deploy-dev #620
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: deploy-dev | |
| on: | |
| workflow_run: | |
| branches: | |
| - main | |
| workflows: | |
| - build-and-test | |
| types: | |
| - completed | |
| conclusion: | |
| - success | |
| jobs: | |
| deploy-csv-exporter: | |
| runs-on: ubuntu-latest | |
| environment: dev | |
| defaults: | |
| run: | |
| working-directory: csv-exporter | |
| env: | |
| SLS_DEBUG: 1 | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: actions/setup-node@v3 | |
| with: | |
| node-version: 16 | |
| - run: npm ci | |
| - run: npx serverless config credentials --provider aws --key ${{ secrets.SERVERLESS_AWS_ACCESS_KEY_ID }} --secret ${{ secrets.SERVERLESS_AWS_SECRET_ACCESS_KEY }} --profile k8sDev | |
| - run: npx serverless deploy --aws-profile=k8sDev --verbose --debug=* | |
| deploy-ui: | |
| uses: nhsx/standards-registry/.github/workflows/helm-deploy-ui.yml@main | |
| with: | |
| environment: dev | |
| secrets: | |
| ckan_url: ${{ secrets.CKAN_URL }} | |
| tracking_id: ${{ secrets.TRACKING_ID }} | |
| google_tag_id: ${{ secrets.GOOGLE_TAG_ID }} | |
| ecr_registry: ${{ secrets.ECR_REGISTRY }} | |
| kubeconfig_file: ${{ secrets.KUBECONFIG_FILE }} | |
| aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| google_site_code: ${{ secrets.GOOGLE_SITE_CODE }} | |
| ckan: | |
| runs-on: ubuntu-latest | |
| environment: dev | |
| env: | |
| AWS_REGION: eu-west-2 | |
| steps: | |
| - name: checkout | |
| uses: actions/checkout@v3 | |
| - name: configure credentials (using us-east-1) | |
| uses: aws-actions/configure-aws-credentials@v1-node16 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: us-east-1 | |
| - name: Login to Public ECR | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: public.ecr.aws | |
| username: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| password: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| env: | |
| AWS_REGION: ${{ env.AWS_REGION }} | |
| - name: build and push | |
| id: build-image | |
| env: | |
| ECR_REGISTRY: ${{ secrets.ECR_REGISTRY }} | |
| ECR_REPOSITORY: nhsx-standards-directory | |
| IMAGE_TAG: ckan-${{ github.sha }} | |
| run: | | |
| # Build a docker container and push it to ECR | |
| docker build -t $ECR_REPOSITORY:$IMAGE_TAG -f ./Dockerfile-ckan . | |
| docker tag $ECR_REPOSITORY:$IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | |
| docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | |
| - name: ckan deploy | |
| uses: roc/helm-eks-action@github-output | |
| env: | |
| KUBE_CONFIG_DATA: ${{ secrets.KUBECONFIG_FILE }} | |
| ECR_REGISTRY: ${{ secrets.ECR_REGISTRY }} | |
| ECR_REPOSITORY: nhsx-standards-directory | |
| IMAGE_TAG: ckan-${{ github.sha }} | |
| with: | |
| command: >- | |
| helm upgrade ckan --debug -n dev --repo https://marvell-consulting.github.io/ckan-helm-chart --install --wait ckan -f ./charts/ckan/values.yaml | |
| --set ckan.sysadminApiToken='${{ secrets.CKAN_SYSADMIN_API_TOKEN }}' | |
| --set ckan.sysadminName='${{ secrets.CKAN_SYSADMIN_NAME }}' | |
| --set ckan.sysadminPassword='${{ secrets.CKAN_SYSADMIN_PASS }}' | |
| --set ckan.db.ckanDbPassword='${{ secrets.CKAN_DB_PASS }}' | |
| --set ckan.datastore.RwDbPassword='${{ secrets.CKAN_DATASTORE_RW_DB_PASS }}' | |
| --set ckan.datastore.RoDbPassword='${{ secrets.CKAN_DATASTORE_RO_DB_PASS }}' | |
| --set ckan.siteUrl='${{ secrets.CKAN_SITE_URL }}' | |
| --set ckan.psql.masterPassword='${{ secrets.MASTER_DB_PASS }}' | |
| --set ckan.db.ckanDbUrl='${{ secrets.DB_HOST }}' | |
| --set ckan.datastore.RwDbUrl='${{ secrets.DB_HOST }}' | |
| --set ckan.datastore.RoDbUrl='${{ secrets.DB_HOST }}' | |
| --set image.repository=$ECR_REGISTRY/$ECR_REPOSITORY | |
| --set image.tag=$IMAGE_TAG | |
| --set ckan.psql.initialize=false | |
| --set redis.auth.password='${{ secrets.REDIS_PASSWORD }}' | |
| --set ckan.redis='redis://default:${{ secrets.REDIS_PASSWORD }}@redis-headless:6379/0' | |
| --set ckan.debug=true | |
| --set solr.initialize.enabled=false | |
| integrationtest: | |
| if: ${{ success() }} | |
| needs: | |
| - deploy-csv-exporter | |
| - deploy-ui | |
| - ckan | |
| uses: nhsx/standards-registry/.github/workflows/integration-test.yml@main | |
| with: | |
| base_url: https://dev.standards.nhs.uk | |
| ckan_url: https://manage.dev.standards.nhs.uk/api/action | |
| pages_ckan_url: https://manage.standards.nhs.uk/api/action | |
| notifypass: | |
| runs-on: ubuntu-latest | |
| if: ${{ success() }} | |
| needs: | |
| - integrationtest | |
| steps: | |
| - name: Slack Notification | |
| uses: rtCamp/action-slack-notify@v2 | |
| env: | |
| SLACK_USERNAME: github-bot | |
| SLACK_CHANNEL: developers | |
| SLACK_COLOR: good | |
| SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} | |
| SLACK_TITLE: 'dev deployment: succeeded' | |
| SLACK_MESSAGE: ':+1::rocket:' | |
| MSG_MINIMAL: 'true' | |
| site-quality-test: | |
| needs: | |
| - integrationtest | |
| uses: nhsx/standards-registry/.github/workflows/lighthouse-test.yml@main | |
| with: | |
| test_url: https://dev.standards.nhs.uk | |
| secrets: | |
| slack_webhook: ${{ secrets.SLACK_WEBHOOK }} |