CCM-7035 Adding auto deploy on release

aidenvaines-cgi · aidenvaines-cgi · commit f58945c2f41f · 2024-10-25T08:59:12.000+01:00
diff --git a/.github/workflows/pr_create_dynamic_env.yaml b/.github/workflows/pr_create_dynamic_env.yaml
@@ -40,7 +40,7 @@ jobs:
               }
             }')
 
-          curl -L \
+          curl --fail -L \
             -X POST \
             -H "Accept: application/vnd.github+json" \
             -H "Authorization: Bearer ${{ secrets.PR_TRIGGER_PAT }}" \
diff --git a/.github/workflows/pr_merge.yaml b/.github/workflows/pr_merge.yaml
@@ -1,85 +1,34 @@
 name: PR Merged
 
 on:
+  workflow_dispatch:
   pull_request:
     types: [closed]
+    branches:
+      - main
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: false
 
 jobs:
-  destroy-dynamic-environment:
-    name: Destroy Dynamic Environment
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Trigger nhs-notify-internal dynamic environment workflow
-        shell: bash
-        run: |
-          set -x
-          this_repo_name=$(echo ${{ github.repository }} | cut -d'/' -f2)
-
-          DISPATCH_EVENT=$(jq -ncM \
-            --arg infraRepoName "${this_repo_name}" \
-            --arg releaseVersion "${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" \
-            --arg targetEnvironment "pr${{ github.event.number }}" \
-            --arg targetAccountGroup "nhs-notify-template-management-dev" \
-            --arg targetComponent "branch" \
-            --arg terraformAction "destroy" \
-            --arg overrides "branch_name=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" \
-            '{ "ref": "main",
-              "inputs": {
-                "infraRepoName": $infraRepoName,
-                "releaseVersion", $releaseVersion,
-                "targetEnvironment", $targetEnvironment,
-                "targetAccountGroup", $targetAccountGroup,
-                "targetComponent", $targetComponent,
-                "terraformAction", $terraformAction,
-                "overrides", $overrides,
-              }
-            }')
-
-          curl -L \
-            -X POST \
-            -H "Accept: application/vnd.github+json" \
-            -H "Authorization: Bearer ${{ secrets.PR_TRIGGER_PAT }}" \
-            -H "X-GitHub-Api-Version: 2022-11-28" \
-            https://api.github.com/repos/NHSDigital/nhs-notify-internal/actions/workflows/dispatch-deploy-dynamic-env.yaml/dispatches \
-            -d "${DISPATCH_EVENT}"
-
   deploy-main:
-    name: Deploy changes to main
-    runs-on: ubuntu-latest
-    steps:
-      - name: Trigger nhs-notify-internal static environment workflow deployment
-        shell: bash
-        run: |
-          set -x
-          this_repo_name=$(echo ${{ github.repository }} | cut -d'/' -f2)
-
-          DISPATCH_EVENT=$(jq -ncM \
-            --arg infraRepoName "${this_repo_name}" \
-            --arg releaseVersion "main" \
-            --arg targetEnvironment "main" \
-            --arg targetAccountGroup "nhs-notify-template-management-dev" \
-            --arg targetComponent "app" \
-            --arg terraformAction "apply" \
-            '{ "ref": "main",
-              "inputs": {
-                "infraRepoName": $infraRepoName,
-                "releaseVersion", $releaseVersion,
-                "targetEnvironment", $targetEnvironment,
-                "targetAccountGroup", $targetAccountGroup,
-                "targetComponent", $targetComponent,
-                "terraformAction", $terraformAction
-              }
-            }')
-
-          curl -L \
-            -X POST \
-            -H "Accept: application/vnd.github+json" \
-            -H "Authorization: Bearer ${{ secrets.PR_TRIGGER_PAT }}" \
-            -H "X-GitHub-Api-Version: 2022-11-28" \
-            https://api.github.com/repos/NHSDigital/nhs-notify-internal/actions/workflows/dispatch-deploy-static-env.yaml/dispatches \
-            -d "${DISPATCH_EVENT}"
+    name: Deploy changes to main in dev AWS account
+
+    permissions:
+      id-token: write
+      contents: read
+
+    strategy:
+      max-parallel: 1
+      matrix:
+        component: [dnsroot]
+
+    uses: ./.github/workflows/trigger_internal_repo_build.yaml
+    secrets: inherit
+    with:
+      release_version: main
+      tf_environment: "main"
+      tf_group: "nhs-notify-template-management-dev"
+      tf_component: ${{ matrix.component }}
+      tf_action: "apply"
diff --git a/.github/workflows/release_created.yaml b/.github/workflows/release_created.yaml
@@ -0,0 +1,30 @@
+name: Github Release Created
+
+on:
+  release:
+    types: ["published"] # Inherits all input defaults
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: false
+
+jobs:
+  deploy-main:
+    name: Deploy changes to main in nonprod AWS Account
+    runs-on: ubuntu-latest
+
+    strategy:
+      max-parallel: 1
+      matrix:
+        component: [dnsroot]
+
+    steps:
+      - name: Trigger nhs-notify-internal static environment workflow deployments
+        uses: ./.github/workflows/trigger_internal_repo_build.yaml
+        with:
+          secrets: inherit
+          release_version: ${{ github.event.release.tag_name }}
+          tf_environment: "main"
+          tf_group: "nhs-notify-template-management-nonprod"
+          tf_component: ${{ matrix.component }}
+          tf_action: "apply"
diff --git a/.github/workflows/trigger_internal_repo_build.yaml b/.github/workflows/trigger_internal_repo_build.yaml
@@ -0,0 +1,133 @@
+name: Trigger Notify Internal Infrastructure Deployment
+## Sub workflow which plans and deploys Notify components as part of the workflow.
+## Review Gates may be required to proceed on triggered builds.
+
+on:
+  workflow_call:
+    inputs:
+      release_version:
+        type: string
+        description: The Github release version, commit, or tag.
+        default: main
+      tf_environment:
+        type: string
+        description: The Terraform environment to deploy
+        default: main
+      tf_component:
+        type: string
+        description: The Terraform component to deploy
+        required: true
+      tf_group:
+        type: string
+        description: The Terraform group to deploy
+        required: true
+      tf_action:
+        type: string
+        description: The Terraform component to deploy
+        default: plan
+
+concurrency:
+  group: ${{ inputs.tf_environment }}-${{ inputs.tf_group }}-${{ inputs.tf_component }}-${{ inputs.tf_action }}
+
+jobs:
+  trigger:
+    runs-on: ubuntu-latest
+
+    permissions:
+      id-token: write
+      contents: read
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Trigger nhs-notify-internal static environment workflow deployment
+        shell: bash
+        run: |
+          set -x
+          this_repo_name=$(echo ${{ github.repository }} | cut -d'/' -f2)
+
+          DISPATCH_EVENT=$(jq -ncM \
+            --arg infraRepoName "${this_repo_name}" \
+            --arg releaseVersion ${{ inputs.release_version }} \
+            --arg targetEnvironment ${{ inputs.tf_environment }} \
+            --arg targetAccountGroup ${{ inputs.tf_group }} \
+            --arg targetComponent ${{ inputs.tf_component }} \
+            --arg terraformAction ${{ inputs.tf_action }} \
+            '{ "ref": "main",
+              "inputs": {
+                "infraRepoName": $infraRepoName,
+                "releaseVersion", $releaseVersion,
+                "targetEnvironment", $targetEnvironment,
+                "targetAccountGroup", $targetAccountGroup,
+                "targetComponent", $targetComponent,
+                "terraformAction", $terraformAction
+              }
+            }')
+
+          # Trigger The workflow
+          curl -L \
+            --fail \
+            --silent \
+            -X POST \
+            -H "Accept: application/vnd.github+json" \
+            -H "Authorization: Bearer ${{ secrets.PR_TRIGGER_PAT }}" \
+            -H "X-GitHub-Api-Version: 2022-11-28" \
+            https://api.github.com/repos/NHSDigital/nhs-notify-internal/actions/workflows/dispatch-deploy-static-env.yaml/dispatches \
+            -d "${DISPATCH_EVENT}"
+
+          echo "Workflow triggered successfully. HTTP response. Waiting for the workflow to complete.."
+
+          # Poll GitHub API to check the workflow status
+          run_id=""
+          for i in {1..12}; do
+            run_id=$(curl -s \
+              -H "Accept: application/vnd.github+json" \
+              -H "Authorization: Bearer ${{ secrets.PR_TRIGGER_PAT }}" \
+              -H "X-GitHub-Api-Version: 2022-11-28" \
+              "https://api.github.com/repos/NHSDigital/nhs-notify-internal/actions/runs?event=workflow_dispatch&status=in_progress" \
+              | jq -r '.workflow_runs[0].id')
+
+            if [[ -n "$run_id" && "$run_id" != null ]]; then
+              echo "Found workflow run with ID: $run_id"
+              break
+            fi
+
+            echo "Waiting for workflow to start..."
+            sleep 10
+          done
+
+          if [[ -z "$run_id" || "$run_id" == null ]]; then
+            echo "Failed to get the workflow run ID. Exiting."
+            exit 1
+          fi
+
+          # Wait for workflow completion
+          while true; do
+            sleep 10
+            status=$(curl -s \
+              -H "Accept: application/vnd.github+json" \
+              -H "Authorization: Bearer ${{ secrets.PR_TRIGGER_PAT }}" \
+              -H "X-GitHub-Api-Version: 2022-11-28" \
+              "https://api.github.com/repos/NHSDigital/nhs-notify-internal/actions/runs/$run_id" \
+              | jq -r '.status')
+
+            conclusion=$(curl -s \
+              -H "Accept: application/vnd.github+json" \
+              -H "Authorization: Bearer ${{ secrets.PR_TRIGGER_PAT }}" \
+              -H "X-GitHub-Api-Version: 2022-11-28" \
+              "https://api.github.com/repos/NHSDigital/nhs-notify-internal/actions/runs/$run_id" \
+              | jq -r '.conclusion')
+
+            if [ "$status" == "completed" ]; then
+              if [ "$conclusion" == "success" ]; then
+                echo "Workflow completed successfully."
+                exit 0
+              else
+                echo "Workflow failed with conclusion: $conclusion"
+                exit 1
+              fi
+            fi
+
+            echo "Workflow still running..."
+            sleep 20
+          done
diff --git a/infrastructure/terraform/.gitignore b/infrastructure/terraform/.gitignore
@@ -2,6 +2,7 @@
 
 # Transient backends
 components/**/backend_tfscaffold.tf
+bootstrap
 
 # Exclude all .tfvars files, which are likely to contain sensitive data, such as
 # password, private keys, and other secrets. These should not be part of version
diff --git a/infrastructure/terraform/components/app/route53_record_root.tf b/infrastructure/terraform/components/app/route53_record_root.tf
@@ -5,6 +5,7 @@ resource "aws_route53_record" "root" {
   type    = "A"
   ttl     = 300
   records = ["127.0.0.1"]
+
   lifecycle {
     # Amplify is going to overwrite this record, but due to some provider wierdness this must exist initialy or cognito fails to deploy, even with depends_on configured.
     ignore_changes = [

Original file line number	Diff line number	Diff line change
`@@ -40,7 +40,7 @@ jobs:`
`40`	`40`	`}`
`41`	`41`	`}')`
`42`	`42`
`43`		`- curl -L \`
	`43`	`+ curl --fail -L \`
`44`	`44`	`-X POST \`
`45`	`45`	`-H "Accept: application/vnd.github+json" \`
`46`	`46`	`-H "Authorization: Bearer ${{ secrets.PR_TRIGGER_PAT }}" \`