Skip to content

Commit 4086bcb

Browse files
ankur-jain-nhsankur-jain-nhs
committed
VIA-598 AJ/AS WIP scheduled assurance workflow that uses reusable action to deploy
1 parent 75a08a9 commit 4086bcb

File tree

2 files changed

+176
-0
lines changed

2 files changed

+176
-0
lines changed

.github/actions/deploy/action.yml

Lines changed: 93 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,93 @@
1+
name: deploy
2+
description: "Deployment to AWS"
3+
4+
inputs:
5+
environment:
6+
description: "Environment to deploy to"
7+
required: true
8+
tag_or_sha_to_deploy:
9+
description: "Commit sha or tag to deploy"
10+
required: true
11+
12+
runs:
13+
using: composite
14+
steps:
15+
- name: "Show inputs"
16+
shell: bash
17+
run: |
18+
echo "Deploying to ( ${{ inputs.environment }} ) environment"
19+
echo "Deploying tag/sha ${{ inputs.tag_or_sha_to_deploy }}"
20+
21+
- name: "Checkout code"
22+
uses: actions/checkout@v5
23+
with:
24+
ref: ${{ inputs.tag_or_sha_to_deploy }}
25+
26+
- name: "Identify Terraform version"
27+
shell: bash
28+
id: identify-terraform-version
29+
run: |
30+
echo "terraform_version=$(grep "^terraform" .tool-versions | cut -f2 -d' ')" >> $GITHUB_OUTPUT
31+
32+
- name: "Install Terraform version"
33+
uses: hashicorp/setup-terraform@v3
34+
with:
35+
terraform_version: "${{ steps.identify-terraform-version.outputs.terraform_version }}"
36+
37+
- name: "Configure AWS credentials"
38+
uses: aws-actions/configure-aws-credentials@v5
39+
with:
40+
role-session-name: GitHubActionsSession
41+
role-to-assume: ${{ secrets.IAM_ROLE }}
42+
aws-region: eu-west-2
43+
44+
- name: "Download artefacts from S3 bucket"
45+
shell: bash
46+
run: |
47+
if [[ "${{ inputs.environment }}" == "dev" ]]; then
48+
bucket_name="vita-${{ secrets.AWS_ACCOUNT_ID }}-artefacts-${{ inputs.environment }}"
49+
folder_name="sha"
50+
else
51+
bucket_name="vita-${{ secrets.AWS_ACCOUNT_ID }}-releases-${{ inputs.environment }}"
52+
folder_name="tag"
53+
54+
s3_artefacts_path="s3://${bucket_name}/${folder_name}/${{ steps.tag-or-sha.outputs.value }}"
55+
echo "Copying from path : ${s3_artefacts_path}"
56+
aws s3 cp "${app_s3_path}" . --recursive
57+
58+
- name: "Unzip OpenNext package"
59+
shell: bash
60+
run: |
61+
unzip open-next.zip
62+
rm -rf open-next.zip
63+
64+
- name: "Set terraform environment vars"
65+
shell: bash
66+
run: |
67+
echo "TF_VAR_is_github_action=true" >> $GITHUB_ENV
68+
echo "TF_VAR_alarms_slack_channel_id=${{ secrets.ALARMS_SLACK_CHANNEL_ID }}" >> $GITHUB_ENV
69+
echo "TF_VAR_app_version=${{ steps.tag-or-sha.outputs.value }}" >> $GITHUB_ENV
70+
71+
- name: "Terraform init (iam)"
72+
shell: bash
73+
run: TF_ENV=${{ inputs.environment }}/iam make terraform-init
74+
75+
- name: "Terraform plan (iam)"
76+
shell: bash
77+
run: TF_ENV=${{ inputs.environment }}/iam make terraform-plan opts="-out=terraform-iam.tfplan"
78+
79+
- name: "Terraform apply (iam)"
80+
shell: bash
81+
run: TF_ENV=${{ inputs.environment }}/iam make terraform-apply opts="-auto-approve" opts="terraform-iam.tfplan"
82+
83+
- name: "Terraform init (app)"
84+
shell: bash
85+
run: TF_ENV=${{ inputs.environment }} make terraform-init
86+
87+
- name: "Terraform plan (app)"
88+
shell: bash
89+
run: TF_ENV=${{ inputs.environment }} make terraform-plan opts="-out=terraform-app.tfplan"
90+
91+
- name: "Terraform apply (app)"
92+
shell: bash
93+
run: TF_ENV=${{ inputs.environment }} make terraform-apply opts="-auto-approve" opts="terraform-app.tfplan"

.github/workflows/cicd-9-scheduled-wip.yaml

Lines changed: 83 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,83 @@
1+
name: "CI/CD scheduled assurances WIP"
2+
3+
on:
4+
schedule:
5+
- cron: '30 9 * * MON-FRI' # Runs at 09:30 UTC every weekday
6+
workflow_dispatch:
7+
inputs:
8+
release:
9+
description: 'Release to deploy and assure'
10+
type: choice
11+
options:
12+
- release1
13+
- latest-main-tag
14+
15+
jobs:
16+
deploy-and-test-r1:
17+
name: "R1.0 Assurance"
18+
runs-on: "ubuntu-latest"
19+
timeout-minutes: 20
20+
concurrency:
21+
group: "preprod-env"
22+
cancel-in-progress: false
23+
permissions:
24+
id-token: write
25+
contents: read
26+
environment:
27+
name: "preprod"
28+
29+
if: ${{ !cancelled() && (github.event_name=='schedule' || (github.event_name=='workflow_dispatch' && inputs.release=='release1')) }}
30+
steps:
31+
- name: "Checkout code"
32+
uses: actions/checkout@v5
33+
with:
34+
fetch-depth: 0
35+
ref: "release/v1.0"
36+
37+
- name: "Get latest tag name on release/v1.0 branch"
38+
id: get-latest-tag-name
39+
run: |
40+
echo "value=$(git describe --tags --abbrev=0 --first-parent)" | tee -a $GITHUB_OUTPUT
41+
echo "Latest tag name on release/v1.0 branch is : ${value}"
42+
43+
- name: "Deploy to AWS (preprod)"
44+
timeout-minutes: 10
45+
uses: ./.github/actions/deploy
46+
with:
47+
environment: "preprod"
48+
tag_or_sha_to_deploy: ${{ steps.get-latest-tag-name.outputs.value }}
49+
50+
deploy-and-test-main:
51+
name: "Main Branch Assurance"
52+
runs-on: "ubuntu-latest"
53+
timeout-minutes: 20
54+
concurrency:
55+
group: "preprod-env"
56+
cancel-in-progress: false
57+
permissions:
58+
id-token: write
59+
contents: read
60+
environment:
61+
name: "preprod"
62+
63+
needs: [ deploy-and-test-r1 ]
64+
if: ${{ !cancelled() && (github.event_name=='schedule' || (github.event_name=='workflow_dispatch' && inputs.release=='latest-main-tag')) }}
65+
steps:
66+
- name: "Checkout code"
67+
uses: actions/checkout@v5
68+
with:
69+
fetch-depth: 0
70+
ref: "main"
71+
72+
- name: "Get latest tag name on main branch"
73+
id: get-latest-tag-name
74+
run: |
75+
echo "value=$(git describe --tags --abbrev=0 --first-parent)" | tee -a $GITHUB_OUTPUT
76+
echo "Latest tag name on main branch is : ${value}"
77+
78+
- name: "Deploy to AWS (preprod)"
79+
timeout-minutes: 10
80+
uses: ./.github/actions/deploy
81+
with:
82+
environment: "preprod"
83+
tag_or_sha_to_deploy: ${{ steps.get-latest-tag-name.outputs.value }}

0 commit comments

Comments
 (0)