[MAP-297] Enable AP moves for Serco #1599
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Branch Based Deploy | |
on: | |
pull_request: | |
branches: | |
- main | |
# Environment variables available to all jobs and steps in this workflow | |
env: | |
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} | |
ECR_ENDPOINT: ${{ secrets.ECR_ENDPOINT }} | |
KUBE_CACERT: ${{ secrets.KUBE_CACERT }} | |
KUBE_CLUSTER: ${{ secrets.KUBE_CLUSTER }} | |
KUBE_NAME: ${{ secrets.KUBE_NAME }} | |
KUBE_NAMESPACE: ${{ secrets.KUBE_NAMESPACE }} | |
KUBE_TOKEN: ${{ secrets.KUBE_TOKEN }} | |
GITHUB_TEAM_NAME_SLUG: book-a-secure-move | |
jobs: | |
setup-build-publish-deploy: | |
name: Setup, Build, Publish, and Deploy | |
runs-on: ubuntu-latest | |
permissions: | |
deployments: write | |
id-token: write | |
contents: read | |
steps: | |
- id: create_deployment | |
name: Create deployment | |
uses: actions/github-script@v6 | |
with: | |
github-token: ${{ secrets.BRANCH_BASED_DEPLOY_TOKEN }} | |
script: | | |
try { | |
return (await github.rest.repos.createDeployment({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
ref: '${{ github.head_ref }}', | |
transient_environment: true, | |
required_contexts: [], | |
environment: "booksecuremove-pr-${{ github.event.number }}" | |
})).data.id | |
} catch (e) { | |
core.setFailed(e) | |
} | |
- name: Update deployment | |
uses: actions/github-script@v6 | |
with: | |
github-token: ${{ secrets.BRANCH_BASED_DEPLOY_TOKEN }} | |
script: | | |
try { | |
github.rest.repos.createDeploymentStatus({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
deployment_id: ${{ steps.create_deployment.outputs.result }}, | |
state: 'in_progress' | |
}); | |
} catch (e) { | |
core.setFailed(e) | |
} | |
- name: Delete deployments | |
uses: actions/github-script@v6 | |
with: | |
github-token: ${{ secrets.BRANCH_BASED_DEPLOY_TOKEN }} | |
script: | | |
try { | |
let deployments = ( | |
await github.rest.repos.listDeployments({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
environment: "booksecuremove-pr-${{ github.event.number }}", | |
}) | |
).data.filter(d => d.id != ${{ steps.create_deployment.outputs.result }}); | |
deployments = (await Promise.all( | |
deployments.map(async (d) => { | |
const lastState = ( | |
await github.rest.repos.listDeploymentStatuses({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
deployment_id: d.id, | |
}) | |
).data[0].state; | |
if (lastState == "inactive") return; | |
return d; | |
}) | |
)).filter(d => d); | |
await Promise.all( | |
deployments.map(d => { | |
return github.rest.repos.createDeploymentStatus({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
deployment_id: d.id, | |
state: "inactive", | |
}); | |
}) | |
); | |
} catch (e) { | |
core.setFailed(e) | |
} | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Set up NodeJS | |
uses: actions/setup-node@v3 | |
with: | |
node-version: 18 | |
- name: Compile typescript | |
run: | | |
npm install | |
npx tsc --project ./ | |
- name: Build docker image | |
env: | |
PR_NUMBER: ${{ github.event.number }} | |
run: | | |
export BUILD_DATE=$(date -Is) | |
docker buildx build \ | |
--pull \ | |
--label build.git.sha=$GITHUB_SHA \ | |
--label build.git.branch=$GITHUB_HEAD_REF \ | |
--label build.date=$BUILD_DATE \ | |
--build-arg APP_BUILD_DATE=$BUILD_DATE \ | |
--build-arg APP_BUILD_TAG=$PR_NUMBER \ | |
--build-arg APP_GIT_COMMIT=$GITHUB_SHA \ | |
--build-arg APP_BUILD_BRANCH=$GITHUB_HEAD_REF \ | |
-t app . | |
- name: Authenticate with cluster | |
run: | | |
echo -n $KUBE_CACERT | base64 -d > ./ca.crt | |
kubectl config set-cluster ${KUBE_CLUSTER} --certificate-authority=./ca.crt --server=https://${KUBE_CLUSTER} | |
kubectl config set-credentials circleci --token=${KUBE_TOKEN} | |
kubectl config set-context ${KUBE_CLUSTER} --cluster=${KUBE_CLUSTER} --user=circleci --namespace=${KUBE_NAMESPACE} | |
kubectl config use-context ${KUBE_CLUSTER} | |
# Assume role in Cloud Platform | |
- uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
role-to-assume: ${{ secrets.STAGING_ECR_ROLE_TO_ASSUME }} | |
aws-region: ${{ vars.STAGING_ECR_REGION }} | |
# Login to container repository | |
- uses: aws-actions/amazon-ecr-login@v1 | |
id: login-ecr | |
- name: Push docker image to ECR | |
env: | |
PR_NUMBER: ${{ github.event.number }} | |
REPOSITORY: ${{ vars.STAGING_ECR_REPOSITORY }} | |
REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
run: | | |
DOCKER_IMAGE_URL="${REGISTRY}/${REPOSITORY}:pr-${PR_NUMBER}.latest" | |
echo "DOCKER_IMAGE_URL=${DOCKER_IMAGE_URL}" >> $GITHUB_ENV | |
docker tag app $DOCKER_IMAGE_URL | |
docker push $DOCKER_IMAGE_URL | |
- name: Upload kube configs | |
env: | |
PR_NUMBER: ${{ github.event.number }} | |
DOCKER_IMAGE_URL: ${{ env.DOCKER_IMAGE_URL }} | |
run: | | |
sed -i "s/{PR_NUMBER}/$PR_NUMBER/g" .github/branch-deploy/config-map.yml | |
sed -i "s/{PR_NUMBER}/$PR_NUMBER/g" .github/branch-deploy/service.yml | |
sed -i "s/{PR_NUMBER}/$PR_NUMBER/g" .github/branch-deploy/deployment.yml | |
sed -i "s/{PR_NUMBER}/$PR_NUMBER/g" .github/branch-deploy/ingress.yml | |
sed -i "s>{DOCKER_IMAGE_URL}>$DOCKER_IMAGE_URL>g" .github/branch-deploy/deployment.yml | |
kubectl apply -f .github/branch-deploy/config-map.yml | |
kubectl apply -f .github/branch-deploy/service.yml | |
kubectl apply -f .github/branch-deploy/deployment.yml | |
kubectl apply -f .github/branch-deploy/ingress.yml | |
kubectl rollout restart deployment "hmpps-book-secure-move-frontend-deployment-pr-${PR_NUMBER}" | |
- name: Update deployment | |
uses: actions/github-script@v6 | |
with: | |
github-token: ${{ secrets.BRANCH_BASED_DEPLOY_TOKEN }} | |
script: | | |
try { | |
github.rest.repos.createDeploymentStatus({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
deployment_id: ${{ steps.create_deployment.outputs.result }}, | |
state: 'success', | |
environment_url: 'https://hmpps-book-secure-move-frontend-pr-${{ github.event.number }}.apps.cloud-platform.service.justice.gov.uk' | |
}); | |
} catch (e) { | |
core.setFailed(e) | |
} | |