Merge pull request #462 from communitiesuk/FS-3718

FS-3718 - Add dev deploy
communitiesuk · Nov 3, 2023 · 46b161c · 46b161c
2 parents 705daed + 27a10f4
commit 46b161c
Show file tree

Hide file tree

Showing 2 changed files with 110 additions and 39 deletions.
diff --git a/.github/workflows/copilot_deploy.yml b/.github/workflows/copilot_deploy.yml
@@ -8,8 +8,10 @@ on:
         type: choice
         required: true
         options:
+        - dev
         - test
         - uat
+        - production
       run_performance_tests:
         required: false
         default: false
@@ -24,6 +26,10 @@ on:
     paths: # Ignore README markdown and only deploy when something in the copilot folder has changed
       - 'copilot/**'
       - '!**/README.md'
+      - 'requirements-dev.in'
+      - 'requirements-dev.txt'
+      - 'requirements.in'
+      - 'requirements.txt'
   pull_request:
     types:
       - closed # Further protection - only allow this workflow to run automatically on closed pull requests
@@ -44,52 +50,62 @@ jobs:
     uses: communitiesuk/funding-design-service-workflows/.github/workflows/pre-deploy.yml@main
     with:
       postgres_unit_testing: false
-  copilot_build:
-    if: github.event.pull_request.merged == true
+
+  dev_copilot_deploy:
+    if: inputs.environment == 'dev' || inputs.environment == ''
+    needs: [pre_deploy_tests, paketo_build]
+    concurrency: deploy-dev
+    secrets:
+      AWS_ACCOUNT: ${{ secrets.AWS_ACCOUNT }}
+    uses: ./.github/workflows/environment.yml
     permissions:
       id-token: write # This is required for requesting the JWT
       contents: read  # This is required for actions/checkout
-    runs-on: ubuntu-latest
-    environment: ${{ inputs.environment || 'test' }}
-    steps:
-    - name: Git clone the repository
-      uses: actions/checkout@v3
-
-    - name: Get current date
-      id: currentdatetime
-      run: echo "datetime=$(date +'%Y%m%d%H%M%S')" >> $GITHUB_OUTPUT
-
-    - name: configure aws credentials
-      uses: aws-actions/configure-aws-credentials@v2
-      with:
-        role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT }}:role/GithubCopilotDeploy
-        role-session-name: ASSESSMENT_COPILOT_${{ steps.currentdatetime.outputs.datetime }}
-        aws-region: eu-west-2
-
-    - name: Install AWS Copilot CLI
-      run: |
-        curl -Lo aws-copilot https://github.com/aws/copilot-cli/releases/latest/download/copilot-linux && chmod +x aws-copilot && sudo mv aws-copilot /usr/local/bin/copilot
-
-    - name: Inject Git SHA into manifest
-      run: |
-        yq -i '.variables.GITHUB_SHA = "${{ github.sha }}"'  copilot/fsd-assessment/manifest.yml
+    with:
+      workspace: 'dev'
 
-    - name: Inject RSA256_PUBLIC_KEY_BASE64 into manifest
-      run: |
-        yq -i '.variables.RSA256_PUBLIC_KEY_BASE64 = "${{ secrets.RSA256_PUBLIC_KEY_BASE64 }}"'  copilot/fsd-assessment/manifest.yml
+  test_copilot_deploy:
+    if: inputs.environment == 'test' || inputs.environment == ''
+    needs: [pre_deploy_tests, paketo_build]
+    concurrency: deploy-test
+    secrets:
+      AWS_ACCOUNT: ${{ secrets.AWS_ACCOUNT }}
+    uses: ./.github/workflows/environment.yml
+    permissions:
+      id-token: write # This is required for requesting the JWT
+      contents: read  # This is required for actions/checkout
+    with:
+      workspace: 'test'
 
-    - name: Inject replacement image into manifest
-      run: |
-        yq -i '.image.location = "ghcr.io/communitiesuk/funding-service-design-assessment:${{ github.ref_name }}"'  copilot/fsd-assessment/manifest.yml
+  # Allow the capability to override UAT with another branch, but ideally uat and production should be in sync as much as possible
+  uat_copilot_deploy:
+    if: inputs.environment == 'uat' || inputs.environment == ''
+    needs: [pre_deploy_tests, paketo_build]
+    concurrency: deploy-uat
+    secrets:
+      AWS_ACCOUNT: ${{ secrets.AWS_ACCOUNT }}
+    uses: ./.github/workflows/environment.yml
+    permissions:
+      id-token: write # This is required for requesting the JWT
+      contents: read  # This is required for actions/checkout
+    with:
+      workspace: 'uat'
 
-    - name: Replace AUTHENTICATOR_HOST variable
-      if: ${{ inputs.environment == 'prod' }}
-      run: |
-        yq -i '.variables.AUTHENTICATOR_HOST = "https://authenticator.${{ inputs.environment }}.levellingup.gov.uk"'  copilot/fsd-assessment/manifest.yml
+  # Only run this if the branch being deployed is main
+  production_copilot_deploy:
+    if: (inputs.environment == 'production' || inputs.environment == '') && github.ref == 'refs/heads/main'
+    needs: [pre_deploy_tests, paketo_build]
+    concurrency: deploy-production
+    secrets:
+      AWS_ACCOUNT: ${{ secrets.AWS_ACCOUNT }}
+      RSA256_PUBLIC_KEY_BASE64: ${{ secrets.RSA256_PUBLIC_KEY_BASE64 }}
+    uses: ./.github/workflows/environment.yml
+    permissions:
+      id-token: write # This is required for requesting the JWT
+      contents: read  # This is required for actions/checkout
+    with:
+      workspace: 'production'
 
-    - name: Copilot deploy
-      run: |
-        copilot deploy --env ${{ inputs.environment || 'test' }}
   post_deploy_tests:
     needs: copilot_build
     secrets:

diff --git a/.github/workflows/environment.yml b/.github/workflows/environment.yml
@@ -0,0 +1,55 @@
+name: Environment Deployment
+on:
+  workflow_call:
+    inputs:
+      workspace:
+        required: true
+        type: string
+
+jobs:
+  copilot_deploy:
+    permissions:
+      id-token: write # This is required for requesting the JWT
+      contents: read  # This is required for actions/checkout
+    runs-on: ubuntu-latest
+    environment: ${{ inputs.workspace }}
+    steps:
+    - name: Git clone the repository
+      uses: actions/checkout@v3
+
+    - name: Get current date
+      id: currentdatetime
+      run: echo "datetime=$(date +'%Y%m%d%H%M%S')" >> $GITHUB_OUTPUT
+
+    - name: configure aws credentials
+      uses: aws-actions/configure-aws-credentials@v2
+      with:
+        role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT }}:role/GithubCopilotDeploy
+        role-session-name: ASSESSMENT_${{ inputs.workspace }}_COPILOT_${{ steps.currentdatetime.outputs.datetime }}
+        aws-region: eu-west-2
+
+    - name: Install AWS Copilot CLI
+      run: |
+        curl -Lo aws-copilot https://github.com/aws/copilot-cli/releases/latest/download/copilot-linux && chmod +x aws-copilot && sudo mv aws-copilot /usr/local/bin/copilot
+
+    - name: Inject Git SHA into manifest
+      run: |
+        yq -i '.variables.GITHUB_SHA = "${{ github.sha }}"'  copilot/fsd-assessment/manifest.yml
+
+    - name: Inject replacement image into manifest
+      run: |
+        yq -i '.image.location = "ghcr.io/communitiesuk/funding-service-design-assessment:${{ github.ref_name == 'main' && 'latest' || github.ref_name }}"'  copilot/fsd-assessment/manifest.yml
+
+    - name: Inject RSA256_PUBLIC_KEY_BASE64 into manifest
+      run: |
+        yq -i '.variables.RSA256_PUBLIC_KEY_BASE64 = "${{ secrets.RSA256_PUBLIC_KEY_BASE64 }}"'  copilot/fsd-assessment/manifest.yml
+
+    - name: Replace AUTHENTICATOR_HOST variable
+      if: ${{ inputs.environment == 'prod' }}
+      run: |
+        yq -i '.variables.AUTHENTICATOR_HOST = "https://authenticator.${{ inputs.environment }}.levellingup.gov.uk"'  copilot/fsd-assessment/manifest.yml
+
+    - name: Copilot ${{ inputs.workspace }} deploy
+      id: deploy_build
+      run: |
+        copilot svc deploy --env ${{ inputs.workspace }}