diff --git a/.github/workflows/production_pipeline.yml b/.github/workflows/production_pipeline.yml new file mode 100644 index 000000000..95e234652 --- /dev/null +++ b/.github/workflows/production_pipeline.yml @@ -0,0 +1,188 @@ +name: 'Production CI/CD Pipeline' + +on: + release: + types: [released] + workflow_dispatch: + +concurrency: 'production' + +env: + REPO_URL: communitiesuk/mhclg-data-collection-beta + +defaults: + run: + shell: bash + +jobs: + test: + name: Test + runs-on: ubuntu-latest + + services: + postgres: + image: postgres:13.5 + env: + POSTGRES_PASSWORD: password + POSTGRES_USER: postgres + POSTGRES_DB: data_collector + ports: + - 5432:5432 + # needed because the postgres container does not provide a healthcheck + # tmpfs makes DB faster by using RAM + options: >- + --mount type=tmpfs,destination=/var/lib/postgresql/data + --health-cmd pg_isready + --health-interval 10s + --health-timeout 5s + --health-retries 5 + env: + RAILS_ENV: test + GEMFILE_RUBY_VERSION: 3.1.0 + DB_HOST: localhost + DB_DATABASE: data_collector + DB_USERNAME: postgres + DB_PASSWORD: password + + steps: + - name: Get latest release with tag + id: latestrelease + run: | + echo "::set-output name=releasetag::$(curl -s https://api.github.com/repos/${REPO_URL}/releases/latest | jq '.tag_name' | sed 's/\"//g')" + - name: Confirm release tag + run: | + echo ${{ steps.latestrelease.outputs.releasetag }} + - name: Checkout tag + uses: actions/checkout@v2 + with: + ref: ${{ steps.latestrelease.outputs.releasetag }} + + - name: Set up Ruby + uses: ruby/setup-ruby@v1 + with: + # runs 'bundle install' and caches installed gems automatically + bundler-cache: true + - name: Set up node + uses: actions/setup-node@v2 + with: + node-version: '16' + + - name: Create DB + run: | + bundle exec rake db:prepare + + - name: Compile Assets + run: | + bundle exec rake assets:precompile + + - name: Run tests + run: | + bundle exec rspec + + lint: + name: Lint + runs-on: ubuntu-latest + steps: + - name: Get latest release with tag + id: latestrelease + run: | + echo "::set-output name=releasetag::$(curl -s https://api.github.com/repos/${REPO_URL}/releases/latest | jq '.tag_name' | sed 's/\"//g')" + - name: Confirm release tag + run: | + echo ${{ steps.latestrelease.outputs.releasetag }} + - name: Checkout tag + uses: actions/checkout@v2 + with: + ref: ${{ steps.latestrelease.outputs.releasetag }} + + - name: Set up Ruby + uses: ruby/setup-ruby@v1 + with: + # runs 'bundle install' and caches installed gems automatically + bundler-cache: true + + - name: Rubocop + run: | + bundle exec rubocop + + audit: + name: Audit dependencies + runs-on: ubuntu-latest + steps: + - name: Get latest release with tag + id: latestrelease + run: | + echo "::set-output name=releasetag::$(curl -s https://api.github.com/repos/${REPO_URL}/releases/latest | jq '.tag_name' | sed 's/\"//g')" + - name: Confirm release tag + run: | + echo ${{ steps.latestrelease.outputs.releasetag }} + - name: Checkout tag + uses: actions/checkout@v2 + with: + ref: ${{ steps.latestrelease.outputs.releasetag }}SS + + - name: Set up Ruby + uses: ruby/setup-ruby@v1 + with: + # runs 'bundle install' and caches installed gems automatically + bundler-cache: true + + - name: Audit + run: | + bundle exec bundler-audit + + deploy: + name: Deploy + + runs-on: ubuntu-latest + environment: 'production' + needs: [lint, test, audit] + + steps: + - name: Get latest release with tag + id: latestrelease + run: | + echo "::set-output name=releasetag::$(curl -s https://api.github.com/repos/communitiesuk/mhclg-data-collection-beta/releases/latest | jq '.tag_name' | sed 's/\"//g')" + - name: Confirm release tag + run: | + echo ${{ steps.latestrelease.outputs.releasetag }} + - name: Checkout tag + uses: actions/checkout@v2 + with: + ref: ${{ steps.latestrelease.outputs.releasetag }} + + - name: Install Cloud Foundry CLI + run: | + wget -q -O - https://packages.cloudfoundry.org/debian/cli.cloudfoundry.org.key | sudo apt-key add - + echo "deb https://packages.cloudfoundry.org/debian stable main" | sudo tee /etc/apt/sources.list.d/cloudfoundry-cli.list + sudo apt-get update + sudo apt-get install cf8-cli + - name: Deploy + env: + CF_USERNAME: ${{ secrets.CF_USERNAME }} + CF_PASSWORD: ${{ secrets.CF_PASSWORD }} + CF_API_ENDPOINT: ${{ secrets.CF_API_ENDPOINT }} + CF_SPACE: ${{ secrets.CF_SPACE }} + CF_ORG: ${{ secrets.CF_ORG }} + API_USER: ${{ secrets.API_USER }} + API_KEY: ${{ secrets.API_KEY }} + APP_NAME: dluhc-core-staging + GOVUK_NOTIFY_API_KEY: ${{ secrets.GOVUK_NOTIFY_API_KEY }} + APP_HOST: ${{ secrets.APP_HOST }} + RAILS_MASTER_KEY: ${{ secrets.RAILS_MASTER_KEY }} + IMPORT_PAAS_INSTANCE: ${{ secrets.IMPORT_PAAS_INSTANCE }} + EXPORT_PAAS_INSTANCE: ${{ secrets.EXPORT_PAAS_INSTANCE }} + SENTRY_DSN: ${{ secrets.SENTRY_DSN }} + run: | + cf api $CF_API_ENDPOINT + cf auth + cf target -o $CF_ORG -s $CF_SPACE + cf set-env $APP_NAME API_USER $API_USER + cf set-env $APP_NAME API_KEY $API_KEY + cf set-env $APP_NAME GOVUK_NOTIFY_API_KEY $GOVUK_NOTIFY_API_KEY + cf set-env $APP_NAME APP_HOST $APP_HOST + cf set-env $APP_NAME RAILS_MASTER_KEY $RAILS_MASTER_KEY + cf set-env $APP_NAME IMPORT_PAAS_INSTANCE $IMPORT_PAAS_INSTANCE + cf set-env $APP_NAME EXPORT_PAAS_INSTANCE $EXPORT_PAAS_INSTANCE + cf set-env $APP_NAME SENTRY_DSN $SENTRY_DSN + cf push $APP_NAME --strategy rolling diff --git a/.github/workflows/pipeline.yml b/.github/workflows/staging_pipeline.yml similarity index 76% rename from .github/workflows/pipeline.yml rename to .github/workflows/staging_pipeline.yml index 7a0119ac2..ffe2b5097 100644 --- a/.github/workflows/pipeline.yml +++ b/.github/workflows/staging_pipeline.yml @@ -1,4 +1,4 @@ -name: 'CI/CD Pipeline' +name: 'Staging CI/CD Pipeline' on: push: @@ -14,7 +14,6 @@ defaults: shell: bash jobs: - test: name: Test runs-on: ubuntu-latest @@ -44,10 +43,6 @@ jobs: DB_USERNAME: postgres DB_PASSWORD: password - # Rails verifies the time zone in DB is the same as the time zone of the Rails app - TZ: "Europe/London" - - steps: - name: Checkout uses: actions/checkout@v2 @@ -120,12 +115,12 @@ jobs: - name: Checkout code uses: actions/checkout@v2 - - name: Install cf client - env: - CF_CLI_VERSION: 7.0.0-beta.30 + - name: Install Cloud Foundry CLI run: | - curl -L "https://packages.cloudfoundry.org/stable?release=linux64-binary&version=${CF_CLI_VERSION}" | tar -zx -C /tmp - sudo cp /tmp/cf7 /usr/local/bin/cf7 + wget -q -O - https://packages.cloudfoundry.org/debian/cli.cloudfoundry.org.key | sudo apt-key add - + echo "deb https://packages.cloudfoundry.org/debian stable main" | sudo tee /etc/apt/sources.list.d/cloudfoundry-cli.list + sudo apt-get update + sudo apt-get install cf8-cli - name: Deploy env: CF_USERNAME: ${{ secrets.CF_USERNAME }} @@ -143,15 +138,15 @@ jobs: EXPORT_PAAS_INSTANCE: ${{ secrets.EXPORT_PAAS_INSTANCE }} SENTRY_DSN: ${{ secrets.SENTRY_DSN }} run: | - cf7 api $CF_API_ENDPOINT - cf7 auth - cf7 target -o $CF_ORG -s $CF_SPACE - cf7 set-env $APP_NAME API_USER $API_USER - cf7 set-env $APP_NAME API_KEY $API_KEY - cf7 set-env $APP_NAME GOVUK_NOTIFY_API_KEY $GOVUK_NOTIFY_API_KEY - cf7 set-env $APP_NAME APP_HOST $APP_HOST - cf7 set-env $APP_NAME RAILS_MASTER_KEY $RAILS_MASTER_KEY - cf7 set-env $APP_NAME IMPORT_PAAS_INSTANCE $IMPORT_PAAS_INSTANCE - cf7 set-env $APP_NAME EXPORT_PAAS_INSTANCE $EXPORT_PAAS_INSTANCE - cf7 set-env $APP_NAME SENTRY_DSN $SENTRY_DSN - cf7 push $APP_NAME --strategy rolling + cf api $CF_API_ENDPOINT + cf auth + cf target -o $CF_ORG -s $CF_SPACE + cf set-env $APP_NAME API_USER $API_USER + cf set-env $APP_NAME API_KEY $API_KEY + cf set-env $APP_NAME GOVUK_NOTIFY_API_KEY $GOVUK_NOTIFY_API_KEY + cf set-env $APP_NAME APP_HOST $APP_HOST + cf set-env $APP_NAME RAILS_MASTER_KEY $RAILS_MASTER_KEY + cf set-env $APP_NAME IMPORT_PAAS_INSTANCE $IMPORT_PAAS_INSTANCE + cf set-env $APP_NAME EXPORT_PAAS_INSTANCE $EXPORT_PAAS_INSTANCE + cf set-env $APP_NAME SENTRY_DSN $SENTRY_DSN + cf push $APP_NAME --strategy rolling