Merge pull request #231 from ministryofjustice/prod-deploy-fix #316
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: deploy | |
on: | |
workflow_dispatch: | |
push: | |
branches: | |
- 'main' | |
env: | |
APP_NAME: "laa-crime-equinity-historical-data-frontend" | |
IMAGE_TAG: ${{ github.sha }} # Tags ECR image with commit sha | |
IMAGE_TAG_PDF: ${{ github.sha }}pdf # Tags ECR image with commit sha specifically for PDF Generator | |
jobs: | |
tests: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Use Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version: '20.x' | |
- run: npm ci | |
- run: npm run build --if-present | |
- run: npm run test:ci | |
ecr: | |
runs-on: ubuntu-latest | |
needs: tests | |
permissions: | |
id-token: write # This is required for requesting the JWT | |
contents: read # This is required for actions/checkout | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{ secrets.ECR_ROLE_TO_ASSUME }} | |
aws-region: ${{ vars.ECR_REGION }} | |
- uses: aws-actions/amazon-ecr-login@v2 | |
id: login-ecr | |
# Build and push docker image to container repo | |
- name: Build and push docker image | |
uses: docker/build-push-action@v5 | |
env: | |
REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
REPOSITORY: ${{ vars.ECR_REPOSITORY }} | |
with: | |
tags: ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:${{ env.IMAGE_TAG }} | |
push: true | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
with: | |
context: ./gotenberg | |
tags: ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:${{ env.IMAGE_TAG_PDF }} | |
deploy-dev: | |
runs-on: ubuntu-latest | |
needs: ecr | |
environment: dev | |
permissions: | |
id-token: write # This is required for requesting the JWT | |
contents: read # This is required for actions/checkout | |
env: | |
KUBE_NAMESPACE: ${{ secrets.KUBE_NAMESPACE }} | |
APP_ENV: "dev" | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{ secrets.ECR_ROLE_TO_ASSUME }} | |
aws-region: ${{ vars.ECR_REGION }} | |
- uses: aws-actions/amazon-ecr-login@v2 | |
id: login-ecr | |
- name: Build and push docker image | |
uses: docker/build-push-action@v5 | |
env: | |
REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
REPOSITORY: ${{ vars.ECR_REPOSITORY }} | |
with: | |
tags: ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:${{ env.IMAGE_TAG }} | |
push: true | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
with: | |
context: ./gotenberg | |
tags: ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:${{ env.IMAGE_TAG_PDF }} | |
# Build and push PDF-Creator (Gotenberg) docker image to container repo | |
- name: Build and push docker image | |
uses: docker/build-push-action@v5 | |
env: | |
REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
REPOSITORY: ${{ vars.ECR_REPOSITORY }} | |
with: | |
file: ./gotenberg/Dockerfile | |
tags: ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:${{ env.IMAGE_TAG_PDF }} | |
push: true | |
- name: printing tags | |
run: echo ${{ steps.login-ecr.outputs.registry }}/${{ vars.ECR_REPOSITORY }}:${{ env.IMAGE_TAG }} | |
- name: Authenticate to K8 Cluster | |
run: | | |
mkdir deployments | |
cat ./.github/deployments/deployment.yml | envsubst > deployments/deployment.yml | |
cat ./.github/deployments/ingress.yml | envsubst > deployments/ingress.yml | |
cat ./.github/deployments/service.yml | envsubst > deployments/service.yml | |
env: | |
REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
REPOSITORY: ${{ vars.ECR_REPOSITORY }} | |
NAMESPACE: ${{ secrets.KUBE_NAMESPACE }} | |
IMAGE_NAME: ${{ steps.login-ecr.outputs.registry }}/${{ vars.ECR_REPOSITORY }}:${{ env.IMAGE_TAG }} | |
CP_NAMESPACE: "${{ env.APP_NAME }}-${{ env.APP_ENV }}" | |
- name: Deploy to K8 Cluster | |
run: | | |
echo "${{ secrets.KUBE_CERT }}" > ca.crt | |
echo ${KUBE_NAMESPACE} | |
echo ${{ env.IMAGE_NAME }} | |
kubectl config set-cluster ${KUBE_CLUSTER} --certificate-authority=./ca.crt --server=https://${KUBE_CLUSTER} | |
kubectl config set-credentials deploy-user --token=${{ secrets.KUBE_TOKEN }} | |
kubectl config set-context ${KUBE_CLUSTER} --cluster=${KUBE_CLUSTER} --user=deploy-user --namespace=${KUBE_NAMESPACE} | |
kubectl config use-context ${KUBE_CLUSTER} | |
kubectl -n ${KUBE_NAMESPACE} apply -f deployments/ | |
env: | |
KUBE_NAMESPACE: ${{ secrets.KUBE_NAMESPACE }} | |
KUBE_CLUSTER: ${{ secrets.KUBE_CLUSTER }} | |
IMAGE_NAME: ${{ steps.login-ecr.outputs.registry }}/${{ vars.ECR_REPOSITORY }}:${{ env.IMAGE_TAG }} | |
deploy-uat: | |
runs-on: ubuntu-latest | |
needs: ecr | |
environment: uat | |
permissions: | |
id-token: write # This is required for requesting the JWT | |
contents: read # This is required for actions/checkout | |
env: | |
KUBE_NAMESPACE: ${{ secrets.KUBE_NAMESPACE }} | |
APP_ENV: "uat" | |
IMAGE_TAG: ${{ github.sha }} # Tags ECR image with commit sha | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{ secrets.ECR_ROLE_TO_ASSUME }} | |
aws-region: ${{ vars.ECR_REGION }} | |
- uses: aws-actions/amazon-ecr-login@v2 | |
id: login-ecr | |
- name: Authenticate to K8 Cluster | |
run: | | |
mkdir deployments | |
cat ./.github/deployments/deployment.yml | envsubst > deployments/deployment.yml | |
cat ./.github/deployments/ingress.yml | envsubst > deployments/ingress.yml | |
cat ./.github/deployments/service.yml | envsubst > deployments/service.yml | |
env: | |
REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
REPOSITORY: ${{ vars.ECR_REPOSITORY }} | |
NAMESPACE: ${{ secrets.KUBE_NAMESPACE }} | |
IMAGE_NAME: ${{ steps.login-ecr.outputs.registry }}/${{ vars.ECR_REPOSITORY }}:${{ env.IMAGE_TAG }} | |
CP_NAMESPACE: "${{ env.APP_NAME }}-${{ env.APP_ENV }}" | |
- name: Deploy to K8 Cluster | |
run: | | |
echo "${{ secrets.KUBE_CERT }}" > ca.crt | |
echo ${KUBE_NAMESPACE} | |
echo ${{ env.IMAGE_NAME }} | |
kubectl config set-cluster ${KUBE_CLUSTER} --certificate-authority=./ca.crt --server=https://${KUBE_CLUSTER} | |
kubectl config set-credentials deploy-user --token=${{ secrets.KUBE_TOKEN }} | |
kubectl config set-context ${KUBE_CLUSTER} --cluster=${KUBE_CLUSTER} --user=deploy-user --namespace=${KUBE_NAMESPACE} | |
kubectl config use-context ${KUBE_CLUSTER} | |
kubectl -n ${KUBE_NAMESPACE} apply -f deployments/ | |
env: | |
KUBE_NAMESPACE: ${{ secrets.KUBE_NAMESPACE }} | |
KUBE_CLUSTER: ${{ secrets.KUBE_CLUSTER }} | |
IMAGE_NAME: ${{ steps.login-ecr.outputs.registry }}/${{ vars.ECR_REPOSITORY }}:${{ env.IMAGE_TAG }} | |
deploy-staging: | |
runs-on: ubuntu-latest | |
needs: deploy-uat | |
environment: staging | |
permissions: | |
id-token: write # This is required for requesting the JWT | |
contents: read # This is required for actions/checkout | |
env: | |
KUBE_NAMESPACE: ${{ secrets.KUBE_NAMESPACE }} | |
APP_ENV: "staging" | |
IMAGE_TAG: ${{ github.sha }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{ secrets.ECR_ROLE_TO_ASSUME }} | |
aws-region: ${{ vars.ECR_REGION }} | |
- uses: aws-actions/amazon-ecr-login@v2 | |
id: login-ecr | |
- name: Build and push docker image | |
uses: docker/build-push-action@v5 | |
env: | |
REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
REPOSITORY: ${{ vars.ECR_REPOSITORY }} | |
with: | |
tags: ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:${{ env.IMAGE_TAG }} | |
push: true | |
- name: Authenticate to the K8 cluster | |
run: | | |
mkdir deployments | |
cat ./.github/deployments/deployment.yml | envsubst > deployments/deployment.yml | |
cat ./.github/deployments/ingress.yml | envsubst > deployments/ingress.yml | |
cat ./.github/deployments/service.yml | envsubst > deployments/service.yml | |
env: | |
REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
REPOSITORY: ${{ vars.ECR_REPOSITORY }} | |
NAMESPACE: ${{ secrets.KUBE_NAMESPACE }} | |
IMAGE_NAME: ${{ steps.login-ecr.outputs.registry }}/${{ vars.ECR_REPOSITORY }}:${{ env.IMAGE_TAG }} | |
CP_NAMESPACE: "${{ env.APP_NAME }}-${{ env.APP_ENV }}" | |
- name: Deploy to K8 Cluster | |
run: | | |
echo "${{ secrets.KUBE_CERT }}" > ca.crt | |
echo ${{ secrets.KUBE_NAMESPACE }} | |
echo ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:${{ github.sha }} | |
kubectl config set-cluster ${KUBE_CLUSTER} --certificate-authority=./ca.crt --server=https://${KUBE_CLUSTER} | |
kubectl config set-credentials deploy-user --token=${{ secrets.KUBE_TOKEN }} | |
kubectl config set-context ${KUBE_CLUSTER} --cluster=${KUBE_CLUSTER} --user=deploy-user --namespace=${KUBE_NAMESPACE} | |
kubectl config use-context ${KUBE_CLUSTER} | |
kubectl -n ${KUBE_NAMESPACE} apply -f deployments/ | |
env: | |
KUBE_NAMESPACE: ${{ secrets.KUBE_NAMESPACE }} | |
KUBE_CLUSTER: ${{ secrets.KUBE_CLUSTER }} | |
IMAGE_NAME: ${{ steps.login-ecr.outputs.registry }}/${{ vars.ECR_REPOSITORY }}:${{ env.IMAGE_TAG }} | |
deploy-prod: | |
runs-on: ubuntu-latest | |
needs: deploy-staging | |
environment: prod | |
permissions: | |
id-token: write # This is required for requesting the JWT | |
contents: read # This is required for actions/checkout | |
env: | |
KUBE_NAMESPACE: ${{ secrets.KUBE_NAMESPACE }} | |
APP_ENV: "prod" | |
IMAGE_TAG: ${{ github.sha }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{ secrets.ECR_ROLE_TO_ASSUME }} | |
aws-region: ${{ vars.ECR_REGION }} | |
- uses: aws-actions/amazon-ecr-login@v2 | |
id: login-ecr | |
- name: Build and push docker image | |
uses: docker/build-push-action@v5 | |
env: | |
REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
REPOSITORY: ${{ vars.ECR_REPOSITORY }} | |
with: | |
tags: ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:${{ env.IMAGE_TAG }} | |
push: true | |
- name: Authenticate to the K8 cluster | |
run: | | |
mkdir deployments | |
cat ./.github/deployments/deployment.yml | envsubst > deployments/deployment.yml | |
cat ./.github/deployments/ingress.yml | envsubst > deployments/ingress.yml | |
cat ./.github/deployments/service.yml | envsubst > deployments/service.yml | |
env: | |
IMAGE_NAME: ${{ steps.login-ecr.outputs.registry }}/${{ vars.ECR_REPOSITORY }}:${{ github.sha }} | |
REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
REPOSITORY: ${{ vars.ECR_REPOSITORY }} | |
NAMESPACE: ${{ secrets.KUBE_NAMESPACE }} | |
CP_NAMESPACE: "${{ env.APP_NAME }}-${{ env.APP_ENV }}" | |
- name: Deploy to K8 Cluster | |
run: | | |
echo "${{ secrets.KUBE_CERT }}" > ca.crt | |
echo ${{ secrets.KUBE_NAMESPACE }} | |
echo ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:${{ github.sha }} | |
kubectl config set-cluster ${KUBE_CLUSTER} --certificate-authority=./ca.crt --server=https://${KUBE_CLUSTER} | |
kubectl config set-credentials deploy-user --token=${{ secrets.KUBE_TOKEN }} | |
kubectl config set-context ${KUBE_CLUSTER} --cluster=${KUBE_CLUSTER} --user=deploy-user --namespace=${KUBE_NAMESPACE} | |
kubectl config use-context ${KUBE_CLUSTER} | |
kubectl -n ${KUBE_NAMESPACE} apply -f deployments/ | |
env: | |
KUBE_NAMESPACE: ${{ secrets.KUBE_NAMESPACE }} | |
KUBE_CLUSTER: ${{ secrets.KUBE_CLUSTER }} |