Skip to content

Merge pull request #1472 from DFE-Digital/obfuscate-postcode #484

Merge pull request #1472 from DFE-Digital/obfuscate-postcode

Merge pull request #1472 from DFE-Digital/obfuscate-postcode #484

name: Build and Deploy
on:
workflow_dispatch:
inputs:
environment:
description: Environment to deploy to
required: true
type: choice
default: development_aks
options:
- development_aks
- test_aks
- production_aks
pull_request:
types: [assigned, opened, synchronize, reopened, ready_for_review]
push:
branches:
- master
jobs:
build:
name: Build and push to Github Container Registry
runs-on: ubuntu-latest
environment: ${{ github.event.inputs.environment }}
outputs:
image: ${{steps.docker_image.outputs.IMAGE}}
image_tag_sha: "sha-${{ steps.vars.outputs.sha_short }}"
steps:
- name: Check out the repo
uses: actions/checkout@v4
- name: set-up-environment
uses: DFE-Digital/github-actions/set-up-environment@master
- uses: Azure/login@v2
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Fetch secrets from key vault
uses: azure/CLI@v2
id: fetch-secrets
with:
inlineScript: |
SECRET_VALUE=$(az keyvault secret show --name "SLACK-WEBHOOK" --vault-name "${{ secrets.INFRA_KEY_VAULT}}" --query "value" -o tsv)
echo "::add-mask::$SECRET_VALUE"
echo "SLACK-WEBHOOK=$SECRET_VALUE" >> $GITHUB_OUTPUT
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@master
- name: Get Short SHA
id: vars
run: |
echo "sha_short=$(echo $GITHUB_SHA | cut -c -7)" >> $GITHUB_OUTPUT
- name: Cache Docker layers
uses: actions/cache@v4
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
- name: Login to Github Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build
uses: docker/build-push-action@v6
with:
push: ${{ github.ref == 'refs/heads/master' }}
builder: ${{ steps.buildx.outputs.name }}
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache
tags: |
${{env.DOCKER_REPOSITORY}}:sha-${{ steps.vars.outputs.sha_short }}
build-args: GIT_COMMIT_SHA=${{ steps.vars.outputs.sha_short }}
- name: Slack Notification
if: failure() && github.ref == 'refs/heads/master'
uses: rtCamp/action-slack-notify@master
env:
SLACK_COLOR: ${{env.SLACK_FAILURE}}
SLACK_MESSAGE: 'The pipeline has failed to build the API image'
SLACK_TITLE: 'Failure to Build API '
SLACK_WEBHOOK: "${{ steps.fetch-secrets.outputs.SLACK-WEBHOOK }}"
development:
name: Development Deployment
needs: build
if: github.ref == 'refs/heads/master'
runs-on: ubuntu-latest
environment:
name: development_aks
url: ${{ steps.deploy.outputs.deploy-url }}
steps:
- name: Check out the repo
uses: actions/checkout@v4
- name: set-up-environment
uses: DFE-Digital/github-actions/set-up-environment@master
- uses: Azure/login@v2
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Fetch secrets from key vault
uses: azure/CLI@v2
id: fetch-secrets
with:
inlineScript: |
SECRET_VALUE=$(az keyvault secret show --name "SLACK-WEBHOOK" --vault-name "${{ secrets.INFRA_KEY_VAULT}}" --query "value" -o tsv)
echo "::add-mask::$SECRET_VALUE"
echo "SLACK-WEBHOOK=$SECRET_VALUE" >> $GITHUB_OUTPUT
- name: Trigger Development Deployment
uses: ./.github/workflows/actions/deploy_v2
id: deploy
with:
environment: development_aks
sha: ${{needs.build.outputs.image_tag_sha}}
azure-credentials: ${{ secrets.AZURE_CREDENTIALS }}
- name: Generate Tag from PR Number
id: tag_version
uses: DFE-Digital/github-actions/GenerateReleaseFromSHA@master
with:
sha: ${{github.sha}}
- name: Create a GitHub Release
id: release
if: steps.tag_version.outputs.pr_found == 1
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ steps.tag_version.outputs.pr_number }}
release_name: Release ${{ steps.tag_version.outputs.pr_number }}
commitish: ${{github.sha}}
prerelease: false
draft: false
- name: Copy PR Info to Release
if: steps.release.outputs.id
uses: DFE-Digital/github-actions/CopyPRtoRelease@master
with:
PR_NUMBER: ${{ steps.tag_version.outputs.pr_number }}
RELEASE_ID: ${{ steps.release.outputs.id }}
TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Slack Notification
if: failure() && github.ref == 'refs/heads/master'
uses: rtCamp/action-slack-notify@master
env:
SLACK_COLOR: ${{env.SLACK_FAILURE}}
SLACK_MESSAGE: 'Deployment to the development environment has failed'
SLACK_TITLE: 'Deployment to the development environment has failed'
SLACK_WEBHOOK: '${{ steps.fetch-secrets.outputs.SLACK-WEBHOOK }}'
test:
name: Test Deployment
needs: build
if: github.ref == 'refs/heads/master'
runs-on: ubuntu-latest
environment:
name: test_aks
url: ${{ steps.deploy.outputs.deploy-url }}
steps:
- name: Check out the repo
uses: actions/checkout@v4
- name: set-up-environment
uses: DFE-Digital/github-actions/set-up-environment@master
- uses: Azure/login@v2
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Fetch secrets from key vault
uses: azure/CLI@v2
id: fetch-secrets
with:
inlineScript: |
SECRET_VALUE=$(az keyvault secret show --name "SLACK-WEBHOOK" --vault-name "${{ secrets.INFRA_KEY_VAULT}}" --query "value" -o tsv)
echo "::add-mask::$SECRET_VALUE"
echo "SLACK-WEBHOOK=$SECRET_VALUE" >> $GITHUB_OUTPUT
- name: Trigger Test Deployment
uses: ./.github/workflows/actions/deploy_v2
id: deploy
with:
environment: test_aks
sha: ${{needs.build.outputs.image_tag_sha}}
azure-credentials: ${{ secrets.AZURE_CREDENTIALS }}
- name: Slack Notification
if: failure() && github.ref == 'refs/heads/master'
uses: rtCamp/action-slack-notify@master
env:
SLACK_COLOR: ${{env.SLACK_FAILURE}}
SLACK_MESSAGE: 'Deployment to the test environment has failed'
SLACK_TITLE: 'Deployment to the test environment has failed'
SLACK_WEBHOOK: "${{ steps.fetch-secrets.outputs.SLACK-WEBHOOK }}"