Deployment to auth-3b1d938b non-public development environment
#86
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy Non Public Personal Development Environment | |
| run-name: Deployment to `${{ inputs.name }}` non-public development environment | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| name: | |
| description: "The name of the dev environment you wish to deploy to e.g. auth-1234" | |
| required: true | |
| type: string | |
| frontend_branch: | |
| description: "The name of the git branch from the frontend which should be deployed" | |
| default: "main" | |
| type: string | |
| backend_branch: | |
| description: "The name of the git branch from the backend which should be deployed" | |
| default: "main" | |
| type: string | |
| ingestion_branch: | |
| description: "The name of the git branch from the backend which should be deployed to the ingestion service" | |
| default: "main" | |
| type: string | |
| env: | |
| AWS_REGION: "eu-west-2" | |
| permissions: | |
| id-token: write | |
| contents: read | |
| jobs: | |
| validate_environment_name: | |
| name: Validate environment name | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout .github/ directory | |
| uses: actions/checkout@v4 | |
| with: | |
| sparse-checkout: | | |
| .github | |
| - uses: ./.github/actions/validate-auth-environment-name | |
| with: | |
| name: ${{ inputs.name }} | |
| terraform_apply: | |
| name: Terraform apply | |
| runs-on: ubuntu-latest | |
| needs: [ "validate_environment_name" ] | |
| steps: | |
| - name: Checkout infra repo | |
| uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v6 | |
| - name: Configure AWS credentials for tools account | |
| uses: ./.github/actions/configure-aws-credentials | |
| with: | |
| aws-region: ${{ env.AWS_REGION }} | |
| tools-account-role: ${{ secrets.UHD_TERRAFORM_IAM_ROLE }} | |
| role-duration-seconds: "7200" | |
| - uses: ./.github/actions/setup-terraform | |
| - uses: ./.github/actions/setup-zsh | |
| - name: Terraform apply | |
| run: | | |
| source uhd.sh | |
| uhd terraform init:layer 20-app | |
| uhd terraform apply:layer 20-app ${{ inputs.name }} | |
| shell: zsh {0} | |
| push_frontend_docker_image: | |
| name: Push frontend docker image | |
| runs-on: ubuntu-22.04-arm | |
| needs: [ "terraform_apply" ] | |
| steps: | |
| - name: Checkout .github/ directory | |
| uses: actions/checkout@v4 | |
| with: | |
| sparse-checkout: | | |
| .github | |
| - name: Configure AWS credentials for tools account | |
| uses: ./.github/actions/configure-aws-credentials | |
| with: | |
| aws-region: ${{ env.AWS_REGION }} | |
| tools-account-role: ${{ secrets.UHD_TERRAFORM_IAM_ROLE }} | |
| - uses: ./.github/actions/setup-zsh | |
| - name: Checkout frontend repo | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: UKHSA-Internal/data-dashboard-frontend | |
| path: data-dashboard-frontend | |
| ref: ${{ inputs.frontend_branch }} | |
| - name: Checkout infra repo | |
| uses: actions/checkout@v4 | |
| with: | |
| path: data-dashboard-infra | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build frontend image | |
| run: | | |
| cd data-dashboard-infra | |
| source uhd.sh | |
| if [[ "${{ inputs.frontend_branch }}" == "main" ]]; then | |
| uhd docker update-service auth-dev ${{ inputs.name }} front-end | |
| else | |
| uhd docker build frontend ${{ inputs.name }} | |
| fi | |
| shell: zsh {0} | |
| push_backend_docker_image: | |
| name: Push backend docker image | |
| runs-on: ubuntu-22.04-arm | |
| needs: [ "terraform_apply" ] | |
| steps: | |
| - name: Checkout .github/ directory | |
| uses: actions/checkout@v4 | |
| with: | |
| sparse-checkout: | | |
| .github | |
| - name: Configure AWS credentials for tools account | |
| uses: ./.github/actions/configure-aws-credentials | |
| with: | |
| aws-region: ${{ env.AWS_REGION }} | |
| tools-account-role: ${{ secrets.UHD_TERRAFORM_IAM_ROLE }} | |
| - uses: ./.github/actions/setup-zsh | |
| - name: Checkout backend repo | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: UKHSA-Internal/data-dashboard-api | |
| path: data-dashboard-api | |
| ref: ${{ inputs.backend_branch }} | |
| - name: Checkout infra repo | |
| uses: actions/checkout@v4 | |
| with: | |
| path: data-dashboard-infra | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build backend image | |
| run: | | |
| cd data-dashboard-infra | |
| source uhd.sh | |
| if [[ "${{ inputs.backend_branch }}" == "main" ]]; then | |
| uhd docker update-service auth-dev ${{ inputs.name }} back-end | |
| else | |
| uhd docker build backend ${{ inputs.name }} | |
| fi | |
| shell: zsh {0} | |
| push_ingestion_docker_image: | |
| name: Push ingestion docker image | |
| runs-on: ubuntu-22.04-arm | |
| needs: [ "terraform_apply" ] | |
| steps: | |
| - name: Checkout .github/ directory | |
| uses: actions/checkout@v4 | |
| with: | |
| sparse-checkout: | | |
| .github | |
| - name: Configure AWS credentials for tools account | |
| uses: ./.github/actions/configure-aws-credentials | |
| with: | |
| aws-region: ${{ env.AWS_REGION }} | |
| tools-account-role: ${{ secrets.UHD_TERRAFORM_IAM_ROLE }} | |
| - uses: ./.github/actions/setup-zsh | |
| - name: Checkout backend repo | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: UKHSA-Internal/data-dashboard-api | |
| path: data-dashboard-api | |
| ref: ${{ inputs.ingestion_branch }} | |
| - name: Checkout infra repo | |
| uses: actions/checkout@v4 | |
| with: | |
| path: data-dashboard-infra | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build ingestion image | |
| run: | | |
| cd data-dashboard-infra | |
| source uhd.sh | |
| if [[ "${{ inputs.ingestion_branch }}" == "main" ]]; then | |
| uhd docker update-service auth-dev ${{ inputs.name }} ingestion | |
| else | |
| uhd docker build ingestion ${{ inputs.name }} | |
| fi | |
| shell: zsh {0} | |
| restart_services: | |
| name: Restart services | |
| runs-on: ubuntu-latest | |
| needs: | |
| [ | |
| "push_frontend_docker_image", | |
| "push_backend_docker_image", | |
| "push_ingestion_docker_image", | |
| ] | |
| steps: | |
| - name: Checkout infra repo | |
| uses: actions/checkout@v4 | |
| - name: Configure AWS credentials for tools account | |
| uses: ./.github/actions/configure-aws-credentials | |
| with: | |
| aws-region: ${{ env.AWS_REGION }} | |
| tools-account-role: ${{ secrets.UHD_TERRAFORM_IAM_ROLE }} | |
| - uses: ./.github/actions/setup-terraform | |
| - uses: ./.github/actions/setup-zsh | |
| - name: Terraform output | |
| run: | | |
| source uhd.sh | |
| uhd terraform init:layer 20-app | |
| uhd terraform output:layer 20-app ${{ inputs.name }} | |
| shell: zsh {0} | |
| - name: Configure AWS credentials for auth-dev account | |
| uses: ./.github/actions/configure-aws-credentials | |
| with: | |
| account-name: "auth-dev" | |
| aws-region: ${{ env.AWS_REGION }} | |
| auth-dev-account-role: ${{ secrets.UHD_TERRAFORM_ROLE_AUTH_DEV }} | |
| - name: Restart ECS services | |
| run: | | |
| source uhd.sh | |
| uhd ecs restart-services | |
| shell: zsh {0} | |
| - name: Redeploy lambda functions | |
| run: | | |
| source uhd.sh | |
| uhd lambda restart-functions | |
| shell: zsh {0} |