|
1 | | -name: "CI/CD E2E Tests" |
| 1 | +# Deploys a given tag to test environment |
| 2 | +# Does not tag or create a release |
| 3 | + |
| 4 | +name: "CI/CD deploy to TEST" |
| 5 | + |
| 6 | +concurrency: |
| 7 | + group: terraform-deploy-${{ github.event.inputs.environment }} |
| 8 | + cancel-in-progress: false |
2 | 9 |
|
3 | 10 | on: |
4 | 11 | workflow_dispatch: |
5 | 12 | inputs: |
| 13 | + tag: |
| 14 | + description: "This is the tag that is going to be deployed" |
| 15 | + required: true |
| 16 | + default: "latest" |
6 | 17 | environment: |
7 | | - description: Target environment |
| 18 | + description: "Target environment (test only) |
8 | 19 | required: true |
| 20 | + default: "test" |
9 | 21 | type: choice |
10 | | - options: [dev, test, preprod] |
| 22 | + options: |
| 23 | + - test |
11 | 24 |
|
12 | 25 | jobs: |
13 | | - listS3: |
| 26 | + metadata: |
| 27 | + name: "Set CI/CD metadata" |
| 28 | + runs-on: ubuntu-latest |
| 29 | + timeout-minutes: 1 |
| 30 | + outputs: |
| 31 | + build_datetime: ${{ steps.variables.outputs.build_datetime }} |
| 32 | + build_timestamp: ${{ steps.variables.outputs.build_timestamp }} |
| 33 | + build_epoch: ${{ steps.variables.outputs.build_epoch }} |
| 34 | + nodejs_version: ${{ steps.variables.outputs.nodejs_version }} |
| 35 | + python_version: ${{ steps.variables.outputs.python_version }} |
| 36 | + terraform_version: ${{ steps.variables.outputs.terraform_version }} |
| 37 | + version: ${{ steps.variables.outputs.version }} |
| 38 | + tag: ${{ steps.variables.outputs.tag }} |
| 39 | + steps: |
| 40 | + - name: "Checkout tag" |
| 41 | + uses: actions/checkout@v5 |
| 42 | + with: |
| 43 | + ref: ${{ github.event.inputs.tag }} |
| 44 | + |
| 45 | + - name: "Set CI/CD variables" |
| 46 | + id: variables |
| 47 | + run: | |
| 48 | + datetime=$(date -u +'%Y-%m-%dT%H:%M:%S%z') |
| 49 | + echo "build_datetime=$datetime" >> $GITHUB_OUTPUT |
| 50 | + echo "build_timestamp=$(date --date=$datetime -u +'%Y%m%d%H%M%S')" >> $GITHUB_OUTPUT |
| 51 | + echo "build_epoch=$(date --date=$datetime -u +'%s')" >> $GITHUB_OUTPUT |
| 52 | + echo "nodejs_version=$(grep "^nodejs" .tool-versions | cut -f2 -d' ')" >> $GITHUB_OUTPUT |
| 53 | + echo "python_version=$(grep "^nodejs" .tool-versions | cut -f2 -d' ')" >> $GITHUB_OUTPUT |
| 54 | + echo "terraform_version=$(grep "^terraform" .tool-versions | cut -f2 -d' ')" >> $GITHUB_OUTPUT |
| 55 | + # TODO: Get the version, but it may not be the .version file as this should come from the CI/CD Pull Request Workflow |
| 56 | + echo "version=$(head -n 1 .version 2> /dev/null || echo unknown)" >> $GITHUB_OUTPUT |
| 57 | + echo "tag=${{ github.event.inputs.tag }}" >> $GITHUB_OUTPUT |
| 58 | + - name: "List variables" |
| 59 | + run: | |
| 60 | + export BUILD_DATETIME="${{ steps.variables.outputs.build_datetime }}" |
| 61 | + export BUILD_TIMESTAMP="${{ steps.variables.outputs.build_timestamp }}" |
| 62 | + export BUILD_EPOCH="${{ steps.variables.outputs.build_epoch }}" |
| 63 | + export NODEJS_VERSION="${{ steps.variables.outputs.nodejs_version }}" |
| 64 | + export PYTHON_VERSION="${{ steps.variables.outputs.python_version }}" |
| 65 | + export TERRAFORM_VERSION="${{ steps.variables.outputs.terraform_version }}" |
| 66 | + export VERSION="${{ steps.variables.outputs.version }}" |
| 67 | + export TAG="${{ steps.variables.outputs.tag }}" |
| 68 | + make list-variables |
| 69 | + deploy: |
| 70 | + name: "Deploy to an environment" |
14 | 71 | runs-on: ubuntu-latest |
| 72 | + needs: [metadata] |
15 | 73 | environment: ${{ inputs.environment }} |
| 74 | + timeout-minutes: 30 |
16 | 75 | permissions: |
17 | 76 | id-token: write |
18 | | - contents: read |
19 | | - |
| 77 | + contents: write |
20 | 78 | steps: |
21 | | - - name: Checkout |
22 | | - uses: actions/checkout@v5 |
| 79 | + - name: "Setup Terraform" |
| 80 | + uses: hashicorp/setup-terraform@v3 |
| 81 | + with: |
| 82 | + terraform_version: ${{ needs.metadata.outputs.terraform_version }} |
23 | 83 |
|
24 | | - - name: Set up Python |
| 84 | + - name: "Set up Python" |
25 | 85 | uses: actions/setup-python@v5 |
26 | 86 | with: |
27 | | - python-version: "3.11" |
| 87 | + python-version: "3.13" |
28 | 88 |
|
29 | | - - name: Install Poetry |
30 | | - run: | |
31 | | - curl -sSL https://install.python-poetry.org | python3 - |
32 | | - export PATH="$HOME/.local/bin:$PATH" |
| 89 | + - name: "Checkout Repository" |
| 90 | + uses: actions/checkout@v5 |
33 | 91 |
|
34 | | - - name: Install dependencies with Poetry |
| 92 | + - name: "Build lambda artefact" |
35 | 93 | run: | |
36 | | - poetry install --no-root |
| 94 | + make dependencies install-python |
| 95 | + make build |
| 96 | +
|
| 97 | + - name: "Upload lambda artefact" |
| 98 | + uses: actions/upload-artifact@v4 |
| 99 | + with: |
| 100 | + name: lambda |
| 101 | + path: dist/lambda.zip |
37 | 102 |
|
38 | | - - name: Configure AWS Credentials |
| 103 | + - name: "Download Built Lambdas" |
| 104 | + uses: actions/download-artifact@v5 |
| 105 | + with: |
| 106 | + name: lambda |
| 107 | + path: ./build |
| 108 | + |
| 109 | + - name: "Configure AWS Credentials" |
39 | 110 | uses: aws-actions/configure-aws-credentials@v4 |
40 | 111 | with: |
41 | 112 | role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/service-roles/github-actions-api-deployment-role |
42 | 113 | aws-region: eu-west-2 |
43 | 114 |
|
44 | | - - name: List S3 bucket |
45 | | - run: | |
46 | | - aws s3 ls s3://eligibility-signposting-api-${{ inputs.environment }}-tfstate |
| 115 | + - name: "Terraform Apply" |
| 116 | + env: |
| 117 | + ENVIRONMENT: ${{ inputs.environment }} |
| 118 | + WORKSPACE: "default" |
| 119 | + TF_VAR_API_CA_CERT: ${{ secrets.API_CA_CERT }} |
| 120 | + TF_VAR_API_CLIENT_CERT: ${{ secrets.API_CLIENT_CERT }} |
| 121 | + TF_VAR_API_PRIVATE_KEY_CERT: ${{ secrets.API_PRIVATE_KEY_CERT }} |
47 | 122 |
|
48 | | - - name: Run Behave tests |
49 | 123 | run: | |
50 | | - mkdir -p reports |
51 | | - poetry run behave --format json --outfile reports/behave-report.json |
52 | | -
|
53 | | - - name: Upload Behave test results |
54 | | - uses: actions/upload-artifact@v4 |
55 | | - with: |
56 | | - name: behave-test-results |
57 | | - path: reports/ |
| 124 | + mkdir -p ./build |
| 125 | + echo "Running: make terraform env=$ENVIRONMENT workspace=$WORKSPACE stack=networking tf-command=apply" |
| 126 | + make terraform env=$ENVIRONMENT stack=networking tf-command=apply workspace=$WORKSPACE |
| 127 | + echo "Running: make terraform env=$ENVIRONMENT workspace=$WORKSPACE stack=api-layer tf-command=apply" |
| 128 | + make terraform env=$ENVIRONMENT stack=api-layer tf-command=apply workspace=$WORKSPACE |
| 129 | + working-directory: ./infrastructure |
0 commit comments