Skip to content
deploy

deploy #59

Sign in to view logs

deploy

deploy #59

Workflow file for this run

.github/workflows/deploy.yml at b0d90fe
name: deploy
on:
workflow_dispatch:
inputs:
environment:
type: choice
options: [dev, staging, production]
required: true
concurrency:
group: deploy-${{ github.ref }}
cancel-in-progress: false
jobs:
deploy:
runs-on: ubuntu-latest
environment: ${{ inputs.environment }}
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
steps:
- name: Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
- name: Setup .NET
uses: actions/setup-dotnet@c2fa09f4bde5ebb9d1777cf28262a3eb3db3ced7
with:
global-json-file: global.json
- name: Restore dependencies
run: dotnet restore
- name: Build
run: dotnet build --configuration Release --no-restore
- name: Test
run: dotnet test --configuration Release --no-build --verbosity normal
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@56d6a583f00f6bad6d19d91d53a7bc3b8143d0e9
with:
role-to-assume: ${{ secrets.ECR_ROLE_TO_ASSUME }}
aws-region: ${{ vars.ECR_REGION }}
- name: Login to ECR
uses: aws-actions/amazon-ecr-login@33f92af657bba1882ab79d8621debd2f6769a0c9
id: login-ecr
- name: Build and Push Server.UI Container
run: |
docker build \
-f src/Server.UI/Dockerfile \
-t ${{ steps.login-ecr.outputs.registry }}/${{ vars.ECR_REPOSITORY }}:cats-${{ github.sha }} \
.
docker push ${{ steps.login-ecr.outputs.registry }}/${{ vars.ECR_REPOSITORY }}:cats-${{ github.sha }}
- name: Build and Push Worker Container
run: |
docker build \
-f src/Worker/Dockerfile \
-t ${{ steps.login-ecr.outputs.registry }}/${{ vars.ECR_REPOSITORY }}:worker-${{ github.sha }} \
.
docker push ${{ steps.login-ecr.outputs.registry }}/${{ vars.ECR_REPOSITORY }}:worker-${{ github.sha }}
- name: Build and Push DatabaseSeeding Container
run: |
docker build \
-f src/DatabaseSeeding/Dockerfile \
-t ${{ steps.login-ecr.outputs.registry }}/${{ vars.ECR_REPOSITORY }}:seeder-${{ github.sha }} \
.
docker push ${{ steps.login-ecr.outputs.registry }}/${{ vars.ECR_REPOSITORY }}:seeder-${{ github.sha }}
- name: Build and Push DatabaseMigrator Container
run: |
docker build \
-f src/Database/Dockerfile \
-t ${{ steps.login-ecr.outputs.registry }}/${{ vars.ECR_REPOSITORY }}:migrator-${{ github.sha }} \
.
docker push ${{ steps.login-ecr.outputs.registry }}/${{ vars.ECR_REPOSITORY }}:migrator-${{ github.sha }}
- name: Generate app version
id: version
run: echo "app_version=$(date +'%Y.%m.%d').${{ github.run_number }}" >> $GITHUB_OUTPUT
- name: Setup Helm
uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4.3.1
with:
version: v3.21.2
- name: Configure kubectl
run: |
echo "${{ secrets.KUBE_CERT }}" > ca.crt
kubectl config set-cluster ${KUBE_CLUSTER} --certificate-authority=./ca.crt --server=https://${KUBE_CLUSTER}
kubectl config set-credentials deploy-user --token=${{ secrets.KUBE_TOKEN }}
kubectl config set-context ${KUBE_CLUSTER} --cluster=${KUBE_CLUSTER} --user=deploy-user --namespace=${KUBE_NAMESPACE}
kubectl config use-context ${KUBE_CLUSTER}
env:
KUBE_NAMESPACE: ${{ secrets.KUBE_NAMESPACE }}
KUBE_CLUSTER: ${{ secrets.KUBE_CLUSTER }}
- name: Build Helm dependencies
run: |
set -euo pipefail
helm repo add hmpps-helm-charts https://ministryofjustice.github.io/hmpps-helm-charts
helm dependency update ./helm_deploy/cats
- name: Run database migrations
run: |
set -euo pipefail
helm upgrade --install cats-migrate ./helm_deploy/cats \
--namespace "${KUBE_NAMESPACE}" \
--values ./helm_deploy/cats/values-${{ inputs.environment }}.yaml \
--set migrator.enabled=true \
--set serviceAccountName="${KUBE_NAMESPACE}" \
--set migrator.image.repository="${REGISTRY}/${REPOSITORY}" \
--set migrator.image.tag="migrator-${{ github.sha }}" \
--timeout 5m
kubectl -n "${KUBE_NAMESPACE}" wait --for=jsonpath='{.status.phase}'=Succeeded --timeout=300s pod -l app=migrator
env:
KUBE_NAMESPACE: ${{ secrets.KUBE_NAMESPACE }}
REGISTRY: ${{ steps.login-ecr.outputs.registry }}
REPOSITORY: ${{ vars.ECR_REPOSITORY }}
- name: Seed the database
run: |
set -euo pipefail
helm upgrade --install cats-seed ./helm_deploy/cats \
--namespace "${KUBE_NAMESPACE}" \
--values ./helm_deploy/cats/values-${{ inputs.environment }}.yaml \
--set seeder.enabled=true \
--set serviceAccountName="${KUBE_NAMESPACE}" \
--set seeder.image.repository="${REGISTRY}/${REPOSITORY}" \
--set seeder.image.tag="seeder-${{ github.sha }}" \
--timeout 5m
kubectl -n "${KUBE_NAMESPACE}" wait --for=jsonpath='{.status.phase}'=Succeeded --timeout=300s pod -l app=seeder
env:
KUBE_NAMESPACE: ${{ secrets.KUBE_NAMESPACE }}
REGISTRY: ${{ steps.login-ecr.outputs.registry }}
REPOSITORY: ${{ vars.ECR_REPOSITORY }}
- name: Deploy CATS and Worker
run: |
set -euo pipefail
IMAGE_REPOSITORY="${REGISTRY}/${REPOSITORY}"
helm upgrade --install cats ./helm_deploy/cats \
--namespace "${KUBE_NAMESPACE}" \
--values ./helm_deploy/cats/values-${{ inputs.environment }}.yaml \
--set app.enabled=true \
--set worker.enabled=true \
--set rabbitmq.enabled=true \
--set redis.enabled=true \
--set rdsPortForward.enabled=true \
--set serviceAccountName="${KUBE_NAMESPACE}" \
--set app.serviceAccountName="${KUBE_NAMESPACE}" \
--set app.image.repository="${IMAGE_REPOSITORY}" \
--set app.image.tag="cats-${{ github.sha }}" \
--set app.env.Sentry__Release="${APP_VERSION}" \
--set app.env.AppConfigurationSettings__Version="${APP_VERSION}" \
--set worker.serviceAccountName="${KUBE_NAMESPACE}" \
--set worker.image.repository="${IMAGE_REPOSITORY}" \
--set worker.image.tag="worker-${{ github.sha }}" \
--set worker.env.Sentry__Release="${APP_VERSION}" \
--set worker.env.AppConfigurationSettings__Version="${APP_VERSION}" \
--atomic --wait --timeout 10m
env:
KUBE_NAMESPACE: ${{ secrets.KUBE_NAMESPACE }}
REGISTRY: ${{ steps.login-ecr.outputs.registry }}
REPOSITORY: ${{ vars.ECR_REPOSITORY }}
APP_VERSION: ${{ steps.version.outputs.app_version }}