From 5c819f1145f740b744c8b7790c6884de260f4a13 Mon Sep 17 00:00:00 2001 From: Daniel Naab Date: Wed, 19 Jun 2024 10:04:17 -0500 Subject: [PATCH] Aesthetic improvements to release workflows (#215) * Clean up release-process.md * Rename shared Github Action workflows in noun-action.yml format, so when sorted alphabetically common workflows are grouped together. * Use the Terraform cli to create a plan via dflook/terraform-plan, which should produce a nicer PR comment than the prior manual approach. * Fix working directories * Remove unnecessary testing pr branch * Pass credentials as env vars --- ...cker-image.yml => _docker-build-image.yml} | 0 ...create-pr-to-branch.yml => _pr-create.yml} | 0 .../workflows/_terraform-plan-pr-comment.yml | 55 +++++++------------ ...ply-terraform.yml => _terraform_apply.yml} | 4 +- .../workflows/add-terraform-plan-to-pr.yml | 2 +- .github/workflows/create-pr-to-staging.yml | 2 +- .github/workflows/deploy.yml | 6 +- documents/release-process.md | 6 +- 8 files changed, 29 insertions(+), 46 deletions(-) rename .github/workflows/{_build-docker-image.yml => _docker-build-image.yml} (100%) rename .github/workflows/{_create-pr-to-branch.yml => _pr-create.yml} (100%) rename .github/workflows/{_apply-terraform.yml => _terraform_apply.yml} (96%) diff --git a/.github/workflows/_build-docker-image.yml b/.github/workflows/_docker-build-image.yml similarity index 100% rename from .github/workflows/_build-docker-image.yml rename to .github/workflows/_docker-build-image.yml diff --git a/.github/workflows/_create-pr-to-branch.yml b/.github/workflows/_pr-create.yml similarity index 100% rename from .github/workflows/_create-pr-to-branch.yml rename to .github/workflows/_pr-create.yml diff --git a/.github/workflows/_terraform-plan-pr-comment.yml b/.github/workflows/_terraform-plan-pr-comment.yml index ef67e6db7..b98ca1b57 100644 --- a/.github/workflows/_terraform-plan-pr-comment.yml +++ b/.github/workflows/_terraform-plan-pr-comment.yml @@ -7,12 +7,14 @@ on: required: true type: string -env: - DEPLOY_ENV: ${{ inputs.deploy-env }} - jobs: terraform: runs-on: ubuntu-latest + env: + DEPLOY_ENV: ${{ inputs.deploy-env }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} steps: - name: Checkout repository uses: actions/checkout@v3 @@ -53,8 +55,8 @@ jobs: - name: Initialize Terraform CDK configuration shell: bash + working-directory: infra run: | - cd infra pnpm cdktf get pnpm build:tsc @@ -67,39 +69,20 @@ jobs: run: | cf api https://api.fr.cloud.gov - - name: Show Terraform plan - id: show_plan - env: - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - shell: bash - run: | - output=$(DEPLOY_ENV=${DEPLOY_ENV} pnpm cdktf diff --no-color --app "npx ts-node src/index.ts") - echo "${output}" - echo "stdout<> $GITHUB_OUTPUT - echo "${output}" >> $GITHUB_OUTPUT - echo "nEOFn" >> $GITHUB_OUTPUT + - name: Synthesize Terraform configuration working-directory: infra + run: | + DEPLOY_ENV=${DEPLOY_ENV} pnpm cdktf synth - - name: Find Comment - uses: peter-evans/find-comment@v3 - id: find_comment - with: - issue-number: ${{ github.event.pull_request.number }} - comment-author: 'github-actions[bot]' - body-includes: '' + - name: Get Terraform stack name + id: get_stack_name + working-directory: infra + run: | + DEPLOY_ENV=${DEPLOY_ENV} pnpm cdktf output --outputs-file outputs.json + echo "stack_name=$(jq -r 'keys[0]' outputs.json)" >> $GITHUB_OUTPUT - - name: Create or update PR comment with Terraform plan - uses: peter-evans/create-or-update-comment@v4 + - name: Create Terraform plan + uses: dflook/terraform-plan@v1 with: - comment-id: ${{ steps.find_comment.outputs.comment-id }} - issue-number: ${{ github.event.pull_request.number }} - token: ${{ secrets.GITHUB_TOKEN }} - repository: ${{ github.repository }} - body: | - - **Terraform Plan** - ```terraform - ${{ steps.show_plan.outputs.stdout }} - ``` - edit-mode: replace + path: infra/cdktf.out/stacks/${{ steps.get_stack_name.outputs.stack_name }} + label: ${{ steps.get_stack_name.outputs.stack_name }} diff --git a/.github/workflows/_apply-terraform.yml b/.github/workflows/_terraform_apply.yml similarity index 96% rename from .github/workflows/_apply-terraform.yml rename to .github/workflows/_terraform_apply.yml index 489c781a4..9988a8f82 100644 --- a/.github/workflows/_apply-terraform.yml +++ b/.github/workflows/_terraform_apply.yml @@ -53,8 +53,8 @@ jobs: - name: Initialize Terraform CDK configuration shell: bash + working-directory: infra run: | - cd infra pnpm cdktf get pnpm build:tsc @@ -68,7 +68,7 @@ jobs: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} shell: bash + working-directory: infra run: | - cd infra cf api https://api.fr.cloud.gov DEPLOY_ENV=${DEPLOY_ENV} pnpm cdktf deploy --auto-approve diff --git a/.github/workflows/add-terraform-plan-to-pr.yml b/.github/workflows/add-terraform-plan-to-pr.yml index e0549bc99..fa0f35629 100644 --- a/.github/workflows/add-terraform-plan-to-pr.yml +++ b/.github/workflows/add-terraform-plan-to-pr.yml @@ -1,4 +1,4 @@ -name: Add Terraform CDK plan as comment on pull request +name: Post Terraform plan to PR comment on: pull_request: diff --git a/.github/workflows/create-pr-to-staging.yml b/.github/workflows/create-pr-to-staging.yml index 5a04bea4a..d770c25a6 100644 --- a/.github/workflows/create-pr-to-staging.yml +++ b/.github/workflows/create-pr-to-staging.yml @@ -7,7 +7,7 @@ on: jobs: create-pr-to-staging: - uses: ./.github/workflows/_create-pr-to-branch.yml + uses: ./.github/workflows/_pr-create.yml secrets: inherit with: base: staging diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index d95981f8d..584e285b0 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -9,20 +9,20 @@ on: jobs: build-image-doj: - uses: ./.github/workflows/_build-docker-image.yml + uses: ./.github/workflows/_docker-build-image.yml secrets: inherit with: app-name: doj-demo build-image-spotlight: - uses: ./.github/workflows/_build-docker-image.yml + uses: ./.github/workflows/_docker-build-image.yml secrets: inherit with: app-name: spotlight deploy: needs: [build-image-doj, build-image-spotlight] - uses: ./.github/workflows/_apply-terraform.yml + uses: ./.github/workflows/_terraform-apply.yml secrets: inherit with: deploy-env: ${{ github.ref_name }} diff --git a/documents/release-process.md b/documents/release-process.md index 729dc1b19..ca7c1ab3d 100644 --- a/documents/release-process.md +++ b/documents/release-process.md @@ -3,12 +3,12 @@ There are currently two environments: - `main` (dev, main branch, CI/CD) -- `staging` (manually deployed via a release tag) +- `staging` (staging branch, merge via release PR) ## Overview -To promote continuous integration, the 10x Forms Platform uses trunk-based development. In trunk-based development, we collaborate on code in a single, mainline branch. +To promote continuous integration, the 10x Forms Platform uses trunk-based development. In trunk-based development, we collaborate in a single, mainline branch. Deployments are managed by Terraform CDK. On merge to main, the [../.github/workflows/deploy.yml](../.github/workflows/deploy.yml) Github Action workflow builds Docker images for each app in the repository, pushes them to [ghcr.io](https://github.com/orgs/GSA-TTS/packages?repo_name=atj-platform), and deploys to the dev environment (`gsa-tts-10x-atj-dev`). -When commits are made to main, the [../.github/workflows/create-pr-to-staging.yml](../.github/workflows/create-pr-to-staging.yml) workflow creates a PR to deploy to the staging environment, if it doesn't already exist. +When commits are made to main, the [../.github/workflows/create-pr-to-staging.yml](../.github/workflows/create-pr-to-staging.yml) workflow creates a PR to merge from `main` to the `staging` branch, if it doesn't already exist. On merge, the staging environment will be deployed.