ER-413 Gov one login Integration #3985
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # ------------------------------------------------------------------------------ | |
| # Deploy if the "deployed" label is added | |
| # | |
| # Build image: | |
| # ghcr.io/dfe-digital/early-years-foundation-recovery:pr-123 | |
| # | |
| # Deploy to: | |
| # https://ey-recovery-pr-123.london.cloudapps.digital | |
| # | |
| name: Deploy Content App | |
| on: | |
| pull_request: | |
| # branches: | |
| # - main | |
| types: | |
| - labeled | |
| - synchronize | |
| paths-ignore: | |
| - '**/*.md' | |
| - .docker* | |
| - .env.example | |
| - .gitignore | |
| - .pa11yci | |
| - .tool-versions | |
| - .yardopts | |
| - bin/* | |
| - docker-compose.* | |
| - Dockerfile | |
| - terraform | |
| jobs: | |
| deploy: | |
| if: contains(github.event.pull_request.labels.*.name, 'deployed') | |
| runs-on: ubuntu-latest | |
| environment: content | |
| env: | |
| WORKSPACE: content | |
| REGISTRY: ghcr.io/dfe-digital/early-years-foundation-recovery | |
| PR_NUMBER: pr-${{ github.event.number }} | |
| # @see terraform/workspace-variables/app_config.yml[:content] | |
| DOMAIN: ey-recovery-pr-${{ github.event.number }}.london.cloudapps.digital | |
| steps: | |
| - | |
| name: Checkout Code | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - | |
| name: Pin Terraform version | |
| uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: 1.1.7 | |
| - | |
| name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| with: | |
| version: v0.9.1 | |
| - | |
| name: Login to Github Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - | |
| name: Build and push Docker image for dependencies | |
| uses: docker/build-push-action@v5 | |
| with: | |
| target: deps | |
| context: . | |
| push: true | |
| build-args: | | |
| BUILDKIT_INLINE_CACHE=1 | |
| SHA=${{ github.event.pull_request.head.sha }} | |
| cache-from: | | |
| ${{ env.REGISTRY }}:deps | |
| tags: ${{ env.REGISTRY }}:deps | |
| - | |
| name: Build and push Docker image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| target: app | |
| context: . | |
| push: true | |
| build-args: | | |
| BUILDKIT_INLINE_CACHE=1 | |
| SHA=${{ github.event.pull_request.head.sha }} | |
| cache-from: | | |
| ${{ env.REGISTRY }}:${{ github.event.pull_request.head.sha }} | |
| ${{ env.REGISTRY }}:${{ env.PR_NUMBER }} | |
| ${{ env.REGISTRY }}:latest | |
| tags: | | |
| ${{ env.REGISTRY }}:${{ github.event.pull_request.head.sha }} | |
| ${{ env.REGISTRY }}:${{ env.PR_NUMBER }} | |
| - | |
| name: Deploy Review App | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| TF_VAR_paas_cf_user: ${{ secrets.CLOUD_FOUNDRY_USERNAME }} | |
| TF_VAR_paas_cf_password: ${{ secrets.CLOUD_FOUNDRY_PASSWORD }} | |
| TF_VAR_paas_app_docker_image: ${{ env.REGISTRY }}:${{ env.PR_NUMBER }} | |
| TF_VAR_paas_app_hostname: ${{ env.PR_NUMBER }} | |
| TF_VAR_paas_app_env_secrets: ${{ toJson(secrets) }} | |
| TF_VAR_paas_app_envs: ${{ toJson(env) }} | |
| run: | | |
| cd terraform/app | |
| terraform init \ | |
| -reconfigure \ | |
| -input=false \ | |
| -backend-config="bucket=${{ secrets.AWS_BUCKET }}" \ | |
| -backend-config="key=${{ env.PR_NUMBER }}/terraform.tfstate" | |
| terraform plan \ | |
| -var-file ../workspace-variables/${{ env.WORKSPACE }}.tfvars | |
| terraform apply \ | |
| -input=false \ | |
| -auto-approve \ | |
| -var-file ../workspace-variables/${{ env.WORKSPACE }}.tfvars | |
| - | |
| name: Comment URL to PR | |
| uses: mshick/add-pr-comment@v2 | |
| with: | |
| message: https://ey-recovery-${{ env.PR_NUMBER }}.london.cloudapps.digital | |
| repo-token: ${{ secrets.GITHUB_TOKEN }} | |
| # - | |
| # name: Tag release in Sentry.io | |
| # env: | |
| # SENTRY_CLI_VERSION: '2.2.0' | |
| # SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_TOKEN }} | |
| # SENTRY_ORG: early-years-foundation-reform | |
| # SENTRY_PROJECT: eyf-recovery | |
| # SENTRY_LOG_LEVEL: debug # info | |
| # run: | | |
| # curl -sL https://sentry.io/get-cli/ | bash | |
| # sentry-cli releases new ${{ env.PR_NUMBER }} | |
| # sentry-cli releases set-commits ${{ env.PR_NUMBER }} --auto | |
| # sentry-cli releases finalize ${{ env.PR_NUMBER }} |