From 89b11dc4f72d9b8c7bc0ce7ff960fc5227a67873 Mon Sep 17 00:00:00 2001 From: John Ake Date: Mon, 29 Jan 2024 13:47:08 +0000 Subject: [PATCH] Create QA Environment --- .github/workflows/build_and_deploy.yml | 62 +++++++++++++++++++++ terraform/application/config/qa.tfvars.json | 3 +- 2 files changed, 64 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build_and_deploy.yml b/.github/workflows/build_and_deploy.yml index bbaa0fbec0..d6acccd69e 100644 --- a/.github/workflows/build_and_deploy.yml +++ b/.github/workflows/build_and_deploy.yml @@ -9,6 +9,10 @@ on: concurrency: deploy-${{ github.ref }} +env: + DOCKER_REPOSITORY: ghcr.io/dfe-digital/itt-mentor-services + + permissions: packages: write pull-requests: write @@ -18,6 +22,8 @@ jobs: runs-on: ubuntu-latest outputs: docker-image-tag: ${{ steps.build-image.outputs.tag }} + commit_sha: ${{ env.COMMIT_SHA }} + LINK_TO_RUN: ${{ env.LINK_TO_RUN }} steps: - name: Checkout @@ -30,6 +36,34 @@ jobs: github-token: ${{ secrets.GITHUB_TOKEN }} context: . + - name: Set KV environment variables + shell: bash + id: set_kv_env_vars + run: | + tf_vars_file=terraform/application/config/${{ inputs.environment }}.tfvars.json + cat $tf_vars_file + INF_VAULT_NAME=$(jq -r '.inf_vault_name' ${tf_vars_file}) + + echo "INF_VAULT_NAME=$INF_VAULT_NAME" >> $GITHUB_ENV + + - name: Fetch secrets from key vault + uses: azure/CLI@v1 + id: keyvault-yaml-secret + with: + inlineScript: | + SLACK_WEBHOOK=$(az keyvault secret show --name "SLACK-WEBHOOK" --vault-name "${{ env.INF_VAULT_NAME }}" --query "value" -o tsv) + echo "::add-mask::$SLACK_WEBHOOK" + echo "SLACK_WEBHOOK=$SLACK_WEBHOOK" >> $GITHUB_OUTPUT + + - name: Notify twd_itt_mentor_services_devs channel on build workflow failure + if: failure() + uses: rtCamp/action-slack-notify@master + env: + SLACK_COLOR: ${{env.SLACK_ERROR}} + SLACK_MESSAGE: 'There has been a failure building the application' + SLACK_TITLE: 'Failure Building Application' + SLACK_WEBHOOK: ${{ steps.keyvault-yaml-secret.outputs.SLACK_WEBHOOK }} + deploy_review : name: Deploy to review environment runs-on: ubuntu-latest @@ -100,9 +134,37 @@ jobs: - name: Checkout code uses: actions/checkout@v4 + - name: Set KV environment variables + shell: bash + id: set_kv_env_vars + run: | + tf_vars_file=terraform/application/config/${{ inputs.environment }}.tfvars.json + cat $tf_vars_file + INF_VAULT_NAME=$(jq -r '.inf_vault_name' ${tf_vars_file}) + + echo "INF_VAULT_NAME=$INF_VAULT_NAME" >> $GITHUB_ENV + + - name: Fetch secrets from key vault + uses: azure/CLI@v1 + id: keyvault-yaml-secret + with: + inlineScript: | + SLACK_WEBHOOK=$(az keyvault secret show --name "SLACK-WEBHOOK" --vault-name "${{ env.INF_VAULT_NAME }}" --query "value" -o tsv) + echo "::add-mask::$SLACK_WEBHOOK" + echo "SLACK_WEBHOOK=$SLACK_WEBHOOK" >> $GITHUB_OUTPUT + - uses: ./.github/actions/deploy-environment id: deploy with: environment: ${{ matrix.environment }} docker-image: ${{ needs.build.outputs.docker-image-tag }} azure-credentials: ${{ secrets.AZURE_CREDENTIALS }} + + - name: Slack Notification + if: failure() + uses: rtCamp/action-slack-notify@master + env: + SLACK_COLOR: ${{ env.SLACK_FAILURE }} + SLACK_TITLE: ${{ matrix.environment }} Release ${{ github.event.title }} + SLACK_MESSAGE: Failure deploying ${{ matrix.environment }} release + SLACK_WEBHOOK: ${{ steps.keyvault-yaml-secret.outputs.SLACK_WEBHOOK }} diff --git a/terraform/application/config/qa.tfvars.json b/terraform/application/config/qa.tfvars.json index ed93ad9b05..456ae98ae9 100644 --- a/terraform/application/config/qa.tfvars.json +++ b/terraform/application/config/qa.tfvars.json @@ -1,5 +1,6 @@ { "cluster": "test", "namespace": "bat-qa", - "enable_postgres_ssl": true + "enable_postgres_ssl": true, + "inf_vault_name": "s189t01-faltrn-dv-inf-kv" } \ No newline at end of file