DFE-Digital · RMcVelia · Nov 12, 2024 · Nov 1, 2024 · Nov 1, 2024
diff --git a/build-docker-image/README.md b/build-docker-image/README.md
@@ -30,6 +30,7 @@ A service that uses this action with reuse-cache = true, should also have a cach
 - `target`: The target stage to build of a multi-stage build
 - `docker-repository`: Repository name in the container registry. e.g. ghcr.io/dfe-digital/register-trainee-teachers. Defaults to current Github repository name.
 - `max-cache`: Set to true to use maximum cache level when reuse-cache is set. Defaults to minimum (false)
+- `slack-webhook`:  A slack webhook to send a slack message to the service tech channel. See https://technical-guidance.education.gov.uk/infrastructure/monitoring/slack/#content (Optional)
 
 ## Outputs
 - `tag`: Tag uniquely generated for this build (Currently long commit SHA)

diff --git a/build-docker-image/action.yml b/build-docker-image/action.yml
@@ -28,6 +28,8 @@ inputs:
     default: false
     type: boolean
     required: false
+  slack-webhook:
+    required: false
 
 outputs:
   tag:
@@ -181,3 +183,15 @@ runs:
     - name: Push ${{ env.DOCKER_REPOSITORY }}:${{ env.IMAGE_TAG }} image to registry
       shell: bash
       run: docker image push --all-tags ${{ env.DOCKER_REPOSITORY }}
+
+    - name: Notify slack channel on job failure
+      uses: rtCamp/action-slack-notify@master
+      if: ${{ failure() && github.ref == 'refs/heads/main' && inputs.slack-webhook != '' }}
+      with:
+        SLACK_USERNAME: CI Deployment
+        SLACK_COLOR: failure
+        SLACK_ICON_EMOJI: ':github-logo:'
+        SLACK_TITLE: 'Build failure'
+        SLACK_MESSAGE: ':alert: Build failure on commit ${{env.IMAGE_TAG}} :sadparrot:'
+        SLACK_WEBHOOK: ${{ inputs.slack-webhook }}
+        SLACK_FOOTER: Sent from build-docker-image
diff --git a/deploy-to-aks/README.md b/deploy-to-aks/README.md
@@ -0,0 +1,40 @@
+# Deploy to AKS
+
+Deploy a docker image by sha to a specific service environment.
+Optionally after deployment
+- run a seed command for review apps
+  - if enabled, it will run 'make review seed-review-app' so this must exist in the Makefile
+- run a smoktest after deployment
+
+If using Google Cloud then GCP_PROJECT_ID abd GCP_WIP variables must be set in the service Makefile.
+
+## Inputs
+- `azure-credentials`: A JSON string containing service principal credentials (Required)
+- `gcp-wip`: The full identifier of the GCP Workload Identity Provider. See https://github.com/DFE-Digital/terraform-modules/blob/main/aks/dfe_analytics/README.md#authentication---github-actions (Optional)
+- `gcp-project-id`: The name of the GCP Project ID. See https://github.com/DFE-Digital/terraform-modules/blob/main/aks/dfe_analytics/README.md#authentication---github-actions (Optional)
+- `environment`: Name of the environment to deploy (Required)
+- `pr-number`: Pull Request Number if deploying a review app (Optional)
+- `db-seed`: Run seed command after a deployment. Should only be used for review apps (default: false)
+- `sha`: Commit sha corresponding to the docker image tag to be deployed (Required)
+- `slack-webhook` : A slack webhook to send a slack message to the service tech channel on deploy failure. See https://technical-guidance.education.gov.uk/infrastructure/monitoring/slack/#content (Optional)
+- `smoke-test` : Run an application smoke test after deployment (default: false)
+- `healthcheck` : Health check path, without first / e.g. 'healthcheck/all' (Optional)
+- `terraform-base` : Name of the base terraform path (default: 'terraform/application')
+
+## Example
+
+```yaml
+- name: Deploy App to Review
+  id: deploy_review
+  uses: DFE-Digital/github-actions/deploy-to-aks@master
+  with:
+    azure-credentials:  ${{ secrets.AZURE_CREDENTIALS }}
+    environment: review
+    pr-number: ${{ github.event.pull_request.number }}
+    sha: ${{ needs.build.outputs.docker-image-tag }}
+    healthcheck: 'healthcheck/all'
+    db-seed: true
+    smoke-test: true
+    gcp-wip: ${{ vars.GCP_WIP }}
+    gcp-project-id: ${{ vars.GCP_PROJECT_ID }}
+```
diff --git a/deploy-to-aks/action.yml b/deploy-to-aks/action.yml
@@ -0,0 +1,154 @@
+name: Deploy to AKS environment
+description: Deploy a docker image to an AKS environment
+
+inputs:
+  azure-credentials:
+    description: A JSON string containing service principal credentials.
+    required: true
+  gcp-wip:
+    description: The full identifier of the GCP Workload Identity Provider.
+    required: false
+  gcp-project-id:
+    description: The name of the GCP Project ID.
+    required: false
+  environment:
+    description: Environment to deploy to
+    required: true
+  pr-number:
+    description: PR number for the review app
+    required: false
+  sha:
+    description: Commit sha to be deployed
+    required: true
+  slack-webhook:
+    description: Name of the slack webhook
+    required: false
+  db-seed:
+    description: Run seed command after a deployment. Normally only used for review apps.
+    type: boolean
+    required: false
+    default: false
+  smoke-test:
+    description: Enable smoke test after deployment
+    type: boolean
+    required: false
+    default: false
+  healthcheck:
+    description: Health check path
+    required: false
+  terraform-base:
+    description: Path to the terraform files
+    required: false
+    default: 'terraform/application'
+
+outputs:
+  environment_url:
+    description: The first external URL for the deployed environment
+    value: ${{ steps.set_output.outputs.ENVIRONMENT_URL }}
+
+runs:
+  using: composite
+  steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+
+    - name: Set Environment variables
+      id: set_env_var
+      shell: bash
+      run: |
+        terraform_version=$(awk '/{/{f=/^terraform/;next}f' ${{ inputs.terraform-base }}/terraform.tf | grep -o [0-9\.]*)
+        echo "TERRAFORM_VERSION=$terraform_version" >> $GITHUB_ENV
+
+    - name: Use Terraform ${{ env.TERRAFORM_VERSION }}
+      uses: hashicorp/setup-terraform@v3
+      with:
+        terraform_version: ${{ env.TERRAFORM_VERSION }}
+        terraform_wrapper: false
+
+    - uses: azure/login@v2
+      if: ${{ inputs.db-seed == 'true' }}
+      with:
+        creds: ${{ inputs.azure-credentials }}
+
+    - uses: google-github-actions/auth@v2
+      if: ${{ inputs.gcp-wip != '' }}
+      with:
+        project_id: ${{ inputs.gcp-project-id }}
+        workload_identity_provider: ${{ inputs.gcp-wip }}
+
+    - uses: DFE-Digital/github-actions/set-kubelogin-environment@master
+      with:
+        azure-credentials: ${{ inputs.azure-credentials }}
+
+    - name: Terraform apply
+      shell: bash
+      run: make ${{ inputs.environment }} ci terraform-apply
+      env:
+        DOCKER_IMAGE_TAG: ${{ inputs.sha }}
+        PR_NUMBER: ${{ inputs.pr-number }}
+
+    - name: Install kubectl
+      if: ${{ ( inputs.db-seed == 'true' && inputs.environment == 'review' ) }}
+      uses: DFE-Digital/github-actions/set-kubectl@master
+
+    - name: Seed review app
+      shell: bash
+      if: ${{ inputs.db-seed == 'true' }}
+      run: make ci ${{ inputs.environment }} db-seed
+      env:
+        PR_NUMBER: ${{ inputs.pr-number }}
+
+    - name: set DEPLOY_URL output
+      shell: bash
+      id: set_output
+      run: |
+        first_url=$(terraform -chdir=${{ inputs.terraform-base }} output -json external_urls | jq -r '.[0]')
+        echo "ENVIRONMENT_URL=${first_url}" >> $GITHUB_OUTPUT
+
+    - name: Run healthcheck
+      if: ${{ inputs.healthcheck != '' }}
+      shell: bash
+      run: |
+        external_urls=$(terraform -chdir=${{ inputs.terraform-base }} output -json external_urls | jq -r '.[]')
+        for url in $external_urls; do
+          echo "Check health for $url/${{ inputs.healthcheck }}..."
+          curl -sS --fail "$url/${{ inputs.healthcheck }}" > /dev/null
+        done
+        if [ ${{ inputs.pr-number }} != '' ]; then
+          echo "URLS<<EOF" >> $GITHUB_ENV
+          for url in $external_urls; do
+            echo $url >> $GITHUB_ENV
+          done
+          echo "EOF" >> $GITHUB_ENV
+        fi
+
+    - name: Post comment to Pull Request ${{ inputs.pr-number }}
+      if: inputs.pr-number != ''
+      uses: marocchino/sticky-pull-request-comment@v2
+      with:
+        header: aks
+        message: |
+          ### Deployments
+
+          | Review app is available at these URLs:                                                                                     |
+          | ---------------------------------------------------------------------------------------- |
+          | ${{ env.URLS }} |
+
+    - name: Run smoke test
+      shell: bash
+      if: ${{ inputs.smoke-test == 'true' }}
+      env:
+        PR_NUMBER: ${{ inputs.pr-number }}
+      run: |
+        make ci ${{ inputs.environment }} smoke-test
+
+    - name: Notify Slack channel on job failure
+      if: ${{ failure() && github.ref == 'refs/heads/main' && inputs.slack-webhook != '' }}
+      uses: rtCamp/action-slack-notify@master
+      env:
+        SLACK_USERNAME: CI Deployment
+        SLACK_TITLE: Deployment failure
+        SLACK_MESSAGE: ${{ inputs.environment }} deployment job failed
+        SLACK_WEBHOOK: ${{ inputs.slack-webhook }}
+        SLACK_COLOR: failure
+        SLACK_FOOTER: Sent from deploy-to-aks