From 1bbad5d6b560ad9a348b72ca8b27c65a634acd3a Mon Sep 17 00:00:00 2001 From: Andrew Hughes-Onslow Date: Tue, 23 Jul 2024 16:15:18 +0100 Subject: [PATCH 1/7] ATO-762: Enabling dev deployment. --- .github/workflows/deploy-branch.yml | 24 ++++++++++++++++++++++++ .github/workflows/deploy-dev.yml | 16 ++++++++-------- 2 files changed, 32 insertions(+), 8 deletions(-) diff --git a/.github/workflows/deploy-branch.yml b/.github/workflows/deploy-branch.yml index e7f749ab9..e82024b42 100644 --- a/.github/workflows/deploy-branch.yml +++ b/.github/workflows/deploy-branch.yml @@ -18,6 +18,30 @@ permissions: contents: read jobs: + get-branch-details: + name: Branch details + runs-on: ubuntu-latest + environment: + name: demo + outputs: + deployment-name: ${{ steps.get-deployment-name.outputs.pretty-branch-name }} + commit-message: ${{ steps.github-event-details.outputs.commit-message }} + first-commit-message: ${{ steps.github-event-details.outputs.first-commit-message }} + steps: + - name: Get deployment name + uses: govuk-one-login/github-actions/beautify-branch-name@7d56b09b4d2a9a9c6005843d28f31a2333ad1373 # 13/03/2024 + id: get-deployment-name + with: + length-limit: 22 + prefix: preview + verbose: false + + - name: Github details + id: github-event-details + run: | + echo "commit-message=${{ github.event.head_commit.message }}" >> "$GITHUB_OUTPUT" + echo "first-commit-message=${{ github.event.commits[0].message }}" >> "$GITHUB_OUTPUT" + build-frontend-dependencies: if: contains(github.event.head_commit.message, '[deploy]') == true name: Build frontend diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml index 53859b2b8..cee436711 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-dev.yml @@ -15,7 +15,7 @@ permissions: jobs: build-frontend: - if: github.event_name == 'merge_group' + # if: github.event_name == 'merge_group' name: Build frontend runs-on: ubuntu-latest outputs: @@ -32,7 +32,7 @@ jobs: artifact-name: frontend-build-development push-frontend: - if: github.event_name == 'merge_group' + # if: github.event_name == 'merge_group' name: Push image needs: build-frontend runs-on: ubuntu-latest @@ -60,7 +60,7 @@ jobs: test-container-repository-name: ${{ vars.FRONTEND_TEST_CONTAINER_REPOSITORY_NAME }} build-dynamo: - if: github.event_name == 'merge_group' + # if: github.event_name == 'merge_group' name: Build dynamodb runs-on: ubuntu-latest outputs: @@ -79,7 +79,7 @@ jobs: pull-repository: true deploy-dynamodb: - if: github.event_name == 'merge_group' + # if: github.event_name == 'merge_group' name: Deploy dynamodb runs-on: ubuntu-latest environment: @@ -101,7 +101,7 @@ jobs: template: .aws-sam/build/template.yaml build-cognito: - if: github.event_name == 'merge_group' + # if: github.event_name == 'merge_group' name: Build cognito runs-on: ubuntu-latest outputs: @@ -121,7 +121,7 @@ jobs: pull-repository: true deploy-cognito: - if: github.event_name == 'merge_group' + # if: github.event_name == 'merge_group' name: Deploy cognito runs-on: ubuntu-latest environment: @@ -143,7 +143,7 @@ jobs: template: .aws-sam/build/template.yaml build-api: - if: github.event_name == 'merge_group' + # if: github.event_name == 'merge_group' name: Build api runs-on: ubuntu-latest outputs: @@ -164,7 +164,7 @@ jobs: pull-repository: true deploy-api: - if: github.event_name == 'merge_group' + # if: github.event_name == 'merge_group' name: Deploy api runs-on: ubuntu-latest environment: From 725d28ed3fc42dc286d26359a34d24862c2c4ea7 Mon Sep 17 00:00:00 2001 From: Andrew Hughes-Onslow Date: Tue, 23 Jul 2024 16:29:55 +0100 Subject: [PATCH 2/7] ATO-762: Enabling debug output [deploy]. --- .github/actions/build-frontend/action.yml | 3 +++ .github/actions/push-frontend/action.yml | 6 ++--- .github/workflows/deploy-branch.yml | 14 +++-------- .github/workflows/deploy-dev.yml | 29 ++++++++++++----------- .github/workflows/deploy-prod.yml | 17 ++++++------- 5 files changed, 31 insertions(+), 38 deletions(-) diff --git a/.github/actions/build-frontend/action.yml b/.github/actions/build-frontend/action.yml index 6109496b3..dceec07c5 100644 --- a/.github/actions/build-frontend/action.yml +++ b/.github/actions/build-frontend/action.yml @@ -6,6 +6,9 @@ inputs: required: true default: frontend-build outputs: + artifact-name: + description: "Pass through the artifact name" + value: ${{ inputs.artifact-name }} artifact-id: description: "The artifact id for the artifact that was just uploaded or empty if the artifact upload failed." value: ${{ steps.upload.outputs.artifact-id }} diff --git a/.github/actions/push-frontend/action.yml b/.github/actions/push-frontend/action.yml index 2b396f5bb..beee72c52 100644 --- a/.github/actions/push-frontend/action.yml +++ b/.github/actions/push-frontend/action.yml @@ -51,13 +51,13 @@ runs: - name: Deploy application id: deploy-application - uses: govuk-one-login/github-actions/secure-pipelines/deploy-fargate@7e9f6ee1a1f7b30ca9cba4d3893d3ee6313decef # 9/07/2024 + uses: govuk-one-login/github-actions/secure-pipelines/deploy-fargate@db4b3614f5f863f56a5356052262878ecec83b31 # 22/07/2024 with: aws-role-arn: ${{ inputs.deployment-role-arn }} artifact-bucket-name: ${{ inputs.artifact-bucket-name }} ecr-repository: ${{ inputs.container-repository-name }} pipeline-name: ${{ inputs.pipeline-name }} - dockerfile: Dockerfile + dockerfile: infrastructure/frontend/Dockerfile template: infrastructure/frontend/frontend.template.yml artifact-name: ${{ inputs.artifact-name }} - artifact-path: dist + artifact-path: express/dist diff --git a/.github/workflows/deploy-branch.yml b/.github/workflows/deploy-branch.yml index e82024b42..bb14b5feb 100644 --- a/.github/workflows/deploy-branch.yml +++ b/.github/workflows/deploy-branch.yml @@ -28,19 +28,11 @@ jobs: commit-message: ${{ steps.github-event-details.outputs.commit-message }} first-commit-message: ${{ steps.github-event-details.outputs.first-commit-message }} steps: - - name: Get deployment name - uses: govuk-one-login/github-actions/beautify-branch-name@7d56b09b4d2a9a9c6005843d28f31a2333ad1373 # 13/03/2024 - id: get-deployment-name - with: - length-limit: 22 - prefix: preview - verbose: false - - name: Github details id: github-event-details run: | - echo "commit-message=${{ github.event.head_commit.message }}" >> "$GITHUB_OUTPUT" - echo "first-commit-message=${{ github.event.commits[0].message }}" >> "$GITHUB_OUTPUT" + echo "${{ github.event.head_commit.message }}" + echo "${{ github.event.commits[0].message }}" build-frontend-dependencies: if: contains(github.event.head_commit.message, '[deploy]') == true @@ -150,7 +142,7 @@ jobs: verbose: false - name: Deploy stack - uses: govuk-one-login/github-actions/sam/deploy-stack@7d56b09b4d2a9a9c6005843d28f31a2333ad1373 # 13/03/2024 + uses: govuk-one-login/github-actions/sam/deploy-stack@db4b3614f5f863f56a5356052262878ecec83b31 # 22/07/2024 id: deploy with: aws-role-arn: ${{ vars.DEPLOYMENT_ROLE_ARN }} diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml index cee436711..d3d9ae1e6 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-dev.yml @@ -19,7 +19,8 @@ jobs: name: Build frontend runs-on: ubuntu-latest outputs: - artifact-name: ${{ steps.build.outputs.artifact-id }} + artifact-name: ${{ steps.build.outputs.artifact-name }} + artifact-id: ${{ steps.build.outputs.artifact-id }} steps: - name: Pull repository id: checkout @@ -33,7 +34,7 @@ jobs: push-frontend: # if: github.event_name == 'merge_group' - name: Push image + name: Push frontend needs: build-frontend runs-on: ubuntu-latest timeout-minutes: 20 @@ -71,16 +72,17 @@ jobs: id: build uses: govuk-one-login/github-actions/sam/build-application@6144f39407b01c9b25b39537b3956deca9e32620 # 22/02/2024 with: - template: backend/dynamodb/cognito.template.yml + template: backend/dynamodb/dynamodb.template.yml base-dir: backend/dynamodb source-dir: backend/dynamodb - cache-name: dynamodb-infra - artifact-name: dynamodb-infrastructure + cache-name: backend-dynamodb-infra + artifact-name: backend-dynamodb-infrastructure pull-repository: true deploy-dynamodb: # if: github.event_name == 'merge_group' name: Deploy dynamodb + needs: build-dynamo runs-on: ubuntu-latest environment: name: development @@ -97,8 +99,7 @@ jobs: artifact-bucket-name: ${{ vars.DYNAMODB_DEPLOYMENT_ARTIFACTS_BUCKET }} signing-profile-name: ${{ vars.SIGNING_PROFILE_NAME }} pipeline-name: ${{ vars.DYNAMODB_PIPELINE_NAME }} - artifact-name: ${{ needs.build-dynamodb.outputs.artifact-name }} - template: .aws-sam/build/template.yaml + artifact-name: ${{ needs.build-dynamo.outputs.artifact-name }} build-cognito: # if: github.event_name == 'merge_group' @@ -116,13 +117,14 @@ jobs: manifest: backend/cognito/package.json base-dir: backend/cognito source-dir: backend/cognito - cache-name: cognito-infra - artifact-name: cognito-infrastructure + cache-name: backend-cognito-infra + artifact-name: backend-cognito-infrastructure pull-repository: true deploy-cognito: # if: github.event_name == 'merge_group' name: Deploy cognito + needs: build-cognito runs-on: ubuntu-latest environment: name: development @@ -140,7 +142,6 @@ jobs: signing-profile-name: ${{ vars.SIGNING_PROFILE_NAME }} pipeline-name: ${{ vars.COGNITO_PIPELINE_NAME }} artifact-name: ${{ needs.build-cognito.outputs.artifact-name }} - template: .aws-sam/build/template.yaml build-api: # if: github.event_name == 'merge_group' @@ -157,15 +158,15 @@ jobs: template: backend/api/api.template.yml manifest: backend/api/package.json base-dir: backend/api - source-dir: backend/api additional-artifact-paths: backend/api/state-machines - cache-name: api-infra - artifact-name: api-infrastructure + cache-name: backend-api-infra + artifact-name: backend-api-infrastructure pull-repository: true deploy-api: # if: github.event_name == 'merge_group' name: Deploy api + needs: build-api runs-on: ubuntu-latest environment: name: development @@ -183,4 +184,4 @@ jobs: signing-profile-name: ${{ vars.SIGNING_PROFILE_NAME }} pipeline-name: ${{ vars.API_PIPELINE_NAME }} artifact-name: ${{ needs.build-api.outputs.artifact-name }} - template: .aws-sam/build/template.yaml + template: .aws-sam/build/template.yml diff --git a/.github/workflows/deploy-prod.yml b/.github/workflows/deploy-prod.yml index 1f787bb7a..8f7566bc7 100644 --- a/.github/workflows/deploy-prod.yml +++ b/.github/workflows/deploy-prod.yml @@ -68,11 +68,11 @@ jobs: id: build uses: govuk-one-login/github-actions/sam/build-application@6144f39407b01c9b25b39537b3956deca9e32620 # 22/02/2024 with: - template: backend/dynamodb/cognito.template.yml + template: backend/dynamodb/dynamodb.template.yml base-dir: backend/dynamodb source-dir: backend/dynamodb - cache-name: dynamodb-infra - artifact-name: dynamodb-infrastructure + cache-name: backend-dynamodb-infra + artifact-name: backend-dynamodb-infrastructure pull-repository: true deploy-dynamodb: @@ -95,7 +95,6 @@ jobs: signing-profile-name: ${{ vars.SIGNING_PROFILE_NAME }} pipeline-name: ${{ vars.DYNAMODB_PIPELINE_NAME }} artifact-name: ${{ needs.build-dynamodb.outputs.artifact-name }} - template: .aws-sam/build/template.yaml build-cognito: if: github.event_name == 'merge_group' @@ -113,8 +112,8 @@ jobs: manifest: backend/cognito/package.json base-dir: backend/cognito source-dir: backend/cognito - cache-name: cognito-infra - artifact-name: cognito-infrastructure + cache-name: backend-cognito-infra + artifact-name: backend-cognito-infrastructure pull-repository: true deploy-cognito: @@ -137,7 +136,6 @@ jobs: signing-profile-name: ${{ vars.SIGNING_PROFILE_NAME }} pipeline-name: ${{ vars.COGNITO_PIPELINE_NAME }} artifact-name: ${{ needs.build-cognito.outputs.artifact-name }} - template: .aws-sam/build/template.yaml build-api: if: github.event_name == 'merge_group' @@ -156,8 +154,8 @@ jobs: base-dir: backend/api source-dir: backend/api additional-artifact-paths: backend/api/state-machines - cache-name: api-infra - artifact-name: api-infrastructure + cache-name: backend-api-infra + artifact-name: backend-api-infrastructure pull-repository: true deploy-api: @@ -180,4 +178,3 @@ jobs: signing-profile-name: ${{ vars.SIGNING_PROFILE_NAME }} pipeline-name: ${{ vars.API_PIPELINE_NAME }} artifact-name: ${{ needs.build-api.outputs.artifact-name }} - template: .aws-sam/build/template.yaml From 8c587f9204baea1655dfa1ac8ee7137a88b7f981 Mon Sep 17 00:00:00 2001 From: Andrew Hughes-Onslow Date: Wed, 24 Jul 2024 12:26:33 +0100 Subject: [PATCH 3/7] ATO-763: Combining build and push steps. --- .github/actions/push-frontend/action.yml | 1 - .github/workflows/deploy-branch.yml | 29 ++++----- .github/workflows/deploy-dev.yml | 77 +++++++--------------- .github/workflows/deploy-prod.yml | 82 +++++++----------------- 4 files changed, 57 insertions(+), 132 deletions(-) diff --git a/.github/actions/push-frontend/action.yml b/.github/actions/push-frontend/action.yml index beee72c52..4144955b2 100644 --- a/.github/actions/push-frontend/action.yml +++ b/.github/actions/push-frontend/action.yml @@ -60,4 +60,3 @@ runs: dockerfile: infrastructure/frontend/Dockerfile template: infrastructure/frontend/frontend.template.yml artifact-name: ${{ inputs.artifact-name }} - artifact-path: express/dist diff --git a/.github/workflows/deploy-branch.yml b/.github/workflows/deploy-branch.yml index bb14b5feb..2786b8578 100644 --- a/.github/workflows/deploy-branch.yml +++ b/.github/workflows/deploy-branch.yml @@ -18,22 +18,6 @@ permissions: contents: read jobs: - get-branch-details: - name: Branch details - runs-on: ubuntu-latest - environment: - name: demo - outputs: - deployment-name: ${{ steps.get-deployment-name.outputs.pretty-branch-name }} - commit-message: ${{ steps.github-event-details.outputs.commit-message }} - first-commit-message: ${{ steps.github-event-details.outputs.first-commit-message }} - steps: - - name: Github details - id: github-event-details - run: | - echo "${{ github.event.head_commit.message }}" - echo "${{ github.event.commits[0].message }}" - build-frontend-dependencies: if: contains(github.event.head_commit.message, '[deploy]') == true name: Build frontend @@ -104,7 +88,8 @@ jobs: TEMPLATE_FILE: infrastructure/frontend/frontend.template.yml IMAGE_URI: ${{ needs.push-frontend-image.outputs.image-uri }} run: | - sam build ${TEMPLATE_FILE:+--template $TEMPLATE_FILE} + sam build --cached \ + ${TEMPLATE_FILE:+--template $TEMPLATE_FILE} echo "template=.aws-sam/build/template.yaml" >> "$GITHUB_OUTPUT" if grep -q "CONTAINER-IMAGE-PLACEHOLDER" .aws-sam/build/template.yaml; then @@ -345,6 +330,16 @@ jobs: prefix: preview verbose: false + - name: List build assets + id: get-deployment-url + env: + NAME: AdminToolURL + OUTPUTS: ${{ steps.deploy.outputs.stack-outputs }} + run: | + url=$(jq --raw-output ".$NAME" <<< "$OUTPUTS") + printf "🌐 Deployment URL\n%s" "$url" >> "$GITHUB_STEP_SUMMARY" + echo "url=$url" >> "$GITHUB_OUTPUT" + - name: Deploy stack uses: govuk-one-login/github-actions/sam/deploy-stack@db4b3614f5f863f56a5356052262878ecec83b31 # 22/07/2024 id: deploy diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml index d3d9ae1e6..9f61486fb 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-dev.yml @@ -16,11 +16,15 @@ permissions: jobs: build-frontend: # if: github.event_name == 'merge_group' - name: Build frontend + name: Deploy frontend runs-on: ubuntu-latest + timeout-minutes: 20 + environment: + name: development + url: ${{ steps.push.outputs.pipeline-url }} outputs: artifact-name: ${{ steps.build.outputs.artifact-name }} - artifact-id: ${{ steps.build.outputs.artifact-id }} + pipeline-url: ${{ steps.push.outputs.pipeline-url }} steps: - name: Pull repository id: checkout @@ -32,22 +36,6 @@ jobs: with: artifact-name: frontend-build-development - push-frontend: - # if: github.event_name == 'merge_group' - name: Push frontend - needs: build-frontend - runs-on: ubuntu-latest - timeout-minutes: 20 - environment: - name: development - url: ${{ steps.push.outputs.pipeline-url }} - outputs: - pipeline-url: ${{ steps.push.outputs.pipeline-url }} - steps: - - name: Pull repository - id: checkout - uses: actions/checkout@v4 - - name: Push id: push uses: ./.github/actions/push-frontend @@ -64,9 +52,13 @@ jobs: # if: github.event_name == 'merge_group' name: Build dynamodb runs-on: ubuntu-latest + environment: + name: development + url: ${{ steps.deploy.outputs.pipeline-url }} outputs: artifact-name: ${{ steps.build.outputs.artifact-name }} cache-key: ${{ steps.build.outputs.cache-key }} + pipeline-url: ${{ steps.deploy.outputs.pipeline-url }} steps: - name: Build id: build @@ -79,17 +71,6 @@ jobs: artifact-name: backend-dynamodb-infrastructure pull-repository: true - deploy-dynamodb: - # if: github.event_name == 'merge_group' - name: Deploy dynamodb - needs: build-dynamo - runs-on: ubuntu-latest - environment: - name: development - url: ${{ steps.deploy.outputs.pipeline-url }} - outputs: - pipeline-url: ${{ steps.deploy.outputs.pipeline-url }} - steps: - name: Deploy id: deploy uses: govuk-one-login/github-actions/secure-pipelines/deploy-application@db4b3614f5f863f56a5356052262878ecec83b31 # 22/07/2024 @@ -99,15 +80,19 @@ jobs: artifact-bucket-name: ${{ vars.DYNAMODB_DEPLOYMENT_ARTIFACTS_BUCKET }} signing-profile-name: ${{ vars.SIGNING_PROFILE_NAME }} pipeline-name: ${{ vars.DYNAMODB_PIPELINE_NAME }} - artifact-name: ${{ needs.build-dynamo.outputs.artifact-name }} + artifact-name: ${{ steps.build.outputs.artifact-name }} build-cognito: # if: github.event_name == 'merge_group' name: Build cognito runs-on: ubuntu-latest + environment: + name: development + url: ${{ steps.deploy.outputs.pipeline-url }} outputs: artifact-name: ${{ steps.build.outputs.artifact-name }} cache-key: ${{ steps.build.outputs.cache-key }} + pipeline-url: ${{ steps.deploy.outputs.pipeline-url }} steps: - name: Build id: build @@ -121,17 +106,6 @@ jobs: artifact-name: backend-cognito-infrastructure pull-repository: true - deploy-cognito: - # if: github.event_name == 'merge_group' - name: Deploy cognito - needs: build-cognito - runs-on: ubuntu-latest - environment: - name: development - url: ${{ steps.deploy.outputs.pipeline-url }} - outputs: - pipeline-url: ${{ steps.deploy.outputs.pipeline-url }} - steps: - name: Deploy id: deploy uses: govuk-one-login/github-actions/secure-pipelines/deploy-application@db4b3614f5f863f56a5356052262878ecec83b31 # 22/07/2024 @@ -141,15 +115,19 @@ jobs: artifact-bucket-name: ${{ vars.COGNITO_DEPLOYMENT_ARTIFACTS_BUCKET }} signing-profile-name: ${{ vars.SIGNING_PROFILE_NAME }} pipeline-name: ${{ vars.COGNITO_PIPELINE_NAME }} - artifact-name: ${{ needs.build-cognito.outputs.artifact-name }} + artifact-name: ${{ steps.build.outputs.artifact-name }} build-api: # if: github.event_name == 'merge_group' - name: Build api + name: Deploy API runs-on: ubuntu-latest + environment: + name: development + url: ${{ steps.deploy.outputs.pipeline-url }} outputs: artifact-name: ${{ steps.build.outputs.artifact-name }} cache-key: ${{ steps.build.outputs.cache-key }} + pipeline-url: ${{ steps.deploy.outputs.pipeline-url }} steps: - name: Build id: build @@ -163,17 +141,6 @@ jobs: artifact-name: backend-api-infrastructure pull-repository: true - deploy-api: - # if: github.event_name == 'merge_group' - name: Deploy api - needs: build-api - runs-on: ubuntu-latest - environment: - name: development - url: ${{ steps.deploy.outputs.pipeline-url }} - outputs: - pipeline-url: ${{ steps.deploy.outputs.pipeline-url }} - steps: - name: Deploy id: deploy uses: govuk-one-login/github-actions/secure-pipelines/deploy-application@db4b3614f5f863f56a5356052262878ecec83b31 # 22/07/2024 @@ -183,5 +150,5 @@ jobs: artifact-bucket-name: ${{ vars.API_DEPLOYMENT_ARTIFACTS_BUCKET }} signing-profile-name: ${{ vars.SIGNING_PROFILE_NAME }} pipeline-name: ${{ vars.API_PIPELINE_NAME }} - artifact-name: ${{ needs.build-api.outputs.artifact-name }} + artifact-name: ${{ steps.build.outputs.artifact-name }} template: .aws-sam/build/template.yml diff --git a/.github/workflows/deploy-prod.yml b/.github/workflows/deploy-prod.yml index 8f7566bc7..380d4b808 100644 --- a/.github/workflows/deploy-prod.yml +++ b/.github/workflows/deploy-prod.yml @@ -11,12 +11,16 @@ permissions: contents: read jobs: - build-frontend: - if: github.event_name == 'merge_group' - name: Build frontend + deploy-frontend: + name: Deploy frontend runs-on: ubuntu-latest + timeout-minutes: 20 + environment: + name: production + url: ${{ steps.push.outputs.pipeline-url }} outputs: artifact-name: ${{ steps.build.outputs.artifact-id }} + pipeline-url: ${{ steps.push.outputs.pipeline-url }} steps: - name: Pull repository id: checkout @@ -28,22 +32,6 @@ jobs: with: artifact-name: frontend-build-production - push-frontend: - if: github.event_name == 'merge_group' - name: Push image - needs: build-frontend - runs-on: ubuntu-latest - timeout-minutes: 20 - environment: - name: production - url: ${{ steps.push.outputs.pipeline-url }} - outputs: - pipeline-url: ${{ steps.push.outputs.pipeline-url }} - steps: - - name: Pull repository - id: checkout - uses: actions/checkout@v4 - - name: Push id: push uses: ./.github/actions/push-frontend @@ -51,18 +39,20 @@ jobs: deployment-role-arn: ${{ vars.FRONTEND_DEPLOYMENT_ROLE_ARN }} artifact-bucket-name: ${{ vars.FRONTEND_DEPLOYMENT_ARTIFACTS_BUCKET }} pipeline-name: ${{ vars.FRONTEND_PIPELINE_NAME }} - artifact-name: ${{ needs.build-frontend.outputs.artifact-name }} dynatrace-pass-token: ${{ secrets.DYNATRACE_PAAS_TOKEN }} container-repository-name: ${{ vars.FRONTEND_CONTAINER_REPOSITORY_NAME }} test-container-repository-name: ${{ vars.FRONTEND_TEST_CONTAINER_REPOSITORY_NAME }} - build-dynamo: - if: github.event_name == 'merge_group' + deploy-dynamo: name: Build dynamodb runs-on: ubuntu-latest + environment: + name: production + url: ${{ steps.deploy.outputs.pipeline-url }} outputs: artifact-name: ${{ steps.build.outputs.artifact-name }} cache-key: ${{ steps.build.outputs.cache-key }} + pipeline-url: ${{ steps.deploy.outputs.pipeline-url }} steps: - name: Build id: build @@ -75,16 +65,6 @@ jobs: artifact-name: backend-dynamodb-infrastructure pull-repository: true - deploy-dynamodb: - if: github.event_name == 'merge_group' - name: Deploy dynamodb - runs-on: ubuntu-latest - environment: - name: production - url: ${{ steps.deploy.outputs.pipeline-url }} - outputs: - pipeline-url: ${{ steps.deploy.outputs.pipeline-url }} - steps: - name: Deploy id: deploy uses: govuk-one-login/github-actions/secure-pipelines/deploy-application@db4b3614f5f863f56a5356052262878ecec83b31 # 22/07/2024 @@ -94,15 +74,17 @@ jobs: artifact-bucket-name: ${{ vars.DYNAMODB_DEPLOYMENT_ARTIFACTS_BUCKET }} signing-profile-name: ${{ vars.SIGNING_PROFILE_NAME }} pipeline-name: ${{ vars.DYNAMODB_PIPELINE_NAME }} - artifact-name: ${{ needs.build-dynamodb.outputs.artifact-name }} - build-cognito: - if: github.event_name == 'merge_group' + deploy-cognito: name: Build cognito runs-on: ubuntu-latest + environment: + name: production + url: ${{ steps.deploy.outputs.pipeline-url }} outputs: artifact-name: ${{ steps.build.outputs.artifact-name }} cache-key: ${{ steps.build.outputs.cache-key }} + pipeline-url: ${{ steps.deploy.outputs.pipeline-url }} steps: - name: Build id: build @@ -116,16 +98,6 @@ jobs: artifact-name: backend-cognito-infrastructure pull-repository: true - deploy-cognito: - if: github.event_name == 'merge_group' - name: Deploy cognito - runs-on: ubuntu-latest - environment: - name: production - url: ${{ steps.deploy.outputs.pipeline-url }} - outputs: - pipeline-url: ${{ steps.deploy.outputs.pipeline-url }} - steps: - name: Deploy id: deploy uses: govuk-one-login/github-actions/secure-pipelines/deploy-application@db4b3614f5f863f56a5356052262878ecec83b31 # 22/07/2024 @@ -135,15 +107,17 @@ jobs: artifact-bucket-name: ${{ vars.COGNITO_DEPLOYMENT_ARTIFACTS_BUCKET }} signing-profile-name: ${{ vars.SIGNING_PROFILE_NAME }} pipeline-name: ${{ vars.COGNITO_PIPELINE_NAME }} - artifact-name: ${{ needs.build-cognito.outputs.artifact-name }} - build-api: - if: github.event_name == 'merge_group' + deploy-api: name: Build api runs-on: ubuntu-latest + environment: + name: production + url: ${{ steps.deploy.outputs.pipeline-url }} outputs: artifact-name: ${{ steps.build.outputs.artifact-name }} cache-key: ${{ steps.build.outputs.cache-key }} + pipeline-url: ${{ steps.deploy.outputs.pipeline-url }} steps: - name: Build id: build @@ -158,16 +132,6 @@ jobs: artifact-name: backend-api-infrastructure pull-repository: true - deploy-api: - if: github.event_name == 'merge_group' - name: Deploy api - runs-on: ubuntu-latest - environment: - name: production - url: ${{ steps.deploy.outputs.pipeline-url }} - outputs: - pipeline-url: ${{ steps.deploy.outputs.pipeline-url }} - steps: - name: Deploy id: deploy uses: govuk-one-login/github-actions/secure-pipelines/deploy-application@db4b3614f5f863f56a5356052262878ecec83b31 # 22/07/2024 @@ -177,4 +141,4 @@ jobs: artifact-bucket-name: ${{ vars.API_DEPLOYMENT_ARTIFACTS_BUCKET }} signing-profile-name: ${{ vars.SIGNING_PROFILE_NAME }} pipeline-name: ${{ vars.API_PIPELINE_NAME }} - artifact-name: ${{ needs.build-api.outputs.artifact-name }} + template: ./aws-sam/build/template.yml From 9102f1b87c154beef7394cac8eb3f7aa0e7350a6 Mon Sep 17 00:00:00 2001 From: Andrew Hughes-Onslow Date: Wed, 24 Jul 2024 13:24:05 +0100 Subject: [PATCH 4/7] ATO-762: Corrected frontend build structure --- .github/actions/build-frontend/action.yml | 8 +------- .github/actions/push-frontend/action.yml | 1 + .github/workflows/deploy-branch.yml | 22 +++++++++++----------- .github/workflows/deploy-dev.yml | 11 ++++++++++- .github/workflows/deploy-prod.yml | 2 ++ 5 files changed, 25 insertions(+), 19 deletions(-) diff --git a/.github/actions/build-frontend/action.yml b/.github/actions/build-frontend/action.yml index dceec07c5..306d57e29 100644 --- a/.github/actions/build-frontend/action.yml +++ b/.github/actions/build-frontend/action.yml @@ -43,10 +43,4 @@ runs: with: name: ${{ inputs.artifact-name }} retention-days: 7 - path: | - express/dist - express/resources - express/src/views - express/assets/images - express/package*.json - express/manifest.yml + path: express/dist diff --git a/.github/actions/push-frontend/action.yml b/.github/actions/push-frontend/action.yml index 4144955b2..beee72c52 100644 --- a/.github/actions/push-frontend/action.yml +++ b/.github/actions/push-frontend/action.yml @@ -60,3 +60,4 @@ runs: dockerfile: infrastructure/frontend/Dockerfile template: infrastructure/frontend/frontend.template.yml artifact-name: ${{ inputs.artifact-name }} + artifact-path: express/dist diff --git a/.github/workflows/deploy-branch.yml b/.github/workflows/deploy-branch.yml index 2786b8578..93009c6d0 100644 --- a/.github/workflows/deploy-branch.yml +++ b/.github/workflows/deploy-branch.yml @@ -19,7 +19,7 @@ permissions: jobs: build-frontend-dependencies: - if: contains(github.event.head_commit.message, '[deploy]') == true + # if: contains(github.event.head_commit.message, '[deploy]') == true name: Build frontend runs-on: ubuntu-latest environment: @@ -38,7 +38,7 @@ jobs: artifact-name: frontend-build-demo push-frontend-image: - if: contains(github.event.head_commit.message, '[deploy]') == true + # if: contains(github.event.head_commit.message, '[deploy]') == true name: Push frontend image needs: build-frontend-dependencies runs-on: ubuntu-latest @@ -65,10 +65,10 @@ jobs: image-tags: "${{ github.head_ref || github.ref_name }}" dockerfile: infrastructure/frontend/Dockerfile artifact-name: frontend-build-demo - artifact-path: dist + artifact-path: express/dist build-frontend-infrastructure: - if: contains(github.event.head_commit.message, '[deploy]') == true + # if: contains(github.event.head_commit.message, '[deploy]') == true name: Build frontend infrastructure needs: push-frontend-image runs-on: ubuntu-latest @@ -107,7 +107,7 @@ jobs: path: .aws-sam/build deploy-frontend: - if: contains(github.event.head_commit.message, '[deploy]') == true + # if: contains(github.event.head_commit.message, '[deploy]') == true name: Deploy frontend needs: [ build-frontend-infrastructure, deploy-api, deploy-cognito, deploy-dynamodb ] runs-on: ubuntu-latest @@ -159,7 +159,7 @@ jobs: echo "url=$url" >> "$GITHUB_OUTPUT" build-dynamodb: - if: contains(github.event.head_commit.message, '[deploy]') == true + # if: contains(github.event.head_commit.message, '[deploy]') == true name: Build dynamodb runs-on: ubuntu-latest environment: @@ -180,7 +180,7 @@ jobs: pull-repository: true deploy-dynamodb: - if: contains(github.event.head_commit.message, '[deploy]') == true + # if: contains(github.event.head_commit.message, '[deploy]') == true name: Deploy dynamodb needs: build-dynamodb runs-on: ubuntu-latest @@ -223,7 +223,7 @@ jobs: DeploymentName=${{ steps.get-deployment-name.outputs.pretty-branch-name }} build-cognito: - if: contains(github.event.head_commit.message, '[deploy]') == true + # if: contains(github.event.head_commit.message, '[deploy]') == true name: Build cognito runs-on: ubuntu-latest environment: @@ -245,7 +245,7 @@ jobs: pull-repository: true deploy-cognito: - if: contains(github.event.head_commit.message, '[deploy]') == true + # if: contains(github.event.head_commit.message, '[deploy]') == true name: Deploy cognito needs: build-cognito runs-on: ubuntu-latest @@ -288,7 +288,7 @@ jobs: DeploymentName=${{ steps.get-deployment-name.outputs.pretty-branch-name }} build-api: - if: contains(github.event.head_commit.message, '[deploy]') == true + # if: contains(github.event.head_commit.message, '[deploy]') == true name: Build api runs-on: ubuntu-latest environment: @@ -311,7 +311,7 @@ jobs: pull-repository: true deploy-api: - if: contains(github.event.head_commit.message, '[deploy]') == true + # if: contains(github.event.head_commit.message, '[deploy]') == true name: Deploy api needs: build-api runs-on: ubuntu-latest diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml index 9f61486fb..7d1c2bc37 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-dev.yml @@ -9,6 +9,8 @@ on: branches: - main +concurrency: deploy-development + permissions: id-token: write contents: read @@ -19,6 +21,9 @@ jobs: name: Deploy frontend runs-on: ubuntu-latest timeout-minutes: 20 + defaults: + run: + working-directory: express environment: name: development url: ${{ steps.push.outputs.pipeline-url }} @@ -36,6 +41,10 @@ jobs: with: artifact-name: frontend-build-development + - name: List build assets + id: list + run: ls -lah express/ + - name: Push id: push uses: ./.github/actions/push-frontend @@ -151,4 +160,4 @@ jobs: signing-profile-name: ${{ vars.SIGNING_PROFILE_NAME }} pipeline-name: ${{ vars.API_PIPELINE_NAME }} artifact-name: ${{ steps.build.outputs.artifact-name }} - template: .aws-sam/build/template.yml + template: .aws-sam/build/template.yaml diff --git a/.github/workflows/deploy-prod.yml b/.github/workflows/deploy-prod.yml index 380d4b808..a4c334fac 100644 --- a/.github/workflows/deploy-prod.yml +++ b/.github/workflows/deploy-prod.yml @@ -6,6 +6,8 @@ on: branches: - main-fake +concurrency: deploy-production + permissions: id-token: write contents: read From d92a0e93501a9b4ffd8d376e304ddf5637cffbe7 Mon Sep 17 00:00:00 2001 From: Andrew Hughes-Onslow Date: Wed, 24 Jul 2024 17:50:38 +0100 Subject: [PATCH 5/7] ATO-762: Added build step to docker build process. --- .github/actions/push-frontend/action.yml | 1 + .github/workflows/deploy-dev.yml | 9 +-------- infrastructure/frontend/Dockerfile | 3 ++- 3 files changed, 4 insertions(+), 9 deletions(-) diff --git a/.github/actions/push-frontend/action.yml b/.github/actions/push-frontend/action.yml index beee72c52..e79962ab4 100644 --- a/.github/actions/push-frontend/action.yml +++ b/.github/actions/push-frontend/action.yml @@ -58,6 +58,7 @@ runs: ecr-repository: ${{ inputs.container-repository-name }} pipeline-name: ${{ inputs.pipeline-name }} dockerfile: infrastructure/frontend/Dockerfile + docker-build-path: . template: infrastructure/frontend/frontend.template.yml artifact-name: ${{ inputs.artifact-name }} artifact-path: express/dist diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml index 7d1c2bc37..117c18e72 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-dev.yml @@ -21,9 +21,6 @@ jobs: name: Deploy frontend runs-on: ubuntu-latest timeout-minutes: 20 - defaults: - run: - working-directory: express environment: name: development url: ${{ steps.push.outputs.pipeline-url }} @@ -41,10 +38,6 @@ jobs: with: artifact-name: frontend-build-development - - name: List build assets - id: list - run: ls -lah express/ - - name: Push id: push uses: ./.github/actions/push-frontend @@ -52,7 +45,7 @@ jobs: deployment-role-arn: ${{ vars.FRONTEND_DEPLOYMENT_ROLE_ARN }} artifact-bucket-name: ${{ vars.FRONTEND_DEPLOYMENT_ARTIFACTS_BUCKET }} pipeline-name: ${{ vars.FRONTEND_PIPELINE_NAME }} - artifact-name: ${{ needs.build-frontend.outputs.artifact-name }} + artifact-name: ${{ steps.build.outputs.artifact-name }} dynatrace-pass-token: ${{ secrets.DYNATRACE_PAAS_TOKEN }} container-repository-name: ${{ vars.FRONTEND_CONTAINER_REPOSITORY_NAME }} test-container-repository-name: ${{ vars.FRONTEND_TEST_CONTAINER_REPOSITORY_NAME }} diff --git a/infrastructure/frontend/Dockerfile b/infrastructure/frontend/Dockerfile index 8518fce80..660b63349 100644 --- a/infrastructure/frontend/Dockerfile +++ b/infrastructure/frontend/Dockerfile @@ -14,7 +14,8 @@ COPY . . # Install project dependencies WORKDIR /app/express -RUN npm install --include-workspace-root --omit=dev +RUN npm install --include-workspace-root \ + && npm run build # Add the Dynatrace OneAgent COPY --from=khw46367.live.dynatrace.com/linux/oneagent-codemodules-musl:nodejs / / From 5a81faf75773dbb0114d9171afdebf509da7f6e8 Mon Sep 17 00:00:00 2001 From: Andrew Hughes-Onslow Date: Thu, 25 Jul 2024 11:09:33 +0100 Subject: [PATCH 6/7] ATO-762: Reduced number of workflow jobs [deploy] --- .github/workflows/deploy-branch.yml | 224 +++++++++------------------- .github/workflows/deploy-dev.yml | 25 ++-- .github/workflows/deploy-prod.yml | 22 +-- 3 files changed, 95 insertions(+), 176 deletions(-) diff --git a/.github/workflows/deploy-branch.yml b/.github/workflows/deploy-branch.yml index 93009c6d0..0840f4598 100644 --- a/.github/workflows/deploy-branch.yml +++ b/.github/workflows/deploy-branch.yml @@ -18,29 +18,9 @@ permissions: contents: read jobs: - build-frontend-dependencies: - # if: contains(github.event.head_commit.message, '[deploy]') == true - name: Build frontend - runs-on: ubuntu-latest - environment: - name: demo - outputs: - artifact-name: ${{ steps.build.outputs.artifact-id }} - steps: - - name: Pull repository - id: checkout - uses: actions/checkout@v4 - - - name: Build - id: build - uses: ./.github/actions/build-frontend - with: - artifact-name: frontend-build-demo - push-frontend-image: - # if: contains(github.event.head_commit.message, '[deploy]') == true + if: contains(github.event.head_commit.message, '[deploy]') == true name: Push frontend image - needs: build-frontend-dependencies runs-on: ubuntu-latest environment: name: demo @@ -64,26 +44,34 @@ jobs: repository: ${{ vars.FRONTEND_CONTAINER_REPOSITORY_NAME }} image-tags: "${{ github.head_ref || github.ref_name }}" dockerfile: infrastructure/frontend/Dockerfile - artifact-name: frontend-build-demo - artifact-path: express/dist - build-frontend-infrastructure: - # if: contains(github.event.head_commit.message, '[deploy]') == true - name: Build frontend infrastructure - needs: push-frontend-image + deploy-frontend: + if: contains(github.event.head_commit.message, '[deploy]') == true + name: Deploy frontend (demo) + needs: [ push-frontend-image, deploy-api, deploy-cognito, deploy-dynamodb ] runs-on: ubuntu-latest + outputs: + stack-name: ${{ steps.deploy.outputs.stack-name }} + stack-url: ${{ steps.deploy.outputs.stack-url }} + deployment-url: ${{ steps.get-deployment-url.outputs.url }} environment: name: demo - outputs: - template: ${{ steps.replace-placeholders.outputs.template }} + url: ${{ steps.get-deployment-url.outputs.url || steps.deploy.outputs.stack-url }} steps: - name: Pull repository id: checkout uses: actions/checkout@v4 - - name: Replace placeholders - if: ${{ github.actor != 'dependabot[bot]' }} - id: replace-placeholders + - name: Get deployment name + id: get-deployment-name + uses: govuk-one-login/github-actions/beautify-branch-name@7d56b09b4d2a9a9c6005843d28f31a2333ad1373 # 13/03/2024 + with: + length-limit: 22 + prefix: preview + verbose: false + + - name: Build + id: build env: TEMPLATE_FILE: infrastructure/frontend/frontend.template.yml IMAGE_URI: ${{ needs.push-frontend-image.outputs.image-uri }} @@ -99,34 +87,7 @@ jobs: echo "WARNING!!! Image placeholder text \"CONTAINER-IMAGE-PLACEHOLDER\" not found - uploading template anyway" fi - - name: Archive distribution artifact - uses: actions/upload-artifact@v4 - with: - name: frontend-infrastructure - retention-days: 7 - path: .aws-sam/build - - deploy-frontend: - # if: contains(github.event.head_commit.message, '[deploy]') == true - name: Deploy frontend - needs: [ build-frontend-infrastructure, deploy-api, deploy-cognito, deploy-dynamodb ] - runs-on: ubuntu-latest - outputs: - stack-name: ${{ steps.deploy.outputs.stack-name }} - deployment-url: ${{ steps.get-deployment-url.outputs.url }} - environment: - name: demo - url: ${{ steps.get-deployment-url.outputs.url || steps.deploy.outputs.stack-url }} - steps: - - name: Get deployment name - uses: govuk-one-login/github-actions/beautify-branch-name@7d56b09b4d2a9a9c6005843d28f31a2333ad1373 # 13/03/2024 - id: get-deployment-name - with: - length-limit: 22 - prefix: preview - verbose: false - - - name: Deploy stack + - name: Deploy uses: govuk-one-login/github-actions/sam/deploy-stack@db4b3614f5f863f56a5356052262878ecec83b31 # 22/07/2024 id: deploy with: @@ -135,9 +96,7 @@ jobs: delete-failed-stack: true disable-rollback: false stack-name-prefix: preview-frontend - artifact-name: frontend-infrastructure - artifact-path: .aws-sam/build - template: ${{ needs.build-frontend-infrastructure.outputs.template }} + template: ${{ steps.build.outputs.template }} s3-prefix: sse-preview tags: |- sse:component=frontend @@ -158,16 +117,26 @@ jobs: printf "🌐 Deployment URL\n%s" "$url" >> "$GITHUB_STEP_SUMMARY" echo "url=$url" >> "$GITHUB_OUTPUT" - build-dynamodb: - # if: contains(github.event.head_commit.message, '[deploy]') == true - name: Build dynamodb + deploy-dynamodb: + if: contains(github.event.head_commit.message, '[deploy]') == true + name: Deploy dynamodb (demo) runs-on: ubuntu-latest environment: name: demo + url: ${{ steps.deploy.outputs.stack-url }} outputs: - artifact-name: ${{ steps.build.outputs.artifact-name }} + stack-name: ${{ steps.deploy.outputs.stack-name }} + stack-url: ${{ steps.deploy.outputs.stack-url }} cache-key: ${{ steps.build.outputs.cache-key }} steps: + - name: Get deployment name + uses: govuk-one-login/github-actions/beautify-branch-name@db4b3614f5f863f56a5356052262878ecec83b31 # 22/07/2024 + id: get-deployment-name + with: + length-limit: 22 + prefix: preview + verbose: false + - name: Build id: build uses: govuk-one-login/github-actions/sam/build-application@6144f39407b01c9b25b39537b3956deca9e32620 # 22/02/2024 @@ -179,27 +148,7 @@ jobs: artifact-name: backend-dynamodb-infrastructure pull-repository: true - deploy-dynamodb: - # if: contains(github.event.head_commit.message, '[deploy]') == true - name: Deploy dynamodb - needs: build-dynamodb - runs-on: ubuntu-latest - environment: - name: demo - url: ${{ steps.deploy.outputs.stack-url }} - outputs: - stack-name: ${{ steps.build.outputs.stack-name }} - stack-url: ${{ steps.build.outputs.stack-url }} - steps: - - name: Get deployment name - uses: govuk-one-login/github-actions/beautify-branch-name@db4b3614f5f863f56a5356052262878ecec83b31 # 22/07/2024 - id: get-deployment-name - with: - length-limit: 22 - prefix: preview - verbose: false - - - name: Deploy stack + - name: Deploy uses: govuk-one-login/github-actions/sam/deploy-stack@db4b3614f5f863f56a5356052262878ecec83b31 # 22/07/2024 id: deploy with: @@ -208,10 +157,8 @@ jobs: delete-failed-stack: true disable-rollback: false stack-name-prefix: preview-dynamodb - artifact-name: ${{ needs.build-dynamodb.outputs.artifact-name }} - artifact-path: .aws-sam/build template: .aws-sam/build/template.yaml - cache-name: ${{ needs.build-dynamodb.outputs.cache-key }} + cache-name: ${{ steps.build.outputs.cache-key }} s3-prefix: sse-preview tags: |- sse:component=dynamodb @@ -222,16 +169,26 @@ jobs: parameters: |- DeploymentName=${{ steps.get-deployment-name.outputs.pretty-branch-name }} - build-cognito: - # if: contains(github.event.head_commit.message, '[deploy]') == true - name: Build cognito + deploy-cognito: + if: contains(github.event.head_commit.message, '[deploy]') == true + name: Deploy cognito (demo) runs-on: ubuntu-latest environment: name: demo + url: ${{ steps.deploy.outputs.stack-url }} outputs: - artifact-name: ${{ steps.build.outputs.artifact-name }} + stack-name: ${{ steps.deploy.outputs.stack-name }} + stack-url: ${{ steps.deploy.outputs.stack-url }} cache-key: ${{ steps.build.outputs.cache-key }} steps: + - name: Get deployment name + uses: govuk-one-login/github-actions/beautify-branch-name@db4b3614f5f863f56a5356052262878ecec83b31 # 22/07/2024 + id: get-deployment-name + with: + length-limit: 22 + prefix: preview + verbose: false + - name: Build id: build uses: govuk-one-login/github-actions/sam/build-application@6144f39407b01c9b25b39537b3956deca9e32620 # 22/02/2024 @@ -244,26 +201,6 @@ jobs: artifact-name: backend-cognito-infrastructure pull-repository: true - deploy-cognito: - # if: contains(github.event.head_commit.message, '[deploy]') == true - name: Deploy cognito - needs: build-cognito - runs-on: ubuntu-latest - environment: - name: demo - url: ${{ steps.deploy.outputs.stack-url }} - outputs: - stack-name: ${{ steps.build.outputs.stack-name }} - stack-url: ${{ steps.build.outputs.stack-url }} - steps: - - name: Get deployment name - uses: govuk-one-login/github-actions/beautify-branch-name@db4b3614f5f863f56a5356052262878ecec83b31 # 22/07/2024 - id: get-deployment-name - with: - length-limit: 22 - prefix: preview - verbose: false - - name: Deploy stack uses: govuk-one-login/github-actions/sam/deploy-stack@db4b3614f5f863f56a5356052262878ecec83b31 # 22/07/2024 id: deploy @@ -273,10 +210,8 @@ jobs: delete-failed-stack: true disable-rollback: false stack-name-prefix: preview-cognito - artifact-name: ${{ needs.build-cognito.outputs.artifact-name }} - artifact-path: .aws-sam/build template: .aws-sam/build/template.yaml - cache-name: ${{ needs.build-cognito.outputs.cache-key }} + cache-name: ${{ steps.build.outputs.cache-key }} s3-prefix: sse-preview tags: |- sse:component=cognito @@ -287,16 +222,26 @@ jobs: parameters: |- DeploymentName=${{ steps.get-deployment-name.outputs.pretty-branch-name }} - build-api: - # if: contains(github.event.head_commit.message, '[deploy]') == true - name: Build api + deploy-api: + if: contains(github.event.head_commit.message, '[deploy]') == true + name: Deploy API (demo) runs-on: ubuntu-latest environment: name: demo + url: ${{ steps.deploy.outputs.stack-url }} outputs: - artifact-name: ${{ steps.build.outputs.artifact-name }} + stack-name: ${{ steps.deploy.outputs.stack-name }} + stack-url: ${{ steps.deploy.outputs.stack-url }} cache-key: ${{ steps.build.outputs.cache-key }} steps: + - name: Get deployment name + uses: govuk-one-login/github-actions/beautify-branch-name@db4b3614f5f863f56a5356052262878ecec83b31 # 22/07/2024 + id: get-deployment-name + with: + length-limit: 22 + prefix: preview + verbose: false + - name: Build id: build uses: govuk-one-login/github-actions/sam/build-application@6144f39407b01c9b25b39537b3956deca9e32620 # 22/02/2024 @@ -310,36 +255,6 @@ jobs: artifact-name: backend-api-infrastructure pull-repository: true - deploy-api: - # if: contains(github.event.head_commit.message, '[deploy]') == true - name: Deploy api - needs: build-api - runs-on: ubuntu-latest - environment: - name: demo - url: ${{ steps.deploy.outputs.stack-url }} - outputs: - stack-name: ${{ steps.build.outputs.stack-name }} - stack-url: ${{ steps.build.outputs.stack-url }} - steps: - - name: Get deployment name - uses: govuk-one-login/github-actions/beautify-branch-name@db4b3614f5f863f56a5356052262878ecec83b31 # 22/07/2024 - id: get-deployment-name - with: - length-limit: 22 - prefix: preview - verbose: false - - - name: List build assets - id: get-deployment-url - env: - NAME: AdminToolURL - OUTPUTS: ${{ steps.deploy.outputs.stack-outputs }} - run: | - url=$(jq --raw-output ".$NAME" <<< "$OUTPUTS") - printf "🌐 Deployment URL\n%s" "$url" >> "$GITHUB_STEP_SUMMARY" - echo "url=$url" >> "$GITHUB_OUTPUT" - - name: Deploy stack uses: govuk-one-login/github-actions/sam/deploy-stack@db4b3614f5f863f56a5356052262878ecec83b31 # 22/07/2024 id: deploy @@ -349,9 +264,8 @@ jobs: delete-failed-stack: true disable-rollback: false stack-name-prefix: preview-api - artifact-name: ${{ needs.build-api.outputs.artifact-name }} template: .aws-sam/build/template.yaml - cache-name: ${{ needs.build-api.outputs.cache-key }} + cache-name: ${{ steps.build.outputs.cache-key }} s3-prefix: sse-preview tags: |- sse:component=api @@ -360,4 +274,4 @@ jobs: sse:application=self-service sse:deployment-source=github-actions parameters: |- - DeploymentName=${{ steps.get-deployment-name.outputs.pretty-branch-name }} \ No newline at end of file + DeploymentName=${{ steps.get-deployment-name.outputs.pretty-branch-name }} diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml index 117c18e72..2dfc9f0c8 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-dev.yml @@ -16,9 +16,10 @@ permissions: contents: read jobs: - build-frontend: - # if: github.event_name == 'merge_group' - name: Deploy frontend + deploy-frontend: + if: github.event_name == 'merge_group' + name: Deploy Frontend (dev) + needs: [ deploy-api, deploy-cognito, deploy-dynamodb ] runs-on: ubuntu-latest timeout-minutes: 20 environment: @@ -50,9 +51,9 @@ jobs: container-repository-name: ${{ vars.FRONTEND_CONTAINER_REPOSITORY_NAME }} test-container-repository-name: ${{ vars.FRONTEND_TEST_CONTAINER_REPOSITORY_NAME }} - build-dynamo: - # if: github.event_name == 'merge_group' - name: Build dynamodb + deploy-dynamodb: + if: github.event_name == 'merge_group' + name: Deploy Dynamodb (dev) runs-on: ubuntu-latest environment: name: development @@ -84,9 +85,9 @@ jobs: pipeline-name: ${{ vars.DYNAMODB_PIPELINE_NAME }} artifact-name: ${{ steps.build.outputs.artifact-name }} - build-cognito: - # if: github.event_name == 'merge_group' - name: Build cognito + deploy-cognito: + if: github.event_name == 'merge_group' + name: Deploy Cognito (dev) runs-on: ubuntu-latest environment: name: development @@ -119,9 +120,9 @@ jobs: pipeline-name: ${{ vars.COGNITO_PIPELINE_NAME }} artifact-name: ${{ steps.build.outputs.artifact-name }} - build-api: - # if: github.event_name == 'merge_group' - name: Deploy API + deploy-api: + if: github.event_name == 'merge_group' + name: Deploy API (dev) runs-on: ubuntu-latest environment: name: development diff --git a/.github/workflows/deploy-prod.yml b/.github/workflows/deploy-prod.yml index a4c334fac..f8c784dcf 100644 --- a/.github/workflows/deploy-prod.yml +++ b/.github/workflows/deploy-prod.yml @@ -14,14 +14,15 @@ permissions: jobs: deploy-frontend: - name: Deploy frontend + name: Deploy Frontend (prod) + needs: [ deploy-api, deploy-cognito, deploy-dynamodb ] runs-on: ubuntu-latest timeout-minutes: 20 environment: name: production url: ${{ steps.push.outputs.pipeline-url }} outputs: - artifact-name: ${{ steps.build.outputs.artifact-id }} + artifact-name: ${{ steps.build.outputs.artifact-name }} pipeline-url: ${{ steps.push.outputs.pipeline-url }} steps: - name: Pull repository @@ -32,7 +33,7 @@ jobs: id: build uses: ./.github/actions/build-frontend with: - artifact-name: frontend-build-production + artifact-name: frontend-build-development - name: Push id: push @@ -41,12 +42,13 @@ jobs: deployment-role-arn: ${{ vars.FRONTEND_DEPLOYMENT_ROLE_ARN }} artifact-bucket-name: ${{ vars.FRONTEND_DEPLOYMENT_ARTIFACTS_BUCKET }} pipeline-name: ${{ vars.FRONTEND_PIPELINE_NAME }} + artifact-name: ${{ steps.build.outputs.artifact-name }} dynatrace-pass-token: ${{ secrets.DYNATRACE_PAAS_TOKEN }} container-repository-name: ${{ vars.FRONTEND_CONTAINER_REPOSITORY_NAME }} test-container-repository-name: ${{ vars.FRONTEND_TEST_CONTAINER_REPOSITORY_NAME }} - deploy-dynamo: - name: Build dynamodb + deploy-dynamodb: + name: Deploy Dynamodb (prod) runs-on: ubuntu-latest environment: name: production @@ -76,9 +78,10 @@ jobs: artifact-bucket-name: ${{ vars.DYNAMODB_DEPLOYMENT_ARTIFACTS_BUCKET }} signing-profile-name: ${{ vars.SIGNING_PROFILE_NAME }} pipeline-name: ${{ vars.DYNAMODB_PIPELINE_NAME }} + artifact-name: ${{ steps.build.outputs.artifact-name }} deploy-cognito: - name: Build cognito + name: Deploy Cognito (prod) runs-on: ubuntu-latest environment: name: production @@ -109,9 +112,10 @@ jobs: artifact-bucket-name: ${{ vars.COGNITO_DEPLOYMENT_ARTIFACTS_BUCKET }} signing-profile-name: ${{ vars.SIGNING_PROFILE_NAME }} pipeline-name: ${{ vars.COGNITO_PIPELINE_NAME }} + artifact-name: ${{ steps.build.outputs.artifact-name }} deploy-api: - name: Build api + name: Deploy API (prod) runs-on: ubuntu-latest environment: name: production @@ -128,7 +132,6 @@ jobs: template: backend/api/api.template.yml manifest: backend/api/package.json base-dir: backend/api - source-dir: backend/api additional-artifact-paths: backend/api/state-machines cache-name: backend-api-infra artifact-name: backend-api-infrastructure @@ -143,4 +146,5 @@ jobs: artifact-bucket-name: ${{ vars.API_DEPLOYMENT_ARTIFACTS_BUCKET }} signing-profile-name: ${{ vars.SIGNING_PROFILE_NAME }} pipeline-name: ${{ vars.API_PIPELINE_NAME }} - template: ./aws-sam/build/template.yml + artifact-name: ${{ steps.build.outputs.artifact-name }} + template: .aws-sam/build/template.yaml From aa5ae95ca10886a0cea43e87bf7f3fba0e3bf8c2 Mon Sep 17 00:00:00 2001 From: Andrew Hughes-Onslow Date: Thu, 25 Jul 2024 13:20:14 +0100 Subject: [PATCH 7/7] ATO-762: Enabled full deployment to production. --- .github/actions/push-frontend/action.yml | 7 ------- .github/workflows/deploy-branch.yml | 2 +- .github/workflows/deploy-dev.yml | 14 ++++---------- .github/workflows/deploy-prod.yml | 16 +++++----------- 4 files changed, 10 insertions(+), 29 deletions(-) diff --git a/.github/actions/push-frontend/action.yml b/.github/actions/push-frontend/action.yml index e79962ab4..70c3403bb 100644 --- a/.github/actions/push-frontend/action.yml +++ b/.github/actions/push-frontend/action.yml @@ -1,10 +1,6 @@ name: "Build and push application" description: "Build the container and push the application through secure pipelines" inputs: - artifact-name: - description: "The artifact name where the build cache is stored" - required: true - default: frontend-build artifact-bucket-name: description: "The source bucket to push the deployment artifacts to" required: true @@ -58,7 +54,4 @@ runs: ecr-repository: ${{ inputs.container-repository-name }} pipeline-name: ${{ inputs.pipeline-name }} dockerfile: infrastructure/frontend/Dockerfile - docker-build-path: . template: infrastructure/frontend/frontend.template.yml - artifact-name: ${{ inputs.artifact-name }} - artifact-path: express/dist diff --git a/.github/workflows/deploy-branch.yml b/.github/workflows/deploy-branch.yml index 0840f4598..9dfd7a6f7 100644 --- a/.github/workflows/deploy-branch.yml +++ b/.github/workflows/deploy-branch.yml @@ -48,7 +48,7 @@ jobs: deploy-frontend: if: contains(github.event.head_commit.message, '[deploy]') == true name: Deploy frontend (demo) - needs: [ push-frontend-image, deploy-api, deploy-cognito, deploy-dynamodb ] + needs: [ push-frontend-image ] runs-on: ubuntu-latest outputs: stack-name: ${{ steps.deploy.outputs.stack-name }} diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml index 2dfc9f0c8..df0d977d9 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-dev.yml @@ -19,26 +19,18 @@ jobs: deploy-frontend: if: github.event_name == 'merge_group' name: Deploy Frontend (dev) - needs: [ deploy-api, deploy-cognito, deploy-dynamodb ] runs-on: ubuntu-latest - timeout-minutes: 20 + timeout-minutes: 30 environment: name: development url: ${{ steps.push.outputs.pipeline-url }} outputs: - artifact-name: ${{ steps.build.outputs.artifact-name }} pipeline-url: ${{ steps.push.outputs.pipeline-url }} steps: - name: Pull repository id: checkout uses: actions/checkout@v4 - - name: Build - id: build - uses: ./.github/actions/build-frontend - with: - artifact-name: frontend-build-development - - name: Push id: push uses: ./.github/actions/push-frontend @@ -46,7 +38,6 @@ jobs: deployment-role-arn: ${{ vars.FRONTEND_DEPLOYMENT_ROLE_ARN }} artifact-bucket-name: ${{ vars.FRONTEND_DEPLOYMENT_ARTIFACTS_BUCKET }} pipeline-name: ${{ vars.FRONTEND_PIPELINE_NAME }} - artifact-name: ${{ steps.build.outputs.artifact-name }} dynatrace-pass-token: ${{ secrets.DYNATRACE_PAAS_TOKEN }} container-repository-name: ${{ vars.FRONTEND_CONTAINER_REPOSITORY_NAME }} test-container-repository-name: ${{ vars.FRONTEND_TEST_CONTAINER_REPOSITORY_NAME }} @@ -55,6 +46,7 @@ jobs: if: github.event_name == 'merge_group' name: Deploy Dynamodb (dev) runs-on: ubuntu-latest + timeout-minutes: 10 environment: name: development url: ${{ steps.deploy.outputs.pipeline-url }} @@ -89,6 +81,7 @@ jobs: if: github.event_name == 'merge_group' name: Deploy Cognito (dev) runs-on: ubuntu-latest + timeout-minutes: 10 environment: name: development url: ${{ steps.deploy.outputs.pipeline-url }} @@ -124,6 +117,7 @@ jobs: if: github.event_name == 'merge_group' name: Deploy API (dev) runs-on: ubuntu-latest + timeout-minutes: 15 environment: name: development url: ${{ steps.deploy.outputs.pipeline-url }} diff --git a/.github/workflows/deploy-prod.yml b/.github/workflows/deploy-prod.yml index f8c784dcf..0ef92fc2f 100644 --- a/.github/workflows/deploy-prod.yml +++ b/.github/workflows/deploy-prod.yml @@ -4,7 +4,7 @@ run-name: Deploy to production [${{ github.head_ref || github.ref_name }}] on: push: branches: - - main-fake + - main concurrency: deploy-production @@ -15,26 +15,18 @@ permissions: jobs: deploy-frontend: name: Deploy Frontend (prod) - needs: [ deploy-api, deploy-cognito, deploy-dynamodb ] runs-on: ubuntu-latest - timeout-minutes: 20 + timeout-minutes: 30 environment: name: production url: ${{ steps.push.outputs.pipeline-url }} outputs: - artifact-name: ${{ steps.build.outputs.artifact-name }} pipeline-url: ${{ steps.push.outputs.pipeline-url }} steps: - name: Pull repository id: checkout uses: actions/checkout@v4 - - name: Build - id: build - uses: ./.github/actions/build-frontend - with: - artifact-name: frontend-build-development - - name: Push id: push uses: ./.github/actions/push-frontend @@ -42,7 +34,6 @@ jobs: deployment-role-arn: ${{ vars.FRONTEND_DEPLOYMENT_ROLE_ARN }} artifact-bucket-name: ${{ vars.FRONTEND_DEPLOYMENT_ARTIFACTS_BUCKET }} pipeline-name: ${{ vars.FRONTEND_PIPELINE_NAME }} - artifact-name: ${{ steps.build.outputs.artifact-name }} dynatrace-pass-token: ${{ secrets.DYNATRACE_PAAS_TOKEN }} container-repository-name: ${{ vars.FRONTEND_CONTAINER_REPOSITORY_NAME }} test-container-repository-name: ${{ vars.FRONTEND_TEST_CONTAINER_REPOSITORY_NAME }} @@ -50,6 +41,7 @@ jobs: deploy-dynamodb: name: Deploy Dynamodb (prod) runs-on: ubuntu-latest + timeout-minutes: 10 environment: name: production url: ${{ steps.deploy.outputs.pipeline-url }} @@ -83,6 +75,7 @@ jobs: deploy-cognito: name: Deploy Cognito (prod) runs-on: ubuntu-latest + timeout-minutes: 10 environment: name: production url: ${{ steps.deploy.outputs.pipeline-url }} @@ -117,6 +110,7 @@ jobs: deploy-api: name: Deploy API (prod) runs-on: ubuntu-latest + timeout-minutes: 15 environment: name: production url: ${{ steps.deploy.outputs.pipeline-url }}