Persistent Environment Deploy #476
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Persistent Environment Deploy | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| environment: | |
| description: Environment to deploy to | |
| required: true | |
| default: "dev" | |
| type: choice | |
| options: | |
| - dev | |
| - ref | |
| - int | |
| branch_name: | |
| description: Branch to deploy | |
| required: true | |
| sandbox_deploy: | |
| description: Deploy these changes to the sandbox workspace? | |
| required: true | |
| default: false | |
| type: boolean | |
| permissions: | |
| id-token: write | |
| contents: read | |
| actions: write | |
| env: | |
| ENVIRONMENT: ${{ inputs.environment }} | |
| WORKSPACE: ${{ inputs.environment }}${{ github.event.inputs.sandbox_deploy == 'true' && '-sandbox' || '' }} | |
| TF_WORKFLOW_ID: ${{ inputs.environment }} | |
| CACHE_NAME: ${{ inputs.environment }}-cache | |
| ARTIFACT_NAME: ${{ inputs.environment }}-artifact | |
| TF_ARTIFACT_NAME: ${{ inputs.environment }}-terraform-artifact | |
| AWS_DEFAULT_REGION: eu-west-2 | |
| TF_CLI_ARGS: -no-color | |
| RUNNING_IN_CI: 1 | |
| CI_DEPLOY_PERSISTENT_ENV: 1 | |
| SLACK_WEBHOOK_URL: ${{ secrets.DEPLOY_ENV_SLACK_HOOK_URL }} | |
| jobs: | |
| cache: | |
| name: Create cache | |
| runs-on: [self-hosted, ci] | |
| steps: | |
| - name: Git clone - ${{ inputs.branch_name }} | |
| uses: actions/checkout@v3 | |
| with: | |
| ref: ${{ inputs.branch_name }} | |
| - name: Runner setup | |
| uses: ./.github/actions/runner-setup/ | |
| - name: Install dependencies | |
| run: | | |
| source nrlf.sh | |
| nrlf make install | |
| - name: Create cache - ${{ env.CACHE_NAME }} | |
| uses: ./.github/actions/caching/ | |
| with: | |
| path: .venv | |
| name: ${{ env.CACHE_NAME }} | |
| build: | |
| needs: [cache] | |
| name: Build - ${{ inputs.branch_name }} | |
| runs-on: [self-hosted, ci] | |
| steps: | |
| - name: Git clone - ${{ inputs.branch_name }} | |
| uses: actions/checkout@v3 | |
| with: | |
| ref: ${{ inputs.branch_name }} | |
| - name: Runner setup | |
| uses: ./.github/actions/runner-setup/ | |
| - name: Download cache - ${{ env.CACHE_NAME }} | |
| uses: ./.github/actions/caching/ | |
| with: | |
| path: .venv | |
| name: ${{ env.CACHE_NAME }} | |
| - name: Build | |
| run: | | |
| source .venv/bin/activate | |
| source nrlf.sh | |
| nrlf make build | |
| - name: Upload artifact - ${{ env.ARTIFACT_NAME }} | |
| uses: ./.github/actions/upload-artifact/ | |
| with: | |
| name: ${{ env.ARTIFACT_NAME }} | |
| path: ./**/dist/*.zip | |
| terraform-plan: | |
| needs: [build] | |
| name: Terraform plan - ${{ inputs.environment }} (sandbox=${{ inputs.sandbox_deploy }}) | |
| runs-on: [self-hosted, ci] | |
| steps: | |
| - name: Git clone - ${{ inputs.branch_name }} | |
| uses: actions/checkout@v3 | |
| with: | |
| ref: ${{ inputs.branch_name }} | |
| - name: Runner setup | |
| uses: ./.github/actions/runner-setup/ | |
| - name: Download artifacts - ${{ env.ARTIFACT_NAME }} | |
| uses: ./.github/actions/download-artifact/ | |
| with: | |
| name: ${{ env.ARTIFACT_NAME }} | |
| - name: Configure aws credentials | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| role-to-assume: ${{ secrets.PE_ROLE_NAME }} | |
| role-session-name: github-actions-ci-${{ env.GITHUB_SHA_SHORT }} | |
| aws-region: eu-west-2 | |
| - name: Terraform plan - ${{ env.TF_WORKFLOW_ID }} (sandbox=${{ inputs.sandbox_deploy }}) | |
| run: | | |
| source nrlf.sh | |
| nrlf truststore pull-server ${TF_WORKFLOW_ID} | |
| nrlf terraform ciinit ${TF_WORKFLOW_ID}${{ github.event.inputs.sandbox_deploy == 'true' && '-sandbox' || '' }} | |
| nrlf terraform ciplan ${TF_WORKFLOW_ID}${{ github.event.inputs.sandbox_deploy == 'true' && '-sandbox' || '' }} | |
| - name: Upload artifact - ${{ env.TF_ARTIFACT_NAME }} | |
| uses: ./.github/actions/upload-artifact/ | |
| with: | |
| name: ${{ env.TF_ARTIFACT_NAME }} | |
| path: ./terraform/infrastructure/tfplan | |
| terraform-apply: | |
| needs: [terraform-plan] | |
| name: Terraform apply - ${{ inputs.environment }} (sandbox=${{ inputs.sandbox_deploy }}) | |
| runs-on: [self-hosted, ci] | |
| environment: ${{ inputs.environment }}${{ github.event.inputs.sandbox_deploy == 'true' && '-sandbox' || '' }} | |
| steps: | |
| - name: Git clone - ${{ inputs.branch_name }} | |
| uses: actions/checkout@v3 | |
| with: | |
| ref: ${{ inputs.branch_name }} | |
| - name: Runner setup | |
| uses: ./.github/actions/runner-setup/ | |
| - name: Download artifacts - ${{ env.ARTIFACT_NAME }} | |
| uses: ./.github/actions/download-artifact/ | |
| with: | |
| name: ${{ env.ARTIFACT_NAME }} | |
| - name: Download artifacts - ${{ env.TF_ARTIFACT_NAME }} | |
| uses: ./.github/actions/download-artifact/ | |
| with: | |
| name: ${{ env.TF_ARTIFACT_NAME }} | |
| path: ./terraform/infrastructure/ | |
| - name: Configure aws credentials | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| role-to-assume: ${{ secrets.PE_ROLE_NAME }} | |
| role-session-name: github-actions-ci-${{ env.GITHUB_SHA_SHORT }} | |
| aws-region: eu-west-2 | |
| - name: Terraform apply - ${{ env.TF_WORKFLOW_ID }} (sandbox=${{ inputs.sandbox_deploy }}) | |
| run: | | |
| source nrlf.sh | |
| nrlf truststore pull-server ${TF_WORKFLOW_ID} | |
| nrlf terraform ciinit ${TF_WORKFLOW_ID}${{ github.event.inputs.sandbox_deploy == 'true' && '-sandbox' || '' }} | |
| nrlf terraform ciapply ${TF_WORKFLOW_ID}${{ github.event.inputs.sandbox_deploy == 'true' && '-sandbox' || '' }} | |
| - name: Upload artifact | |
| uses: ./.github/actions/upload-artifact/ | |
| with: | |
| name: ${{ env.TF_ARTIFACT_NAME }} | |
| path: ./terraform/infrastructure/output.json | |
| smoke-test: | |
| needs: [terraform-apply] | |
| name: Smoke tests | |
| runs-on: [self-hosted, ci] | |
| steps: | |
| - name: Git clone - ${{ env.BRANCH_NAME }} | |
| uses: actions/checkout@v3 | |
| with: | |
| ref: ${{ env.BRANCH_NAME }} | |
| - name: Runner setup | |
| uses: ./.github/actions/runner-setup/ | |
| - name: Download artifacts - ${{ env.TF_ARTIFACT_NAME }} | |
| uses: ./.github/actions/download-artifact/ | |
| with: | |
| name: ${{ env.TF_ARTIFACT_NAME }} | |
| path: ./terraform/infrastructure/ | |
| - name: Download cache - ${{ env.CACHE_NAME }} | |
| uses: ./.github/actions/caching/ | |
| with: | |
| path: .venv | |
| name: ${{ env.CACHE_NAME }} | |
| - name: Configure aws credentials | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| role-to-assume: ${{ secrets.CI_ROLE_NAME }} | |
| role-session-name: github-actions-ci-${{ env.GITHUB_SHA_SHORT }} | |
| aws-region: eu-west-2 | |
| - name: Run test | |
| run: | | |
| source .venv/bin/activate | |
| source nrlf.sh | |
| nrlf test smoke producer ${{ env.WORKSPACE }} | |
| if [[ ${{ env.WORKSPACE }} != *sandbox ]]; then nrlf test smoke producer ${{ env.WORKSPACE }} nrl_sync; fi | |
| documentation: | |
| needs: [smoke-test] | |
| name: Deploy Documentation | |
| runs-on: [self-hosted, ci] | |
| steps: | |
| - name: Download cache - ${{ env.CACHE_NAME }} | |
| uses: ./.github/actions/caching/ | |
| with: | |
| path: .venv | |
| name: ${{ env.CACHE_NAME }} | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| role-to-assume: ${{ secrets.CI_ROLE_NAME }} | |
| role-session-name: github-actions-ci-${{ env.GITHUB_SHA_SHORT }} | |
| aws-region: eu-west-2 | |
| - name: Generate Documentation | |
| run: | | |
| source .venv/bin/activate | |
| source nrlf.sh | |
| nrlf doc generate default | |
| - name: Push Documentation | |
| run: | | |
| source .venv/bin/activate | |
| source nrlf.sh | |
| nrlf doc push ${TF_WORKFLOW_ID}${{ github.event.inputs.sandbox_deploy == 'true' && '-sandbox' || '' }} | |
| set-success: | |
| name: Set Success | |
| needs: [documentation] | |
| runs-on: [self-hosted, ci] | |
| steps: | |
| - name: Set success env var | |
| run: echo "success" | |
| outputs: | |
| success: "succeeded" | |
| clear-cache: | |
| name: Clear Cache | |
| needs: [documentation] | |
| if: ${{ always() }} | |
| runs-on: [self-hosted, ci] | |
| steps: | |
| - name: Git clone - ${{ inputs.branch_name }} | |
| uses: actions/checkout@v3 | |
| with: | |
| ref: ${{ inputs.branch_name }} | |
| - name: Clear cache | |
| uses: ./.github/actions/clear-cache/ | |
| with: | |
| name: ${{ env.CACHE_NAME }} | |
| message-slack: | |
| name: Notify slack of deployment | |
| needs: [set-success] | |
| if: ${{ always() }} | |
| runs-on: [self-hosted, ci] | |
| steps: | |
| - name: Send job result to slack | |
| id: slack | |
| uses: slackapi/[email protected] | |
| with: | |
| payload: | | |
| { | |
| "environment": "${{ env.WORKSPACE }}", | |
| "result": "${{ needs.set-success.outputs.success && needs.set-success.outputs.success || 'failed' }}", | |
| "branch": "${{ inputs.branch_name }}" | |
| } |