π Deploying from main #309
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This GHA is responsible for EXIP deployment. | |
| # Deployment is initiated using `az cli` bash script. | |
| # | |
| # Standard Azure naming convention has been followed: | |
| # https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-naming | |
| # | |
| # | |
| # Following Azure services are consumed: | |
| # 1. Azure resource group - https://learn.microsoft.com/en-us/cli/azure/group?view=azure-cli-latest#az-group-create | |
| # 2. Azure container registry - https://learn.microsoft.com/en-us/cli/azure/acr?view=azure-cli-latest#az-acr-create | |
| # 3. Azure WebApp - https://learn.microsoft.com/en-us/azure/app-service/overview | |
| # | |
| # | |
| # Execution | |
| # ********* | |
| # GHA is only invoked when following conditions are satisfied: | |
| # 1. Push to the `dev`, `staging` and `production` branches only. | |
| # 2. Any modifications to atleast one of the `paths` targets. | |
| name: Deployment | |
| run-name: π Deploying from ${{ github.ref_name }} | |
| on: | |
| schedule: | |
| - cron: '0 0 * * *' | |
| push: | |
| branches: | |
| # Manual deployment | |
| - dev | |
| - staging | |
| - production | |
| paths: | |
| - 'src/**' | |
| - 'database/**' | |
| - '.github/**' | |
| env: | |
| PRODUCT: exip | |
| ENVIRONMENT: ${{ github.ref_name }} | |
| TIMEZONE: ${{ vars.TIMEZONE }} | |
| jobs: | |
| # 1. Base actions configrations | |
| setup: | |
| name: Setup π§ | |
| runs-on: [self-hosted, EXIP, deployment] | |
| outputs: | |
| product: ${{ env.PRODUCT }} | |
| environment: ${{ steps.environment.outputs.environment }} | |
| timezone: ${{ env.TIMEZONE }} | |
| steps: | |
| - name: Environment π§ͺ | |
| id: environment | |
| run: | | |
| if [[ "${{ env.ENVIRONMENT }}" == "main" ]]; then | |
| echo "environment=dev" >> "$GITHUB_OUTPUT" | |
| else | |
| echo "environment=${{ env.ENVIRONMENT }}" >> "$GITHUB_OUTPUT" | |
| fi | |
| - name: Timezone π | |
| run: echo "Timezone set to ${{ env.TIMEZONE }}" | |
| # 2. Database schema migration | |
| database: | |
| name: MySQL ποΈ | |
| needs: [setup] | |
| environment: ${{ needs.setup.outputs.environment }} | |
| runs-on: [self-hosted, EXIP, deployment] | |
| if: ${{ '1' == vars.DATABASE }} | |
| env: | |
| ENVIRONMENT: ${{ needs.setup.outputs.environment }} | |
| steps: | |
| - name: Repository ποΈ | |
| uses: actions/checkout@v4 | |
| - name: Deploy β‘ | |
| uses: ./.github/actions/mysql | |
| with: | |
| host: sqldb-${{ env.PRODUCT }}-${{ env.ENVIRONMENT }}-${{ vars.VERSION }} | |
| username: ${{ secrets.MYSQL_USER }} | |
| password: ${{ secrets.MYSQL_PASSWORD }} | |
| database: ${{ env.PRODUCT }} | |
| branch: ${{ env.ENVIRONMENT }} | |
| node: ${{ vars.NODE_VERSION }} | |
| execute: ${{ vars.DATABASE }} | |
| # 3. micro-serices WebApp deployments | |
| webapp: | |
| name: WebApp π | |
| needs: [setup] | |
| environment: ${{ needs.setup.outputs.environment }} | |
| runs-on: [self-hosted, EXIP, deployment] | |
| env: | |
| ENVIRONMENT: ${{ needs.setup.outputs.environment }} | |
| strategy: | |
| max-parallel: 1 | |
| # Do not cancel in-progress jobs upon failure | |
| fail-fast: false | |
| # Single dimension matrix | |
| matrix: | |
| webapp: ['api', 'ui'] | |
| concurrency: | |
| group: deployment-webapp-${{ github.workflow }}-${{ github.workflow_ref }}-${{ matrix.webapp }} | |
| cancel-in-progress: true | |
| steps: | |
| - name: Repository ποΈπ | |
| uses: actions/checkout@v4 | |
| - name: Port βοΈ | |
| run: | | |
| if [[ "${{ matrix.webapp }}" == "ui" ]]; then | |
| echo "PORT=${{ vars.UI_PORT }}" >> "$GITHUB_ENV" | |
| elif [[ "${{ matrix.webapp }}" == "api" ]]; then | |
| echo "PORT=${{ vars.API_PORT }}" >> "$GITHUB_ENV" | |
| fi | |
| - name: Deploy β‘ | |
| uses: ./.github/actions/webapp | |
| with: | |
| region: ${{ vars.REGION }} | |
| group: rg-${{ env.PRODUCT }}-${{ env.ENVIRONMENT }}-${{ vars.VERSION }} | |
| credentials: ${{ secrets.AZURE_CREDENTIALS }} | |
| acr: ${{ secrets.ACR_PASSWORD }} | |
| webapp: ${{ matrix.webapp }} | |
| branch: ${{ env.ENVIRONMENT }} | |
| node: ${{ vars.NODE_ENV }} | |
| port: ${{ env.PORT }} | |
| session: ${{ secrets.SESSION_SECRET }} | |
| notify: ${{ secrets.GOV_NOTIFY_API_KEY }} | |
| - name: UI 𧱠| |
| uses: azure/cli@v2 | |
| if: ${{ 'ui' == matrix.webapp }} | |
| with: | |
| inlineScript: | | |
| az webapp config appsettings set \ | |
| --name app-${{ env.PRODUCT }}-ui-${{ env.ENVIRONMENT }}-${{ vars.VERSION }} \ | |
| --settings \ | |
| TZ='${{ vars.TIMEZONE }}' \ | |
| NODE_ENV='${{ vars.NODE_ENV }}' \ | |
| PORT='${{ vars.UI_PORT }}' \ | |
| WEBSITES_PORT='${{ vars.UI_PORT }}' \ | |
| SESSION_SECRET='${{ secrets.SESSION_SECRET }}' \ | |
| GOOGLE_ANALYTICS_ID='${{ secrets.GOOGLE_ANALYTICS_ID }}' \ | |
| GOOGLE_TAG_MANAGER_ID='${{ secrets.GOOGLE_TAG_MANAGER_ID }}' \ | |
| APIM_MDM_URL='${{ secrets.APIM_MDM_URL }}' \ | |
| APIM_MDM_KEY='${{ secrets.APIM_MDM_KEY }}' \ | |
| APIM_MDM_VALUE='${{ secrets.APIM_MDM_VALUE }}' \ | |
| API_KEY='${{ secrets.API_KEY }}' | |
| APIM_MDM_VALUE='${{ secrets.APIM_MDM_VALUE }}' \ | |
| API_KEY='${{ secrets.API_KEY }}' | |
| - name: API 𧱠| |
| uses: azure/cli@v2 | |
| if: ${{ 'api' == matrix.webapp }} | |
| with: | |
| inlineScript: | | |
| az webapp config appsettings set \ | |
| --name app-${{ env.PRODUCT }}-api-${{ env.ENVIRONMENT }}-${{ vars.VERSION }} \ | |
| --settings \ | |
| TZ='${{ vars.TIMEZONE }}' \ | |
| NODE_ENV='${{ vars.NODE_ENV }}' \ | |
| PORT='${{ vars.API_PORT }}' \ | |
| WEBSITES_PORT='${{ vars.API_PORT }}' \ | |
| APIM_MDM_URL='${{ secrets.APIM_MDM_URL }}' \ | |
| APIM_MDM_KEY='${{ secrets.APIM_MDM_KEY }}' \ | |
| APIM_MDM_VALUE='${{ secrets.APIM_MDM_VALUE }}' \ | |
| API_KEY='${{ secrets.API_KEY }}' \ | |
| SESSION_SECRET='${{ secrets.SESSION_SECRET }}' \ | |
| GOV_NOTIFY_API_KEY='${{ secrets.GOV_NOTIFY_API_KEY }}' \ | |
| COMPANIES_HOUSE_API_URL='${{ secrets.COMPANIES_HOUSE_API_URL }}' \ | |
| COMPANIES_HOUSE_API_KEY='${{ secrets.COMPANIES_HOUSE_API_KEY }}' \ | |
| JWT_SIGNING_KEY='${{ secrets.JWT_SIGNING_KEY }}' \ | |
| UNDERWRITING_TEAM_EMAIL='${{ secrets.UNDERWRITING_TEAM_EMAIL }}' \ | |
| FEEDBACK_EMAIL_RECIPIENT='${{ secrets.FEEDBACK_EMAIL_RECIPIENT }}' \ | |
| EXCELJS_PROTECTION_PASSWORD='${{ secrets.EXCELJS_PROTECTION_PASSWORD }}' | |
| # 4. Notification | |
| notify: | |
| name: Notification π | |
| needs: [setup, webapp] | |
| environment: ${{ needs.setup.outputs.environment }} | |
| runs-on: [self-hosted, EXIP, deployment] | |
| env: | |
| ENVIRONMENT: ${{ needs.setup.outputs.environment }} | |
| WEBHOOK: ${{ secrets.MSTEAMS_WEBHOOK }} | |
| steps: | |
| - name: Facts | |
| run: | | |
| - name: MS Teams | |
| run: | | |
| curl --location '${{ env.WEBHOOK }}' \ | |
| --header 'Content-Type: application/json' \ | |
| --data-raw '{ | |
| "@type": "MessageCard", | |
| "@context": "http://schema.org/extensions", | |
| "themeColor": "00703c", | |
| "title": "π main : ${{ env.ENVIRONMENT }}", | |
| "summary": "Deployed '\''main'\'' branch to '\''${{ env.ENVIRONMENT }}'\'' EXIP environment", | |
| "sections": [ | |
| { | |
| "activityTitle": "Branch deployment", | |
| "activitySubtitle": "Deployed **main** branch to **${{ env.ENVIRONMENT }}** EXIP environment.", | |
| "facts": [ | |
| { | |
| "name": "Branch", | |
| "value": "main" | |
| }, | |
| { | |
| "name": "Environment", | |
| "value": "${{ env.ENVIRONMENT }}" | |
| }, | |
| { | |
| "name": "Commit", | |
| "value": "${{ github.sha }}" | |
| }, | |
| { | |
| "name": "Status", | |
| "value": "Successfull" | |
| } | |
| ], | |
| "markdown": true | |
| } | |
| ], | |
| "potentialAction": [ | |
| { | |
| "@type": "OpenUri", | |
| "name": "Deployment", | |
| "targets": [ | |
| { | |
| "os": "default", | |
| "uri": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" | |
| } | |
| ] | |
| } | |
| ] | |
| }' |