Merge pull request #2052 from govuk-one-login/dfc-653_add-missing-opl… #120
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and Deploy frontend | |
on: | |
push: | |
branches: | |
- main | |
concurrency: | |
group: "deploy-frontend" | |
cancel-in-progress: false | |
jobs: | |
pr-data: | |
name: Get data for merged PR | |
permissions: | |
contents: read | |
pull-requests: read | |
uses: ./.github/workflows/call_get_pr_data.yml | |
build-frontend: | |
name: Build and push Frontend | |
permissions: | |
id-token: write | |
contents: read | |
uses: ./.github/workflows/call_build-push-docker-image.yml | |
with: | |
aws-region: eu-west-2 | |
secrets: | |
dynatrace_registry: ${{ secrets.DYNATRACE_REGISTRY_NAME }} | |
dynatrace_token: ${{ secrets.DYNATRACE_PAAS_TOKEN }} | |
deployer_role: ${{ secrets.DEPLOYER_ROLE }} | |
ecr_repo: ${{ secrets.TOOLING_ECR_FRONTEND_REPO }} | |
build-sidecar: | |
name: Build and push Basic Auth Sidecar | |
permissions: | |
id-token: write | |
contents: read | |
uses: ./.github/workflows/call_build-push-docker-image.yml | |
with: | |
aws-region: eu-west-2 | |
context: basic-auth-sidecar | |
secrets: | |
dynatrace_registry: ${{ secrets.DYNATRACE_REGISTRY_NAME }} | |
dynatrace_token: ${{ secrets.DYNATRACE_PAAS_TOKEN }} | |
deployer_role: ${{ secrets.DEPLOYER_ROLE }} | |
ecr_repo: ${{ secrets.BASIC_SIDECAR_ECR_REPO }} | |
build-service-down: | |
name: Build and push Service Down Page | |
permissions: | |
id-token: write | |
contents: read | |
uses: ./.github/workflows/call_build-push-docker-image.yml | |
with: | |
aws-region: eu-west-2 | |
context: service-down-page-config | |
secrets: | |
dynatrace_registry: ${{ secrets.DYNATRACE_REGISTRY_NAME }} | |
dynatrace_token: ${{ secrets.DYNATRACE_PAAS_TOKEN }} | |
deployer_role: ${{ secrets.DEPLOYER_ROLE }} | |
ecr_repo: ${{ secrets.SERVICE_DOWN_ECR_REPO }} | |
deploy: | |
needs: | |
- build-frontend | |
- build-sidecar | |
- build-service-down | |
- pr-data | |
runs-on: ubuntu-latest | |
timeout-minutes: 60 | |
permissions: | |
id-token: write | |
contents: read | |
steps: | |
- name: Checkout | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
- name: Set up AWS credentials | |
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 | |
with: | |
role-to-assume: ${{ secrets.DEPLOY_ROLE }} | |
aws-region: eu-west-2 | |
- name: Upload frontend Terraform files | |
working-directory: ci/terraform | |
env: | |
METADATA: ${{ needs.pr-data.outputs.data }} | |
run: | | |
echo "::group::Zip up frontend terraform" | |
zip -r frontend.zip . | |
echo "::endgroup::" | |
echo "::group::Upload artifact to S3" | |
OBJECT_VERSION="$(aws s3api put-object \ | |
--bucket ${{ secrets.ARTIFACT_BUCKET }} \ | |
--key frontend.zip \ | |
--body frontend.zip \ | |
--metadata "${METADATA}" \ | |
--query VersionId --output text)" | |
echo "::endgroup::" | |
echo "::notice title=Final artifact uploaded to S3::object: frontend.zip, version: ${OBJECT_VERSION}" |