feat: workflow improvements (#29)

* chore: remove ha in dev * chore: logs * changes to instances * chore: reusable workflow * chore: remove working directory from stack * chore: add test deploy * fix: Add missing environment to ui deploy * fix: add missing , name of environment * chore: intermdeiate commit * chore: add aurora db creds mapping * fix: stack prefix * fix repo name * fix: env vars * fix: stack name callout * chore: workflows * fix: reading aurora params * fix: db app env * fix: remove ui build deploy to s3 during pr * chore: move out e2e to workflow call * fix: needs and frontend url * chore: commit * fix : ecs cluster name * fix: resume aws resources * chore: update prune resources to use reusable workflow. * chore: remove retags
bcgov · Dec 30, 2024 · 0a3f355 · 0a3f355
1 parent 1d0726b
commit 0a3f355
Show file tree

Hide file tree

Showing 23 changed files with 379 additions and 192 deletions.
diff --git a/.github/workflows/.deploy_stack.yml b/.github/workflows/.deploy_stack.yml
@@ -0,0 +1,106 @@
+name: .Deploy Stack
+
+on:
+  workflow_call:
+    inputs:
+      ### Required
+      environment_name:
+        description: 'The name of the environment to deploy to'
+        required: true
+        default: 'dev'
+        type: string
+      command:
+        description: 'The terragrunt command to run'
+        required: true
+        default: 'apply'
+        type: string
+      tag:
+        description: 'The tag of the containers to deploy'
+        default: 'latest'
+        type: string
+        required: false
+      app_env:
+        required: false
+        type: string
+        description: 'The APP env separates between AWS ENV and Actual APP, since AWS dev is where PR, and TEST is deployed'
+    outputs:
+      API_GW_URL: 
+        value: ${{ jobs.deploy-api.outputs.API_GW_URL }}
+      S3_BUCKET_ARN:
+        value: ${{ jobs.deploy-cloudfront.outputs.S3_BUCKET_ARN }}
+      CF_DOMAIN:
+        value: ${{ jobs.deploy-cloudfront.outputs.CF_DOMAIN }}
+      CF_DISTRIBUTION_ID:
+        value: ${{ jobs.deploy-cloudfront.outputs.CF_DISTRIBUTION_ID }}
+env:
+    AWS_REGION: ca-central-1
+jobs:
+  stack-prefix:
+    name: Stack Prefix
+    uses: ./.github/workflows/.stack-prefix.yml
+  deploy-db:
+    name: Deploys Database
+    needs: [stack-prefix]
+    uses: ./.github/workflows/.deployer.yml
+    with:
+      environment_name: ${{ inputs.environment_name }}
+      command: ${{ inputs.command }}
+      working_directory: database
+      app_env: ${{ inputs.app_env }}
+      stack_prefix: ${{ needs.stack-prefix.outputs.stack_prefix }}
+    secrets: inherit
+  deploy-api:
+    name: Deploys API
+    needs: [deploy-db, stack-prefix]
+    uses: ./.github/workflows/.deployer.yml
+    with:
+      environment_name: ${{ inputs.environment_name }}
+      command: ${{ inputs.command }}
+      tag: ${{ inputs.tag }}
+      app_env: ${{ inputs.app_env }}
+      working_directory: api
+      stack_prefix: ${{ needs.stack-prefix.outputs.stack_prefix }}
+    secrets: inherit
+  deploy-cloudfront:
+    name: Deploys Cloudfront
+    needs: [stack-prefix]
+    uses: ./.github/workflows/.deployer.yml
+    with:
+      environment_name: ${{ inputs.environment_name }}
+      command: ${{ inputs.command }}
+      tag: ${{ inputs.tag }}
+      app_env: ${{ inputs.app_env }}
+      working_directory: frontend
+      stack_prefix: ${{ needs.stack-prefix.outputs.stack_prefix }}
+    secrets: inherit
+  build-ui:
+    name: Build And upload UI to s3 ${{ inputs.environment_name }}
+    environment: ${{ inputs.environment_name }}
+    if: ${{ inputs.command == 'apply' }}
+    needs: [deploy-api, deploy-cloudfront]
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: setup node
+        uses: actions/setup-node@v4
+        with:
+          node-version: '22'
+          cache: 'npm'
+          cache-dependency-path: frontend/package-lock.json
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+            role-to-assume: ${{ secrets.AWS_DEPLOY_ROLE_ARN }}
+            aws-region: ${{ env.AWS_REGION }}
+      - name: Build And Update UI (CF)
+        working-directory: frontend
+        env:
+          VITE_API_BASE_URL: ${{ needs.deploy-api.outputs.API_GW_URL }}/api
+          S3_BUCKET_ARN: ${{ needs.deploy-cloudfront.outputs.S3_BUCKET_ARN }}
+          CF_DISTRIBUTION_ID: ${{ needs.deploy-cloudfront.outputs.CF_DISTRIBUTION_ID }}
+        run: |
+          npm run deploy
+          aws s3 sync --delete ./dist s3://$(echo "$S3_BUCKET_ARN" | cut -d: -f6)
+          aws cloudfront create-invalidation --distribution-id $CF_DISTRIBUTION_ID --paths "/*"
diff --git a/.github/workflows/.deployer.yml b/.github/workflows/.deployer.yml
@@ -28,6 +28,10 @@ on:
         required: false
         type: string
         description: 'The APP env separates between AWS ENV and Actual APP, since AWS dev is where PR, and TEST is deployed'
+      stack_prefix:
+        required: true
+        type: string
+        description: 'The stack prefix to use for the resources'
     outputs:
       API_GW_URL: 
         value: ${{ jobs.infra.outputs.API_GW_URL }}
@@ -80,6 +84,7 @@ jobs:
           flyway_image: ghcr.io/${{github.repository}}/migrations:${{inputs.tag}}
           api_image: ghcr.io/${{github.repository}}/backend:${{inputs.tag}}
           app_env: ${{inputs.app_env}}
+          stack_prefix: ${{ inputs.stack_prefix }}
       run: |
           # Run terraform
           terragrunt run-all ${{inputs.command}} --terragrunt-non-interactive
@@ -93,6 +98,7 @@ jobs:
           flyway_image: ghcr.io/${{github.repository}}/migrations:${{inputs.tag}}
           api_image: ghcr.io/${{github.repository}}/backend:${{inputs.tag}}
           app_env: ${{inputs.app_env}}
+          stack_prefix: ${{ inputs.stack_prefix }}
       run: |
           terragrunt output -json > outputs.json
           #print the output
@@ -109,6 +115,7 @@ jobs:
           flyway_image: ghcr.io/${{github.repository}}/migrations:${{inputs.tag}}
           api_image: ghcr.io/${{github.repository}}/backend:${{inputs.tag}}
           app_env: ${{inputs.app_env}}
+          stack_prefix: ${{ inputs.stack_prefix }}
       run: |
           terragrunt output -json > outputs.json
           #print the output

diff --git a/.github/workflows/.e2e.yml b/.github/workflows/.e2e.yml
@@ -0,0 +1,63 @@
+name: .E2E
+on:
+  workflow_call:
+    inputs:
+      frontend_url:
+        description: 'The URL of the frontend to test'
+        required: true
+        type: string
+      tag:
+        description: 'The tag of the containers to test'
+        default: 'latest'
+        type: string
+        required: false
+jobs:
+  e2e-tests:
+    name: E2E Tests
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Run Docker compose
+        if: ${{ inputs.frontend_url == 'http://localhost:3000' }}
+        env:
+          BACKEND_IMAGE: ghcr.io/${{ github.repository }}/backend:${{ inputs.tag }}
+          FLYWAY_IMAGE: ghcr.io/${{ github.repository }}/migrations:${{ inputs.tag }}
+          FRONTEND_IMAGE: ghcr.io/${{ github.repository }}/frontend:${{ inputs.tag }}
+        run: docker compose up -d --wait
+        continue-on-error: true
+      - name: Docker Compose Logs
+        if:  ${{ runner.debug == '1' &&  inputs.frontend_url == 'http://localhost:3000' }}
+        run: docker compose logs
+      - name: Cache Playwright Browsers
+        uses: actions/cache@v4
+        id: playwright-cache
+        with:
+          path: |
+            ~/.cache/ms-playwright
+          key: ${{ runner.os }}-playwright-${{ hashFiles('**/package-lock.json') }}
+      - uses: actions/setup-node@v4
+        name: Setup Node
+        with:
+          node-version: 22
+          cache: 'npm'
+          cache-dependency-path: frontend/package-lock.json
+      - name: Fix permissions
+        run: sudo chown -R $USER:$USER frontend
+      - name: Install dependencies
+        working-directory: frontend
+        run: |
+          npm ci
+      - run: npx @playwright/test install --with-deps
+        if: steps.playwright-cache.outputs.cache-hit != 'true'
+        working-directory: ./frontend
+      - run: npx @playwright/test install-deps
+        if: steps.playwright-cache.outputs.cache-hit == 'true'
+        working-directory: ./frontend
+      - name: Run Tests
+        working-directory: frontend
+        env:
+          E2E_BASE_URL: ${{ inputs.frontend_url }}
+          CI: 'true'
+        run: |
+          npx playwright test --project="chromium" --reporter=blob
diff --git a/.github/workflows/.stack-prefix.yml b/.github/workflows/.stack-prefix.yml
@@ -0,0 +1,52 @@
+name: .Stack Prefix
+on:
+  workflow_call:
+    outputs:
+      STACK_PREFIX: 
+        description: 'The Stack Prefix'
+        value: ${{ jobs.prefix.outputs.STACK_PREFIX }}
+jobs:
+  prefix:
+    name: Stack Prefix
+    runs-on: ubuntu-24.04
+    outputs:
+      STACK_PREFIX: ${{ steps.stack-prefix.outputs.STACK_PREFIX }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Generate Stack Prefix
+        id: stack-prefix
+        shell: bash
+        run: |
+          # Get repository name
+          REPO_NAME="${{ github.event.repository.name }}"
+
+          # If repo name is less than 20 characters, use it directly
+          if [[ ${#REPO_NAME} -lt 20 ]]; then
+            STACK_PREFIX="${REPO_NAME}"
+          else
+            # Split by hyphen or underscore and get first letter of each word
+            PREFIX=$(echo "$REPO_NAME" | 
+                    awk -v RS='[-_]' '{printf "%s", tolower(substr($0,1,1))}' | 
+                    tr -d '\n')
+
+            # Ensure at least 4 characters without repetition
+            while [[ ${#PREFIX} -lt 4 ]]; do
+              # Concatenate with the next letter in the sequence (avoiding randomness)
+              SUFFIX="${PREFIX: -1}"  # Get the last character of the current PREFIX
+              INDEX=$(( $(echo "$PREFIX" | grep -o "$SUFFIX" | wc -l) + 1 ))  # Get the index of the next character
+              NEXT_CHAR=$(echo "$PREFIX" | cut -c $INDEX)  # Get the next character
+              PREFIX="${PREFIX}${NEXT_CHAR}"
+            done
+
+            # Truncate if prefix exceeds 10 characters
+            if [[ ${#PREFIX} -gt 10 ]]; then
+              PREFIX="${PREFIX:0:10}"
+            fi
+
+            STACK_PREFIX="${PREFIX}"
+          fi
+
+          # Set output
+          echo "STACK_PREFIX=$STACK_PREFIX" >> $GITHUB_OUTPUT
+          echo "Generated prefix: $STACK_PREFIX"
diff --git a/.github/workflows/.tests.yml b/.github/workflows/.tests.yml
@@ -76,49 +76,7 @@ jobs:
           sarif_file: "trivy-results.sarif"
   e2e:
     name: E2E Tests
-    runs-on: ubuntu-24.04
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-      - name: Run Docker compose
-        env:
-          BACKEND_IMAGE: ghcr.io/${{ github.repository }}/backend:${{ inputs.tag }}
-          FLYWAY_IMAGE: ghcr.io/${{ github.repository }}/migrations:${{ inputs.tag }}
-          FRONTEND_IMAGE: ghcr.io/${{ github.repository }}/frontend:${{ inputs.tag }}
-        run: docker compose up -d --wait
-        continue-on-error: true
-      - name: Docker Compose Logs
-        if:  ${{ runner.debug == '1' }}
-        run: docker compose logs
-      - name: Cache Playwright Browsers
-        uses: actions/cache@v4
-        id: playwright-cache
-        with:
-          path: |
-            ~/.cache/ms-playwright
-          key: ${{ runner.os }}-playwright-${{ hashFiles('**/package-lock.json') }}
-      - uses: actions/setup-node@v4
-        name: Setup Node
-        with:
-          node-version: 22
-          cache: 'npm'
-          cache-dependency-path: frontend/package-lock.json
-      - name: Fix permissions
-        run: sudo chown -R $USER:$USER frontend
-      - name: Install dependencies
-        working-directory: frontend
-        run: |
-          npm ci
-      - run: npx @playwright/test install --with-deps
-        if: steps.playwright-cache.outputs.cache-hit != 'true'
-        working-directory: ./frontend
-      - run: npx @playwright/test install-deps
-        if: steps.playwright-cache.outputs.cache-hit == 'true'
-        working-directory: ./frontend
-      - name: Run Tests
-        working-directory: frontend
-        env:
-          E2E_BASE_URL: http://localhost:3000
-          CI: 'true'
-        run: |
-          npx playwright test --project="chromium" --reporter=blob
+    uses: ./.github/workflows/.e2e.yml
+    with:
+      FRONTEND_URL: http://localhost:3000
+      tag: ${{ inputs.tag }}
diff --git a/.github/workflows/merge.yml b/.github/workflows/merge.yml
@@ -28,64 +28,30 @@ jobs:
         if: ${{ github.event_name != 'workflow_dispatch' }} 
         id: pr
         uses: bcgov-nr/action-get-pr@v0.0.1
-  deploy-db:
+
+  deploy_stack_dev:
+    name: Deploy Stack Dev
     needs: [vars]
-    name: Deploys Database
-    uses: ./.github/workflows/.deployer.yml
+    uses: ./.github/workflows/.deploy_stack.yml
     with:
       environment_name: dev
       command: apply
-      working_directory: database
-      app_env: dev
-    secrets: inherit
-  deploy-api:
-    name: Deploys API
-    needs: [vars,deploy-db]
-    uses: ./.github/workflows/.deployer.yml
-    with:
-      environment_name: dev
-      command: apply
-      working_directory: api
       tag: ${{ needs.vars.outputs.pr }}
       app_env: dev
     secrets: inherit
-  deploy-cloudfront:
-    name: Deploys Cloudfront
-    needs: [vars]
-    uses: ./.github/workflows/.deployer.yml
+  e2e:
+    name: E2E Tests
+    needs: [deploy_stack_dev]
+    uses: ./.github/workflows/.e2e.yml
     with:
-      environment_name: dev
+      frontend_url: https://${{ needs.deploy_stack_dev.outputs.CF_DOMAIN }}
+  deploy_stack_test:
+    name: Deploy Stack Test
+    needs: [vars, e2e]
+    uses: ./.github/workflows/.deploy_stack.yml
+    with:
+      environment_name: test
       command: apply
-      working_directory: frontend
-      app_env: dev
+      tag: ${{ needs.vars.outputs.pr }}
+      app_env: test
     secrets: inherit
-  build-ui:
-    name: Builds UI
-    needs: [deploy-api, deploy-cloudfront]
-    runs-on: ubuntu-24.04
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: setup node
-        uses: actions/setup-node@v4
-        with:
-          node-version: '22'
-          cache: 'npm'
-          cache-dependency-path: frontend/package-lock.json
-      - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v4
-        with:
-            role-to-assume: ${{ secrets.AWS_DEPLOY_ROLE_ARN }}
-            aws-region: ${{ env.AWS_REGION }}
-      - name: Build And Update UI (CF)
-        working-directory: frontend
-        env:
-          VITE_API_BASE_URL: ${{ needs.deploy-api.outputs.API_GW_URL }}/api
-          S3_BUCKET_ARN: ${{ needs.deploy-cloudfront.outputs.S3_BUCKET_ARN }}
-          CF_DISTRIBUTION_ID: ${{ needs.deploy-cloudfront.outputs.CF_DISTRIBUTION_ID }}
-        run: |
-          npm run deploy
-          aws s3 sync --delete ./dist s3://$(echo "$S3_BUCKET_ARN" | cut -d: -f6)
-          aws cloudfront create-invalidation --distribution-id $CF_DISTRIBUTION_ID --paths "/*"
-