From 8db7f090db935699d7b0064d24538cf384f2fa42 Mon Sep 17 00:00:00 2001 From: Brett McHargue Date: Mon, 23 Oct 2023 10:53:32 +0100 Subject: [PATCH 01/16] Replant seed with each release for now --- .github/workflows/azure-deploy-stage.yml | 95 ++++++++++++++++++++++++ entrypoints/docker-entrypoint.sh | 2 +- 2 files changed, 96 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/azure-deploy-stage.yml diff --git a/.github/workflows/azure-deploy-stage.yml b/.github/workflows/azure-deploy-stage.yml new file mode 100644 index 00000000..969535e2 --- /dev/null +++ b/.github/workflows/azure-deploy-stage.yml @@ -0,0 +1,95 @@ +name: 'HfEYP App Deploy [Azure - STAGE]' + +on: + workflow_dispatch: + inputs: + candidate: + description: 'Create release candidate version ("rcx.x.x")' + type: string + required: true + ref: + description: 'Git ref or branch to deploy' + type: string + required: true + default: main + push: + tags: + - rc* + +# Permissions for OIDC authentication +permissions: + id-token: write + contents: write + packages: write + +env: + ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} + ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} + DOCKER_IMAGE: ghcr.io/dfe-digital/help-for-early-years-providers + +jobs: + deploy-to-staging: + runs-on: ubuntu-latest + environment: staging + steps: + # Checkout the repository to the GitHub Actions runner + - name: Checkout Code + uses: actions/checkout@v4 + with: + ref: ${{ inputs.ref || github.ref_name }} + + # Tag the branch with the release candidate version + - name: Tag candidate + if: ${{ inputs.candidate }} + run: | + git tag --force ${{ inputs.candidate }} + git push --force origin refs/tags/${{ inputs.candidate }} + echo "HEAD=$(git rev-parse ${{ inputs.candidate }})" >> $GITHUB_ENV + + # Create and boot Docker image builder + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + with: + version: v0.9.1 + + # Login to Github Container Registry + - name: Login to Github Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + # Build and push image + - name: Build and push Docker Image + uses: docker/build-push-action@v5 + with: + target: production + context: . + file: Dockerfile.azure + build-args: | + BUILDKIT_INLINE_CACHE=1 + SHA=${{ github.sha }} + cache-from: | + ${{ env.DOCKER_IMAGE }}:${{ github.sha }} + ${{ env.DOCKER_IMAGE }}:${{ inputs.ref || github.ref_name }} + tags: | + ${{ env.DOCKER_IMAGE }}:${{ github.sha }} + ${{ env.DOCKER_IMAGE }}:${{ inputs.candidate || github.ref_name }} + + # Login to Azure using OIDC + - name: Login to Azure CLI + uses: azure/login@v1 + with: + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + + # Deploy Web Application + - name: Deploy to Azure App Services + uses: azure/webapps-deploy@v2 + with: + app-name: ${{ vars.WEBAPP_NAME }} + images: ${{ env.DOCKER_IMAGE }}:${{ inputs.candidate || github.ref_name }} + diff --git a/entrypoints/docker-entrypoint.sh b/entrypoints/docker-entrypoint.sh index 558502f9..1571f7af 100755 --- a/entrypoints/docker-entrypoint.sh +++ b/entrypoints/docker-entrypoint.sh @@ -9,7 +9,7 @@ fi /usr/sbin/sshd -bundle exec rake db:prepare db:seed +bundle exec rake db:prepare db:seed:replant # Start the application bundle exec rails s -b 0.0.0.0 From a65929f4e840f12c0613e9211baadd3911694914 Mon Sep 17 00:00:00 2001 From: Brett McHargue Date: Mon, 23 Oct 2023 11:27:47 +0100 Subject: [PATCH 02/16] Disable database environment check --- config/credentials/production.yml.enc | 2 +- entrypoints/docker-entrypoint.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/config/credentials/production.yml.enc b/config/credentials/production.yml.enc index 2e9408b0..d177aed7 100644 --- a/config/credentials/production.yml.enc +++ b/config/credentials/production.yml.enc @@ -1 +1 @@ -MNHimzHKDFqAUc9oJSgl6ulO+sw2H7QjpmpfcBj0JvHlP9DTGj2ZW0EYRCJrcgvA/+84UUWTK3ueNLQBR9/eJtTDYrL2RDI3STFtZdbMYkCvDJCpx8kGvCoTjpKRKt+3S4tKmDQfCrDmjywQw+gRbjL6fUCy5w5mh3qDbpuvUXFYfeu1Ck0Zx9IZJ9Q6WsbL3D0TuHQftpfCnZHjmkCbJkXLgk3hOttbtYMXtvyzpSgc8S2XVHsqCPhEtk7oQueyPSpNE40wBEXzGLMaj7Yy9hLHKUI2ZJd0SK0WmnQexP6hguvAT5upHeKLF5VXzDmkybdi3qDzn4zy5Q7VYum5K3OcrMlOoiY2meuYy8uSkIrtUJ9xTdiqel0Fk+QoPSE954FQRe9RFWBRhD3DNeCkbCimaKF2lCbiE7X6Kd+Gr/c33MGH8/Q+Nv72vUHVB2QqT0xyKmkFKqNgaeSVqTaH//Ii6fYmP3CaORNi/rOeiB2edX16bQn/gL8qQWuHg38J0ojR9cFRtmm76Jv6Ped9CYQSRsrGwz3wFn2WKMq+QR5+zTIXXnyItPEmbMwCzwhkagW60HyeONG78QLmKz34uYVvCGPPgLeDCOXMNy8hyVkNcThEZWBH6nlRXfPrj4HgVzZkg9snl8bkds0izLPNppJJNCjAy+m6Lbr7QJDf8g0UtNjkscaOP3e5ahw/Ihk8maMq20L5oq6xuTm4dcrm6R/oTnYPn5TIAGEa/RYg+MErLLLBgRRfdOwKSmeQNdbSNbYh6bRzp72QkwNqK9AkIs8gt9p9qloeDnDir+09Y8QN7NUAHMcTpUCY5B/tf+/6NYwZf0P7n0can0AWyv0PKMCBnAyxeZH3PoP5Kt0NM/3RZZhfWde/o/izE5+fMrYhk08sltHw1kcj9h8z4BrXBPu0I1KWAvFGTAF7FENJtnvnnuLZ15jdsaWgCjznv/ysbRU6orm/Tp5CSXbrGGGb/GYdCekFpVnqUKW3ZozORYWnT4e8DgGhastGOp48KRvsfpd1WUy9v8M=--E5LhUUa8YnK1vAHX--Ra7YwT8uHdwB/qzEzSpLfw== \ No newline at end of file +3bh88bS4CI7nS/DOCV9D9DHKoxieWMxD5Xsxh8HF2azlEUtMVGIHZT9fI3UkCZB5mwezDX1qjc8XqeBEmK/Le/rMNgNHffbMcBjMe31tVz7b4DOi74Uv69XobhvSTCp4syZ15OuHiG5CRiwQCeT0keXO9Bb3tBx0MbdjLQCsnG6JGGAm6Emkmqo8rD2cgwyxQ90XoBfz9szhFyr7Nnv7aA8PTbx58CrhoF19OtUFeFRWpS9kJ4FTNN9tiGAzEm4Sq2faAJf4Nr8hx+M2MGkoOPKZnBVZT/1N4CJCkDYTySLa+jLb2iD9fLrqD4TCJOZkY/4xIRC+2xb7j0+9Vq4cR4wG3Ber5eAhVi1jaXGJhcjC/jedQ+mEvYoBc+6Rl0QS23Tyc+o21lw93oE9UK2bRE2yRwU+/DB/mELPIg4ZD9wLKdm8Lhcsj7ckVp1j3Z8VP+qsLnhU1U/wxuW7FvHyo+Bm4LpP3/lJhOk5bkqxII26n3IdhWcjneir27Nb/q6SgtUfvvaklWrx2yCbCB5tQbzWCrwWfG5adR/x3Aa5Q7RIz7kBuxkQQLH4xPXUPJaSZB4ByKjJtuIxGBw6Y7SenYfl/JVKknZw7JiiyRmY9pvEFgf3reWmwJZaJBMt6igZJX14z1K4XJ+PJyQv8GbCnxlf5HtiMJmqhaHBIXArFaBKpUVC2TGa2ovbVISdl2KapIb+/el7z9+4Xa4FEfKluvhVWsWEunUZjUqsy4xWTPBrnOgHBEW4v3Hsz8aEYq51PwyT6FQCCFwovcNcTWHm+UzYBLPyTwH4EFm0gErdgp5QKvT1vVu1WfHajLh/8sLVJYNmYc8uY8fUvSaYpNNvFJbv0KxR0FMo60LBt4hihRBYivfdADm5OSMZn/FBHgDec0A5wwxSWQHe3EgSAxwuoAqQNDjRg6p5xsO6pBgo+RxZKRbLnwt8ZJRvwKnnh3enQFQXrecYMG4BMnVup1qQVJDwufK8lFvp7n/AzCzguyHjJiY2HWYfcVK8cXRMhIirW/CRlJOqS2+6YZlEVr8t/nTkMFIWm6VaYJL+XT/q4IBypNfR1NyUPrIi--q/wx5B6nVwp4CgHK--rScnJ5MUq8ZWzfxsLa0Z2A== \ No newline at end of file diff --git a/entrypoints/docker-entrypoint.sh b/entrypoints/docker-entrypoint.sh index 1571f7af..1a6cdbca 100755 --- a/entrypoints/docker-entrypoint.sh +++ b/entrypoints/docker-entrypoint.sh @@ -9,7 +9,7 @@ fi /usr/sbin/sshd -bundle exec rake db:prepare db:seed:replant +DISABLE_DATABASE_ENVIRONMENT_CHECK=1 bundle exec rake db:prepare db:seed:replant # Start the application bundle exec rails s -b 0.0.0.0 From 104bf6c2dcdd89a1a7186650f8c953f0efd5a110 Mon Sep 17 00:00:00 2001 From: Brett McHargue Date: Mon, 23 Oct 2023 12:53:19 +0100 Subject: [PATCH 03/16] Add env vars to profile --- entrypoints/docker-entrypoint.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/entrypoints/docker-entrypoint.sh b/entrypoints/docker-entrypoint.sh index 1a6cdbca..9f852917 100755 --- a/entrypoints/docker-entrypoint.sh +++ b/entrypoints/docker-entrypoint.sh @@ -9,6 +9,8 @@ fi /usr/sbin/sshd +eval $(printenv | sed -n "s/^\([^=]\+\)=\(.*\)$/export \1=\2/p" | sed 's/"/\\\"/g' | sed '/=/s//="/' | sed 's/$/"/' >> /etc/profile) + DISABLE_DATABASE_ENVIRONMENT_CHECK=1 bundle exec rake db:prepare db:seed:replant # Start the application From f8afcc278e334eb2057627c5fdbc17230e5d9494 Mon Sep 17 00:00:00 2001 From: Brett McHargue Date: Mon, 23 Oct 2023 13:51:25 +0100 Subject: [PATCH 04/16] Add contentful to content security policy --- config/initializers/content_security_policy.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb index a95d9f27..8894a3e5 100644 --- a/config/initializers/content_security_policy.rb +++ b/config/initializers/content_security_policy.rb @@ -41,6 +41,7 @@ policy.font_src :self, :https, *GOVUK_DOMAINS, *GOOGLE_STATIC_DOMAINS, :data policy.frame_src :self, *GOOGLE_ANALYTICS_DOMAINS, *OPTIMIZE_DOMAINS policy.img_src :self, + "images.ctfassets.net", *GOVUK_DOMAINS, *S3_DOMAINS, *GOOGLE_ANALYTICS_DOMAINS, # Tracking pixels From 61454c5aa3eafe780046ba6033a1c6d940aedaba Mon Sep 17 00:00:00 2001 From: Brett McHargue Date: Mon, 23 Oct 2023 14:17:51 +0100 Subject: [PATCH 05/16] Undo previous change to replant seed data --- entrypoints/docker-entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/entrypoints/docker-entrypoint.sh b/entrypoints/docker-entrypoint.sh index 9f852917..c2dda137 100755 --- a/entrypoints/docker-entrypoint.sh +++ b/entrypoints/docker-entrypoint.sh @@ -11,7 +11,7 @@ fi eval $(printenv | sed -n "s/^\([^=]\+\)=\(.*\)$/export \1=\2/p" | sed 's/"/\\\"/g' | sed '/=/s//="/' | sed 's/$/"/' >> /etc/profile) -DISABLE_DATABASE_ENVIRONMENT_CHECK=1 bundle exec rake db:prepare db:seed:replant +bundle exec rake db:prepare db:seed # Start the application bundle exec rails s -b 0.0.0.0 From 71161ff0b6823d77071aa349694bfcb536318c47 Mon Sep 17 00:00:00 2001 From: Brett McHargue Date: Tue, 31 Oct 2023 13:47:04 +0000 Subject: [PATCH 06/16] Update for staging --- terraform-azure/terraform-azure-database/main.tf | 2 +- terraform-azure/variables.tf | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/terraform-azure/terraform-azure-database/main.tf b/terraform-azure/terraform-azure-database/main.tf index 65f34c31..5d84a1bc 100644 --- a/terraform-azure/terraform-azure-database/main.tf +++ b/terraform-azure/terraform-azure-database/main.tf @@ -56,4 +56,4 @@ resource "azurerm_postgresql_flexible_server_database" "psqldb_slot" { server_id = azurerm_postgresql_flexible_server.psqlfs.id collation = "en_US.utf8" charset = "utf8" -} \ No newline at end of file +} diff --git a/terraform-azure/variables.tf b/terraform-azure/variables.tf index d7279847..1a3eee99 100644 --- a/terraform-azure/variables.tf +++ b/terraform-azure/variables.tf @@ -5,13 +5,13 @@ variable "azure_region" { } variable "environment" { - default = "development" + default = "staging" description = "Environment to deploy resources" type = string } variable "resource_name_prefix" { - default = "s195d01-hfeyp" + default = "s195t01-hfeyp" description = "Prefix for resource names" type = string } From 92870a1ce6fe038a0be5b816b6a6a3bcf904ae9a Mon Sep 17 00:00:00 2001 From: Brett McHargue Date: Tue, 31 Oct 2023 15:18:46 +0000 Subject: [PATCH 07/16] Change name of jobs --- .github/workflows/azure-deploy-stage.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/azure-deploy-stage.yml b/.github/workflows/azure-deploy-stage.yml index 969535e2..64fb545e 100644 --- a/.github/workflows/azure-deploy-stage.yml +++ b/.github/workflows/azure-deploy-stage.yml @@ -29,7 +29,7 @@ env: DOCKER_IMAGE: ghcr.io/dfe-digital/help-for-early-years-providers jobs: - deploy-to-staging: + build-and-deploy: runs-on: ubuntu-latest environment: staging steps: From d15ff9a42ae41f84ab7d634057c2ac2689157829 Mon Sep 17 00:00:00 2001 From: Brett McHargue Date: Tue, 31 Oct 2023 15:37:01 +0000 Subject: [PATCH 08/16] Fix indentation --- .github/workflows/azure-deploy-stage.yml | 35 ++++++++++++------------ 1 file changed, 17 insertions(+), 18 deletions(-) diff --git a/.github/workflows/azure-deploy-stage.yml b/.github/workflows/azure-deploy-stage.yml index 64fb545e..6c2b65d8 100644 --- a/.github/workflows/azure-deploy-stage.yml +++ b/.github/workflows/azure-deploy-stage.yml @@ -61,22 +61,22 @@ jobs: username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - # Build and push image - - name: Build and push Docker Image - uses: docker/build-push-action@v5 - with: - target: production - context: . - file: Dockerfile.azure - build-args: | - BUILDKIT_INLINE_CACHE=1 - SHA=${{ github.sha }} - cache-from: | - ${{ env.DOCKER_IMAGE }}:${{ github.sha }} - ${{ env.DOCKER_IMAGE }}:${{ inputs.ref || github.ref_name }} - tags: | - ${{ env.DOCKER_IMAGE }}:${{ github.sha }} - ${{ env.DOCKER_IMAGE }}:${{ inputs.candidate || github.ref_name }} + # Build and push image + - name: Build and push Docker Image + uses: docker/build-push-action@v5 + with: + target: production + context: . + file: Dockerfile.azure + build-args: | + BUILDKIT_INLINE_CACHE=1 + SHA=${{ github.sha }} + cache-from: | + ${{ env.DOCKER_IMAGE }}:${{ github.sha }} + ${{ env.DOCKER_IMAGE }}:${{ inputs.ref || github.ref_name }} + tags: | + ${{ env.DOCKER_IMAGE }}:${{ github.sha }} + ${{ env.DOCKER_IMAGE }}:${{ inputs.candidate || github.ref_name }} # Login to Azure using OIDC - name: Login to Azure CLI @@ -91,5 +91,4 @@ jobs: uses: azure/webapps-deploy@v2 with: app-name: ${{ vars.WEBAPP_NAME }} - images: ${{ env.DOCKER_IMAGE }}:${{ inputs.candidate || github.ref_name }} - + images: ${{ env.DOCKER_IMAGE }}:${{ inputs.candidate || github.ref_name }} \ No newline at end of file From f88cfdd1944727b438015158781d49fe5b63305f Mon Sep 17 00:00:00 2001 From: Brett McHargue Date: Wed, 1 Nov 2023 10:07:29 +0000 Subject: [PATCH 09/16] Update to test with current branch --- .github/workflows/azure-deploy-stage.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/azure-deploy-stage.yml b/.github/workflows/azure-deploy-stage.yml index 6c2b65d8..2fba3458 100644 --- a/.github/workflows/azure-deploy-stage.yml +++ b/.github/workflows/azure-deploy-stage.yml @@ -13,6 +13,8 @@ on: required: true default: main push: + branches: + - ER-861-hfeyp-staging tags: - rc* From a49d49fb1d85ce22a2b97cd71d55f7ffddafa191 Mon Sep 17 00:00:00 2001 From: Brett McHargue Date: Wed, 1 Nov 2023 10:12:27 +0000 Subject: [PATCH 10/16] Skip CKV_AZURE_225:Ensure the App Service Plan is zone redundant --- terraform-azure/terraform-azure-web/webapp.tf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/terraform-azure/terraform-azure-web/webapp.tf b/terraform-azure/terraform-azure-web/webapp.tf index 379b9859..9d0d97e6 100644 --- a/terraform-azure/terraform-azure-web/webapp.tf +++ b/terraform-azure/terraform-azure-web/webapp.tf @@ -12,6 +12,7 @@ resource "azurerm_service_plan" "asp" { } #checkov:skip=CKV_AZURE_212:Argument not available + #checkov:skip=CKV_AZURE_225:Ensure the App Service Plan is zone redundant } # Create Web Application @@ -354,4 +355,4 @@ resource "azurerm_app_service_certificate_binding" "webapp_custom_domain_cert_bi hostname_binding_id = azurerm_app_service_custom_hostname_binding.webapp_custom_domain[0].id certificate_id = azurerm_app_service_certificate.webapp_custom_domain_cert[0].id ssl_state = "SniEnabled" -} \ No newline at end of file +} From 2baf34c0a7bebc6c399e7add4ba22b75c589ff7f Mon Sep 17 00:00:00 2001 From: Brett McHargue Date: Wed, 1 Nov 2023 10:28:29 +0000 Subject: [PATCH 11/16] Comment out inputs --- .github/workflows/azure-deploy-stage.yml | 30 ++++++++++++------------ 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/.github/workflows/azure-deploy-stage.yml b/.github/workflows/azure-deploy-stage.yml index 2fba3458..24a264f4 100644 --- a/.github/workflows/azure-deploy-stage.yml +++ b/.github/workflows/azure-deploy-stage.yml @@ -2,21 +2,21 @@ name: 'HfEYP App Deploy [Azure - STAGE]' on: workflow_dispatch: - inputs: - candidate: - description: 'Create release candidate version ("rcx.x.x")' - type: string - required: true - ref: - description: 'Git ref or branch to deploy' - type: string - required: true - default: main - push: - branches: - - ER-861-hfeyp-staging - tags: - - rc* + #inputs: + # candidate: + # description: 'Create release candidate version ("rcx.x.x")' + # type: string + # required: true + # ref: + # description: 'Git ref or branch to deploy' + # type: string + # required: true + # default: main + push: + branches: + - ER-861-hfeyp-staging + # tags: + # - rc* # Permissions for OIDC authentication permissions: From 94a6211b63146c36fc42540a00e1a1ddb9406f2c Mon Sep 17 00:00:00 2001 From: Brett McHargue Date: Thu, 2 Nov 2023 10:09:00 +0000 Subject: [PATCH 12/16] Fix health check --- .github/workflows/azure-deploy-dev.yml | 1 + .github/workflows/azure-deploy-stage.yml | 21 +++++++++++---------- config/routes.rb | 1 + 3 files changed, 13 insertions(+), 10 deletions(-) diff --git a/.github/workflows/azure-deploy-dev.yml b/.github/workflows/azure-deploy-dev.yml index 252ca7f1..10442132 100644 --- a/.github/workflows/azure-deploy-dev.yml +++ b/.github/workflows/azure-deploy-dev.yml @@ -28,6 +28,7 @@ env: ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} DOCKER_IMAGE: ghcr.io/dfe-digital/help-for-early-years-providers + RELEASE_VERSION: ${{ github.sha }} jobs: build-and-deploy: diff --git a/.github/workflows/azure-deploy-stage.yml b/.github/workflows/azure-deploy-stage.yml index 24a264f4..66ff56a4 100644 --- a/.github/workflows/azure-deploy-stage.yml +++ b/.github/workflows/azure-deploy-stage.yml @@ -2,16 +2,16 @@ name: 'HfEYP App Deploy [Azure - STAGE]' on: workflow_dispatch: - #inputs: - # candidate: - # description: 'Create release candidate version ("rcx.x.x")' - # type: string - # required: true - # ref: - # description: 'Git ref or branch to deploy' - # type: string - # required: true - # default: main + inputs: + candidate: + description: 'Create release candidate version ("rcx.x.x")' + type: string + required: true + ref: + description: 'Git ref or branch to deploy' + type: string + required: true + default: main push: branches: - ER-861-hfeyp-staging @@ -29,6 +29,7 @@ env: ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} DOCKER_IMAGE: ghcr.io/dfe-digital/help-for-early-years-providers + RELEASE_VERSION: ${{ inputs.candidate || github.sha }} jobs: build-and-deploy: diff --git a/config/routes.rb b/config/routes.rb index 16c50039..b2cae70a 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -1,5 +1,6 @@ Rails.application.routes.draw do get "/check" => "application#check" + get "/health" => "application#check" # Note These have to be above the wildcard route get "/404", to: "errors#not_found", via: :all From 4cbb64c1cf8a394a3cfdff52c23ccd8d28aff8f8 Mon Sep 17 00:00:00 2001 From: Brett McHargue Date: Thu, 2 Nov 2023 11:21:38 +0000 Subject: [PATCH 13/16] Manual deployment to staging --- .github/workflows/azure-deploy-stage.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.github/workflows/azure-deploy-stage.yml b/.github/workflows/azure-deploy-stage.yml index 66ff56a4..df012720 100644 --- a/.github/workflows/azure-deploy-stage.yml +++ b/.github/workflows/azure-deploy-stage.yml @@ -12,11 +12,6 @@ on: type: string required: true default: main - push: - branches: - - ER-861-hfeyp-staging - # tags: - # - rc* # Permissions for OIDC authentication permissions: From 2a3cb6e39c8bdaa608c7234ac29a0d377fc3abe0 Mon Sep 17 00:00:00 2001 From: Brett McHargue Date: Thu, 2 Nov 2023 11:38:26 +0000 Subject: [PATCH 14/16] Test terraform unit test from feature branch --- .github/workflows/azure-deploy-dev.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/azure-deploy-dev.yml b/.github/workflows/azure-deploy-dev.yml index 10442132..90e29895 100644 --- a/.github/workflows/azure-deploy-dev.yml +++ b/.github/workflows/azure-deploy-dev.yml @@ -4,7 +4,7 @@ on: workflow_dispatch: push: branches: - - main + - ER-861-hfeyp-staging paths-ignore: - '**/*.md' - .docker* From c3c8a33af5a8b593bf316483b62beaa7ee5306b1 Mon Sep 17 00:00:00 2001 From: Brett McHargue Date: Thu, 2 Nov 2023 12:01:18 +0000 Subject: [PATCH 15/16] Skip azurerm_storage_account issues --- terraform-azure/terraform-azure-remote-state/main.tf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/terraform-azure/terraform-azure-remote-state/main.tf b/terraform-azure/terraform-azure-remote-state/main.tf index 5ed7e406..516bf099 100644 --- a/terraform-azure/terraform-azure-remote-state/main.tf +++ b/terraform-azure/terraform-azure-remote-state/main.tf @@ -86,6 +86,8 @@ resource "azurerm_storage_account" "tfstate" { #checkov:skip=CKV2_AZURE_1:Microsoft Managed keys are sufficient #checkov:skip=CKV2_AZURE_38:Soft-delete not required #checkov:skip=CKV2_AZURE_33:VNet not configured + #checkov:skip=CKV2_AZURE_41:Ensure storage account is configured with SAS expiration policy + #checkov:skip=CKV2_AZURE_40:Ensure storage account is not configured with Shared Key authorization } resource "azurerm_storage_container" "tfstate" { From 2f07e71d49d9373a1f849f66c2d1f2806c141c85 Mon Sep 17 00:00:00 2001 From: Brett McHargue Date: Fri, 3 Nov 2023 11:06:18 +0000 Subject: [PATCH 16/16] Revert to using main for deploy --- .github/workflows/azure-deploy-dev.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/azure-deploy-dev.yml b/.github/workflows/azure-deploy-dev.yml index 90e29895..4eaa95a6 100644 --- a/.github/workflows/azure-deploy-dev.yml +++ b/.github/workflows/azure-deploy-dev.yml @@ -4,7 +4,7 @@ on: workflow_dispatch: push: branches: - - ER-861-hfeyp-staging + - main paths-ignore: - '**/*.md' - .docker* @@ -70,7 +70,7 @@ jobs: build-args: BUILDKIT_INLINE_CACHE=1 cache-from: | ${{ env.DOCKER_IMAGE }}-dev:builder - push: true + push: true tags: ${{ env.DOCKER_IMAGE }}-dev:builder target: builder @@ -82,7 +82,7 @@ jobs: build-args: BUILDKIT_INLINE_CACHE=1 cache-from: | ${{ env.DOCKER_IMAGE }}-dev:gems-node-modules - push: true + push: true tags: ${{ env.DOCKER_IMAGE }}-dev:gems-node-modules target: help-for-early-years-providers-gems-node-modules @@ -94,7 +94,7 @@ jobs: build-args: BUILDKIT_INLINE_CACHE=1 cache-from: | ${{ env.DOCKER_IMAGE }}-dev:assets-precompile - push: true + push: true tags: ${{ env.DOCKER_IMAGE }}-dev:assets-precompile target: assets-precompile @@ -127,4 +127,4 @@ jobs: uses: azure/webapps-deploy@v2 with: app-name: ${{ vars.WEBAPP_NAME }} - images: ${{ env.DOCKER_IMAGE }}:${{ github.sha }} \ No newline at end of file + images: ${{ env.DOCKER_IMAGE }}:${{ github.sha }}