Merge pull request #255 from Health-Education-England/chore/upgradeTc… #46
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI CD Workflow | |
permissions: | |
id-token: write | |
contents: read | |
on: | |
push: | |
branches: | |
- main | |
workflow_dispatch: | |
jobs: | |
build: | |
name: Build, Test and Analyse | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Set up JDK | |
uses: actions/setup-java@v3 | |
with: | |
cache: maven | |
distribution: temurin | |
java-version: 11 | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
aws-region: eu-west-1 | |
role-to-assume: arn:aws:iam::430723991443:role/github-actions-deployer-role | |
- name: Add CodeArtifact env var | |
run: echo "CODEARTIFACT_AUTH_TOKEN=$(aws codeartifact get-authorization-token --domain hee --domain-owner 430723991443 --query authorizationToken --output text)" >> $GITHUB_ENV | |
- name: maven-settings-xml-action | |
uses: whelk-io/maven-settings-xml-action@v21 | |
with: | |
servers: '[{ "id": "codeartifact", "username": "aws", "password": "${env.CODEARTIFACT_AUTH_TOKEN}" }]' | |
repositories: '[{ "id": "codeartifact", "url": "https://hee-430723991443.d.codeartifact.eu-west-1.amazonaws.com/maven/Health-Education-England/" }]' | |
- name: Build | |
run: mvn install -DskipTests | |
- name: Upload build artifact | |
uses: actions/upload-artifact@v3 | |
with: | |
name: app-jar | |
path: target/*.jar | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
aws-region: eu-west-2 | |
role-to-assume: arn:aws:iam::430723991443:role/github-actions-deployer-role | |
- name: Run tests | |
run: mvn test | |
- name: Set up JDK | |
uses: actions/setup-java@v3 | |
with: | |
cache: maven | |
distribution: temurin | |
java-version: 17 | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
aws-region: eu-west-1 | |
role-to-assume: arn:aws:iam::430723991443:role/github-actions-deployer-role | |
- name: Add CodeArtifact env var | |
run: echo "CODEARTIFACT_AUTH_TOKEN=$(aws codeartifact get-authorization-token --domain hee --domain-owner 430723991443 --query authorizationToken --output text)" >> $GITHUB_ENV | |
- name: maven-settings-xml-action | |
uses: whelk-io/maven-settings-xml-action@v21 | |
with: | |
servers: '[{ "id": "codeartifact", "username": "aws", "password": "${env.CODEARTIFACT_AUTH_TOKEN}" }]' | |
repositories: '[{ "id": "codeartifact", "url": "https://hee-430723991443.d.codeartifact.eu-west-1.amazonaws.com/maven/Health-Education-England/" }]' | |
- name: Run quality analysis | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
run: mvn org.sonarsource.scanner.maven:sonar-maven-plugin:sonar | |
backup-artifacts: | |
name: Backup build artifacts | |
needs: build | |
runs-on: ubuntu-latest | |
steps: | |
- name: Download build artifacts | |
uses: actions/download-artifact@v3 | |
with: | |
path: build-artifacts | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
aws-region: eu-west-2 | |
role-to-assume: arn:aws:iam::430723991443:role/github-actions-deployer-role | |
- name: Backup build artifacts | |
run: | | |
workflow=$(echo ${{ github.workflow }} | sed -e 's/\W/-/g' -e 's/\(.*\)/\L\1/') | |
aws s3 sync build-artifacts s3://tis-build-artifacts/${{ github.event.repository.name }}/$workflow/${{ github.run_number }} | |
dockerize: | |
name: Dockerize | |
needs: build | |
runs-on: ubuntu-latest | |
if: github.ref == 'refs/heads/main' | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Set up JDK | |
uses: actions/setup-java@v3 | |
with: | |
cache: maven | |
distribution: temurin | |
java-version: 11 | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
aws-region: eu-west-1 | |
role-to-assume: arn:aws:iam::430723991443:role/github-actions-deployer-role | |
- name: Add CodeArtifact env var | |
run: echo "CODEARTIFACT_AUTH_TOKEN=$(aws codeartifact get-authorization-token --domain hee --domain-owner 430723991443 --query authorizationToken --output text)" >> $GITHUB_ENV | |
- name: maven-settings-xml-action | |
uses: whelk-io/maven-settings-xml-action@v21 | |
with: | |
servers: '[{ "id": "codeartifact", "username": "aws", "password": "${env.CODEARTIFACT_AUTH_TOKEN}" }]' | |
repositories: '[{ "id": "codeartifact", "url": "https://hee-430723991443.d.codeartifact.eu-west-1.amazonaws.com/maven/Health-Education-England/" }]' | |
- name: package java | |
run: | | |
mvn install -DskipTests | |
cp ./target/sync-*.jar ./target/app.jar | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
aws-region: eu-west-2 | |
role-to-assume: arn:aws:iam::430723991443:role/github-actions-deployer-role | |
- name: Log in to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v1 | |
- name: Build, tag and push image to Amazon ECR | |
env: | |
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
ECR_REPOSITORY: sync | |
run: | | |
mvn spring-boot:build-image -DskipTests -Dspring-boot.build-image.imageName=$ECR_REGISTRY/$ECR_REPOSITORY:${{ github.sha }} | |
docker tag $ECR_REGISTRY/$ECR_REPOSITORY:${{ github.sha }} $ECR_REGISTRY/$ECR_REPOSITORY:latest | |
docker push --all-tags $ECR_REGISTRY/$ECR_REPOSITORY | |
deploy-pre-prod: | |
name: Deploy pre-production definition | |
environment: pre-prod | |
needs: dockerize | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
aws-region: eu-west-2 | |
role-to-assume: arn:aws:iam::430723991443:role/github-actions-deployer-role | |
- name: Log in to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v1 | |
- name: Create pre-prod task definition | |
run: sed 's/${environment}/preprod/g' .aws/task-definition-template.json > .aws/task-definition-preprod.json | |
- name: Fill in the new image ID in the Amazon ECS task definition | |
id: task-def | |
uses: aws-actions/amazon-ecs-render-task-definition@v1 | |
with: | |
task-definition: .aws/task-definition-preprod.json | |
container-name: tis-sync | |
image: ${{ steps.login-ecr.outputs.registry }}/sync:${{ github.sha }} | |
- name: Deploy Amazon ECS task definition | |
id: ecs-deploy | |
uses: aws-actions/amazon-ecs-deploy-task-definition@v1 | |
with: | |
task-definition: ${{ steps.task-def.outputs.task-definition }} | |
service: tis-sync | |
cluster: tis-preprod | |
wait-for-service-stability: true | |
- name: Verify ECS deployment | |
run: | | |
CURRENT_TASK_DEF_ARN=$(aws ecs describe-services --cluster tis-preprod --service tis-sync --query services[0].deployments[0].taskDefinition | jq -r ".") | |
NEW_TASK_DEF_ARN=${{ steps.ecs-deploy.outputs.task-definition-arn }} | |
echo "Current task arn: $CURRENT_TASK_DEF_ARN" | |
echo "New task arn: $NEW_TASK_DEF_ARN" | |
if [ "$CURRENT_TASK_DEF_ARN" != "$NEW_TASK_DEF_ARN" ]; then | |
echo "Deployment failed." | |
exit 1 | |
fi | |
deploy-prod: | |
name: Deploy production definition | |
environment: prod | |
needs: deploy-pre-prod | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
aws-region: eu-west-2 | |
role-to-assume: arn:aws:iam::430723991443:role/github-actions-deployer-role | |
- name: Log in to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v1 | |
- name: Create prod task definition | |
run: sed 's/${environment}/prod/g' .aws/task-definition-template.json > .aws/task-definition-prod.json | |
- name: Fill in the new image ID in the Amazon ECS task definition | |
id: task-def | |
uses: aws-actions/amazon-ecs-render-task-definition@v1 | |
with: | |
task-definition: .aws/task-definition-prod.json | |
container-name: tis-sync | |
image: ${{ steps.login-ecr.outputs.registry }}/sync:${{ github.sha }} | |
- name: Deploy Amazon ECS task definition | |
id: ecs-deploy | |
uses: aws-actions/amazon-ecs-deploy-task-definition@v1 | |
with: | |
task-definition: ${{ steps.task-def.outputs.task-definition }} | |
service: tis-sync | |
cluster: tis-prod | |
wait-for-service-stability: true | |
- name: Verify ECS deployment | |
run: | | |
CURRENT_TASK_DEF_ARN=$(aws ecs describe-services --cluster tis-prod --service tis-sync --query services[0].deployments[0].taskDefinition | jq -r ".") | |
NEW_TASK_DEF_ARN=${{ steps.ecs-deploy.outputs.task-definition-arn }} | |
echo "Current task arn: $CURRENT_TASK_DEF_ARN" | |
echo "New task arn: $NEW_TASK_DEF_ARN" | |
if [ "$CURRENT_TASK_DEF_ARN" != "$NEW_TASK_DEF_ARN" ]; then | |
echo "Deployment failed." | |
exit 1 | |
fi | |
deploy-nimdta: | |
name: Deploy NIMDTA definition | |
environment: nimdta | |
needs: deploy-pre-prod | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
aws-region: eu-west-2 | |
role-to-assume: arn:aws:iam::430723991443:role/github-actions-deployer-role | |
- name: Log in to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v1 | |
- name: Create NIMDTA task definition | |
run: sed 's/${environment}/nimdta/g' .aws/task-definition-template.json > .aws/task-definition-nimdta.json | |
- name: Fill in the new image ID in the Amazon ECS task definition | |
id: task-def | |
uses: aws-actions/amazon-ecs-render-task-definition@v1 | |
with: | |
task-definition: .aws/task-definition-nimdta.json | |
container-name: tis-sync | |
image: ${{ steps.login-ecr.outputs.registry }}/sync:${{ github.sha }} | |
- name: Deploy Amazon ECS task definition | |
id: ecs-deploy | |
uses: aws-actions/amazon-ecs-deploy-task-definition@v1 | |
with: | |
task-definition: ${{ steps.task-def.outputs.task-definition }} | |
service: tis-sync | |
cluster: tis-nimdta | |
wait-for-service-stability: true | |
- name: Verify ECS deployment | |
run: | | |
CURRENT_TASK_DEF_ARN=$(aws ecs describe-services --cluster tis-nimdta --service tis-sync --query services[0].deployments[0].taskDefinition | jq -r ".") | |
NEW_TASK_DEF_ARN=${{ steps.ecs-deploy.outputs.task-definition-arn }} | |
echo "Current task arn: $CURRENT_TASK_DEF_ARN" | |
echo "New task arn: $NEW_TASK_DEF_ARN" | |
if [ "$CURRENT_TASK_DEF_ARN" != "$NEW_TASK_DEF_ARN" ]; then | |
echo "Deployment failed." | |
exit 1 | |
fi |