Skip to content

Commit

Permalink
Merge pull request #618 from cabinetoffice/EHD-1057-simplify-hosting-…
Browse files Browse the repository at this point in the history 
…-github-actions

EHD-1057: Simplify hosting: GitHub Actions
  • Loading branch information
@jamesgriff
jamesgriff authored Jan 22, 2025
2 parents 173e2f6 + 432e9bb commit cbdafe5
Show file tree
Hide file tree
Showing 3 changed files with 410 additions and 0 deletions.
61 changes: 61 additions & 0 deletions .github/workflows/_deploy-shared.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
name: '(shared functionality) Deploy'

on:
workflow_call:
inputs:
GITHUB_ACTIONS_ENVIRONMENT:
required: true
type: string
EB_APP_NAME:
required: true
type: string
EB_ENVIRONMENT_NAME:
required: true
type: string
EB_CODE_BUCKET:
required: true
type: string
secrets:
AWS_ACCESS_KEY_ID:
required: true
AWS_SECRET_ACCESS_KEY:
required: true

env:
AWS_DEFAULT_REGION: eu-west-2
TERRAFORM_STATE_BUCKET: uk-gov-equality-hub-terraform-state-bucket

jobs:
deploy:
name: 'Deploy (${{ inputs.GITHUB_ACTIONS_ENVIRONMENT }})'
runs-on: ubuntu-latest
environment: ${{ inputs.GITHUB_ACTIONS_ENVIRONMENT }}

env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: eu-west-2
ZIP_FILE_NAME: "run${{ github.run_id }}_${{ inputs.GITHUB_ACTIONS_ENVIRONMENT }}_attempt${{ github.run_attempt }}.zip"
EB_VERSION_LABEL: "v_run${{ github.run_id }}_${{ inputs.GITHUB_ACTIONS_ENVIRONMENT }}_attempt${{ github.run_attempt }}"

steps:
- name: 'Download build zip from GitHub Actions artifacts'
uses: actions/download-artifact@v4
with:
name: build-zip

- name: 'Copy the zip file to AWS S3'
run: |
aws s3 cp ./build.zip "s3://${{ inputs.EB_CODE_BUCKET }}/${{ env.ZIP_FILE_NAME }}"
- name: 'Create Elastic Beanstalk application version'
run: |
aws elasticbeanstalk create-application-version --application-name "${{ inputs.EB_APP_NAME }}" --version-label "${{ env.EB_VERSION_LABEL }}" --source-bundle "S3Bucket=${{ inputs.EB_CODE_BUCKET }},S3Key=${{ env.ZIP_FILE_NAME }}"
- name: 'Deploy new version to Elastic Beanstalk instances'
run: |
aws elasticbeanstalk update-environment --application-name "${{ inputs.EB_APP_NAME }}" --environment-name "${{ inputs.EB_ENVIRONMENT_NAME }}" --version-label "${{ env.EB_VERSION_LABEL }}"
- name: 'Wait for the Elastic Beanstalk environment to finish updating (to prevent us trying to deploy two changes at once)'
run: |
aws elasticbeanstalk wait environment-updated --application-name "${{ inputs.EB_APP_NAME }}" --environment-name "${{ inputs.EB_ENVIRONMENT_NAME }}" --version-label "${{ env.EB_VERSION_LABEL }}"
130 changes: 130 additions & 0 deletions .github/workflows/_terraform-shared.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,130 @@
name: '(shared functionality) Terraform'

on:
workflow_call:
inputs:
GITHUB_ACTIONS_ENVIRONMENT:
required: true
type: string
TERRAFORM_ENVIRONMENT_NAME:
required: true
type: string
TERRAFORM_STATE_FILE:
required: true
type: string
TERRAFORM_TFVARS_FILE:
required: true
type: string
OFFSET_CURRENT_DATE_TIME_FOR_SITE:
required: true
type: string
MAINTENANCE_MODE:
required: true
type: string
MAINTENANCE_MODE_UP_AGAIN_TIME:
required: true
type: string
secrets:
TERRAFORM_AWS_ACCESS_KEY_ID:
required: true
TERRAFORM_AWS_SECRET_ACCESS_KEY:
required: true
POSTGRES_PASSWORD:
required: true
DEFAULT_ENCRYPTION_KEY:
required: true
DEFAULT_ENCRYPTION_IV:
required: true
DATA_MIGRATION_PASSWORD:
required: true
COMPANIES_HOUSE_API_KEY:
required: true
GOV_UK_NOTIFY_API_KEY:
required: true
BASIC_AUTH_USERNAME:
required: false
BASIC_AUTH_PASSWORD:
required: false
EHRC_API_TOKEN:
required: true
outputs:
main_app_elastic_beanstalk_application_name:
value: ${{ jobs.terraform.outputs.main_app_elastic_beanstalk_application_name }}
main_app_elastic_beanstalk_environment_name:
value: ${{ jobs.terraform.outputs.main_app_elastic_beanstalk_environment_name }}
main_app_elastic_beanstalk_code_s3_bucket:
value: ${{ jobs.terraform.outputs.main_app_elastic_beanstalk_code_s3_bucket }}

env:
AWS_ACCESS_KEY_ID: ${{ secrets.TERRAFORM_AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.TERRAFORM_AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: eu-west-2
TERRAFORM_STATE_BUCKET: uk-gov-equality-hub-terraform-state-bucket

jobs:
terraform:
name: 'Terraform (${{ inputs.GITHUB_ACTIONS_ENVIRONMENT }})'
runs-on: ubuntu-latest
environment: ${{ inputs.GITHUB_ACTIONS_ENVIRONMENT }}

outputs:
main_app_elastic_beanstalk_application_name: ${{ steps.step_elastic_beanstalk_application_name.outputs.test }}
main_app_elastic_beanstalk_environment_name: ${{ steps.step_elastic_beanstalk_environment_name.outputs.test }}
main_app_elastic_beanstalk_code_s3_bucket: ${{ steps.step_elastic_beanstalk_code_s3_bucket.outputs.test }}

steps:
- name: 'Checkout Code'
uses: actions/checkout@v4

- name: 'Install Terraform'
uses: hashicorp/setup-terraform@v3

- name: 'Init Terraform'
run: |
terraform init "-backend-config=bucket=${{ env.TERRAFORM_STATE_BUCKET }}" "-backend-config=key=${{ inputs.TERRAFORM_STATE_FILE }}" "-backend-config=region=${{ env.AWS_DEFAULT_REGION }}" "-backend-config=access_key=${{ secrets.TERRAFORM_AWS_ACCESS_KEY_ID }}" "-backend-config=secret_key=${{ secrets.TERRAFORM_AWS_SECRET_ACCESS_KEY }}"
working-directory: ./terraform

- name: 'Apply Terraform changes'
run: |
terraform apply \
-var-file "${{ inputs.TERRAFORM_TFVARS_FILE }}" \
-var "github_url=https://github.com/${{ github.repository }}" \
-var "POSTGRES_PASSWORD=${{ secrets.POSTGRES_PASSWORD }}" \
-var "DEFAULT_ENCRYPTION_KEY=${{ secrets.DEFAULT_ENCRYPTION_KEY }}" \
-var "DEFAULT_ENCRYPTION_IV=${{ secrets.DEFAULT_ENCRYPTION_IV }}" \
-var "DATA_MIGRATION_PASSWORD=${{ secrets.DATA_MIGRATION_PASSWORD }}" \
-var "COMPANIES_HOUSE_API_KEY=${{ secrets.COMPANIES_HOUSE_API_KEY }}" \
-var "GOV_UK_NOTIFY_API_KEY=${{ secrets.GOV_UK_NOTIFY_API_KEY }}" \
-var "BASIC_AUTH_USERNAME=${{ secrets.BASIC_AUTH_USERNAME }}" \
-var "BASIC_AUTH_PASSWORD=${{ secrets.BASIC_AUTH_PASSWORD }}" \
-var "EHRC_API_TOKEN=${{ secrets.EHRC_API_TOKEN }}" \
-var "OFFSET_CURRENT_DATE_TIME_FOR_SITE=${{ inputs.OFFSET_CURRENT_DATE_TIME_FOR_SITE }}" \
-var "MAINTENANCE_MODE=${{ inputs.MAINTENANCE_MODE }}" \
-var "MAINTENANCE_MODE_UP_AGAIN_TIME=${{ inputs.MAINTENANCE_MODE_UP_AGAIN_TIME }}" \
-auto-approve
working-directory: ./terraform

- name: 'Download the TFState file'
run: |
aws s3 cp "s3://${{ env.TERRAFORM_STATE_BUCKET }}/${{ inputs.TERRAFORM_STATE_FILE }}" ./current_tf_state.json
- id: step_elastic_beanstalk_application_name
name: 'Find the name of the Elastic Beanstalk application name'
run: |
echo test=$(jq -r '.resources[] | select(.name == "main_app_elastic_beanstalk_application").instances[].attributes.name' current_tf_state.json) >> main_app_elastic_beanstalk_application_name.txt
cat main_app_elastic_beanstalk_application_name.txt
cat main_app_elastic_beanstalk_application_name.txt >> $GITHUB_OUTPUT
- id: step_elastic_beanstalk_environment_name
name: 'Find the name of the Elastic Beanstalk environment name'
run: |
echo test=$(jq -r '.resources[] | select(.name == "main_app_elastic_beanstalk_environment").instances[].attributes.name' current_tf_state.json) >> main_app_elastic_beanstalk_environment_name.txt
cat main_app_elastic_beanstalk_environment_name.txt
cat main_app_elastic_beanstalk_environment_name.txt >> $GITHUB_OUTPUT
- id: step_elastic_beanstalk_code_s3_bucket
name: 'Find the name of the Elastic Beanstalk application code versions S3 bucket'
run: |
echo test=$(jq -r '.resources[] | select(.name == "main_app_elastic_beanstalk_code_s3_bucket").instances[].attributes.bucket' current_tf_state.json) >> main_app_elastic_beanstalk_code_s3_bucket.txt
cat main_app_elastic_beanstalk_code_s3_bucket.txt
cat main_app_elastic_beanstalk_code_s3_bucket.txt >> $GITHUB_OUTPUT
Loading

0 comments on commit cbdafe5

Please sign in to comment.