🚀 Deploying from feat/EMS-4098-deployment-pipeline #293
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This GHA is responsible for EXIP deployment. | |
| # Deployment is initiated using `az cli` bash script. | |
| # | |
| # Standard Azure naming convention has been followed: | |
| # https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-naming | |
| # | |
| # | |
| # Following Azure services are consumed: | |
| # 1. Azure resource group - https://learn.microsoft.com/en-us/cli/azure/group?view=azure-cli-latest#az-group-create | |
| # 2. Azure container registry - https://learn.microsoft.com/en-us/cli/azure/acr?view=azure-cli-latest#az-acr-create | |
| # 3. Azure WebApp - https://learn.microsoft.com/en-us/azure/app-service/overview | |
| # | |
| # | |
| # Execution | |
| # ********* | |
| # GHA is only invoked when following conditions are satisfied: | |
| # 1. Push to the `dev`, `staging` and `production` branches only. | |
| # 2. Any modifications to atleast one of the `paths` targets. | |
| name: Deployment˙˙ | |
| run-name: 🚀 Deploying from ${{ github.ref_name }} | |
| on: | |
| schedule: | |
| - cron: '0 0 * * *' | |
| push: | |
| branches: | |
| # Manual deployment | |
| - dev | |
| - staging | |
| - production | |
| # TODO: Remove prior to approval and merge | |
| - feat/EMS-4098-deployment-pipeline | |
| paths: | |
| - 'src/**' | |
| - 'database/**' | |
| - '.github/**' | |
| env: | |
| PRODUCT: exip | |
| ENVIRONMENT: ${{ github.ref_name }} | |
| TIMEZONE: ${{ vars.TIMEZONE }} | |
| jobs: | |
| # 1. Base actions configrations | |
| setup: | |
| name: Setup 🔧 | |
| runs-on: [self-hosted, EXIP, deployment] | |
| outputs: | |
| product: ${{ env.PRODUCT }} | |
| environment: ${{ steps.environment.outputs.environment }} | |
| timezone: ${{ env.TIMEZONE }} | |
| steps: | |
| - name: Environment 🧪 | |
| id: environment | |
| run: | | |
| if [[ "${{ env.ENVIRONMENT }}" == "feat/EMS-4098-deployment-pipeline" ]]; then | |
| echo "environment=dev" >> "$GITHUB_OUTPUT" | |
| else | |
| echo "environment=${{ env.ENVIRONMENT }}" >> "$GITHUB_OUTPUT" | |
| fi | |
| - name: Timezone 🌐 | |
| run: echo "Timezone set to ${{ env.TIMEZONE }}" | |
| # 2. Database schema migration | |
| database: | |
| name: MySQL 🗄️ | |
| needs: [setup] | |
| environment: ${{ needs.setup.outputs.environment }} | |
| runs-on: [self-hosted, EXIP, deployment] | |
| if: ${{ '1' == vars.DATABASE }} | |
| env: | |
| ENVIRONMENT: ${{ needs.setup.outputs.environment }} | |
| steps: | |
| - name: Repository 🗂️ | |
| uses: actions/checkout@v4 | |
| - name: Deploy ⚡ | |
| uses: ./.github/actions/mysql | |
| with: | |
| host: sqldb-${{ env.PRODUCT }}-${{ env.ENVIRONMENT }}-${{ vars.VERSION }} | |
| username: ${{ secrets.MYSQL_USER }} | |
| password: ${{ secrets.MYSQL_PASSWORD }} | |
| database: ${{ env.PRODUCT }} | |
| branch: ${{ env.ENVIRONMENT }} | |
| node: ${{ vars.NODE_VERSION }} | |
| execute: ${{ vars.DATABASE }} | |
| # 3. micro-serices WebApp deployments | |
| webapp: | |
| name: WebApp 🌐 | |
| needs: [setup] | |
| environment: ${{ needs.setup.outputs.environment }} | |
| runs-on: [self-hosted, EXIP, deployment] | |
| env: | |
| ENVIRONMENT: ${{ needs.setup.outputs.environment }} | |
| strategy: | |
| max-parallel: 2 | |
| # Do not cancel in-progress jobs upon failure | |
| fail-fast: false | |
| # Single dimension matrix | |
| matrix: | |
| webapp: ['ui', 'api'] | |
| concurrency: | |
| group: deployment-webapp-${{ github.workflow }}-${{ github.workflow_ref }}-${{ matrix.webapp }} | |
| cancel-in-progress: true | |
| steps: | |
| - name: Repository 🗂️🌎 | |
| uses: actions/checkout@v4 | |
| - name: Port ⭕️ | |
| run: | | |
| if [[ "${{ matrix.webapp }}" == "ui" ]]; then | |
| echo "PORT=${{ vars.UI_PORT }}" >> "$GITHUB_ENV" | |
| elif [[ "${{ matrix.webapp }}" == "api" ]]; then | |
| echo "PORT=${{ vars.API_PORT }}" >> "$GITHUB_ENV" | |
| fi | |
| - name: Deploy ⚡ | |
| uses: ./.github/actions/webapp | |
| with: | |
| region: ${{ vars.REGION }} | |
| group: rg-${{ env.PRODUCT }}-${{ env.ENVIRONMENT }}-${{ vars.VERSION }} | |
| credentials: ${{ secrets.AZURE_CREDENTIALS }} | |
| acr: ${{ secrets.ACR_PASSWORD }} | |
| webapp: ${{ matrix.webapp }} | |
| branch: ${{ env.ENVIRONMENT }} | |
| node: ${{ vars.NODE_ENV }} | |
| port: ${{ env.PORT }} | |
| session: ${{ secrets.SESSION_SECRET }} | |
| notify: ${{ secrets.GOV_NOTIFY_API_KEY }} | |
| - name: Environment 🧱 | |
| uses: azure/cli@v2 | |
| with: | |
| inlineScript: | | |
| az webapp config appsettings set \ | |
| --name app-${{ env.PRODUCT }}-api-${{ env.ENVIRONMENT }}-${{ vars.VERSION }} \ | |
| --settings \ | |
| TZ='${{ vars.TIMEZONE }}' \ | |
| NODE_ENV='${{ vars.NODE_ENV }}' \ | |
| PORT='${{ vars.API_PORT }}' \ | |
| WEBSITES_PORT='${{ vars.API_PORT }}' \ | |
| APIM_MDM_URL='${{ secrets.APIM_MDM_URL }}' \ | |
| APIM_MDM_KEY='${{ secrets.APIM_MDM_KEY }}' \ | |
| APIM_MDM_VALUE='${{ secrets.APIM_MDM_VALUE }}' \ | |
| API_KEY='${{ secrets.API_KEY }}' \ | |
| SESSION_SECRET='${{ secrets.SESSION_SECRET }}' \ | |
| GOV_NOTIFY_API_KEY='${{ secrets.GOV_NOTIFY_API_KEY }}' \ | |
| COMPANIES_HOUSE_API_URL='${{ secrets.COMPANIES_HOUSE_API_URL }}' \ | |
| COMPANIES_HOUSE_API_KEY='${{ secrets.COMPANIES_HOUSE_API_KEY }}' \ | |
| JWT_SIGNING_KEY='${{ secrets.JWT_SIGNING_KEY }}' \ | |
| UNDERWRITING_TEAM_EMAIL='${{ secrets.UNDERWRITING_TEAM_EMAIL }}' \ | |
| FEEDBACK_EMAIL_RECIPIENT='${{ secrets.FEEDBACK_EMAIL_RECIPIENT }}' \ | |
| EXCELJS_PROTECTION_PASSWORD='${{ secrets.EXCELJS_PROTECTION_PASSWORD }}' | |
| az webapp config appsettings set \ | |
| --name app-${{ env.PRODUCT }}-ui-${{ env.ENVIRONMENT }}-${{ vars.VERSION }} \ | |
| --settings \ | |
| TZ='${{ vars.TIMEZONE }}' \ | |
| NODE_ENV='${{ vars.NODE_ENV }}' \ | |
| PORT='${{ vars.UI_PORT }}' \ | |
| WEBSITES_PORT='${{ vars.UI_PORT }}' \ | |
| SESSION_SECRET='${{ secrets.SESSION_SECRET }}' \ | |
| GOOGLE_ANALYTICS_ID='${{ secrets.GOOGLE_ANALYTICS_ID }}' \ | |
| GOOGLE_TAG_MANAGER_ID='${{ secrets.GOOGLE_TAG_MANAGER_ID }}' \ | |
| APIM_MDM_URL='${{ secrets.APIM_MDM_URL }}' \ | |
| APIM_MDM_KEY='${{ secrets.APIM_MDM_KEY }}' \ | |
| APIM_MDM_VALUE='${{ secrets.APIM_MDM_VALUE }}' \ | |
| API_KEY='${{ secrets.API_KEY }}' | |
| APIM_MDM_VALUE='${{ secrets.APIM_MDM_VALUE }}' \ | |
| API_KEY='${{ secrets.API_KEY }}' | |
| # 4. Notification | |
| notify: | |
| name: Notification 🔔 | |
| needs: [setup, webapp] | |
| environment: ${{ needs.setup.outputs.environment }} | |
| runs-on: [self-hosted, EXIP, deployment] | |
| env: | |
| ENVIRONMENT: ${{ needs.setup.outputs.environment }} | |
| WEBHOOK: ${{ secrets.MSTEAMS_WEBHOOK }} | |
| steps: | |
| - name: Facts | |
| run: | | |
| - name: MS Teams | |
| run: | | |
| curl --location '${{ env.WEBHOOK }}' \ | |
| --header 'Content-Type: application/json' \ | |
| --data-raw '{ | |
| "@type": "MessageCard", | |
| "@context": "http://schema.org/extensions", | |
| "themeColor": "00703c", | |
| "title": "🚀 main : ${{ env.ENVIRONMENT }}", | |
| "summary": "Deployed '\''main'\'' branch to '\''${{ env.ENVIRONMENT }}'\'' EXIP environment", | |
| "sections": [ | |
| { | |
| "activityTitle": "Branch deployment", | |
| "activitySubtitle": "Deployed **main** branch to **${{ env.ENVIRONMENT }}** EXIP environment.", | |
| "facts": [ | |
| { | |
| "name": "Branch", | |
| "value": "main" | |
| }, | |
| { | |
| "name": "Environment", | |
| "value": "${{ env.ENVIRONMENT }}" | |
| }, | |
| { | |
| "name": "Commit", | |
| "value": "${{ github.sha }}" | |
| }, | |
| { | |
| "name": "Status", | |
| "value": "Successfull" | |
| } | |
| ], | |
| "markdown": true | |
| } | |
| ], | |
| "potentialAction": [ | |
| { | |
| "@type": "OpenUri", | |
| "name": "Deployment", | |
| "targets": [ | |
| { | |
| "os": "default", | |
| "uri": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" | |
| } | |
| ] | |
| } | |
| ] | |
| }' |