New deployment from UKHSA-Internal/data-dashboard-infra #1719
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Production Workflow | |
run-name: New deployment from ${{ github.event.client_payload.repository || github.repository }} | |
on: | |
push: | |
branches: | |
- "main" | |
repository_dispatch: | |
types: [trigger-deployments] | |
workflow_dispatch: | |
env: | |
AWS_REGION: "eu-west-2" | |
permissions: | |
id-token: write | |
contents: read | |
jobs: | |
terraform_plan: | |
name: Terraform plan | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-python@v5 | |
- name: Configure AWS credentials for tools account | |
uses: ./.github/actions/configure-aws-credentials | |
with: | |
aws-region: ${{ env.AWS_REGION }} | |
tools-account-role: ${{ secrets.UHD_TERRAFORM_IAM_ROLE }} | |
- uses: ./.github/actions/setup-terraform | |
- uses: ./.github/actions/setup-zsh | |
- name: Terraform plan | |
run: | | |
source uhd.sh | |
uhd terraform init | |
uhd terraform plan:layer 10-account prod | |
uhd terraform plan:layer 20-app prod | |
shell: zsh {0} | |
terraform_apply: | |
name: Terraform apply | |
runs-on: ubuntu-latest | |
needs: ["terraform_plan"] | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-python@v5 | |
- name: Configure AWS credentials for tools account | |
uses: ./.github/actions/configure-aws-credentials | |
with: | |
aws-region: ${{ env.AWS_REGION }} | |
tools-account-role: ${{ secrets.UHD_TERRAFORM_IAM_ROLE }} | |
role-duration-seconds: "7200" | |
- uses: ./.github/actions/setup-terraform | |
- uses: ./.github/actions/setup-zsh | |
- name: Terraform apply | |
run: | | |
source uhd.sh | |
uhd terraform init | |
uhd terraform apply:layer 10-account prod | |
uhd terraform apply:layer 20-app prod | |
shell: zsh {0} | |
push_docker_images: | |
name: Push docker images | |
runs-on: ubuntu-latest | |
needs: ["terraform_apply"] | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Configure AWS credentials for tools account | |
uses: ./.github/actions/configure-aws-credentials | |
with: | |
aws-region: ${{ env.AWS_REGION }} | |
tools-account-role: ${{ secrets.UHD_TERRAFORM_IAM_ROLE }} | |
- uses: ./.github/actions/setup-zsh | |
- name: Pull / push docker images | |
run: | | |
source uhd.sh | |
uhd docker update prod prod | |
shell: zsh {0} | |
restart_services: | |
name: Restart services | |
runs-on: ubuntu-latest | |
needs: ["push_docker_images"] | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Configure AWS credentials for tools account | |
uses: ./.github/actions/configure-aws-credentials | |
with: | |
aws-region: ${{ env.AWS_REGION }} | |
tools-account-role: ${{ secrets.UHD_TERRAFORM_IAM_ROLE }} | |
- uses: ./.github/actions/setup-terraform | |
- uses: ./.github/actions/setup-zsh | |
- name: Terraform output | |
run: | | |
source uhd.sh | |
uhd terraform init:layer 20-app | |
uhd terraform output:layer 20-app prod | |
shell: zsh {0} | |
- name: Configure AWS credentials for prod account | |
uses: ./.github/actions/configure-aws-credentials | |
with: | |
account-name: 'prod' | |
aws-region: ${{ env.AWS_REGION }} | |
prod-account-role: ${{ secrets.UHD_TERRAFORM_ROLE_PROD }} | |
- name: Restart ECS services | |
run: | | |
source uhd.sh | |
uhd ecs restart-services | |
shell: zsh {0} | |
- name: Redeploy lambda functions | |
run: | | |
source uhd.sh | |
uhd lambda restart-functions | |
shell: zsh {0} | |
trigger-smoke-tests: | |
name: Trigger smoke tests | |
needs: [restart_services] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out code | |
uses: actions/checkout@v4 | |
- uses: ./.github/actions/trigger-smoke-tests | |
with: | |
token: ${{ secrets.DEPLOYMENT_TRIGGER_TOKEN }} | |
fast_forward_env_branches: | |
name: Fast forward env branches | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write | |
outputs: | |
deploy_dev: ${{ steps.fast_forward_merge.outputs.deploy_dev }} | |
deploy_dpd: ${{ steps.fast_forward_merge.outputs.deploy_dpd }} | |
deploy_test: ${{ steps.fast_forward_merge.outputs.deploy_test }} | |
deploy_staging: ${{ steps.fast_forward_merge.outputs.deploy_staging }} | |
deploy_perf: ${{ steps.fast_forward_merge.outputs.deploy_perf }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- uses: ./.github/actions/setup-zsh | |
- name: Fast forward env branches | |
id: fast_forward_merge | |
run: | | |
- scripts/fast-forward-env-branches.sh | |
shell: zsh {0} | |
env: | |
GH_TOKEN: ${{ github.token }} | |
deploy_dev: | |
needs: fast_forward_env_branches | |
if: ${{needs.fast_forward_env_branches.outputs.deploy_dev}} | |
uses: ./.github/workflows/well-known-environment.yml | |
with: | |
branch: env/dev/dev | |
secrets: inherit | |
deploy_dpd: | |
needs: fast_forward_env_branches | |
if: ${{needs.fast_forward_env_branches.outputs.deploy_dpd}} | |
uses: ./.github/workflows/well-known-environment.yml | |
with: | |
branch: env/dev/dpd | |
secrets: inherit | |
deploy_test: | |
needs: fast_forward_env_branches | |
if: ${{needs.fast_forward_env_branches.outputs.deploy_test}} | |
uses: ./.github/workflows/well-known-environment.yml | |
with: | |
branch: env/test/test | |
secrets: inherit | |
# deploy_perf: | |
# needs: fast_forward_env_branches | |
# if: ${{needs.fast_forward_env_branches.outputs.deploy_perf}} | |
# uses: ./.github/workflows/well-known-environment.yml | |
# with: | |
# branch: env/test/perf | |
# secrets: inherit | |
deploy_staging: | |
needs: fast_forward_env_branches | |
if: ${{needs.fast_forward_env_branches.outputs.deploy_staging}} | |
uses: ./.github/workflows/well-known-environment.yml | |
with: | |
branch: env/uat/staging | |
secrets: inherit |