Skip to content

Commit

Permalink
Merge pull request #71 from DFE-Digital/devops
Browse files Browse the repository at this point in the history 
Devops
  • Loading branch information
@slawosz
slawosz authored Nov 6, 2023
2 parents 9236d97 + a3f03a7 commit 1934737
Show file tree
Hide file tree
Showing 51 changed files with 1,100 additions and 231 deletions.
61 changes: 61 additions & 0 deletions .github/actions/deploy-environment-to-aks/action.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
name: Deploy environment to AKS
description: Deploys an application environment to AKS

inputs:
environment:
description: The name of the environment
required: true
docker-image:
description: The Docker image to deploy
required: true
azure-credentials:
description: JSON object containing a key for the service principal authorised on the Azure subscription
required: true
pull-request-number:
description: The pull request number which triggered this deploy. If set, this will automatically seed the database.
required: false
current-commit-sha:
description: The commit sha for the current commit
required: true

outputs:
url:
description: The base URL for the deployed environment
value: ${{ steps.apply-terraform.outputs.url }}

runs:
using: composite

steps:
- uses: hashicorp/setup-terraform@v1
with:
terraform_version: 1.5.4
terraform_wrapper: false

- uses: DFE-Digital/github-actions/set-arm-environment-variables@master
with:
azure-credentials: ${{ inputs.azure-credentials }}

- name: Apply Terraform
id: apply-terraform
shell: bash
run: |
make ci ${{ inputs.environment }} terraform-apply
cd terraform/application && echo "url=$(terraform output -raw url)" >> $GITHUB_OUTPUT
env:
TF_VAR_azure_sp_credentials_json: ${{ inputs.azure-credentials }}
TF_VAR_statuscake_api_token: ${{ inputs.statuscake-api-token }}
DOCKER_IMAGE: ${{ inputs.docker-image }}
PULL_REQUEST_NUMBER: ${{ inputs.pull-request-number }}

- uses: Azure/login@v1
with:
creds: ${{ inputs.azure-credentials }}

- name: Seed database
if: ${{ inputs.pull-request-number != '' }}
shell: bash
run: |
az aks get-credentials --resource-group s189t01-tsc-ts-rg --name s189t01-tsc-test-aks
kubectl exec -n cpd-development deployment/cpd-tsh-review-${{ inputs.pull-request-number }} -- sh -c "cd /app && /usr/local/bin/bundle exec rails db:seed"
299 changes: 299 additions & 0 deletions .github/workflows/aks_deploy.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,299 @@
name: "Deploy"

concurrency:
group: ${{ github.ref }}
cancel-in-progress: true

on:
workflow_dispatch:
inputs:
environment:
description: "Deploy environment"
required: true
default: review_aks
type: environment
options:
- review_aks
push:
branches:
- main

pull_request:
branches:
- main
types:
- labeled
- synchronize
- reopened
- opened

jobs:
rspec:
name: Run Rspec

runs-on: ubuntu-latest
env:
GOOGLE_MAP_API_KEY: someapikey

services:
postgres:
image: postgis/postgis:11-3.3-alpine
env:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: password
ports:
- 5432:5432
options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5

steps:
- name: Checkout code
uses: actions/checkout@v3

- name: Set up Ruby
uses: ruby/setup-ruby@v1
with:
ruby-version: 3.1.2

- name: Set up Node
uses: actions/setup-node@v3
with:
node-version: '16.20.0'

- name: Update dependencies
run: sudo apt-get update

- name: Install dependencies
run: sudo apt-get install -y libproj-dev proj-bin

- name: Set up ruby gem cache
uses: actions/cache@v3
with:
path: vendor/bundle
key: ${{ runner.os }}-gems-${{ hashFiles('**/Gemfile.lock') }}
restore-keys: |
${{ runner.os }}-gems-
- name: Install gems
run: |
bundle config path vendor/bundle
bundle install --jobs 4 --retry 3
- name: Install yarn
run: npm install yarn -g

- name: Yarn cache
id: yarn-cache
run: echo "::set-output name=dir::$(yarn cache dir)"

- name: Set up yarn cache
uses: actions/cache@v3
with:
path: ${{ steps.yarn-cache.outputs.dir }}
key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }}
restore-keys: |
${{ runner.os }}-yarn-
- name: Install node.js dependencies
run: yarn install

- name: Set up test database
run: bin/rails db:create db:schema:load
env:
DATABASE_URL: postgis://postgres:password@localhost:5432/test

- name: Run tests
run: bundle exec rake
env:
DATABASE_URL: postgis://postgres:password@localhost:5432/test
linting:
name: Run Rubocop

runs-on: ubuntu-latest

steps:
- name: Checkout code
uses: actions/checkout@v3

- name: Set up Ruby
uses: ruby/setup-ruby@v1
with:
ruby-version: 3.1.2

- name: Set up Node
uses: actions/setup-node@v3
with:
node-version: '16.20.0'

- name: Set up ruby gem cache
uses: actions/cache@v3
with:
path: vendor/bundle
key: ${{ runner.os }}-gems-${{ hashFiles('**/Gemfile.lock') }}
restore-keys: |
${{ runner.os }}-gems-
- name: Update dependencies
run: sudo apt-get update

- name: Install dependencies
run: sudo apt-get install -y libproj-dev proj-bin

- name: Install gems
run: |
bundle config path vendor/bundle
bundle install --jobs 4 --retry 3
- name: Install node.js dependencies
run: yarn install

- name: Run rubocop
run: bundle exec rubocop --format clang --parallel

brakeman:
name: Run Brakeman

runs-on: ubuntu-latest

steps:
- name: Checkout code
uses: actions/checkout@v3

- name: Set up Ruby
uses: ruby/setup-ruby@v1
with:
ruby-version: 3.1.2

- name: Set up Node
uses: actions/setup-node@v3
with:
node-version: '16.20.0'

- name: Set up ruby gem cache
uses: actions/cache@v3
with:
path: vendor/bundle
key: ${{ runner.os }}-gems-${{ hashFiles('**/Gemfile.lock') }}
restore-keys: |
${{ runner.os }}-gems-
- name: Update dependencies
run: sudo apt-get update

- name: Install dependencies
run: sudo apt-get install -y libproj-dev proj-bin

- name: Install gems
run: |
bundle config path vendor/bundle
bundle install --jobs 4 --retry 3
- name: Run brakeman
run: bundle exec brakeman

docker:
name: Build and push Docker image
runs-on: ubuntu-latest
if: github.actor != 'dependabot[bot]'
outputs:
docker-image: ${{ steps.build-docker-image.outputs.image }}
steps:
- uses: actions/checkout@v3

- uses: DFE-Digital/github-actions/build-docker-image@master
id: build-docker-image
with:
docker-repository: ghcr.io/dfe-digital/teaching-school-hub-finder
github-token: ${{ secrets.GITHUB_TOKEN }}

permit-merge:
name: Permit merge
needs: [linting, rspec, brakeman]
runs-on: ubuntu-latest
steps:
- run: "echo 'Linting and tests passed, this branch is ready to be merged'"

deploy_review:
name: Deploy review
concurrency: deploy_review_${{ github.event.pull_request.number }}
if: github.actor != 'dependabot[bot]' && github.event_name == 'pull_request'
needs: [docker, linting]
runs-on: ubuntu-latest
environment:
name: review
steps:
- uses: actions/checkout@v3

- uses: ./.github/actions/deploy-environment-to-aks
id: deploy
with:
environment: review
docker-image: ${{ needs.docker.outputs.docker-image }}
azure-credentials: ${{ secrets.AZURE_CREDENTIALS }}
pull-request-number: ${{ github.event.pull_request.number }}
current-commit-sha: ${{ github.event.pull_request.head.sha }}

- name: Post sticky pull request comment
if: github.event_name == 'pull_request'
uses: marocchino/sticky-pull-request-comment@v2
with:
message: |
Review app deployed to ${{ steps.deploy.outputs.url }}
deploy_staging:
name: Deploy staging
needs: [docker, rspec, linting, brakeman]
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/main'
environment:
name: staging
outputs:
docker-image: ${{ needs.docker.outputs.docker-image }}
steps:
- uses: actions/checkout@v3

- uses: ./.github/actions/deploy-environment-to-aks
id: deploy
with:
environment: staging
docker-image: ${{ needs.docker.outputs.docker-image }}
azure-credentials: ${{ secrets.AZURE_CREDENTIALS }}
current-commit-sha: ${{ github.sha }}
statuscake-api-token: ${{ secrets.STATUSCAKE_API_TOKEN }}

deploy_sandbox:
name: Deploy sandbox
needs: [deploy_staging]
runs-on: ubuntu-latest
environment:
name: sandbox

steps:
- uses: actions/checkout@v3

- uses: ./.github/actions/deploy-environment-to-aks
id: deploy
with:
environment: sandbox
docker-image: ${{ needs.deploy_staging.outputs.docker-image }}
azure-credentials: ${{ secrets.AZURE_CREDENTIALS }}
current-commit-sha: ${{ github.sha }}
statuscake-api-token: ${{ secrets.STATUSCAKE_API_TOKEN }}

deploy_production:
name: Deploy production
needs: [deploy_staging]
runs-on: ubuntu-latest
environment:
name: production

steps:
- uses: actions/checkout@v3

- uses: ./.github/actions/deploy-environment-to-aks
id: deploy
with:
environment: production
docker-image: ${{ needs.deploy_staging.outputs.docker-image }}
azure-credentials: ${{ secrets.AZURE_CREDENTIALS }}
current-commit-sha: ${{ github.sha }}
statuscake-api-token: ${{ secrets.STATUSCAKE_API_TOKEN }}
Loading

0 comments on commit 1934737

Please sign in to comment.