From 9d85362d2af5c541d90f5719c7c6746cbb66b4ce Mon Sep 17 00:00:00 2001 From: Tom Webber Date: Thu, 22 Aug 2024 15:09:37 +0100 Subject: [PATCH 1/5] chore: Refactor GitHub workflows for streamlined build and deploy process - Add reusable build workflow that exports image artifact - Update deploy workflows to use new build and fetch artifact - Rename build-and-deploy to push-and-deploy - Remove unneeded deploy-to-dev workflow - Integrate Slack notifications for builds --- .github/workflows/deploy-dev-from-branch.yml | 11 +++-- .github/workflows/deploy-prod.yml | 8 +++- .github/workflows/deploy-staged.yml | 12 +++-- .github/workflows/deploy-to-dev.yml | 31 ------------- .github/workflows/reusable-build.yml | 46 +++++++++++++++++++ ...eploy.yml => reusable-push-and-deploy.yml} | 22 ++++++--- 6 files changed, 85 insertions(+), 45 deletions(-) delete mode 100644 .github/workflows/deploy-to-dev.yml create mode 100644 .github/workflows/reusable-build.yml rename .github/workflows/{reusable-build-and-deploy.yml => reusable-push-and-deploy.yml} (93%) diff --git a/.github/workflows/deploy-dev-from-branch.yml b/.github/workflows/deploy-dev-from-branch.yml index 9434562d..47342dd0 100644 --- a/.github/workflows/deploy-dev-from-branch.yml +++ b/.github/workflows/deploy-dev-from-branch.yml @@ -17,10 +17,15 @@ jobs: if: ${{ inputs.run-tests }} uses: "./.github/workflows/reusable-tests.yml" - deploy-dev: - needs: code-tests + build: if: ${{ always() && !failure() && !cancelled() }} # don't skip if tests are skipped - uses: "./.github/workflows/reusable-build-and-deploy.yml" + uses: "./.github/workflows/reusable-build.yml" + secrets: + slack_alert_webhook: ${{ secrets.SLACK_ALERT_WEBHOOK }} + + deploy: + needs: build + uses: "./.github/workflows/reusable-push-and-deploy.yml" with: env: "dev" secrets: diff --git a/.github/workflows/deploy-prod.yml b/.github/workflows/deploy-prod.yml index cdf9eb82..eaafc6aa 100644 --- a/.github/workflows/deploy-prod.yml +++ b/.github/workflows/deploy-prod.yml @@ -13,9 +13,15 @@ jobs: if: ${{ needs.code-tests.outputs.datahub-client-path == 'true' }} uses: "./.github/workflows/reusable-publish-datahub-client.yml" + build: + needs: code-tests + uses: "./.github/workflows/reusable-build.yml" + secrets: + slack_alert_webhook: ${{ secrets.SLACK_ALERT_WEBHOOK }} + deploy-prod: uses: "./.github/workflows/reusable-build-and-deploy.yml" - needs: code-tests + needs: build with: env: "prod" secrets: diff --git a/.github/workflows/deploy-staged.yml b/.github/workflows/deploy-staged.yml index dd3ae4be..749fe3a9 100644 --- a/.github/workflows/deploy-staged.yml +++ b/.github/workflows/deploy-staged.yml @@ -8,9 +8,15 @@ jobs: code-tests: uses: "./.github/workflows/reusable-tests.yml" - deploy-test: - uses: "./.github/workflows/reusable-build-and-deploy.yml" + build: needs: code-tests + uses: "./.github/workflows/reusable-build.yml" + secrets: + slack_alert_webhook: ${{ secrets.SLACK_ALERT_WEBHOOK }} + + deploy-test: + uses: "./.github/workflows/reusable-push-and-deploy.yml" + needs: build with: env: "test" secrets: @@ -25,7 +31,7 @@ jobs: azure_client_secret: ${{ secrets.AZURE_CLIENT_SECRET }} deploy-preprod: - uses: "./.github/workflows/reusable-build-and-deploy.yml" + uses: "./.github/workflows/reusable-push-and-deploy.yml" needs: deploy-test with: env: "preprod" diff --git a/.github/workflows/deploy-to-dev.yml b/.github/workflows/deploy-to-dev.yml deleted file mode 100644 index 1118c432..00000000 --- a/.github/workflows/deploy-to-dev.yml +++ /dev/null @@ -1,31 +0,0 @@ -name: Deploy (with tests) to dev -# based on https://jacobian.org/til/github-actions-poetry/ - -on: - pull_request: - types: [opened, synchronize, reopened] - -concurrency: - group: ${{ github.ref }} - cancel-in-progress: true - -jobs: - tests: - uses: "./.github/workflows/reusable-tests.yml" - - # Deploys to the 'dev' frontend unless pushed to main - deploy-to-dev: - needs: [tests] - uses: "./.github/workflows/reusable-build-and-deploy.yml" - with: - env: "dev" - secrets: - kube_namespace: ${{ secrets.KUBE_NAMESPACE }} - kube_cert: ${{ secrets.KUBE_CERT }} - kube_cluster: ${{ secrets.KUBE_CLUSTER }} - kube_token: ${{ secrets.KUBE_TOKEN }} - ecr_role_to_assume: ${{ secrets.DEV_ECR_ROLE_TO_ASSUME }} - secret_key: ${{ secrets.SECRET_KEY }} - catalogue_token: ${{ secrets.CATALOGUE_TOKEN }} - slack_alert_webhook: ${{ secrets.SLACK_ALERT_WEBHOOK }} - azure_client_secret: ${{ secrets.AZURE_CLIENT_SECRET }} diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml new file mode 100644 index 00000000..e04f26a3 --- /dev/null +++ b/.github/workflows/reusable-build.yml @@ -0,0 +1,46 @@ +name: Build + +on: + workflow_call: + secrets: + slack_alert_webhook: + description: "used to post alerts to slack channel" + required: true + +env: + image_name: fmd-image + +jobs: + build-image-artifact: + name: Build and export docker image artifact + runs-on: ubuntu-latest + permissions: + id-token: write # This is required for requesting the JWT + contents: read # This is required for actions/checkout + steps: + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Build and export + uses: docker/build-push-action@v6 + env: + IMAGE_TAG: ${{ github.sha }} + with: + tags: fmd-image:${IMAGE_TAG} + outputs: type=docker,dest=/tmp/fmd-image.tar + + - name: Upload artifact + uses: actions/upload-artifact@v4 + with: + name: fmd-image + path: /tmp/fmd-image.tar + + - name: Slack failure notification + if: ${{ failure() && github.ref == 'refs/heads/main' }} + uses: slackapi/slack-github-action@70cd7be8e40a46e8b0eced40b0de447bdb42f68e # v1.26.0 + with: + payload: | + {"blocks":[{"type": "section","text": {"type": "mrkdwn","text": ":no_entry: Failed GitHub Action:"}},{"type": "section","fields":[{"type": "mrkdwn","text": "*Workflow:*\n<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|${{ github.workflow }}>"},{"type": "mrkdwn","text": "*Job:*\n${{ github.job }}"},{"type": "mrkdwn","text": "*Repo:*\n${{ github.repository }}"}]}]} + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_ALERT_WEBHOOK }} + SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK diff --git a/.github/workflows/reusable-build-and-deploy.yml b/.github/workflows/reusable-push-and-deploy.yml similarity index 93% rename from .github/workflows/reusable-build-and-deploy.yml rename to .github/workflows/reusable-push-and-deploy.yml index f3d82320..c0323f54 100644 --- a/.github/workflows/reusable-build-and-deploy.yml +++ b/.github/workflows/reusable-push-and-deploy.yml @@ -1,4 +1,4 @@ -name: Build and Deploy +name: Push and Deploy on: workflow_call: @@ -37,8 +37,8 @@ on: required: true jobs: - build-and-push: - name: Build and push Docker image to CP namespace ECR + push: + name: Push Docker image to CP namespace ECR environment: ${{ inputs.env }} runs-on: ubuntu-latest permissions: @@ -67,11 +67,19 @@ jobs: run: | echo "image_path=${REGISTRY}/${REPOSITORY}:${IMAGE_TAG}" >> $GITHUB_OUTPUT - - name: Build Docker image - id: build-docker-image + - name: Download artifact + uses: actions/download-artifact@v4 + with: + name: fmd-image + path: /tmp + + - name: Re-tag docker image + id: retag-image env: IMAGE_PATH: ${{ steps.image-path.outputs.image_path }} - run: docker build -t ${IMAGE_PATH} . + IMAGE_TAG: ${{ github.sha }} + run: | + docker tag fmd-image:${IMAGE_TAG} ${image_path} - name: Push Docker image to ECR id: push-docker-image-to-ecr @@ -81,7 +89,7 @@ jobs: deploy: name: Deploy Helm chart into Cloud Platform - needs: build-and-push + needs: push environment: ${{ inputs.env }} runs-on: ubuntu-latest permissions: From 2ef4c1925fb909aa8b664db3d59ae42cd4ea418a Mon Sep 17 00:00:00 2001 From: Tom Webber Date: Thu, 22 Aug 2024 15:17:49 +0100 Subject: [PATCH 2/5] style: minor renames within workflow to match existing style --- .github/workflows/deploy-dev-from-branch.yml | 2 +- .github/workflows/reusable-build.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy-dev-from-branch.yml b/.github/workflows/deploy-dev-from-branch.yml index 47342dd0..11960b69 100644 --- a/.github/workflows/deploy-dev-from-branch.yml +++ b/.github/workflows/deploy-dev-from-branch.yml @@ -23,7 +23,7 @@ jobs: secrets: slack_alert_webhook: ${{ secrets.SLACK_ALERT_WEBHOOK }} - deploy: + deploy-dev: needs: build uses: "./.github/workflows/reusable-push-and-deploy.yml" with: diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index e04f26a3..20395768 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -1,4 +1,4 @@ -name: Build +name: Build image and export artifact on: workflow_call: From f9c58f4b87f75b888fc6d092719f7c5274d5b254 Mon Sep 17 00:00:00 2001 From: Tom Webber Date: Thu, 22 Aug 2024 15:18:51 +0100 Subject: [PATCH 3/5] fix: fix typo --- .github/workflows/deploy-prod.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-prod.yml b/.github/workflows/deploy-prod.yml index eaafc6aa..71909387 100644 --- a/.github/workflows/deploy-prod.yml +++ b/.github/workflows/deploy-prod.yml @@ -20,7 +20,7 @@ jobs: slack_alert_webhook: ${{ secrets.SLACK_ALERT_WEBHOOK }} deploy-prod: - uses: "./.github/workflows/reusable-build-and-deploy.yml" + uses: "./.github/workflows/reusable-push-and-deploy.yml" needs: build with: env: "prod" From 98bd63364f405517dc3532ac73b8bc6626868c2a Mon Sep 17 00:00:00 2001 From: Tom Webber Date: Thu, 22 Aug 2024 15:21:12 +0100 Subject: [PATCH 4/5] fix: remove unused env var --- .github/workflows/reusable-build.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index 20395768..87fce79b 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -7,9 +7,6 @@ on: description: "used to post alerts to slack channel" required: true -env: - image_name: fmd-image - jobs: build-image-artifact: name: Build and export docker image artifact From ee69ec005d4d3d5a978ee0f882dbf85720b4e549 Mon Sep 17 00:00:00 2001 From: Tom Webber Date: Thu, 22 Aug 2024 15:23:36 +0100 Subject: [PATCH 5/5] docs: add reference for `build-and-export` job --- .github/workflows/reusable-build.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index 87fce79b..28559ac4 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -8,8 +8,8 @@ on: required: true jobs: - build-image-artifact: - name: Build and export docker image artifact + build-and-export: + name: Build and export docker image artifact # https://docs.docker.com/build/ci/github-actions/share-image-jobs/ runs-on: ubuntu-latest permissions: id-token: write # This is required for requesting the JWT