From a675ded32dfd0a5737ae12200236a246bc53458a Mon Sep 17 00:00:00 2001 From: Nat Dean-Lewis <94526761+natdeanlewissoftwire@users.noreply.github.com> Date: Wed, 11 Mar 2026 17:03:25 +0000 Subject: [PATCH] CLDc-4236: temporarily revert to auto review app deploy setup (#3231) * Revert "CLDC-4236: misc pipeline updates (#3227)" This reverts commit cee09718fd230695c420c441ec356822db6950cd. * Revert "CLDC-4236: use correct sha ref for review apps" This reverts commit 36918740f40f7901d5ec194baf49be63fee41f97. * Revert "CLDC-4236: use list-images in review app deployments" This reverts commit 75ec4d1e753d23ff6dd480c721b00b22b21663c2. * Revert "CLDC-4236: trigger review app deploys manually (#3216)" This reverts commit 8a186d096c2f3881e22dcd5e5f86aede0e7bc9f8. --- .github/workflows/aws_deploy.yml | 15 +- .../workflows/manual_review_code_pipeline.yml | 34 +--- .github/workflows/production_pipeline.yml | 1 + .github/workflows/review_app_prompt.yml | 24 --- .github/workflows/review_pipeline.yml | 151 +++--------------- .../workflows/review_teardown_pipeline.yml | 67 +------- 6 files changed, 37 insertions(+), 255 deletions(-) delete mode 100644 .github/workflows/review_app_prompt.yml diff --git a/.github/workflows/aws_deploy.yml b/.github/workflows/aws_deploy.yml index 9bd78ea3e..5af3c2d08 100644 --- a/.github/workflows/aws_deploy.yml +++ b/.github/workflows/aws_deploy.yml @@ -22,10 +22,6 @@ on: release_tag: required: false type: string - ref: - required: false - type: string - default: "" concurrency: group: deploy-${{ inputs.environment }}${{ inputs.concurrency_tag }} @@ -46,8 +42,6 @@ jobs: steps: - name: Checkout code uses: actions/checkout@v4 - with: - ref: ${{ inputs.ref || github.sha }} - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v4 @@ -59,19 +53,16 @@ jobs: id: ecr-login uses: aws-actions/amazon-ecr-login@v2 - - name: Resolve commit SHA - run: echo "commit_sha=${{ inputs.ref || github.sha }}" >> $GITHUB_ENV - - name: Check if image with tag already exists run: | - echo "image-exists=$(if aws ecr describe-images --repository-name=$repository --image-ids imageTag=${{ env.commit_sha }} > /dev/null 2>&1; then echo true; else echo false; fi)" >> $GITHUB_ENV + echo "image-exists=$(if aws ecr list-images --repository-name=$repository --query "imageIds[*].imageTag" | grep -q ${{ github.sha }}; then echo true; else echo false; fi)" >> $GITHUB_ENV - name: Build, tag, and push docker image to ECR if there is no image, failing for releases id: build-image if: ${{ env.image-exists == 'false' }} env: registry: ${{ steps.ecr-login.outputs.registry }} - commit_tag: ${{ env.commit_sha }} + commit_tag: ${{ github.sha }} run: | if [[ ${{ inputs.environment }} == 'production' ]]; then echo "Error: Deployment to production environment is not allowed as there is no docker image (i.e. the AWS deploy on staging was unsuccessful for this commit)." @@ -109,7 +100,7 @@ jobs: id: update-image-tags env: registry: ${{ steps.ecr-login.outputs.registry }} - commit_tag: ${{ inputs.ref || github.sha }} + commit_tag: ${{ github.sha }} readable_tag: ${{ inputs.environment }}-${{ env.additional-tag }} run: | manifest=$(aws ecr batch-get-image --repository-name $repository --image-ids imageTag=$commit_tag --output text --query images[].imageManifest) diff --git a/.github/workflows/manual_review_code_pipeline.yml b/.github/workflows/manual_review_code_pipeline.yml index 15e17b2ae..2ea0719ca 100644 --- a/.github/workflows/manual_review_code_pipeline.yml +++ b/.github/workflows/manual_review_code_pipeline.yml @@ -1,51 +1,29 @@ -name: Manual review app build and deploy +name: Manual review app code pipeline concurrency: - group: deploy-review${{ inputs.pr_number }} + group: review-${{ inputs.review_app_key }} on: workflow_dispatch: inputs: - pr_number: + review_app_key: required: true type: string - description: "The PR number of the review app to deploy code for. Note: this is NOT the ticket number" - -permissions: {} + description: "The review app ID to deploy code for." defaults: run: shell: bash jobs: - get_pr_head_sha: - name: Get PR HEAD SHA - runs-on: ubuntu-latest - outputs: - pr_head_sha: ${{ steps.get_sha.outputs.pr_head_sha }} - steps: - - name: Get PR HEAD SHA - id: get_sha - uses: actions/github-script@v7 - with: - script: | - const { data: pr } = await github.rest.pulls.get({ - owner: context.repo.owner, - repo: context.repo.repo, - pull_number: parseInt('${{ inputs.pr_number }}'), - }); - core.setOutput('pr_head_sha', pr.head.sha); - code: name: Deploy review app code - needs: [get_pr_head_sha] uses: ./.github/workflows/aws_deploy.yml with: aws_account_id: 837698168072 aws_role_prefix: core-dev - aws_task_prefix: core-review-${{ inputs.pr_number }} - concurrency_tag: ${{ inputs.pr_number }} + aws_task_prefix: core-review-${{ inputs.review_app_key }} + concurrency_tag: ${{ inputs.review_app_key }} environment: review - ref: ${{ needs.get_pr_head_sha.outputs.pr_head_sha }} permissions: id-token: write diff --git a/.github/workflows/production_pipeline.yml b/.github/workflows/production_pipeline.yml index 45a31167f..b4a188415 100644 --- a/.github/workflows/production_pipeline.yml +++ b/.github/workflows/production_pipeline.yml @@ -3,6 +3,7 @@ name: Production CI/CD Pipeline on: release: types: [released] + workflow_dispatch: defaults: run: diff --git a/.github/workflows/review_app_prompt.yml b/.github/workflows/review_app_prompt.yml deleted file mode 100644 index 9c795cfa9..000000000 --- a/.github/workflows/review_app_prompt.yml +++ /dev/null @@ -1,24 +0,0 @@ -name: Review app deploy prompt - -on: - pull_request: - types: [opened] - -jobs: - prompt: - name: Add review app deploy instructions - runs-on: ubuntu-latest - permissions: - pull-requests: write - - steps: - - name: Comment with deploy instructions - uses: actions/github-script@v7 - with: - script: | - await github.rest.issues.createComment({ - owner: context.repo.owner, - repo: context.repo.repo, - issue_number: context.issue.number, - body: 'To deploy a review app for this PR, comment `/deploy-review`.', - }); diff --git a/.github/workflows/review_pipeline.yml b/.github/workflows/review_pipeline.yml index 13b1fbf54..b31f81e23 100644 --- a/.github/workflows/review_pipeline.yml +++ b/.github/workflows/review_pipeline.yml @@ -1,162 +1,57 @@ name: Review app pipeline +concurrency: + group: review-${{ github.event.pull_request.number }} + on: - issue_comment: - types: [created] - workflow_dispatch: - inputs: - pr_number: - required: true - type: string - description: "The number of the PR for which to deploy a review app. Note: this is NOT the ticket number" pull_request: - types: [synchronize] - -concurrency: - group: deploy-review${{ github.event.pull_request.number || inputs.pr_number || github.event.issue.number }} + types: + - opened + - synchronize + - reopened + workflow_dispatch: -permissions: {} +defaults: + run: + shell: bash jobs: - get_pr_details: - name: Get PR details - if: github.event_name == 'workflow_dispatch' || (github.event.issue.pull_request && startsWith(github.event.comment.body, '/deploy-review')) || github.event_name == 'pull_request' - runs-on: ubuntu-latest - outputs: - pr_number: ${{ steps.get_pr_details.outputs.pr_number }} - pr_head_sha: ${{ steps.get_pr_details.outputs.pr_head_sha }} - steps: - - name: Get PR number and HEAD SHA - id: get_pr_details - uses: actions/github-script@v7 - with: - script: | - let prNumber; - if (context.eventName === 'workflow_dispatch') { - prNumber = '${{ inputs.pr_number }}'; - } else if (context.eventName === 'pull_request') { - prNumber = context.payload.pull_request.number.toString(); - } else { - prNumber = context.issue.number.toString(); - } - core.setOutput('pr_number', prNumber); - const { data: pr } = await github.rest.pulls.get({ - owner: context.repo.owner, - repo: context.repo.repo, - pull_number: parseInt(prNumber), - }); - core.setOutput('pr_head_sha', pr.head.sha); - - check_deployment_started: - name: Check if deployment has been started - if: github.event_name == 'pull_request' - needs: [get_pr_details] - runs-on: ubuntu-latest - permissions: - pull-requests: read - outputs: - started: ${{ steps.check.outputs.started }} - steps: - - name: Check for previous deployment workflow runs - id: check - uses: actions/github-script@v7 - with: - script: | - const prNumber = '${{ needs.get_pr_details.outputs.pr_number }}'; - const { data: comments } = await github.rest.issues.listComments({ - owner: context.repo.owner, - repo: context.repo.repo, - issue_number: parseInt(prNumber), - }); - const deployComment = comments.find(c => c.body === 'Starting review app deployment...'); - core.setOutput('started', deployComment ? 'true' : 'false'); - - deployment_started_comment: - name: Comment deployment started - if: github.event_name != 'pull_request' - needs: [get_pr_details] - runs-on: ubuntu-latest - permissions: - pull-requests: write - steps: - - name: Comment on PR - uses: actions/github-script@v7 - with: - script: | - await github.rest.issues.createComment({ - owner: context.repo.owner, - repo: context.repo.repo, - issue_number: ${{ needs.get_pr_details.outputs.pr_number }}, - body: 'Starting review app deployment...', - }); - infra: name: Deploy review app infrastructure - if: github.event_name != 'pull_request' - needs: [get_pr_details] uses: communitiesuk/submit-social-housing-lettings-and-sales-data-infrastructure/.github/workflows/create_review_app_infra.yml@main with: - key: ${{ needs.get_pr_details.outputs.pr_number }} + key: ${{ github.event.pull_request.number }} app_repo_role: arn:aws:iam::815624722760:role/core-application-repo permissions: id-token: write code: name: Deploy review app code - if: github.event_name != 'pull_request' - needs: [get_pr_details, infra] - uses: ./.github/workflows/aws_deploy.yml - with: - aws_account_id: 837698168072 - aws_role_prefix: core-dev - aws_task_prefix: core-review-${{ needs.get_pr_details.outputs.pr_number }} - concurrency_tag: ${{ needs.get_pr_details.outputs.pr_number }} - environment: review - ref: ${{ needs.get_pr_details.outputs.pr_head_sha }} - permissions: - id-token: write - - auto_update_code: - name: Auto-update review app code - if: github.event_name == 'pull_request' && needs.check_deployment_started.outputs.started == 'true' - needs: [get_pr_details, check_deployment_started] + needs: [infra] uses: ./.github/workflows/aws_deploy.yml with: aws_account_id: 837698168072 aws_role_prefix: core-dev - aws_task_prefix: core-review-${{ needs.get_pr_details.outputs.pr_number }} - concurrency_tag: ${{ needs.get_pr_details.outputs.pr_number }} + aws_task_prefix: core-review-${{ github.event.pull_request.number }} + concurrency_tag: ${{ github.event.pull_request.number }} environment: review - ref: ${{ needs.get_pr_details.outputs.pr_head_sha }} permissions: id-token: write comment: name: Add link to PR - if: github.event_name != 'pull_request' - needs: [get_pr_details, code] + needs: [code] runs-on: ubuntu-latest permissions: + issues: write pull-requests: write steps: - name: Comment on PR with URL - uses: actions/github-script@v7 + uses: unsplash/comment-on-pr@v1.3.0 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: - script: | - const prNumber = ${{ needs.get_pr_details.outputs.pr_number }}; - const body = `Created review app at https://review.submit-social-housing-data.communities.gov.uk/${prNumber}. Note that the review app will be automatically deprovisioned after 30 days and will need the review app pipeline running again.`; - const { data: comments } = await github.rest.issues.listComments({ - owner: context.repo.owner, - repo: context.repo.repo, - issue_number: prNumber, - }); - const duplicate = comments.find(c => c.body.startsWith('Created review app at')); - if (!duplicate) { - await github.rest.issues.createComment({ - owner: context.repo.owner, - repo: context.repo.repo, - issue_number: prNumber, - body: body, - }); - } + msg: "Created review app at https://review.submit-social-housing-data.communities.gov.uk/${{ github.event.pull_request.number }}. Note that the review app will be automatically deprovisioned after 30 days and will need the review app pipeline running again." + check_for_duplicate_msg: true + duplicate_msg_pattern: Created review app at* diff --git a/.github/workflows/review_teardown_pipeline.yml b/.github/workflows/review_teardown_pipeline.yml index 0df3ad0b7..8925b3340 100644 --- a/.github/workflows/review_teardown_pipeline.yml +++ b/.github/workflows/review_teardown_pipeline.yml @@ -1,85 +1,27 @@ name: Review app teardown pipeline concurrency: - group: deploy-review${{ github.event.pull_request.number || inputs.pr_number }} + group: review-${{ github.event.pull_request.number }} on: pull_request: types: - closed workflow_dispatch: - inputs: - pr_number: - required: true - type: string - description: "The PR number of the review app to tear down. Note: this is NOT the ticket number" - -permissions: {} env: app_repo_role: arn:aws:iam::815624722760:role/core-application-repo aws_account_id: 837698168072 aws_region: eu-west-2 aws_role_prefix: core-dev + aws_task_prefix: core-review-${{ github.event.pull_request.number }} jobs: - get_pr_number: - name: Get PR number - runs-on: ubuntu-latest - outputs: - pr_number: ${{ steps.get.outputs.pr_number }} - steps: - - name: Get PR number - id: get - run: | - if [ "${{ github.event_name }}" == "workflow_dispatch" ]; then - echo "pr_number=${{ inputs.pr_number }}" >> $GITHUB_OUTPUT - else - echo "pr_number=${{ github.event.pull_request.number }}" >> $GITHUB_OUTPUT - fi - - check_review_app_exists: - name: Check if review app exists - needs: [get_pr_number] - runs-on: ubuntu-latest - permissions: - id-token: write - outputs: - exists: ${{ steps.check.outputs.exists }} - steps: - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-region: ${{ env.aws_region }} - role-to-assume: ${{ env.app_repo_role }} - - - name: Configure AWS credentials for review environment - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-region: ${{ env.aws_region }} - role-to-assume: arn:aws:iam::${{ env.aws_account_id }}:role/${{ env.aws_role_prefix }}-deployment - role-chaining: true - - - name: Check if ECS service exists - id: check - env: - aws_task_prefix: core-review-${{ needs.get_pr_number.outputs.pr_number }} - run: | - if aws ecs describe-services --cluster ${{ env.aws_task_prefix }}-app --services ${{ env.aws_task_prefix }}-app --query "services[?status=='ACTIVE']" | grep -q 'serviceName'; then - echo "exists=true" >> $GITHUB_OUTPUT - else - echo "exists=false" >> $GITHUB_OUTPUT - fi - database: name: Drop database - if: needs.check_review_app_exists.outputs.exists == 'true' - needs: [get_pr_number, check_review_app_exists] runs-on: ubuntu-latest permissions: id-token: write - env: - aws_task_prefix: core-review-${{ needs.get_pr_number.outputs.pr_number }} steps: - name: Configure AWS credentials @@ -113,11 +55,10 @@ jobs: infra: name: Teardown review app - if: needs.check_review_app_exists.outputs.exists == 'true' - needs: [get_pr_number, check_review_app_exists, database] + needs: [database] uses: communitiesuk/submit-social-housing-lettings-and-sales-data-infrastructure/.github/workflows/destroy_review_app_infra.yml@main with: - key: ${{ needs.get_pr_number.outputs.pr_number }} + key: ${{ github.event.pull_request.number }} app_repo_role: arn:aws:iam::815624722760:role/core-application-repo permissions: id-token: write