Skip to content

Merge pull request #255 from Health-Education-England/chore/upgradeTc… #46

Merge pull request #255 from Health-Education-England/chore/upgradeTc…

Merge pull request #255 from Health-Education-England/chore/upgradeTc… #46

name: CI CD Workflow
permissions:
id-token: write
contents: read
on:
push:
branches:
- main
workflow_dispatch:
jobs:
build:
name: Build, Test and Analyse
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Set up JDK
uses: actions/setup-java@v3
with:
cache: maven
distribution: temurin
java-version: 11
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v2
with:
aws-region: eu-west-1
role-to-assume: arn:aws:iam::430723991443:role/github-actions-deployer-role
- name: Add CodeArtifact env var
run: echo "CODEARTIFACT_AUTH_TOKEN=$(aws codeartifact get-authorization-token --domain hee --domain-owner 430723991443 --query authorizationToken --output text)" >> $GITHUB_ENV
- name: maven-settings-xml-action
uses: whelk-io/maven-settings-xml-action@v21
with:
servers: '[{ "id": "codeartifact", "username": "aws", "password": "${env.CODEARTIFACT_AUTH_TOKEN}" }]'
repositories: '[{ "id": "codeartifact", "url": "https://hee-430723991443.d.codeartifact.eu-west-1.amazonaws.com/maven/Health-Education-England/" }]'
- name: Build
run: mvn install -DskipTests
- name: Upload build artifact
uses: actions/upload-artifact@v3
with:
name: app-jar
path: target/*.jar
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v2
with:
aws-region: eu-west-2
role-to-assume: arn:aws:iam::430723991443:role/github-actions-deployer-role
- name: Run tests
run: mvn test
- name: Set up JDK
uses: actions/setup-java@v3
with:
cache: maven
distribution: temurin
java-version: 17
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v2
with:
aws-region: eu-west-1
role-to-assume: arn:aws:iam::430723991443:role/github-actions-deployer-role
- name: Add CodeArtifact env var
run: echo "CODEARTIFACT_AUTH_TOKEN=$(aws codeartifact get-authorization-token --domain hee --domain-owner 430723991443 --query authorizationToken --output text)" >> $GITHUB_ENV
- name: maven-settings-xml-action
uses: whelk-io/maven-settings-xml-action@v21
with:
servers: '[{ "id": "codeartifact", "username": "aws", "password": "${env.CODEARTIFACT_AUTH_TOKEN}" }]'
repositories: '[{ "id": "codeartifact", "url": "https://hee-430723991443.d.codeartifact.eu-west-1.amazonaws.com/maven/Health-Education-England/" }]'
- name: Run quality analysis
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: mvn org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
backup-artifacts:
name: Backup build artifacts
needs: build
runs-on: ubuntu-latest
steps:
- name: Download build artifacts
uses: actions/download-artifact@v3
with:
path: build-artifacts
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v2
with:
aws-region: eu-west-2
role-to-assume: arn:aws:iam::430723991443:role/github-actions-deployer-role
- name: Backup build artifacts
run: |
workflow=$(echo ${{ github.workflow }} | sed -e 's/\W/-/g' -e 's/\(.*\)/\L\1/')
aws s3 sync build-artifacts s3://tis-build-artifacts/${{ github.event.repository.name }}/$workflow/${{ github.run_number }}
dockerize:
name: Dockerize
needs: build
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/main'
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Set up JDK
uses: actions/setup-java@v3
with:
cache: maven
distribution: temurin
java-version: 11
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v2
with:
aws-region: eu-west-1
role-to-assume: arn:aws:iam::430723991443:role/github-actions-deployer-role
- name: Add CodeArtifact env var
run: echo "CODEARTIFACT_AUTH_TOKEN=$(aws codeartifact get-authorization-token --domain hee --domain-owner 430723991443 --query authorizationToken --output text)" >> $GITHUB_ENV
- name: maven-settings-xml-action
uses: whelk-io/maven-settings-xml-action@v21
with:
servers: '[{ "id": "codeartifact", "username": "aws", "password": "${env.CODEARTIFACT_AUTH_TOKEN}" }]'
repositories: '[{ "id": "codeartifact", "url": "https://hee-430723991443.d.codeartifact.eu-west-1.amazonaws.com/maven/Health-Education-England/" }]'
- name: package java
run: |
mvn install -DskipTests
cp ./target/sync-*.jar ./target/app.jar
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v2
with:
aws-region: eu-west-2
role-to-assume: arn:aws:iam::430723991443:role/github-actions-deployer-role
- name: Log in to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Build, tag and push image to Amazon ECR
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: sync
run: |
mvn spring-boot:build-image -DskipTests -Dspring-boot.build-image.imageName=$ECR_REGISTRY/$ECR_REPOSITORY:${{ github.sha }}
docker tag $ECR_REGISTRY/$ECR_REPOSITORY:${{ github.sha }} $ECR_REGISTRY/$ECR_REPOSITORY:latest
docker push --all-tags $ECR_REGISTRY/$ECR_REPOSITORY
deploy-pre-prod:
name: Deploy pre-production definition
environment: pre-prod
needs: dockerize
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v2
with:
aws-region: eu-west-2
role-to-assume: arn:aws:iam::430723991443:role/github-actions-deployer-role
- name: Log in to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Create pre-prod task definition
run: sed 's/${environment}/preprod/g' .aws/task-definition-template.json > .aws/task-definition-preprod.json
- name: Fill in the new image ID in the Amazon ECS task definition
id: task-def
uses: aws-actions/amazon-ecs-render-task-definition@v1
with:
task-definition: .aws/task-definition-preprod.json
container-name: tis-sync
image: ${{ steps.login-ecr.outputs.registry }}/sync:${{ github.sha }}
- name: Deploy Amazon ECS task definition
id: ecs-deploy
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
with:
task-definition: ${{ steps.task-def.outputs.task-definition }}
service: tis-sync
cluster: tis-preprod
wait-for-service-stability: true
- name: Verify ECS deployment
run: |
CURRENT_TASK_DEF_ARN=$(aws ecs describe-services --cluster tis-preprod --service tis-sync --query services[0].deployments[0].taskDefinition | jq -r ".")
NEW_TASK_DEF_ARN=${{ steps.ecs-deploy.outputs.task-definition-arn }}
echo "Current task arn: $CURRENT_TASK_DEF_ARN"
echo "New task arn: $NEW_TASK_DEF_ARN"
if [ "$CURRENT_TASK_DEF_ARN" != "$NEW_TASK_DEF_ARN" ]; then
echo "Deployment failed."
exit 1
fi
deploy-prod:
name: Deploy production definition
environment: prod
needs: deploy-pre-prod
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v2
with:
aws-region: eu-west-2
role-to-assume: arn:aws:iam::430723991443:role/github-actions-deployer-role
- name: Log in to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Create prod task definition
run: sed 's/${environment}/prod/g' .aws/task-definition-template.json > .aws/task-definition-prod.json
- name: Fill in the new image ID in the Amazon ECS task definition
id: task-def
uses: aws-actions/amazon-ecs-render-task-definition@v1
with:
task-definition: .aws/task-definition-prod.json
container-name: tis-sync
image: ${{ steps.login-ecr.outputs.registry }}/sync:${{ github.sha }}
- name: Deploy Amazon ECS task definition
id: ecs-deploy
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
with:
task-definition: ${{ steps.task-def.outputs.task-definition }}
service: tis-sync
cluster: tis-prod
wait-for-service-stability: true
- name: Verify ECS deployment
run: |
CURRENT_TASK_DEF_ARN=$(aws ecs describe-services --cluster tis-prod --service tis-sync --query services[0].deployments[0].taskDefinition | jq -r ".")
NEW_TASK_DEF_ARN=${{ steps.ecs-deploy.outputs.task-definition-arn }}
echo "Current task arn: $CURRENT_TASK_DEF_ARN"
echo "New task arn: $NEW_TASK_DEF_ARN"
if [ "$CURRENT_TASK_DEF_ARN" != "$NEW_TASK_DEF_ARN" ]; then
echo "Deployment failed."
exit 1
fi
deploy-nimdta:
name: Deploy NIMDTA definition
environment: nimdta
needs: deploy-pre-prod
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v2
with:
aws-region: eu-west-2
role-to-assume: arn:aws:iam::430723991443:role/github-actions-deployer-role
- name: Log in to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Create NIMDTA task definition
run: sed 's/${environment}/nimdta/g' .aws/task-definition-template.json > .aws/task-definition-nimdta.json
- name: Fill in the new image ID in the Amazon ECS task definition
id: task-def
uses: aws-actions/amazon-ecs-render-task-definition@v1
with:
task-definition: .aws/task-definition-nimdta.json
container-name: tis-sync
image: ${{ steps.login-ecr.outputs.registry }}/sync:${{ github.sha }}
- name: Deploy Amazon ECS task definition
id: ecs-deploy
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
with:
task-definition: ${{ steps.task-def.outputs.task-definition }}
service: tis-sync
cluster: tis-nimdta
wait-for-service-stability: true
- name: Verify ECS deployment
run: |
CURRENT_TASK_DEF_ARN=$(aws ecs describe-services --cluster tis-nimdta --service tis-sync --query services[0].deployments[0].taskDefinition | jq -r ".")
NEW_TASK_DEF_ARN=${{ steps.ecs-deploy.outputs.task-definition-arn }}
echo "Current task arn: $CURRENT_TASK_DEF_ARN"
echo "New task arn: $NEW_TASK_DEF_ARN"
if [ "$CURRENT_TASK_DEF_ARN" != "$NEW_TASK_DEF_ARN" ]; then
echo "Deployment failed."
exit 1
fi