Merge pull request #237 from ministryofjustice/EMP-438-restrict-repor… #325

Workflow file for this run

	name: deploy

	on:
	workflow_dispatch:
	push:
	branches:
	- 'main'
	env:
	APP_NAME: "laa-crime-equinity-historical-data-frontend"
	IMAGE_TAG: ${{ github.sha }} # Tags ECR image with commit sha
	IMAGE_TAG_PDF: ${{ github.sha }}pdf # Tags ECR image with commit sha specifically for PDF Generator

	jobs:
	tests:

	runs-on: ubuntu-latest

	steps:
	- uses: actions/checkout@v4
	- name: Use Node.js
	uses: actions/setup-node@v4
	with:
	node-version: '20.x'
	- run: npm ci
	- run: npm run build --if-present
	- run: npm run test:ci


	ecr:
	runs-on: ubuntu-latest
	needs: tests
	permissions:
	id-token: write # This is required for requesting the JWT
	contents: read # This is required for actions/checkout

	steps:
	- uses: actions/checkout@v4

	- name: Configure AWS credentials
	uses: aws-actions/configure-aws-credentials@v4
	with:
	role-to-assume: ${{ secrets.ECR_ROLE_TO_ASSUME }}
	aws-region: ${{ vars.ECR_REGION }}

	- uses: aws-actions/amazon-ecr-login@v2
	id: login-ecr

	# Build and push docker image to container repo
	- name: Build and push docker image
	uses: docker/build-push-action@v5
	env:
	REGISTRY: ${{ steps.login-ecr.outputs.registry }}
	REPOSITORY: ${{ vars.ECR_REPOSITORY }}
	with:
	tags: ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:${{ env.IMAGE_TAG }}
	push: true

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3
	with:
	context: ./gotenberg
	tags: ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:${{ env.IMAGE_TAG_PDF }}


	deploy-dev:
	runs-on: ubuntu-latest
	needs: ecr
	environment: dev
	permissions:
	id-token: write # This is required for requesting the JWT
	contents: read # This is required for actions/checkout
	env:
	KUBE_NAMESPACE: ${{ secrets.KUBE_NAMESPACE }}
	APP_ENV: "dev"

	steps:
	- uses: actions/checkout@v4

	- uses: aws-actions/configure-aws-credentials@v4
	with:
	role-to-assume: ${{ secrets.ECR_ROLE_TO_ASSUME }}
	aws-region: ${{ vars.ECR_REGION }}

	- uses: aws-actions/amazon-ecr-login@v2
	id: login-ecr

	- name: Build and push docker image
	uses: docker/build-push-action@v5
	env:
	REGISTRY: ${{ steps.login-ecr.outputs.registry }}
	REPOSITORY: ${{ vars.ECR_REPOSITORY }}
	with:
	tags: ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:${{ env.IMAGE_TAG }}
	push: true

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3
	with:
	context: ./gotenberg
	tags: ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:${{ env.IMAGE_TAG_PDF }}

	# Build and push PDF-Creator (Gotenberg) docker image to container repo
	- name: Build and push docker image
	uses: docker/build-push-action@v5
	env:
	REGISTRY: ${{ steps.login-ecr.outputs.registry }}
	REPOSITORY: ${{ vars.ECR_REPOSITORY }}
	with:
	file: ./gotenberg/Dockerfile
	tags: ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:${{ env.IMAGE_TAG_PDF }}
	push: true

	- name: printing tags
	run: echo ${{ steps.login-ecr.outputs.registry }}/${{ vars.ECR_REPOSITORY }}:${{ env.IMAGE_TAG }}

	- name: Authenticate to K8 Cluster
	run: \|
	mkdir deployments
	cat ./.github/deployments/deployment.yml \| envsubst > deployments/deployment.yml
	cat ./.github/deployments/ingress.yml \| envsubst > deployments/ingress.yml
	cat ./.github/deployments/service.yml \| envsubst > deployments/service.yml
	env:
	REGISTRY: ${{ steps.login-ecr.outputs.registry }}
	REPOSITORY: ${{ vars.ECR_REPOSITORY }}
	NAMESPACE: ${{ secrets.KUBE_NAMESPACE }}
	IMAGE_NAME: ${{ steps.login-ecr.outputs.registry }}/${{ vars.ECR_REPOSITORY }}:${{ env.IMAGE_TAG }}
	CP_NAMESPACE: "${{ env.APP_NAME }}-${{ env.APP_ENV }}"


	- name: Deploy to K8 Cluster
	run: \|
	echo "${{ secrets.KUBE_CERT }}" > ca.crt
	echo ${KUBE_NAMESPACE}
	echo ${{ env.IMAGE_NAME }}
	kubectl config set-cluster ${KUBE_CLUSTER} --certificate-authority=./ca.crt --server=https://${KUBE_CLUSTER}
	kubectl config set-credentials deploy-user --token=${{ secrets.KUBE_TOKEN }}
	kubectl config set-context ${KUBE_CLUSTER} --cluster=${KUBE_CLUSTER} --user=deploy-user --namespace=${KUBE_NAMESPACE}
	kubectl config use-context ${KUBE_CLUSTER}
	kubectl -n ${KUBE_NAMESPACE} apply -f deployments/
	env:
	KUBE_NAMESPACE: ${{ secrets.KUBE_NAMESPACE }}
	KUBE_CLUSTER: ${{ secrets.KUBE_CLUSTER }}
	IMAGE_NAME: ${{ steps.login-ecr.outputs.registry }}/${{ vars.ECR_REPOSITORY }}:${{ env.IMAGE_TAG }}



	deploy-uat:
	runs-on: ubuntu-latest
	needs: ecr
	environment: uat
	permissions:
	id-token: write # This is required for requesting the JWT
	contents: read # This is required for actions/checkout
	env:
	KUBE_NAMESPACE: ${{ secrets.KUBE_NAMESPACE }}
	APP_ENV: "uat"
	IMAGE_TAG: ${{ github.sha }} # Tags ECR image with commit sha
	steps:
	- uses: actions/checkout@v4

	- uses: aws-actions/configure-aws-credentials@v4
	with:
	role-to-assume: ${{ secrets.ECR_ROLE_TO_ASSUME }}
	aws-region: ${{ vars.ECR_REGION }}
	- uses: aws-actions/amazon-ecr-login@v2
	id: login-ecr

	- name: Authenticate to K8 Cluster
	run: \|
	mkdir deployments
	cat ./.github/deployments/deployment.yml \| envsubst > deployments/deployment.yml
	cat ./.github/deployments/ingress.yml \| envsubst > deployments/ingress.yml
	cat ./.github/deployments/service.yml \| envsubst > deployments/service.yml
	env:
	REGISTRY: ${{ steps.login-ecr.outputs.registry }}
	REPOSITORY: ${{ vars.ECR_REPOSITORY }}
	NAMESPACE: ${{ secrets.KUBE_NAMESPACE }}
	IMAGE_NAME: ${{ steps.login-ecr.outputs.registry }}/${{ vars.ECR_REPOSITORY }}:${{ env.IMAGE_TAG }}
	CP_NAMESPACE: "${{ env.APP_NAME }}-${{ env.APP_ENV }}"
	- name: Deploy to K8 Cluster
	run: \|
	echo "${{ secrets.KUBE_CERT }}" > ca.crt
	echo ${KUBE_NAMESPACE}
	echo ${{ env.IMAGE_NAME }}
	kubectl config set-cluster ${KUBE_CLUSTER} --certificate-authority=./ca.crt --server=https://${KUBE_CLUSTER}
	kubectl config set-credentials deploy-user --token=${{ secrets.KUBE_TOKEN }}
	kubectl config set-context ${KUBE_CLUSTER} --cluster=${KUBE_CLUSTER} --user=deploy-user --namespace=${KUBE_NAMESPACE}
	kubectl config use-context ${KUBE_CLUSTER}
	kubectl -n ${KUBE_NAMESPACE} apply -f deployments/
	env:
	KUBE_NAMESPACE: ${{ secrets.KUBE_NAMESPACE }}
	KUBE_CLUSTER: ${{ secrets.KUBE_CLUSTER }}
	IMAGE_NAME: ${{ steps.login-ecr.outputs.registry }}/${{ vars.ECR_REPOSITORY }}:${{ env.IMAGE_TAG }}

	deploy-staging:
	runs-on: ubuntu-latest
	needs: deploy-uat
	environment: staging
	permissions:
	id-token: write # This is required for requesting the JWT
	contents: read # This is required for actions/checkout
	env:
	KUBE_NAMESPACE: ${{ secrets.KUBE_NAMESPACE }}
	APP_ENV: "staging"
	IMAGE_TAG: ${{ github.sha }}
	steps:
	- uses: actions/checkout@v4

	- uses: aws-actions/configure-aws-credentials@v4
	with:
	role-to-assume: ${{ secrets.ECR_ROLE_TO_ASSUME }}
	aws-region: ${{ vars.ECR_REGION }}
	- uses: aws-actions/amazon-ecr-login@v2
	id: login-ecr

	- name: Build and push docker image
	uses: docker/build-push-action@v5
	env:
	REGISTRY: ${{ steps.login-ecr.outputs.registry }}
	REPOSITORY: ${{ vars.ECR_REPOSITORY }}
	with:
	tags: ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:${{ env.IMAGE_TAG }}
	push: true

	- name: Authenticate to the K8 cluster
	run: \|
	mkdir deployments
	cat ./.github/deployments/deployment.yml \| envsubst > deployments/deployment.yml
	cat ./.github/deployments/ingress.yml \| envsubst > deployments/ingress.yml
	cat ./.github/deployments/service.yml \| envsubst > deployments/service.yml
	env:
	REGISTRY: ${{ steps.login-ecr.outputs.registry }}
	REPOSITORY: ${{ vars.ECR_REPOSITORY }}
	NAMESPACE: ${{ secrets.KUBE_NAMESPACE }}
	IMAGE_NAME: ${{ steps.login-ecr.outputs.registry }}/${{ vars.ECR_REPOSITORY }}:${{ env.IMAGE_TAG }}
	CP_NAMESPACE: "${{ env.APP_NAME }}-${{ env.APP_ENV }}"

	- name: Deploy to K8 Cluster
	run: \|
	echo "${{ secrets.KUBE_CERT }}" > ca.crt
	echo ${{ secrets.KUBE_NAMESPACE }}
	echo ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:${{ github.sha }}
	kubectl config set-cluster ${KUBE_CLUSTER} --certificate-authority=./ca.crt --server=https://${KUBE_CLUSTER}
	kubectl config set-credentials deploy-user --token=${{ secrets.KUBE_TOKEN }}
	kubectl config set-context ${KUBE_CLUSTER} --cluster=${KUBE_CLUSTER} --user=deploy-user --namespace=${KUBE_NAMESPACE}
	kubectl config use-context ${KUBE_CLUSTER}
	kubectl -n ${KUBE_NAMESPACE} apply -f deployments/
	env:
	KUBE_NAMESPACE: ${{ secrets.KUBE_NAMESPACE }}
	KUBE_CLUSTER: ${{ secrets.KUBE_CLUSTER }}
	IMAGE_NAME: ${{ steps.login-ecr.outputs.registry }}/${{ vars.ECR_REPOSITORY }}:${{ env.IMAGE_TAG }}

	deploy-prod:
	runs-on: ubuntu-latest
	needs: deploy-staging
	environment: prod
	permissions:
	id-token: write # This is required for requesting the JWT
	contents: read # This is required for actions/checkout
	env:
	KUBE_NAMESPACE: ${{ secrets.KUBE_NAMESPACE }}
	APP_ENV: "prod"
	IMAGE_TAG: ${{ github.sha }}
	steps:
	- uses: actions/checkout@v4

	- uses: aws-actions/configure-aws-credentials@v4
	with:
	role-to-assume: ${{ secrets.ECR_ROLE_TO_ASSUME }}
	aws-region: ${{ vars.ECR_REGION }}
	- uses: aws-actions/amazon-ecr-login@v2
	id: login-ecr
	- name: Build and push docker image
	uses: docker/build-push-action@v5
	env:
	REGISTRY: ${{ steps.login-ecr.outputs.registry }}
	REPOSITORY: ${{ vars.ECR_REPOSITORY }}
	with:
	tags: ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:${{ env.IMAGE_TAG }}
	push: true

	- name: Authenticate to the K8 cluster
	run: \|
	mkdir deployments
	cat ./.github/deployments/deployment.yml \| envsubst > deployments/deployment.yml
	cat ./.github/deployments/ingress.yml \| envsubst > deployments/ingress.yml
	cat ./.github/deployments/service.yml \| envsubst > deployments/service.yml
	env:
	IMAGE_NAME: ${{ steps.login-ecr.outputs.registry }}/${{ vars.ECR_REPOSITORY }}:${{ github.sha }}
	REGISTRY: ${{ steps.login-ecr.outputs.registry }}
	REPOSITORY: ${{ vars.ECR_REPOSITORY }}
	NAMESPACE: ${{ secrets.KUBE_NAMESPACE }}
	CP_NAMESPACE: "${{ env.APP_NAME }}-${{ env.APP_ENV }}"

	- name: Deploy to K8 Cluster
	run: \|
	echo "${{ secrets.KUBE_CERT }}" > ca.crt
	echo ${{ secrets.KUBE_NAMESPACE }}
	echo ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:${{ github.sha }}
	kubectl config set-cluster ${KUBE_CLUSTER} --certificate-authority=./ca.crt --server=https://${KUBE_CLUSTER}
	kubectl config set-credentials deploy-user --token=${{ secrets.KUBE_TOKEN }}
	kubectl config set-context ${KUBE_CLUSTER} --cluster=${KUBE_CLUSTER} --user=deploy-user --namespace=${KUBE_NAMESPACE}
	kubectl config use-context ${KUBE_CLUSTER}
	kubectl -n ${KUBE_NAMESPACE} apply -f deployments/
	env:
	KUBE_NAMESPACE: ${{ secrets.KUBE_NAMESPACE }}
	KUBE_CLUSTER: ${{ secrets.KUBE_CLUSTER }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge pull request #237 from ministryofjustice/EMP-438-restrict-repor… #325

Workflow file

Merge pull request #237 from ministryofjustice/EMP-438-restrict-repor… #325

Jobs

Run details

Workflow file for this run