|
| 1 | +name: "Review apps: on PR change" |
| 2 | +on: |
| 3 | + pull_request: |
| 4 | + # being explicit about what to trigger on. |
| 5 | + # matches the docs for the default types |
| 6 | + # https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows#pull_request |
| 7 | + types: [opened, reopened, synchronize] |
| 8 | +jobs: |
| 9 | + update-review-app: |
| 10 | + # this references a codebuild project configured in forms-deploy |
| 11 | + # see: https://docs.aws.amazon.com/codebuild/latest/userguide/action-runner.html |
| 12 | + runs-on: codebuild-review-forms-runner-gha-runner-${{github.run_id}}-${{github.run_attempt}} |
| 13 | + |
| 14 | + permissions: |
| 15 | + pull-requests: write |
| 16 | + |
| 17 | + steps: |
| 18 | + - name: Generate container image URI |
| 19 | + run: | |
| 20 | + echo "CONTAINER_IMAGE_URI=842676007477.dkr.ecr.eu-west-2.amazonaws.com/forms-runner:pr-${{github.event.pull_request.number}}-${{github.event.pull_request.head.sha}}-$(date +%s)" >> "$GITHUB_ENV" |
| 21 | +
|
| 22 | + - name: Checkout code |
| 23 | + uses: actions/checkout@v4 |
| 24 | + |
| 25 | + - name: Build container |
| 26 | + run: | |
| 27 | + # Docker credentials are configured in CodeBuild |
| 28 | + # CodeBuild retrieves the credentials from ParameterStore |
| 29 | + echo "${DOCKER_PASSWORD}" | docker login -u "${DOCKER_USERNAME}" --password-stdin |
| 30 | + docker build \ |
| 31 | + --tag "${{env.CONTAINER_IMAGE_URI}}" \ |
| 32 | + . |
| 33 | +
|
| 34 | + - name: Push container |
| 35 | + id: build-container |
| 36 | + run: | |
| 37 | + aws ecr get-login-password --region eu-west-2 \ |
| 38 | + | docker login --username AWS --password-stdin 842676007477.dkr.ecr.eu-west-2.amazonaws.com |
| 39 | +
|
| 40 | + echo "Pushing container image" |
| 41 | + echo "${{env.CONTAINER_IMAGE_URI}}" |
| 42 | +
|
| 43 | + docker push "${CONTAINER_IMAGE_URI}" |
| 44 | +
|
| 45 | + - name: Determine Terraform version |
| 46 | + id: terraform-version |
| 47 | + run: | |
| 48 | + cat .review_apps/.terraform-version | xargs printf "TF_VERSION=%s" >> "$GITHUB_OUTPUT" |
| 49 | +
|
| 50 | + - uses: hashicorp/setup-terraform@v3 |
| 51 | + with: |
| 52 | + terraform_version: ${{steps.terraform-version.outputs.TF_VERSION}} |
| 53 | + |
| 54 | + - name: Deploy review app |
| 55 | + id: deploy |
| 56 | + run: | |
| 57 | + cd .review_apps/ |
| 58 | +
|
| 59 | + terraform init -backend-config="key=review-apps/forms-runner/pr-${{github.event.pull_request.number}}.tfstate" |
| 60 | +
|
| 61 | + terraform apply \ |
| 62 | + -var "pull_request_number=${{github.event.pull_request.number}}" \ |
| 63 | + -var "forms_runner_container_image=${{env.CONTAINER_IMAGE_URI}}" \ |
| 64 | + -no-color \ |
| 65 | + -auto-approve |
| 66 | +
|
| 67 | + echo "REVIEW_APP_URL=$(terraform output -raw review_app_url)" >> "$GITHUB_OUTPUT" |
| 68 | + echo "ADMIN_APP_URL=$(terraform output -raw admin_app_url)" >> "$GITHUB_OUTPUT" |
| 69 | + echo "ECS_CLUSTER_ID=$(terraform output -raw review_app_ecs_cluster_id)" >> "$GITHUB_OUTPUT" |
| 70 | + echo "ECS_SERVICE_NAME=$(terraform output -raw review_app_ecs_service_name)" >> "$GITHUB_OUTPUT" |
| 71 | +
|
| 72 | + - name: Wait for AWS ECS deployments to finish |
| 73 | + run: | |
| 74 | + aws ecs wait services-stable \ |
| 75 | + --cluster "${{steps.deploy.outputs.ECS_CLUSTER_ID}}" \ |
| 76 | + --services "${{steps.deploy.outputs.ECS_SERVICE_NAME}}" |
| 77 | +
|
| 78 | + - name: Comment on PR |
| 79 | + env: |
| 80 | + COMMENT_MARKER: <!-- review apps on pr change --> |
| 81 | + GH_TOKEN: ${{ github.token }} |
| 82 | + run: | |
| 83 | + cat <<EOF > "${{runner.temp}}/pr-comment.md" |
| 84 | + :tada: A review copy of this PR has been deployed! It is made of up two components |
| 85 | +
|
| 86 | + 1. [A review copy of forms-runner](${{steps.deploy.outputs.REVIEW_APP_URL}}) |
| 87 | + 2. [A production copy of forms-admin](${{steps.deploy.outputs.ADMIN_APP_URL}}) |
| 88 | +
|
| 89 | + > [!IMPORTANT] |
| 90 | + > Not all of the functionality of forms-runner is present in review apps. |
| 91 | + > Functionality such as sending emails, file upload, and S3 submission types are |
| 92 | + > deliberately disabled for the sake of simplifying review apps. |
| 93 | + > |
| 94 | + > You should use the full dev environment to test the functionality which is disabled here. |
| 95 | +
|
| 96 | + It may take 5 minutes or so for the application to be fully deployed and working. If it still isn't ready |
| 97 | + after 5 minutes, there may be something wrong with the ECS task. You will need to go to the integration AWS account |
| 98 | + to debug, or otherwise ask an infrastructure person. |
| 99 | +
|
| 100 | + For the sign in details and more information, [see the review apps wiki page](https://github.com/alphagov/forms-team/wiki/Review-apps). |
| 101 | +
|
| 102 | + $COMMENT_MARKER |
| 103 | + EOF |
| 104 | +
|
| 105 | + old_comment_ids=$(gh api "repos/{owner}/{repo}/issues/${{github.event.pull_request.number}}/comments" --jq 'map(select((.user.login == "github-actions[bot]") and (.body | endswith($ENV.COMMENT_MARKER + "\n")))) | .[].id') |
| 106 | + for comment_id in $old_comment_ids; do |
| 107 | + gh api -X DELETE "repos/{owner}/{repo}/issues/comments/${comment_id}" |
| 108 | + done |
| 109 | +
|
| 110 | + gh pr comment "${{github.event.pull_request.html_url}}" --body-file "${{runner.temp}}/pr-comment.md" |
0 commit comments