Deployment
The Hale Platform can be deployed into four environments, prod, staging, dev and demo. These environments are represented by branches in this repo and by merging your code into these branches you will trigger a build and deployment.
To deploy into each environment we use GitActions. This actions are configured in our cd.yaml file. Here is an example of what the deployment interface looks like:
Merge or push code to the main branch. This will trigger a deployment to staging. To then deploy to production, you will then have to manually go into the GitActions tab and approve the deployment out to the production environment.
Merge or push code to the corresponding branch with the same name. You can check you progress via GitActions workflow chart.
In your terminal run helm list. You should see a timestamp that corresponds to your deployment and status deployed. You can also run kubectl get all. You should see your pods running with a pod status of 2/2 and Running.
- Make sure plugin or hale theme has changes merged into that repo's main branch.
- Make sure the version has been updated and new release created.
- Make an empty commit in the
mainbranch using the commandgit commit --allow-empty -m "<message>"
- e.g.
git commit --allow-empty -m "Hale version x.y.z deploy"
- If pushing to production, you will need to approve manually the deployment from staging to production in GitActions.
- Push the development branch in the Hale repo to github.
- Switch to the
demobranch of this repo. - Edit the
composer.jsonfile: Change to"ministryofjustice/hale": "dev-[branch name]",which is on line 42 at time of writing. - Make an empty commit in the
demobranch using the commandgit commit --allow-empty -m "<message>"
- e.g.
git commit --allow-empty -m "Accordion changes demo deploy"
- To continue work on the development branch, you will need to re-clone the Hale repo and pick up from where you left off.
The build and deployment git action relies on Github secrets and variables. Most of these are generated by Cloud Platform (Hosting Platform) but some have been manually entered.
Most of secrets/variables for each environment are named the same where possible. Then on deployment it uses GitHub environments to determine which the value to use. This means we can use the same deploy code for all environments making it easier to maintain. Unfortunately due restrictions with the Cloud Platform (Hosting Platform) when the same github repo is being using for multiple namespaces (dev, staging etc..) ecr secrets/variables names are required to have a prefix which has meant that there has to be a workflow job for each environment (we are hoping we can find a way around this in the future).
"*" These secrets need to be base64 when added to GitActions. Take the secret and run it through echo -n "supersecretpassword" | base64. Any password that has special characters need to be entered as base64.
| Secret/Variable Name | Type | Generated/Manual |
|---|---|---|
| ECR_NAME | Secret | Generated |
| ECR_URL | Secret | Generated |
| KUBE_CERT | Secret | Generated |
| KUBE_CLUSTER | Secret | Generated |
| KUBE_NAMESPACE | Secret | Generated |
| KUBE_TOKEN | Secret | Generated |
| S3_UPLOADS_BUCKET | Secret | Manual |
| S3_UPLOADS_REGION | Secret | Manual |
| WORDPRESS_ADMIN_EMAIL | Secret | Manual |
| WORDPRESS_ADMIN_PASSWORD | Secret | Manual |
| WORDPRESS_ADMIN_USER | Secret | Manual |
| WORDPRESS_AUTH_KEY_FILE | Secret | *Manual |
| WORDPRESS_AUTH_SALT_FILE | Secret | *Manual |
| WORDPRESS_DB_HOST | Secret | Manual |
| WORDPRESS_DB_NAME | Secret | Manual |
| WORDPRESS_DB_PASSWORD | Secret | Manual |
| WORDPRESS_DB_USER | Secret | Manual |
| WORDPRESS_LOGGED_IN_KEY_FILE | Secret | *Manual |
| WORDPRESS_LOGGED_IN_SALT_FILE | Secret | *Manual |
| WORDPRESS_NONCE_KEY_FILE | Secret | *Manual |
| WORDPRESS_NONCE_SALT_FILE | Secret | *Manual |
| WORDPRESS_SECURE_AUTH_KEY_FILE | Secret | *Manual |
| WORDPRESS_SECURE_AUTH_SALT_FILE | Secret | *Manual |
| ENV_TYPE | Variable | Manual |
| AVATURE_FEED_USERNAME | Secret | Manual |
| AVATURE_FEED_PASSWORD | Secret | *Manual |