Skip to content

Commit 0276a44

Browse files
whi-twwhi-tw
committed
wip: add reusable workflows
1 parent 2adeb72 commit 0276a44

2 files changed

Lines changed: 145 additions & 0 deletions

File tree

.github/workflows/reusable-review_apps_on_pr_change.yml

Lines changed: 114 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,114 @@
1+
name: "Review apps: on PR change"
2+
on:
3+
workflow_call:
4+
inputs:
5+
ecr-repo-base:
6+
type: string
7+
default: 842676007477.dkr.ecr.eu-west-2.amazonaws.com
8+
ecr-repo-name:
9+
type: string
10+
11+
concurrency:
12+
group: "review-apps-forms-product-page-pr-${{ github.event.pull_request.number }}"
13+
cancel-in-progress: false
14+
15+
jobs:
16+
update-review-app:
17+
runs-on: ubuntu-24.04-arm
18+
permissions:
19+
id-token: write
20+
contents: read
21+
pull-requests: write
22+
23+
steps:
24+
- name: Configure AWS credentials
25+
uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0
26+
with:
27+
role-to-assume: arn:aws:iam::842676007477:role/review-github-actions-forms-product-page
28+
aws-region: eu-west-2
29+
30+
- name: Checkout code
31+
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
32+
33+
- name: Generate container image URI
34+
id: generate_image_uri
35+
env:
36+
ECR_REPO: ${{ inputs.ecr-repo-base }}/${{ inputs.ecr-repo-name }}
37+
PR_NUMBER: ${{ github.event.pull_request.number }}
38+
HEAD_SHA: ${{ github.event.pull_request.head.sha }}
39+
run: |
40+
echo "URI=${ECR_REPO}:pr-${PR_NUMBER}-${HEAD_SHA}-$(date +%s)" >> "$GITHUB_OUTPUT"
41+
42+
- name: Build container
43+
run: docker build --tag "${{steps.generate_image_uri.outputs.URI}}" .
44+
45+
- name: Push container
46+
run: |
47+
aws ecr get-login-password --region eu-west-2 \
48+
| docker login --username AWS --password-stdin "${{ inputs.ecr-repo-base }}"
49+
50+
docker push "${{steps.generate_image_uri.outputs.URI}}"
51+
52+
- name: Deploy review app via CodeBuild
53+
id: codebuild
54+
uses: aws-actions/aws-codebuild-run-build@4d15a47425739ac2296ba5e7eee3bdd4bfbdd767 # v1.0.18
55+
with:
56+
project-name: review-forms-product-page-deploy
57+
env-vars-for-codebuild: |
58+
PR_NUMBER,
59+
CONTAINER_IMAGE
60+
env:
61+
PR_NUMBER: ${{ github.event.pull_request.number }}
62+
CONTAINER_IMAGE: ${{ steps.generate_image_uri.outputs.URI }}
63+
64+
- name: Fetch terraform outputs
65+
id: outputs
66+
env:
67+
BUILD_ID: ${{ steps.codebuild.outputs.aws-build-id }}
68+
run: |
69+
# Extract build UUID from ARN (format: arn:aws:codebuild:region:account:build/project:uuid)
70+
# shellcheck disable=SC2153 # BUILD_ID is set in env, but shellcheck doesn't recognize it
71+
BUILD_UUID="${BUILD_ID##*:}"
72+
73+
# Download artifact
74+
aws s3 cp "s3://forms-review-codebuild-artifacts/${BUILD_UUID}/review-forms-product-page-deploy/outputs.json" outputs.json
75+
76+
# Parse outputs
77+
{
78+
echo "REVIEW_APP_URL=$(jq -r '.review_app_url.value' outputs.json)"
79+
echo "ECS_CLUSTER_ID=$(jq -r '.review_app_ecs_cluster_id.value' outputs.json)"
80+
echo "ECS_SERVICE_NAME=$(jq -r '.review_app_ecs_service_name.value' outputs.json)"
81+
} >> "$GITHUB_OUTPUT"
82+
83+
# Clean up artifact
84+
aws s3 rm "s3://forms-review-codebuild-artifacts/${BUILD_UUID}/review-forms-product-page-deploy/outputs.json"
85+
86+
- name: Wait for AWS ECS deployments to finish
87+
run: |
88+
aws ecs wait services-stable \
89+
--cluster "${{ steps.outputs.outputs.ECS_CLUSTER_ID }}" \
90+
--services "${{ steps.outputs.outputs.ECS_SERVICE_NAME }}"
91+
92+
- name: Comment on PR
93+
env:
94+
COMMENT_MARKER: <!-- review apps on pr change -->
95+
GH_TOKEN: ${{ github.token }}
96+
run: |
97+
cat <<EOF > "${{runner.temp}}/pr-comment.md"
98+
:tada: A review copy of this PR has been deployed! You can reach it at: ${{steps.outputs.outputs.REVIEW_APP_URL}}
99+
100+
It may take 5 minutes or so for the application to be fully deployed and working. If it still isn't ready
101+
after 5 minutes, there may be something wrong with the ECS task. You will need to go to the integration AWS account
102+
to debug, or otherwise ask an infrastructure person.
103+
104+
For the sign in details and more information, [see the review apps wiki page](https://github.com/alphagov/forms-team/wiki/Review-apps).
105+
106+
$COMMENT_MARKER
107+
EOF
108+
109+
old_comment_ids=$(gh api "repos/{owner}/{repo}/issues/${{github.event.pull_request.number}}/comments" --jq "map(select((.user.login == \"github-actions[bot]\") and (.body | endswith(\$ENV.COMMENT_MARKER + \"\n\")))) | .[].id")
110+
for comment_id in $old_comment_ids; do
111+
gh api -X DELETE "repos/{owner}/{repo}/issues/comments/${comment_id}"
112+
done
113+
114+
gh pr comment "${{github.event.pull_request.html_url}}" --body-file "${{runner.temp}}/pr-comment.md"

.github/workflows/reusable-review_apps_on_pr_close.yml

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,31 @@
1+
name: "Review apps: on PR close"
2+
on:
3+
workflow_call:
4+
5+
concurrency:
6+
group: "review-apps-forms-product-page-pr-${{ github.event.pull_request.number }}"
7+
cancel-in-progress: false
8+
9+
jobs:
10+
delete-review-app:
11+
runs-on: ubuntu-24.04-arm
12+
13+
permissions:
14+
id-token: write
15+
contents: read
16+
17+
steps:
18+
- name: Configure AWS credentials
19+
uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0
20+
with:
21+
role-to-assume: arn:aws:iam::842676007477:role/review-github-actions-forms-product-page
22+
aws-region: eu-west-2
23+
24+
- name: Destroy review app via CodeBuild
25+
uses: aws-actions/aws-codebuild-run-build@4d15a47425739ac2296ba5e7eee3bdd4bfbdd767 # v1.0.18
26+
env:
27+
PR_NUMBER: ${{ github.event.pull_request.number }}
28+
with:
29+
project-name: review-forms-product-page-destroy
30+
env-vars-for-codebuild: |
31+
PR_NUMBER

0 commit comments

Comments
 (0)