Merge pull request #1041 from Health-Education-England/feat/curriculu… #303
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI CD Workflow | |
permissions: | |
id-token: write | |
contents: read | |
on: | |
push: | |
branches: | |
- main | |
workflow_dispatch: | |
jobs: | |
build: | |
name: Build, Test and Analyse | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Set up JDK | |
uses: actions/setup-java@v3 | |
with: | |
cache: maven | |
distribution: temurin | |
java-version: 17 | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
aws-region: eu-west-1 | |
role-to-assume: arn:aws:iam::430723991443:role/github-actions-deployer-role | |
- name: Add CodeArtifact env var | |
run: echo "CODEARTIFACT_AUTH_TOKEN=$(aws codeartifact get-authorization-token --domain hee --domain-owner 430723991443 --query authorizationToken --output text)" >> $GITHUB_ENV | |
- name: maven-settings-xml-action | |
uses: whelk-io/maven-settings-xml-action@v21 | |
with: | |
servers: '[{ "id": "codeartifact", "username": "aws", "password": "${env.CODEARTIFACT_AUTH_TOKEN}" }]' | |
repositories: '[{ "id": "codeartifact", "url": "https://hee-430723991443.d.codeartifact.eu-west-1.amazonaws.com/maven/Health-Education-England/" }]' | |
- name: Build | |
run: mvn install -DskipTests | |
- name: Upload build artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: app-jar | |
path: tcs-*/target/*.jar | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
aws-region: eu-west-2 | |
role-to-assume: arn:aws:iam::430723991443:role/github-actions-deployer-role | |
- name: Run tests | |
run: mvn test | |
- name: Run quality analysis | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
run: mvn org.sonarsource.scanner.maven:sonar-maven-plugin:sonar | |
backup-artifacts: | |
name: Backup build artifacts | |
needs: build | |
runs-on: ubuntu-latest | |
steps: | |
- name: Download build artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
path: build-artifacts | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
aws-region: eu-west-2 | |
role-to-assume: arn:aws:iam::430723991443:role/github-actions-deployer-role | |
- name: Backup build artifacts | |
run: | | |
workflow=$(echo ${{ github.workflow }} | sed -e 's/\W/-/g' -e 's/\(.*\)/\L\1/') | |
aws s3 sync build-artifacts s3://tis-build-artifacts/${{ github.event.repository.name }}/$workflow/${{ github.run_number }} | |
dockerize: | |
name: Dockerize | |
needs: build | |
runs-on: ubuntu-latest | |
if: github.ref == 'refs/heads/main' | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Set up JDK | |
uses: actions/setup-java@v3 | |
with: | |
cache: maven | |
distribution: temurin | |
java-version: 17 | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
aws-region: eu-west-1 | |
role-to-assume: arn:aws:iam::430723991443:role/github-actions-deployer-role | |
- name: Add CodeArtifact env var | |
run: echo "CODEARTIFACT_AUTH_TOKEN=$(aws codeartifact get-authorization-token --domain hee --domain-owner 430723991443 --query authorizationToken --output text)" >> $GITHUB_ENV | |
- name: maven-settings-xml-action | |
uses: whelk-io/maven-settings-xml-action@v21 | |
with: | |
servers: '[{ "id": "codeartifact", "username": "aws", "password": "${env.CODEARTIFACT_AUTH_TOKEN}" }]' | |
repositories: '[{ "id": "codeartifact", "url": "https://hee-430723991443.d.codeartifact.eu-west-1.amazonaws.com/maven/Health-Education-England/" }]' | |
- name: package java | |
run: | | |
mvn install -DskipTests | |
cp ./tcs-service/target/tcs-service-*.war ./tcs-service/target/app.jar | |
- name: Publish api artifact | |
continue-on-error: true | |
run: mvn --batch-mode deploy -DskipTests --file tcs-api/pom.xml | |
- name: Publish client artifact | |
continue-on-error: true | |
run: mvn --batch-mode deploy -DskipTests --file tcs-client/pom.xml | |
- name: Publish persistence artifact | |
continue-on-error: true | |
run: mvn --batch-mode deploy -DskipTests --file tcs-persistence/pom.xml | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
aws-region: eu-west-2 | |
role-to-assume: arn:aws:iam::430723991443:role/github-actions-deployer-role | |
- name: Log in to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v1 | |
- name: Build, tag and push image to Amazon ECR | |
env: | |
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
ECR_REPOSITORY: tcs | |
run: | | |
docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:${{ github.sha }} -f ./tcs-service/Dockerfile ./tcs-service | |
docker tag $ECR_REGISTRY/$ECR_REPOSITORY:${{ github.sha }} $ECR_REGISTRY/$ECR_REPOSITORY:latest | |
docker push --all-tags $ECR_REGISTRY/$ECR_REPOSITORY | |
deploy-pre-prod: | |
name: Deploy pre-production definition | |
environment: pre-prod | |
needs: dockerize | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
aws-region: eu-west-2 | |
role-to-assume: arn:aws:iam::430723991443:role/github-actions-deployer-role | |
- name: Log in to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v1 | |
- name: Fill in the new image ID in the Amazon ECS task definition | |
id: task-def | |
uses: aws-actions/amazon-ecs-render-task-definition@v1 | |
with: | |
task-definition: .aws/tis-tcs-preprod.json | |
container-name: tis-tcs | |
image: ${{ steps.login-ecr.outputs.registry }}/tcs:${{ github.sha }} | |
- name: Deploy Amazon ECS task definition | |
id: ecs-deploy | |
uses: aws-actions/amazon-ecs-deploy-task-definition@v1 | |
with: | |
task-definition: ${{ steps.task-def.outputs.task-definition }} | |
service: tis-tcs | |
cluster: tis-preprod | |
wait-for-service-stability: true | |
- name: Verify ECS deployment | |
run: | | |
CURRENT_TASK_DEF_ARN=$(aws ecs describe-services --cluster tis-preprod --service tis-tcs --query services[0].deployments[0].taskDefinition | jq -r ".") | |
NEW_TASK_DEF_ARN=${{ steps.ecs-deploy.outputs.task-definition-arn }} | |
echo "Current task arn: $CURRENT_TASK_DEF_ARN" | |
echo "New task arn: $NEW_TASK_DEF_ARN" | |
if [ "$CURRENT_TASK_DEF_ARN" != "$NEW_TASK_DEF_ARN" ]; then | |
echo "Deployment failed." | |
exit 1 | |
fi | |
deploy-prod: | |
name: Deploy production definition | |
environment: prod | |
needs: deploy-pre-prod | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
aws-region: eu-west-2 | |
role-to-assume: arn:aws:iam::430723991443:role/github-actions-deployer-role | |
- name: Log in to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v1 | |
- name: Fill in the new image ID in the Amazon ECS task definition | |
id: task-def | |
uses: aws-actions/amazon-ecs-render-task-definition@v1 | |
with: | |
task-definition: .aws/tis-tcs-prod.json | |
container-name: tis-tcs | |
image: ${{ steps.login-ecr.outputs.registry }}/tcs:${{ github.sha }} | |
- name: Deploy Amazon ECS task definition | |
id: ecs-deploy | |
uses: aws-actions/amazon-ecs-deploy-task-definition@v1 | |
with: | |
task-definition: ${{ steps.task-def.outputs.task-definition }} | |
service: tis-tcs | |
cluster: tis-prod | |
wait-for-service-stability: true | |
- name: Verify ECS deployment | |
run: | | |
CURRENT_TASK_DEF_ARN=$(aws ecs describe-services --cluster tis-prod --service tis-tcs --query services[0].deployments[0].taskDefinition | jq -r ".") | |
NEW_TASK_DEF_ARN=${{ steps.ecs-deploy.outputs.task-definition-arn }} | |
echo "Current task arn: $CURRENT_TASK_DEF_ARN" | |
echo "New task arn: $NEW_TASK_DEF_ARN" | |
if [ "$CURRENT_TASK_DEF_ARN" != "$NEW_TASK_DEF_ARN" ]; then | |
echo "Deployment failed." | |
exit 1 | |
fi | |
deploy-nimdta: | |
name: Deploy NIMDTA definition | |
environment: nimdta | |
needs: deploy-pre-prod | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
aws-region: eu-west-2 | |
role-to-assume: arn:aws:iam::430723991443:role/github-actions-deployer-role | |
- name: Log in to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v1 | |
- name: Fill in the new image ID in the Amazon ECS task definition | |
id: task-def | |
uses: aws-actions/amazon-ecs-render-task-definition@v1 | |
with: | |
task-definition: .aws/tis-tcs-nimdta.json | |
container-name: tis-tcs | |
image: ${{ steps.login-ecr.outputs.registry }}/tcs:${{ github.sha }} | |
- name: Deploy Amazon ECS task definition | |
id: ecs-deploy | |
uses: aws-actions/amazon-ecs-deploy-task-definition@v1 | |
with: | |
task-definition: ${{ steps.task-def.outputs.task-definition }} | |
service: tis-tcs | |
cluster: tis-nimdta | |
wait-for-service-stability: true | |
- name: Verify ECS deployment | |
run: | | |
CURRENT_TASK_DEF_ARN=$(aws ecs describe-services --cluster tis-nimdta --service tis-tcs --query services[0].deployments[0].taskDefinition | jq -r ".") | |
NEW_TASK_DEF_ARN=${{ steps.ecs-deploy.outputs.task-definition-arn }} | |
echo "Current task arn: $CURRENT_TASK_DEF_ARN" | |
echo "New task arn: $NEW_TASK_DEF_ARN" | |
if [ "$CURRENT_TASK_DEF_ARN" != "$NEW_TASK_DEF_ARN" ]; then | |
echo "Deployment failed." | |
exit 1 | |
fi |