|
3 | 3 |
|
4 | 4 | name: "CI/CD deploy to TEST" |
5 | 5 |
|
6 | | -#concurrency: |
7 | | -# group: terraform-deploy-${{ github.event.inputs.environment }} |
8 | | -# cancel-in-progress: false |
9 | | -# |
| 6 | +concurrency: |
| 7 | + group: terraform-deploy-${{ github.event.inputs.environment }} |
| 8 | + cancel-in-progress: false |
| 9 | + |
10 | 10 | on: |
11 | 11 | workflow_dispatch: |
12 | | -# inputs: |
13 | | -# tag: |
14 | | -# description: "This is the tag that is going to be deployed" |
15 | | -# required: true |
16 | | -# default: "latest" |
17 | | -# environment: |
18 | | -# description: "Target environment (test only)" |
19 | | -# required: true |
20 | | -# default: "test" |
21 | | -# type: choice |
22 | | -# options: |
23 | | -# - test |
| 12 | + inputs: |
| 13 | + tag: |
| 14 | + description: "This is the tag that is going to be deployed" |
| 15 | + required: true |
| 16 | + default: "latest" |
| 17 | + environment: |
| 18 | + description: "Target environment (test only)" |
| 19 | + required: true |
| 20 | + default: "test" |
| 21 | + type: choice |
| 22 | + options: |
| 23 | + - test |
24 | 24 |
|
25 | 25 | jobs: |
26 | | -# metadata: |
27 | | -# name: "Set CI/CD metadata" |
28 | | -# runs-on: ubuntu-latest |
29 | | -# timeout-minutes: 1 |
30 | | -# outputs: |
31 | | -# build_datetime: ${{ steps.variables.outputs.build_datetime }} |
32 | | -# build_timestamp: ${{ steps.variables.outputs.build_timestamp }} |
33 | | -# build_epoch: ${{ steps.variables.outputs.build_epoch }} |
34 | | -# nodejs_version: ${{ steps.variables.outputs.nodejs_version }} |
35 | | -# python_version: ${{ steps.variables.outputs.python_version }} |
36 | | -# terraform_version: ${{ steps.variables.outputs.terraform_version }} |
37 | | -# version: ${{ steps.variables.outputs.version }} |
38 | | -# tag: ${{ steps.variables.outputs.tag }} |
39 | | -# steps: |
40 | | -# - name: "Checkout tag" |
41 | | -# uses: actions/checkout@v5 |
42 | | -# with: |
43 | | -# ref: ${{ github.event.inputs.tag }} |
44 | | -# |
45 | | -# - name: "Set CI/CD variables" |
46 | | -# id: variables |
47 | | -# run: | |
48 | | -# datetime=$(date -u +'%Y-%m-%dT%H:%M:%S%z') |
49 | | -# echo "build_datetime=$datetime" >> $GITHUB_OUTPUT |
50 | | -# echo "build_timestamp=$(date --date=$datetime -u +'%Y%m%d%H%M%S')" >> $GITHUB_OUTPUT |
51 | | -# echo "build_epoch=$(date --date=$datetime -u +'%s')" >> $GITHUB_OUTPUT |
52 | | -# echo "nodejs_version=$(grep "^nodejs" .tool-versions | cut -f2 -d' ')" >> $GITHUB_OUTPUT |
53 | | -# echo "python_version=$(grep "^nodejs" .tool-versions | cut -f2 -d' ')" >> $GITHUB_OUTPUT |
54 | | -# echo "terraform_version=$(grep "^terraform" .tool-versions | cut -f2 -d' ')" >> $GITHUB_OUTPUT |
55 | | -# # TODO: Get the version, but it may not be the .version file as this should come from the CI/CD Pull Request Workflow |
56 | | -# echo "version=$(head -n 1 .version 2> /dev/null || echo unknown)" >> $GITHUB_OUTPUT |
57 | | -# echo "tag=${{ github.event.inputs.tag }}" >> $GITHUB_OUTPUT |
58 | | -# - name: "List variables" |
59 | | -# run: | |
60 | | -# export BUILD_DATETIME="${{ steps.variables.outputs.build_datetime }}" |
61 | | -# export BUILD_TIMESTAMP="${{ steps.variables.outputs.build_timestamp }}" |
62 | | -# export BUILD_EPOCH="${{ steps.variables.outputs.build_epoch }}" |
63 | | -# export NODEJS_VERSION="${{ steps.variables.outputs.nodejs_version }}" |
64 | | -# export PYTHON_VERSION="${{ steps.variables.outputs.python_version }}" |
65 | | -# export TERRAFORM_VERSION="${{ steps.variables.outputs.terraform_version }}" |
66 | | -# export VERSION="${{ steps.variables.outputs.version }}" |
67 | | -# export TAG="${{ steps.variables.outputs.tag }}" |
68 | | -# make list-variables |
69 | | -# deploy: |
70 | | -# name: "Deploy to an environment" |
71 | | -# runs-on: ubuntu-latest |
72 | | -# needs: [metadata] |
73 | | -# environment: ${{ inputs.environment }} |
74 | | -# timeout-minutes: 30 |
75 | | -# permissions: |
76 | | -# id-token: write |
77 | | -# contents: write |
78 | | -# steps: |
79 | | -# - name: "Setup Terraform" |
80 | | -# uses: hashicorp/setup-terraform@v3 |
81 | | -# with: |
82 | | -# terraform_version: ${{ needs.metadata.outputs.terraform_version }} |
83 | | -# |
84 | | -# - name: "Set up Python" |
85 | | -# uses: actions/setup-python@v5 |
86 | | -# with: |
87 | | -# python-version: "3.13" |
88 | | -# |
89 | | -# - name: "Checkout Repository" |
90 | | -# uses: actions/checkout@v5 |
91 | | -# |
92 | | -# - name: "Build lambda artefact" |
93 | | -# run: | |
94 | | -# make dependencies install-python |
95 | | -# make build |
96 | | -# |
97 | | -# - name: "Upload lambda artefact" |
98 | | -# uses: actions/upload-artifact@v4 |
99 | | -# with: |
100 | | -# name: lambda |
101 | | -# path: dist/lambda.zip |
102 | | -# |
103 | | -# - name: "Download Built Lambdas" |
104 | | -# uses: actions/download-artifact@v5 |
105 | | -# with: |
106 | | -# name: lambda |
107 | | -# path: ./build |
108 | | -# |
109 | | -# - name: "Configure AWS Credentials" |
110 | | -# uses: aws-actions/configure-aws-credentials@v4 |
111 | | -# with: |
112 | | -# role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/service-roles/github-actions-api-deployment-role |
113 | | -# aws-region: eu-west-2 |
114 | | -# |
115 | | -# - name: "Terraform Apply" |
116 | | -# env: |
117 | | -# ENVIRONMENT: ${{ inputs.environment }} |
118 | | -# WORKSPACE: "default" |
119 | | -# TF_VAR_API_CA_CERT: ${{ secrets.API_CA_CERT }} |
120 | | -# TF_VAR_API_CLIENT_CERT: ${{ secrets.API_CLIENT_CERT }} |
121 | | -# TF_VAR_API_PRIVATE_KEY_CERT: ${{ secrets.API_PRIVATE_KEY_CERT }} |
122 | | -# TF_VAR_SPLUNK_HEC_TOKEN: ${{ secrets.SPLUNK_HEC_TOKEN }} |
123 | | -# TF_VAR_SPLUNK_HEC_ENDPOINT: ${{ secrets.SPLUNK_HEC_ENDPOINT }} |
124 | | -# run: | |
125 | | -# mkdir -p ./build |
126 | | -# echo "Running: make terraform env=$ENVIRONMENT workspace=$WORKSPACE stack=networking tf-command=apply" |
127 | | -# make terraform env=$ENVIRONMENT stack=networking tf-command=apply workspace=$WORKSPACE |
128 | | -# echo "Running: make terraform env=$ENVIRONMENT workspace=$WORKSPACE stack=api-layer tf-command=apply" |
129 | | -# make terraform env=$ENVIRONMENT stack=api-layer tf-command=apply workspace=$WORKSPACE |
130 | | -# working-directory: ./infrastructure |
| 26 | + metadata: |
| 27 | + name: "Set CI/CD metadata" |
| 28 | + runs-on: ubuntu-latest |
| 29 | + timeout-minutes: 1 |
| 30 | + outputs: |
| 31 | + build_datetime: ${{ steps.variables.outputs.build_datetime }} |
| 32 | + build_timestamp: ${{ steps.variables.outputs.build_timestamp }} |
| 33 | + build_epoch: ${{ steps.variables.outputs.build_epoch }} |
| 34 | + nodejs_version: ${{ steps.variables.outputs.nodejs_version }} |
| 35 | + python_version: ${{ steps.variables.outputs.python_version }} |
| 36 | + terraform_version: ${{ steps.variables.outputs.terraform_version }} |
| 37 | + version: ${{ steps.variables.outputs.version }} |
| 38 | + tag: ${{ steps.variables.outputs.tag }} |
| 39 | + steps: |
| 40 | + - name: "Checkout tag" |
| 41 | + uses: actions/checkout@v5 |
| 42 | + with: |
| 43 | + ref: ${{ github.event.inputs.tag }} |
| 44 | + |
| 45 | + - name: "Set CI/CD variables" |
| 46 | + id: variables |
| 47 | + run: | |
| 48 | + datetime=$(date -u +'%Y-%m-%dT%H:%M:%S%z') |
| 49 | + echo "build_datetime=$datetime" >> $GITHUB_OUTPUT |
| 50 | + echo "build_timestamp=$(date --date=$datetime -u +'%Y%m%d%H%M%S')" >> $GITHUB_OUTPUT |
| 51 | + echo "build_epoch=$(date --date=$datetime -u +'%s')" >> $GITHUB_OUTPUT |
| 52 | + echo "nodejs_version=$(grep "^nodejs" .tool-versions | cut -f2 -d' ')" >> $GITHUB_OUTPUT |
| 53 | + echo "python_version=$(grep "^nodejs" .tool-versions | cut -f2 -d' ')" >> $GITHUB_OUTPUT |
| 54 | + echo "terraform_version=$(grep "^terraform" .tool-versions | cut -f2 -d' ')" >> $GITHUB_OUTPUT |
| 55 | + # TODO: Get the version, but it may not be the .version file as this should come from the CI/CD Pull Request Workflow |
| 56 | + echo "version=$(head -n 1 .version 2> /dev/null || echo unknown)" >> $GITHUB_OUTPUT |
| 57 | + echo "tag=${{ github.event.inputs.tag }}" >> $GITHUB_OUTPUT |
| 58 | + - name: "List variables" |
| 59 | + run: | |
| 60 | + export BUILD_DATETIME="${{ steps.variables.outputs.build_datetime }}" |
| 61 | + export BUILD_TIMESTAMP="${{ steps.variables.outputs.build_timestamp }}" |
| 62 | + export BUILD_EPOCH="${{ steps.variables.outputs.build_epoch }}" |
| 63 | + export NODEJS_VERSION="${{ steps.variables.outputs.nodejs_version }}" |
| 64 | + export PYTHON_VERSION="${{ steps.variables.outputs.python_version }}" |
| 65 | + export TERRAFORM_VERSION="${{ steps.variables.outputs.terraform_version }}" |
| 66 | + export VERSION="${{ steps.variables.outputs.version }}" |
| 67 | + export TAG="${{ steps.variables.outputs.tag }}" |
| 68 | + make list-variables |
| 69 | + deploy: |
| 70 | + name: "Deploy to an environment" |
| 71 | + runs-on: ubuntu-latest |
| 72 | + needs: [metadata] |
| 73 | + environment: ${{ inputs.environment }} |
| 74 | + timeout-minutes: 30 |
| 75 | + permissions: |
| 76 | + id-token: write |
| 77 | + contents: write |
| 78 | + steps: |
| 79 | + - name: "Setup Terraform" |
| 80 | + uses: hashicorp/setup-terraform@v3 |
| 81 | + with: |
| 82 | + terraform_version: ${{ needs.metadata.outputs.terraform_version }} |
| 83 | + |
| 84 | + - name: "Set up Python" |
| 85 | + uses: actions/setup-python@v5 |
| 86 | + with: |
| 87 | + python-version: "3.13" |
| 88 | + |
| 89 | + - name: "Checkout Repository" |
| 90 | + uses: actions/checkout@v5 |
| 91 | + |
| 92 | + - name: "Build lambda artefact" |
| 93 | + run: | |
| 94 | + make dependencies install-python |
| 95 | + make build |
| 96 | +
|
| 97 | + - name: "Upload lambda artefact" |
| 98 | + uses: actions/upload-artifact@v4 |
| 99 | + with: |
| 100 | + name: lambda |
| 101 | + path: dist/lambda.zip |
| 102 | + |
| 103 | + - name: "Download Built Lambdas" |
| 104 | + uses: actions/download-artifact@v5 |
| 105 | + with: |
| 106 | + name: lambda |
| 107 | + path: ./build |
| 108 | + |
| 109 | + - name: "Configure AWS Credentials" |
| 110 | + uses: aws-actions/configure-aws-credentials@v4 |
| 111 | + with: |
| 112 | + role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/service-roles/github-actions-api-deployment-role |
| 113 | + aws-region: eu-west-2 |
| 114 | + |
| 115 | + - name: "Terraform Apply" |
| 116 | + env: |
| 117 | + ENVIRONMENT: ${{ inputs.environment }} |
| 118 | + WORKSPACE: "default" |
| 119 | + TF_VAR_API_CA_CERT: ${{ secrets.API_CA_CERT }} |
| 120 | + TF_VAR_API_CLIENT_CERT: ${{ secrets.API_CLIENT_CERT }} |
| 121 | + TF_VAR_API_PRIVATE_KEY_CERT: ${{ secrets.API_PRIVATE_KEY_CERT }} |
| 122 | + TF_VAR_SPLUNK_HEC_TOKEN: ${{ secrets.SPLUNK_HEC_TOKEN }} |
| 123 | + TF_VAR_SPLUNK_HEC_ENDPOINT: ${{ secrets.SPLUNK_HEC_ENDPOINT }} |
| 124 | + run: | |
| 125 | + mkdir -p ./build |
| 126 | + echo "Running: make terraform env=$ENVIRONMENT workspace=$WORKSPACE stack=networking tf-command=apply" |
| 127 | + make terraform env=$ENVIRONMENT stack=networking tf-command=apply workspace=$WORKSPACE |
| 128 | + echo "Running: make terraform env=$ENVIRONMENT workspace=$WORKSPACE stack=api-layer tf-command=apply" |
| 129 | + make terraform env=$ENVIRONMENT stack=api-layer tf-command=apply workspace=$WORKSPACE |
| 130 | + working-directory: ./infrastructure |
131 | 131 |
|
132 | 132 | regression_tests: |
133 | | -# needs: deploy |
| 133 | + needs: deploy |
134 | 134 | name: Regression Tests |
135 | 135 | uses: ./.github/workflows/regression-tests.yml |
136 | 136 | with: |
|
0 commit comments