baarkerlounger
/
submit-social-housing-lettings-and-sales-data
mirror of https://github.com/communitiesuk/submit-social-housing-lettings-and-sales-data.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

CLDc-4236: temporarily revert to auto review app deploy setup (#3231) 

* Revert "CLDC-4236: misc pipeline updates (#3227)"

This reverts commit cee09718fd.

* Revert "CLDC-4236: use correct sha ref for review apps"

This reverts commit 36918740f4.

* Revert "CLDC-4236: use list-images in review app deployments"

This reverts commit 75ec4d1e75.

* Revert "CLDC-4236: trigger review app deploys manually (#3216)"

This reverts commit 8a186d096c.
pull/3194/head
Nat Dean-Lewis 1 week ago committed by GitHub
parent
cee09718fd
commit
a675ded32d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
6 changed files with 37 additions and 255 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 15
      .github/workflows/aws_deploy.yml
  2. 34
      .github/workflows/manual_review_code_pipeline.yml
  3. 1
      .github/workflows/production_pipeline.yml
  4. 24
      .github/workflows/review_app_prompt.yml
  5. 151
      .github/workflows/review_pipeline.yml
  6. 67
      .github/workflows/review_teardown_pipeline.yml

15
.github/workflows/aws_deploy.yml
Unescape View File

@ -22,10 +22,6 @@ on:
release_tag:
required: false
type: string
ref:
required: false
type: string
default: ""
concurrency:
group: deploy-${{ inputs.environment }}${{ inputs.concurrency_tag }}
@ -46,8 +42,6 @@ jobs:
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
ref: ${{ inputs.ref || github.sha }}
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
@ -59,19 +53,16 @@ jobs:
id: ecr-login
uses: aws-actions/amazon-ecr-login@v2
- name: Resolve commit SHA
run: echo "commit_sha=${{ inputs.ref || github.sha }}" >> $GITHUB_ENV
- name: Check if image with tag already exists
run: |
echo "image-exists=$(if aws ecr describe-images --repository-name=$repository --image-ids imageTag=${{ env.commit_sha }} > /dev/null 2>&1; then echo true; else echo false; fi)" >> $GITHUB_ENV
echo "image-exists=$(if aws ecr list-images --repository-name=$repository --query "imageIds[*].imageTag" | grep -q ${{ github.sha }}; then echo true; else echo false; fi)" >> $GITHUB_ENV
- name: Build, tag, and push docker image to ECR if there is no image, failing for releases
id: build-image
if: ${{ env.image-exists == 'false' }}
env:
registry: ${{ steps.ecr-login.outputs.registry }}
commit_tag: ${{ env.commit_sha }}
commit_tag: ${{ github.sha }}
run: |
if [[ ${{ inputs.environment }} == 'production' ]]; then
echo "Error: Deployment to production environment is not allowed as there is no docker image (i.e. the AWS deploy on staging was unsuccessful for this commit)."
@ -109,7 +100,7 @@ jobs:
id: update-image-tags
env:
registry: ${{ steps.ecr-login.outputs.registry }}
commit_tag: ${{ inputs.ref || github.sha }}
commit_tag: ${{ github.sha }}
readable_tag: ${{ inputs.environment }}-${{ env.additional-tag }}
run: |
manifest=$(aws ecr batch-get-image --repository-name $repository --image-ids imageTag=$commit_tag --output text --query images[].imageManifest)

34
.github/workflows/manual_review_code_pipeline.yml
Unescape View File

@ -1,51 +1,29 @@
name: Manual review app build and deploy
name: Manual review app code pipeline
concurrency:
group: deploy-review${{ inputs.pr_number }}
group: review-${{ inputs.review_app_key }}
on:
workflow_dispatch:
inputs:
pr_number:
review_app_key:
required: true
type: string
description: "The PR number of the review app to deploy code for. Note: this is NOT the ticket number"
permissions: {}
description: "The review app ID to deploy code for."
defaults:
run:
shell: bash
jobs:
get_pr_head_sha:
name: Get PR HEAD SHA
runs-on: ubuntu-latest
outputs:
pr_head_sha: ${{ steps.get_sha.outputs.pr_head_sha }}
steps:
- name: Get PR HEAD SHA
id: get_sha
uses: actions/github-script@v7
with:
script: |
const { data: pr } = await github.rest.pulls.get({
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: parseInt('${{ inputs.pr_number }}'),
});
core.setOutput('pr_head_sha', pr.head.sha);
code:
name: Deploy review app code
needs: [get_pr_head_sha]
uses: ./.github/workflows/aws_deploy.yml
with:
aws_account_id: 837698168072
aws_role_prefix: core-dev
aws_task_prefix: core-review-${{ inputs.pr_number }}
concurrency_tag: ${{ inputs.pr_number }}
aws_task_prefix: core-review-${{ inputs.review_app_key }}
concurrency_tag: ${{ inputs.review_app_key }}
environment: review
ref: ${{ needs.get_pr_head_sha.outputs.pr_head_sha }}
permissions:
id-token: write

1
.github/workflows/production_pipeline.yml
Unescape View File

@ -3,6 +3,7 @@ name: Production CI/CD Pipeline
on:
release:
types: [released]
workflow_dispatch:
defaults:
run:

24
.github/workflows/review_app_prompt.yml
Unescape View File

@ -1,24 +0,0 @@
name: Review app deploy prompt
on:
pull_request:
types: [opened]
jobs:
prompt:
name: Add review app deploy instructions
runs-on: ubuntu-latest
permissions:
pull-requests: write
steps:
- name: Comment with deploy instructions
uses: actions/github-script@v7
with:
script: |
await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
body: 'To deploy a review app for this PR, comment `/deploy-review`.',
});

151
.github/workflows/review_pipeline.yml
Unescape View File

@ -1,162 +1,57 @@
name: Review app pipeline
concurrency:
group: review-${{ github.event.pull_request.number }}
on:
issue_comment:
types: [created]
workflow_dispatch:
inputs:
pr_number:
required: true
type: string
description: "The number of the PR for which to deploy a review app. Note: this is NOT the ticket number"
pull_request:
types: [synchronize]
concurrency:
group: deploy-review${{ github.event.pull_request.number || inputs.pr_number || github.event.issue.number }}
types:
- opened
- synchronize
- reopened
workflow_dispatch:
permissions: {}
defaults:
run:
shell: bash
jobs:
get_pr_details:
name: Get PR details
if: github.event_name == 'workflow_dispatch' || (github.event.issue.pull_request && startsWith(github.event.comment.body, '/deploy-review')) || github.event_name == 'pull_request'
runs-on: ubuntu-latest
outputs:
pr_number: ${{ steps.get_pr_details.outputs.pr_number }}
pr_head_sha: ${{ steps.get_pr_details.outputs.pr_head_sha }}
steps:
- name: Get PR number and HEAD SHA
id: get_pr_details
uses: actions/github-script@v7
with:
script: |
let prNumber;
if (context.eventName === 'workflow_dispatch') {
prNumber = '${{ inputs.pr_number }}';
} else if (context.eventName === 'pull_request') {
prNumber = context.payload.pull_request.number.toString();
} else {
prNumber = context.issue.number.toString();
}
core.setOutput('pr_number', prNumber);
const { data: pr } = await github.rest.pulls.get({
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: parseInt(prNumber),
});
core.setOutput('pr_head_sha', pr.head.sha);
check_deployment_started:
name: Check if deployment has been started
if: github.event_name == 'pull_request'
needs: [get_pr_details]
runs-on: ubuntu-latest
permissions:
pull-requests: read
outputs:
started: ${{ steps.check.outputs.started }}
steps:
- name: Check for previous deployment workflow runs
id: check
uses: actions/github-script@v7
with:
script: |
const prNumber = '${{ needs.get_pr_details.outputs.pr_number }}';
const { data: comments } = await github.rest.issues.listComments({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: parseInt(prNumber),
});
const deployComment = comments.find(c => c.body === 'Starting review app deployment...');
core.setOutput('started', deployComment ? 'true' : 'false');
deployment_started_comment:
name: Comment deployment started
if: github.event_name != 'pull_request'
needs: [get_pr_details]
runs-on: ubuntu-latest
permissions:
pull-requests: write
steps:
- name: Comment on PR
uses: actions/github-script@v7
with:
script: |
await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: ${{ needs.get_pr_details.outputs.pr_number }},
body: 'Starting review app deployment...',
});
infra:
name: Deploy review app infrastructure
if: github.event_name != 'pull_request'
needs: [get_pr_details]
uses: communitiesuk/submit-social-housing-lettings-and-sales-data-infrastructure/.github/workflows/create_review_app_infra.yml@main
with:
key: ${{ needs.get_pr_details.outputs.pr_number }}
key: ${{ github.event.pull_request.number }}
app_repo_role: arn:aws:iam::815624722760:role/core-application-repo
permissions:
id-token: write
code:
name: Deploy review app code
if: github.event_name != 'pull_request'
needs: [get_pr_details, infra]
uses: ./.github/workflows/aws_deploy.yml
with:
aws_account_id: 837698168072
aws_role_prefix: core-dev
aws_task_prefix: core-review-${{ needs.get_pr_details.outputs.pr_number }}
concurrency_tag: ${{ needs.get_pr_details.outputs.pr_number }}
environment: review
ref: ${{ needs.get_pr_details.outputs.pr_head_sha }}
permissions:
id-token: write
auto_update_code:
name: Auto-update review app code
if: github.event_name == 'pull_request' && needs.check_deployment_started.outputs.started == 'true'
needs: [get_pr_details, check_deployment_started]
needs: [infra]
uses: ./.github/workflows/aws_deploy.yml
with:
aws_account_id: 837698168072
aws_role_prefix: core-dev
aws_task_prefix: core-review-${{ needs.get_pr_details.outputs.pr_number }}
concurrency_tag: ${{ needs.get_pr_details.outputs.pr_number }}
aws_task_prefix: core-review-${{ github.event.pull_request.number }}
concurrency_tag: ${{ github.event.pull_request.number }}
environment: review
ref: ${{ needs.get_pr_details.outputs.pr_head_sha }}
permissions:
id-token: write
comment:
name: Add link to PR
if: github.event_name != 'pull_request'
needs: [get_pr_details, code]
needs: [code]
runs-on: ubuntu-latest
permissions:
issues: write
pull-requests: write
steps:
- name: Comment on PR with URL
uses: actions/github-script@v7
uses: unsplash/comment-on-pr@v1.3.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
script: |
const prNumber = ${{ needs.get_pr_details.outputs.pr_number }};
const body = `Created review app at https://review.submit-social-housing-data.communities.gov.uk/${prNumber}. Note that the review app will be automatically deprovisioned after 30 days and will need the review app pipeline running again.`;
const { data: comments } = await github.rest.issues.listComments({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: prNumber,
});
const duplicate = comments.find(c => c.body.startsWith('Created review app at'));
if (!duplicate) {
await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: prNumber,
body: body,
});
}
msg: "Created review app at https://review.submit-social-housing-data.communities.gov.uk/${{ github.event.pull_request.number }}. Note that the review app will be automatically deprovisioned after 30 days and will need the review app pipeline running again."
check_for_duplicate_msg: true
duplicate_msg_pattern: Created review app at*

67
.github/workflows/review_teardown_pipeline.yml
Unescape View File

@ -1,85 +1,27 @@
name: Review app teardown pipeline
concurrency:
group: deploy-review${{ github.event.pull_request.number || inputs.pr_number }}
group: review-${{ github.event.pull_request.number }}
on:
pull_request:
types:
- closed
workflow_dispatch:
inputs:
pr_number:
required: true
type: string
description: "The PR number of the review app to tear down. Note: this is NOT the ticket number"
permissions: {}
env:
app_repo_role: arn:aws:iam::815624722760:role/core-application-repo
aws_account_id: 837698168072
aws_region: eu-west-2
aws_role_prefix: core-dev
aws_task_prefix: core-review-${{ github.event.pull_request.number }}
jobs:
get_pr_number:
name: Get PR number
runs-on: ubuntu-latest
outputs:
pr_number: ${{ steps.get.outputs.pr_number }}
steps:
- name: Get PR number
id: get
run: |
if [ "${{ github.event_name }}" == "workflow_dispatch" ]; then
echo "pr_number=${{ inputs.pr_number }}" >> $GITHUB_OUTPUT
else
echo "pr_number=${{ github.event.pull_request.number }}" >> $GITHUB_OUTPUT
fi
check_review_app_exists:
name: Check if review app exists
needs: [get_pr_number]
runs-on: ubuntu-latest
permissions:
id-token: write
outputs:
exists: ${{ steps.check.outputs.exists }}
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ env.aws_region }}
role-to-assume: ${{ env.app_repo_role }}
- name: Configure AWS credentials for review environment
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ env.aws_region }}
role-to-assume: arn:aws:iam::${{ env.aws_account_id }}:role/${{ env.aws_role_prefix }}-deployment
role-chaining: true
- name: Check if ECS service exists
id: check
env:
aws_task_prefix: core-review-${{ needs.get_pr_number.outputs.pr_number }}
run: |
if aws ecs describe-services --cluster ${{ env.aws_task_prefix }}-app --services ${{ env.aws_task_prefix }}-app --query "services[?status=='ACTIVE']" | grep -q 'serviceName'; then
echo "exists=true" >> $GITHUB_OUTPUT
else
echo "exists=false" >> $GITHUB_OUTPUT
fi
database:
name: Drop database
if: needs.check_review_app_exists.outputs.exists == 'true'
needs: [get_pr_number, check_review_app_exists]
runs-on: ubuntu-latest
permissions:
id-token: write
env:
aws_task_prefix: core-review-${{ needs.get_pr_number.outputs.pr_number }}
steps:
- name: Configure AWS credentials
@ -113,11 +55,10 @@ jobs:
infra:
name: Teardown review app
if: needs.check_review_app_exists.outputs.exists == 'true'
needs: [get_pr_number, check_review_app_exists, database]
needs: [database]
uses: communitiesuk/submit-social-housing-lettings-and-sales-data-infrastructure/.github/workflows/destroy_review_app_infra.yml@main
with:
key: ${{ needs.get_pr_number.outputs.pr_number }}
key: ${{ github.event.pull_request.number }}
app_repo_role: arn:aws:iam::815624722760:role/core-application-repo
permissions:
id-token: write

Write Preview
Loading…
Cancel
Save