Skip to content

Commit 85f1626

Browse files
eddalmond1eddalmond1
authored
Merge branch 'main' into feature/eja-eli-239-amend-terraform-asset-names
2 parents ea5342b + dd46b26 commit 85f1626

5 files changed

Lines changed: 220 additions & 50 deletions

File tree

.github/workflows/cicd-1-pull-request.yaml

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -3,14 +3,12 @@ name: "CI/CD pull request"
33
# The total recommended execution time for the "CI/CD Pull Request" workflow is around 20 minutes.
44

55
on:
6-
push:
7-
branches:
8-
- "**"
96
pull_request:
10-
types: [opened, reopened]
7+
types: [opened, synchronize, reopened]
118

129
jobs:
1310
metadata:
11+
if: github.event.pull_request.draft == false
1412
name: "Set CI/CD metadata"
1513
runs-on: ubuntu-latest
1614
timeout-minutes: 1
@@ -39,7 +37,8 @@ jobs:
3937
echo "nodejs_version=$(grep "^nodejs" .tool-versions | cut -f2 -d' ')" >> $GITHUB_OUTPUT
4038
echo "python_version=$(grep "^nodejs" .tool-versions | cut -f2 -d' ')" >> $GITHUB_OUTPUT
4139
echo "terraform_version=$(grep "^terraform" .tool-versions | cut -f2 -d' ')" >> $GITHUB_OUTPUT
42-
echo "version=$(head -n 1 .version 2> /dev/null || echo unknown)" >> $GITHUB_OUTPUT
40+
echo "version=$(date +'%Y%m%d%H%M%S')" >> $GITHUB_OUTPUT
41+
# echo "version=$(head -n 1 .version 2> /dev/null || echo unknown)" >> $GITHUB_OUTPUT
4342
- name: "Check if pull request exists for this branch"
4443
id: pr_exists
4544
env:
@@ -68,6 +67,7 @@ jobs:
6867
make list-variables
6968
commit-stage: # Recommended maximum execution time is 2 minutes
7069
name: "Commit stage"
70+
if: github.event.pull_request.draft == false
7171
needs: [metadata]
7272
uses: ./.github/workflows/stage-1-commit.yaml
7373
with:
@@ -81,6 +81,7 @@ jobs:
8181
secrets: inherit
8282
test-stage: # Recommended maximum execution time is 5 minutes
8383
name: "Test stage"
84+
if: github.event.pull_request.draft == false
8485
needs: [metadata, commit-stage]
8586
uses: ./.github/workflows/stage-2-test.yaml
8687
with:

.github/workflows/cicd-2-publish.yaml

Lines changed: 91 additions & 34 deletions
Original file line numberDiff line numberDiff line change
@@ -1,16 +1,18 @@
1+
# Description: Deploys merged code to the dev environment.
2+
# Triggered on push to main. Tags the commit with a dev-<timestamp> label.
3+
# Does not create GitHub Releases or production tags (v1.x.x).
4+
15
name: "CI/CD publish"
26

37
on:
4-
pull_request:
5-
types: [closed]
8+
push:
69
branches:
710
- main
811

912
jobs:
1013
metadata:
1114
name: "Set CI/CD metadata"
1215
runs-on: ubuntu-latest
13-
if: github.event.pull_request.merged == true
1416
timeout-minutes: 1
1517
outputs:
1618
build_datetime: ${{ steps.variables.outputs.build_datetime }}
@@ -23,6 +25,7 @@ jobs:
2325
steps:
2426
- name: "Checkout code"
2527
uses: actions/checkout@v4
28+
2629
- name: "Set CI/CD variables"
2730
id: variables
2831
run: |
@@ -33,52 +36,106 @@ jobs:
3336
echo "nodejs_version=$(grep "^nodejs" .tool-versions | cut -f2 -d' ')" >> $GITHUB_OUTPUT
3437
echo "python_version=$(grep "^nodejs" .tool-versions | cut -f2 -d' ')" >> $GITHUB_OUTPUT
3538
echo "terraform_version=$(grep "^terraform" .tool-versions | cut -f2 -d' ')" >> $GITHUB_OUTPUT
36-
# TODO: Get the version, but it may not be the .version file as this should come from the CI/CD Pull Request Workflow
37-
echo "version=$(head -n 1 .version 2> /dev/null || echo unknown)" >> $GITHUB_OUTPUT
39+
echo "version=dev-$(date +'%Y%m%d%H%M%S')" >> $GITHUB_OUTPUT
40+
3841
- name: "List variables"
3942
run: |
40-
export BUILD_DATETIME="${{ steps.variables.outputs.build_datetime }}"
41-
export BUILD_TIMESTAMP="${{ steps.variables.outputs.build_timestamp }}"
42-
export BUILD_EPOCH="${{ steps.variables.outputs.build_epoch }}"
43-
export NODEJS_VERSION="${{ steps.variables.outputs.nodejs_version }}"
44-
export PYTHON_VERSION="${{ steps.variables.outputs.python_version }}"
45-
export TERRAFORM_VERSION="${{ steps.variables.outputs.terraform_version }}"
46-
export VERSION="${{ steps.variables.outputs.version }}"
47-
make list-variables
43+
echo "Deploying to: DEV"
44+
echo "VERSION=${{ steps.variables.outputs.version }}"
45+
4846
publish:
49-
name: "Publish packages"
47+
name: "Publish to dev"
5048
runs-on: ubuntu-latest
5149
needs: [metadata]
52-
if: github.event.pull_request.merged == true
53-
timeout-minutes: 3
50+
timeout-minutes: 10
51+
environment: "dev"
52+
permissions:
53+
id-token: write
54+
contents: write
5455
steps:
55-
- name: "Checkout code"
56+
- name: "Setup Terraform"
57+
uses: hashicorp/setup-terraform@v3
58+
with:
59+
terraform_version: ${{ needs.metadata.outputs.terraform_version }}
60+
61+
- name: "Set up Python"
62+
uses: actions/setup-python@v5
63+
with:
64+
python-version: '3.13'
65+
66+
- name: "Checkout Repository"
5667
uses: actions/checkout@v4
57-
- name: "Get the artefacts"
68+
69+
- name: "Build lambda artefact"
5870
run: |
59-
echo "Getting the artefacts created by the build stage ..."
60-
# TODO: Use either action/cache or action/upload-artifact
61-
- name: "Create release"
62-
id: create_release
63-
uses: actions/create-release@v1
64-
env:
65-
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
71+
make dependencies install-python
72+
make build
73+
74+
- name: "Upload lambda artefact"
75+
uses: actions/upload-artifact@v4
76+
with:
77+
name: lambda
78+
path: dist/lambda.zip
79+
80+
- name: "Download Built Lambdas"
81+
uses: actions/download-artifact@v4
6682
with:
67-
tag_name: ${{ needs.metadata.outputs.version }}
68-
release_name: Release ${{ needs.metadata.outputs.version }}
69-
body: |
70-
Release of ${{ needs.metadata.outputs.version }}
71-
draft: false
72-
prerelease: false
83+
name: lambda
84+
path: ./build
85+
86+
- name: "Configure AWS Credentials"
87+
uses: aws-actions/configure-aws-credentials@v4
88+
with:
89+
role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/service-roles/github-actions-api-deployment-role
90+
aws-region: eu-west-2
91+
92+
- name: "Terraform Plan Stacks"
93+
env:
94+
ENVIRONMENT: dev
95+
WORKSPACE: "default"
96+
TF_VAR_API_CA_CERT: ${{ secrets.API_CA_CERT }}
97+
TF_VAR_API_CLIENT_CERT: ${{ secrets.API_CLIENT_CERT }}
98+
TF_VAR_API_PRIVATE_KEY_CERT: ${{ secrets.API_PRIVATE_KEY_CERT }}
99+
100+
# just planning for now for safety and until review
101+
run: |
102+
mkdir -p ./build
103+
echo "Running: make terraform env=$ENVIRONMENT workspace=$WORKSPACE stack=networking tf-command=plan"
104+
make terraform env=$ENVIRONMENT stack=networking tf-command=plan workspace=$WORKSPACE
105+
echo "Running: make terraform env=$ENVIRONMENT workspace=$WORKSPACE stack=api-layer tf-command=plan"
106+
make terraform env=$ENVIRONMENT stack=api-layer tf-command=plan workspace=$WORKSPACE
107+
working-directory: ./infrastructure
108+
109+
- name: "Tag the dev deployment"
110+
run: |
111+
git config user.name "github-actions"
112+
git config user.email "github-actions@github.com"
113+
git tag ${{ needs.metadata.outputs.version }}
114+
git push origin ${{ needs.metadata.outputs.version }}
115+
116+
# --- Keeping these just in case: Uncomment to release to GitHub ---
117+
# - name: "Create release"
118+
# id: create_release
119+
# uses: actions/create-release@v1
120+
# env:
121+
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
122+
# with:
123+
# tag_name: ${{ needs.metadata.outputs.version }}
124+
# release_name: Release ${{ needs.metadata.outputs.version }}
125+
# body: |
126+
# Release of ${{ needs.metadata.outputs.version }}
127+
# draft: false
128+
# prerelease: true
129+
73130
# - name: "Upload release asset"
74131
# uses: actions/upload-release-asset@v1
75132
# env:
76133
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
77134
# with:
78135
# upload_url: "${{ steps.create_release.outputs.upload_url }}"
79-
# asset_path: ./*
80-
# asset_name: repository-template-${{ needs.metadata.outputs.version }}.tar.gz
81-
# asset_content_type: "application/gzip"
136+
# asset_path: ./build/lambda.zip
137+
# asset_name: lambda-${{ needs.metadata.outputs.version }}.zip
138+
# asset_content_type: application/zip
82139
success:
83140
name: "Success notification"
84141
runs-on: ubuntu-latest

.github/workflows/cicd-3-deploy.yaml

Lines changed: 116 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,32 @@
1+
# Deploys a given tag to a given environment and tags for semantic versioning
2+
# creates semantic release
3+
14
name: "CI/CD deploy"
25

36
on:
47
workflow_dispatch:
58
inputs:
69
tag:
7-
description: "This is the tag that is oging to be deployed"
10+
description: "This is the tag that is going to be deployed"
811
required: true
912
default: "latest"
13+
environment:
14+
description: "Target environment (e.g., test, preprod or prod)"
15+
required: true
16+
type: choice
17+
options:
18+
- test
19+
- preprod
20+
- prod
21+
release_type:
22+
description: "Version bump type (patch, minor, major)"
23+
required: false
24+
default: "patch"
25+
type: choice
26+
options:
27+
- patch
28+
- minor
29+
- major
1030

1131
jobs:
1232
metadata:
@@ -23,8 +43,11 @@ jobs:
2343
version: ${{ steps.variables.outputs.version }}
2444
tag: ${{ steps.variables.outputs.tag }}
2545
steps:
26-
- name: "Checkout code"
46+
- name: "Checkout tag"
2747
uses: actions/checkout@v4
48+
with:
49+
ref: ${{ github.event.inputs.tag }}
50+
2851
- name: "Set CI/CD variables"
2952
id: variables
3053
run: |
@@ -52,12 +75,99 @@ jobs:
5275
deploy:
5376
name: "Deploy to an environment"
5477
runs-on: ubuntu-latest
55-
needs: [metadata]
78+
needs: [ metadata ]
5679
timeout-minutes: 10
80+
permissions:
81+
id-token: write
82+
contents: write
5783
steps:
58-
- name: "Checkout code"
59-
uses: actions/checkout@v4
60-
# TODO: More jobs or/and steps here
84+
- name: "Setup Terraform"
85+
uses: hashicorp/setup-terraform@v3
86+
with:
87+
terraform_version: ${{ needs.metadata.outputs.terraform_version }}
88+
89+
- name: "Set up Python"
90+
uses: actions/setup-python@v5
91+
with:
92+
python-version: '3.13'
93+
94+
- name: "Download Built Lambdas"
95+
uses: actions/download-artifact@v4
96+
with:
97+
name: lambda
98+
path: ./build
99+
100+
- name: "Configure AWS Credentials"
101+
uses: aws-actions/configure-aws-credentials@v4
102+
with:
103+
role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/service-roles/github-actions-api-deployment-role
104+
aws-region: eu-west-2
105+
106+
- name: "Terraform Apply"
107+
env:
108+
ENVIRONMENT: ${{ inputs.environment }}
109+
WORKSPACE: "default"
110+
TF_VAR_API_CA_CERT: ${{ secrets.API_CA_CERT }}
111+
TF_VAR_API_CLIENT_CERT: ${{ secrets.API_CLIENT_CERT }}
112+
TF_VAR_API_PRIVATE_KEY_CERT: ${{ secrets.API_PRIVATE_KEY_CERT }}
113+
114+
# just planning for now for safety and until review
115+
run: |
116+
mkdir -p ./build
117+
echo "Running: make terraform env=$ENVIRONMENT workspace=$WORKSPACE stack=networking tf-command=plan"
118+
make terraform env=$ENVIRONMENT stack=networking tf-command=plan workspace=$WORKSPACE
119+
echo "Running: make terraform env=$ENVIRONMENT workspace=$WORKSPACE stack=api-layer tf-command=plan"
120+
make terraform env=$ENVIRONMENT stack=api-layer tf-command=plan workspace=$WORKSPACE
121+
working-directory: ./infrastructure
122+
123+
- name: "Tag the deployment using incremental semantic versioning"
124+
id: next_tag
125+
run: |
126+
# Fetch all tags and sort them semantically
127+
git fetch --tags
128+
latest_tag=$(git tag --list 'v*' | sort -V | tail -n 1)
129+
echo "Latest tag: $latest_tag"
130+
131+
if [[ -z "$latest_tag" ]]; then
132+
next_tag="v0.1.0"
133+
else
134+
# Extract the version numbers
135+
IFS='.' read -r major minor patch <<< "${latest_tag#v}"
136+
case "${{ github.event.inputs.release_type }}" in
137+
major)
138+
major=$((major + 1))
139+
minor=0
140+
patch=0
141+
;;
142+
minor)
143+
minor=$((minor + 1))
144+
patch=0
145+
;;
146+
patch|*)
147+
patch=$((patch + 1))
148+
;;
149+
esac
150+
151+
next_tag="v${major}.${minor}.${patch}"
152+
fi
153+
154+
echo "Next tag: $next_tag"
155+
echo "tag=$next_tag" >> $GITHUB_OUTPUT
156+
157+
- name: "Create GitHub Release"
158+
uses: actions/create-release@v1
159+
env:
160+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
161+
with:
162+
tag_name: ${{ steps.next_tag.outputs.tag }}
163+
release_name: Release ${{ steps.next_tag.outputs.tag }}
164+
body: |
165+
Auto-release created during deployment.
166+
draft: false
167+
prerelease: ${{ inputs.environment == 'ref' }}
168+
169+
170+
# TODO: complete notify step
61171
# success:
62172
# name: "Success notification"
63173
# runs-on: ubuntu-latest

.github/workflows/manual-terraform-plan.yaml

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
name: Github OIDC test
1+
name: Manual Terraform Plan
22

33
on:
44
workflow_dispatch:
@@ -35,6 +35,7 @@ jobs:
3535
run: |
3636
make dependencies install-python
3737
make build
38+
3839
- name: "Upload lambda artefact"
3940
uses: actions/upload-artifact@v4
4041
with:
@@ -55,16 +56,16 @@ jobs:
5556

5657
- name: "Terraform Plan Stacks"
5758
env:
58-
ENVIRONMENT: "dev"
59-
WORKSPACE: "default"
59+
ENVIRONMENT: ${{ inputs.environment }}
60+
WORKSPACE: ${{ inputs.environment }}
6061
TF_VAR_API_CA_CERT: ${{ secrets.API_CA_CERT }}
6162
TF_VAR_API_CLIENT_CERT: ${{ secrets.API_CLIENT_CERT }}
6263
TF_VAR_API_PRIVATE_KEY_CERT: ${{ secrets.API_PRIVATE_KEY_CERT }}
6364

6465
run: |
6566
mkdir -p ./build
66-
echo "Running: make terraform env=$ENVIRONMENT workspace=$ENVIRONMENT stack=networking tf-command=plan args=\"-auto-approve\""
67-
make terraform env=$ENVIRONMENT stack=networking tf-command=plan workspace=$ENVIRONMENT
67+
echo "Running: make terraform env=$ENVIRONMENT workspace=$WORKSPACE stack=networking tf-command=plan args=\"-auto-approve\""
68+
make terraform env=$ENVIRONMENT stack=networking tf-command=plan workspace=$WORKSPACE
6869
echo "Running: make terraform env=$ENVIRONMENT workspace=$WORKSPACE stack=api-layer tf-command=plan args=\"-auto-approve\""
6970
make terraform env=$ENVIRONMENT stack=api-layer tf-command=plan workspace=$WORKSPACE
7071

0 commit comments

Comments
 (0)