generated from NHSDigital/nhs-notify-repository-template
-
Notifications
You must be signed in to change notification settings - Fork 0
129 lines (124 loc) · 5.09 KB
/
cicd-3-deploy.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
name: "CI/CD deploy"
run-name: CI/CD Deploy ${{ inputs.deployEnvironment }} << ${{ github.ref_name }}
on:
workflow_dispatch:
inputs:
deployEnvironment:
description: Name of the environment to deploy
required: true
default: dev
type: string
terraformAction:
description: Terraform Action
required: true
default: apply
type: string
tag:
description: "This is the tag that is oging to be deployed"
required: true
default: "latest"
env:
PROJECT_DIR: infrastructure
PROJECT_NAME: notify-web-platform
DEFAULT_ENVIRONMENT: dev
CI_PIPELINE_IID: ${{ github.run_number }}
CI_COMMIT_REF_NAME: ${{ github.ref_name }}
CI_COMMIT_BRANCH: ${{ github.ref_name }}
AWS_REGION: eu-west-2
DEPLOY_ENVIRONMENT: ${{ inputs.deployEnvironment }}
TERRAFORM_ACTION: ${{ inputs.terraformAction }}
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
concurrency:
group: caas-${{ github.workflow }}-${{ github.event.inputs.deployEnvironment }}
cancel-in-progress: false
jobs:
metadata:
name: "Set CI/CD metadata"
runs-on: ubuntu-latest
timeout-minutes: 1
outputs:
build_datetime: ${{ steps.variables.outputs.build_datetime }}
build_timestamp: ${{ steps.variables.outputs.build_timestamp }}
build_epoch: ${{ steps.variables.outputs.build_epoch }}
nodejs_version: ${{ steps.variables.outputs.nodejs_version }}
python_version: ${{ steps.variables.outputs.python_version }}
terraform_version: ${{ steps.variables.outputs.terraform_version }}
version: ${{ steps.variables.outputs.version }}
tag: ${{ steps.variables.outputs.tag }}
steps:
- name: "Checkout code"
uses: actions/checkout@v4
- name: "Set CI/CD variables"
id: variables
run: |
datetime=$(date -u +'%Y-%m-%dT%H:%M:%S%z')
echo "build_datetime=$datetime" >> $GITHUB_OUTPUT
echo "build_timestamp=$(date --date=$datetime -u +'%Y%m%d%H%M%S')" >> $GITHUB_OUTPUT
echo "build_epoch=$(date --date=$datetime -u +'%s')" >> $GITHUB_OUTPUT
echo "nodejs_version=$(grep "^nodejs" .tool-versions | cut -f2 -d' ')" >> $GITHUB_OUTPUT
echo "python_version=$(grep "^nodejs" .tool-versions | cut -f2 -d' ')" >> $GITHUB_OUTPUT
echo "terraform_version=$(grep "^terraform" .tool-versions | cut -f2 -d' ')" >> $GITHUB_OUTPUT
# TODO: Get the version, but it may not be the .version file as this should come from the CI/CD Pull Request Workflow
echo "version=$(head -n 1 .version 2> /dev/null || echo unknown)" >> $GITHUB_OUTPUT
echo "tag=${{ github.event.inputs.tag }}" >> $GITHUB_OUTPUT
- name: "List variables"
run: |
export BUILD_DATETIME="${{ steps.variables.outputs.build_datetime }}"
export BUILD_TIMESTAMP="${{ steps.variables.outputs.build_timestamp }}"
export BUILD_EPOCH="${{ steps.variables.outputs.build_epoch }}"
export NODEJS_VERSION="${{ steps.variables.outputs.nodejs_version }}"
export PYTHON_VERSION="${{ steps.variables.outputs.python_version }}"
export TERRAFORM_VERSION="${{ steps.variables.outputs.terraform_version }}"
export VERSION="${{ steps.variables.outputs.version }}"
export TAG="${{ steps.variables.outputs.tag }}"
make list-variables
deploy:
name: "Deploy to an environment"
environment: ${{ inputs.deployEnvironment }}
runs-on: ubuntu-latest
needs: [metadata]
timeout-minutes: 10
steps:
- name: "Checkout code"
uses: actions/checkout@v4
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v3
with:
role-to-assume: ${{ vars.AWS_DEPLOY_ROLE }}
role-session-name: lists3buckets
aws-region: ${{ env.AWS_REGION }}
- name: List S3 buckets
run: |
aws s3 ls
- name: Terraform Plan
if: >-
always() &&
!cancelled()
run: |
cd infrastructure/terraform && ./deploy.sh plan
- name: Terraform Apply
if: >-
always() &&
!cancelled()
run: |
cd infrastructure/terraform && ./deploy.sh ${TERRAFORM_ACTION}
# TODO: More jobs or/and steps here
# success:
# name: "Success notification"
# runs-on: ubuntu-latest
# needs: [deploy]
# steps:
# - name: "Check prerequisites for notification"
# id: check
# run: echo "secret_exist=${{ secrets.TEAMS_NOTIFICATION_WEBHOOK_URL != '' }}" >> $GITHUB_OUTPUT
# - name: "Notify on deployment to an environment"
# if: steps.check.outputs.secret_exist == 'true'
# uses: nhs-england-tools/notify-msteams-action@v0.0.4
# with:
# github-token: ${{ secrets.GITHUB_TOKEN }}
# teams-webhook-url: ${{ secrets.TEAMS_NOTIFICATION_WEBHOOK_URL }}
# message-title: "Notification title"
# message-text: "This is a notification body"
# link: ${{ github.event.pull_request.html_url }}