Skip to content

Use AWS credentials to deploy review apps#1854

Merged
whi-tw merged 3 commits intomainfrom
whi-tw/stop-using-self-hosted-runner
Mar 19, 2026
Merged

Use AWS credentials to deploy review apps#1854
whi-tw merged 3 commits intomainfrom
whi-tw/stop-using-self-hosted-runner

Conversation

@whi-tw
Copy link
Member

@whi-tw whi-tw commented Jan 22, 2026
edited
Loading

What problem does this pull request solve?

Trello card: https://trello.com/c/UIEQ97bl/792-stop-using-self-hosted-runners-on-github

Rather than using a codebuild runner to deploy the review apps, instead authenticate to AWS with OIDC and deploy them there using codebuild.

This depends on alphagov/forms-deploy#1958 being merged first.

EDIT: do terraform in codebuild instead. keeping both implementations for review. will squash later.

Things to consider when reviewing

  • Ensure that you consider the wider context.
  • Does it work when run on your machine?
  • Is it clear what the code is doing?
  • Do the commit messages explain why the changes were made?
  • Are there all the unit tests needed?
  • Do the end to end tests need updating before these changes will pass?
  • Has all relevant documentation been updated?

@whi-tw whi-tw force-pushed the whi-tw/stop-using-self-hosted-runner branch 2 times, most recently from ece02c0 to 2b43fee Compare January 22, 2026 11:19
@whi-tw whi-tw marked this pull request as draft January 22, 2026 12:21
@whi-tw whi-tw force-pushed the whi-tw/stop-using-self-hosted-runner branch 6 times, most recently from 26ffaa2 to 23d2f05 Compare January 23, 2026 16:26
@sonarqubecloud
Copy link

sonarqubecloud bot commented Jan 23, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

sarahseewhy
sarahseewhy previously approved these changes Mar 2, 2026
View reviewed changes
Copy link
Contributor

@sarahseewhy sarahseewhy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks sensible, thank you.

@whi-tw whi-tw marked this pull request as ready for review March 16, 2026 09:33
@whi-tw whi-tw force-pushed the whi-tw/stop-using-self-hosted-runner branch from 23d2f05 to c5e6deb Compare March 16, 2026 10:22
@whi-tw whi-tw requested a review from sarahseewhy March 16, 2026 10:28
whi-tw added 2 commits March 19, 2026 13:14
@whi-tw
Only run one review-apps workflow at a time
f117d37 
This prevents us attempting to run multiple instance of terraform at
the same time. Instead, the current running workflow will complete
before the next one starts.

Only 1 running and 1 pending workflow is allowed - any further
workflows will supercede the pending one.
@whi-tw
Deploy / destroy review apps with CodeBuild
ad51097 
Instead of running Terraform directly in the GitHub Actions runners, we
now trigger AWS CodeBuild projects to handle the deployment and
destruction of review apps. This means that the repository no longer
needs extensive AWS permissions in GitHub Actions, and the actual available
AWS operations are limited.
@whi-tw whi-tw force-pushed the whi-tw/stop-using-self-hosted-runner branch 5 times, most recently from 86e9caf to b952023 Compare March 19, 2026 14:19
@whi-tw
BAU: add missing fields to the review app task definition
5db180e 
These fields are automatically added by AWS when creating a task
definition. If we don't include them in our task definition, Terraform
tries to remove them on every apply, which causes unnecessary changes
to the task definition (and thus noise in our Terraform plan output).
@whi-tw whi-tw force-pushed the whi-tw/stop-using-self-hosted-runner branch from b952023 to 5db180e Compare March 19, 2026 14:21
@whi-tw whi-tw requested a review from cadmiumcat March 19, 2026 14:22
@sonarqubecloud
Copy link

sonarqubecloud bot commented Mar 19, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
2 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@github-actions
Copy link
Contributor

github-actions bot commented Mar 19, 2026

🎉 A review copy of this PR has been deployed! You can reach it at: https://pr-1854.submit.review.forms.service.gov.uk/

It may take 5 minutes or so for the application to be fully deployed and working. If it still isn't ready
after 5 minutes, there may be something wrong with the ECS task. You will need to go to the integration AWS account
to debug, or otherwise ask an infrastructure person.

For the sign in details and more information, see the review apps wiki page.

@whi-tw whi-tw added this pull request to the merge queue Mar 19, 2026
Merged via the queue into main with commit 74cc489 Mar 19, 2026
8 checks passed
@whi-tw whi-tw deleted the whi-tw/stop-using-self-hosted-runner branch March 19, 2026 15:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cadmiumcat cadmiumcat cadmiumcat approved these changes

@sarahseewhy sarahseewhy Awaiting requested review from sarahseewhy

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@whi-tw @sarahseewhy @cadmiumcat