch: defaults: run: diff --git a/.github/workflows/review_pipeline.yml b/.github/workflows/review_pipeline.yml index 13b1fbf54..5c89d91e3 100644 --- a/.github/workflows/review_pipeline.yml +++ b/.github/workflows/review_pipeline.yml @@ -9,18 +9,13 @@ on: required: true type: string description: "The number of the PR for which to deploy a review app. Note: this is NOT the ticket number" - pull_request: - types: [synchronize] - -concurrency: - group: deploy-review${{ github.event.pull_request.number || inputs.pr_number || github.event.issue.number }} permissions: {} jobs: get_pr_details: name: Get PR details - if: github.event_name == 'workflow_dispatch' || (github.event.issue.pull_request && startsWith(github.event.comment.body, '/deploy-review')) || github.event_name == 'pull_request' + if: github.event_name == 'workflow_dispatch' || (github.event.issue.pull_request && startsWith(github.event.comment.body, '/deploy-review')) runs-on: ubuntu-latest outputs: pr_number: ${{ steps.get_pr_details.outputs.pr_number }} @@ -34,8 +29,6 @@ jobs: let prNumber; if (context.eventName === 'workflow_dispatch') { prNumber = '${{ inputs.pr_number }}'; - } else if (context.eventName === 'pull_request') { - prNumber = context.payload.pull_request.number.toString(); } else { prNumber = context.issue.number.toString(); } @@ -47,52 +40,8 @@ jobs: }); core.setOutput('pr_head_sha', pr.head.sha); - check_deployment_started: - name: Check if deployment has been started - if: github.event_name == 'pull_request' - needs: [get_pr_details] - runs-on: ubuntu-latest - permissions: - pull-requests: read - outputs: - started: ${{ steps.check.outputs.started }} - steps: - - name: Check for previous deployment workflow runs - id: check - uses: actions/github-script@v7 - with: - script: | - const prNumber = '${{ needs.get_pr_details.outputs.pr_number }}'; - const { data: comments } = await github.rest.issues.listComments({ - owner: context.repo.owner, - repo: context.repo.repo, - issue_number: parseInt(prNumber), - }); - const deployComment = comments.find(c => c.body === 'Starting review app deployment...'); - core.setOutput('started', deployComment ? 'true' : 'false'); - - deployment_started_comment: - name: Comment deployment started - if: github.event_name != 'pull_request' - needs: [get_pr_details] - runs-on: ubuntu-latest - permissions: - pull-requests: write - steps: - - name: Comment on PR - uses: actions/github-script@v7 - with: - script: | - await github.rest.issues.createComment({ - owner: context.repo.owner, - repo: context.repo.repo, - issue_number: ${{ needs.get_pr_details.outputs.pr_number }}, - body: 'Starting review app deployment...', - }); - infra: name: Deploy review app infrastructure - if: github.event_name != 'pull_request' needs: [get_pr_details] uses: communitiesuk/submit-social-housing-lettings-and-sales-data-infrastructure/.github/workflows/create_review_app_infra.yml@main with: @@ -103,7 +52,6 @@ jobs: code: name: Deploy review app code - if: github.event_name != 'pull_request' needs: [get_pr_details, infra] uses: ./.github/workflows/aws_deploy.yml with: @@ -116,24 +64,8 @@ jobs: permissions: id-token: write - auto_update_code: - name: Auto-update review app code - if: github.event_name == 'pull_request' && needs.check_deployment_started.outputs.started == 'true' - needs: [get_pr_details, check_deployment_started] - uses: ./.github/workflows/aws_deploy.yml - with: - aws_account_id: 837698168072 - aws_role_prefix: core-dev - aws_task_prefix: core-review-${{ needs.get_pr_details.outputs.pr_number }} - concurrency_tag: ${{ needs.get_pr_details.outputs.pr_number }} - environment: review - ref: ${{ needs.get_pr_details.outputs.pr_head_sha }} - permissions: - id-token: write - comment: name: Add link to PR - if: github.event_name != 'pull_request' needs: [get_pr_details, code] runs-on: ubuntu-latest permissions: diff --git a/.github/workflows/review_teardown_pipeline.yml b/.github/workflows/review_teardown_pipeline.yml index 0df3ad0b7..8925b3340 100644 --- a/.github/workflows/review_teardown_pipeline.yml +++ b/.github/workflows/review_teardown_pipeline.yml @@ -1,85 +1,27 @@ name: Review app teardown pipeline concurrency: - group: deploy-review${{ github.event.pull_request.number || inputs.pr_number }} + group: review-${{ github.event.pull_request.number }} on: pull_request: types: - closed workflow_dispatch: - inputs: - pr_number: - required: true - type: string - description: "The PR number of the review app to tear down. Note: this is NOT the ticket number" - -permissions: {} env: app_repo_role: arn:aws:iam::815624722760:role/core-application-repo aws_account_id: 837698168072 aws_region: eu-west-2 aws_role_prefix: core-dev + aws_task_prefix: core-review-${{ github.event.pull_request.number }} jobs: - get_pr_number: - name: Get PR number - runs-on: ubuntu-latest - outputs: - pr_number: ${{ steps.get.outputs.pr_number }} - steps: - - name: Get PR number - id: get - run: | - if [ "${{ github.event_name }}" == "workflow_dispatch" ]; then - echo "pr_number=${{ inputs.pr_number }}" >> $GITHUB_OUTPUT - else - echo "pr_number=${{ github.event.pull_request.number }}" >> $GITHUB_OUTPUT - fi - - check_review_app_exists: - name: Check if review app exists - needs: [get_pr_number] - runs-on: ubuntu-latest - permissions: - id-token: write - outputs: - exists: ${{ steps.check.outputs.exists }} - steps: - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-region: ${{ env.aws_region }} - role-to-assume: ${{ env.app_repo_role }} - - - name: Configure AWS credentials for review environment - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-region: ${{ env.aws_region }} - role-to-assume: arn:aws:iam::${{ env.aws_account_id }}:role/${{ env.aws_role_prefix }}-deployment - role-chaining: true - - - name: Check if ECS service exists - id: check - env: - aws_task_prefix: core-review-${{ needs.get_pr_number.outputs.pr_number }} - run: | - if aws ecs describe-services --cluster ${{ env.aws_task_prefix }}-app --services ${{ env.aws_task_prefix }}-app --query "services[?status=='ACTIVE']" | grep -q 'serviceName'; then - echo "exists=true" >> $GITHUB_OUTPUT - else - echo "exists=false" >> $GITHUB_OUTPUT - fi - database: name: Drop database - if: needs.check_review_app_exists.outputs.exists == 'true' - needs: [get_pr_number, check_review_app_exists] runs-on: ubuntu-latest permissions: id-token: write - env: - aws_task_prefix: core-review-${{ needs.get_pr_number.outputs.pr_number }} steps: - name: Configure AWS credentials @@ -113,11 +55,10 @@ jobs: infra: name: Teardown review app - if: needs.check_review_app_exists.outputs.exists == 'true' - needs: [get_pr_number, check_review_app_exists, database] + needs: [database] uses: communitiesuk/submit-social-housing-lettings-and-sales-data-infrastructure/.github/workflows/destroy_review_app_infra.yml@main with: - key: ${{ needs.get_pr_number.outputs.pr_number }} + key: ${{ github.event.pull_request.number }} app_repo_role: arn:aws:iam::815624722760:role/core-application-repo permissions: id-token: write