Skip to content

EXIP deployment for UK-Export-Finance/exip #67

EXIP deployment for UK-Export-Finance/exip

EXIP deployment for UK-Export-Finance/exip #67

Workflow file for this run

# This GHA is responsible for EXIP deployment.
# Deployment is initiated using `az cli` bash script.
#
# Standard Azure naming convention has been followed:
# https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-naming
#
#
# Following Azure services are consumed:
# 1. Azure resource group - https://learn.microsoft.com/en-us/cli/azure/group?view=azure-cli-latest#az-group-create
# 2. Azure container registry - https://learn.microsoft.com/en-us/cli/azure/acr?view=azure-cli-latest#az-acr-create
# 3. Azure WebApp - https://learn.microsoft.com/en-us/azure/app-service/overview
#
#
# Execution
# *********
# GHA is only invoked when following conditions are satisfied:
# 1. Push to the `dev`, `staging` and `production` branches only.
# 2. Any modifications to atleast one of the `paths` targets.
name: Deployment πŸš€
run-name: EXIP deployment for ${{ github.repository }}
on:
push:
branches:
- dev
- staging
- production
paths:
- 'src/**'
- 'database/**'
- '.github/workflows/deployment.yml'
env:
PRODUCT: exip
ENVIRONMENT: ${{ github.ref_name }}
TIMEZONE: 'Europe/London'
# Base artifact
FROM: latest
jobs:
setup:
name: Setup πŸ”§
runs-on: [self-hosted, EXIP, deployment]
outputs:
product: ${{ env.PRODUCT }}
environment: ${{ env.ENVIRONMENT }}
timezone: ${{ env.TIMEZONE }}
steps:
- name: Environment πŸ§ͺ
run: echo "Environment set to ${{ env.ENVIRONMENT }}"
- name: Timezone 🌐
run: echo "Timezone set to ${{ env.TIMEZONE }}"
database:
name: Database πŸ“¦οΈ
needs: setup
environment: ${{ needs.setup.outputs.environment }}
env:
NAME: mysql
ENVIRONMENT: ${{ needs.setup.outputs.environment }}
runs-on: [self-hosted, EXIP, deployment]
steps:
- name: Repository πŸ—ƒοΈ
uses: actions/checkout@v4
- name: Azure πŸ”
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Defaults ✨
uses: Azure/[email protected]
with:
inlineScript: |
# Basic
az configure --defaults location=${{ vars.REGION }}
az configure --defaults group=rg-${{ env.PRODUCT }}-${{ github.ref_name }}-${{ vars.VERSION }}
#TODO: EMS-1176: MS SQL DB setup
api:
name: API πŸ“¦οΈ
needs: setup
environment: ${{ needs.setup.outputs.environment }}
env:
NAME: api
ENVIRONMENT: ${{ needs.setup.outputs.environment }}
runs-on: [self-hosted, EXIP, deployment]
steps:
- name: Repository πŸ—ƒοΈ
uses: actions/checkout@v4
- name: Azure πŸ”
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Defaults ✨
uses: Azure/[email protected]
with:
inlineScript: |
# Basic
az configure --defaults location=${{ vars.REGION }}
az configure --defaults group=rg-${{ env.PRODUCT }}-${{ github.ref_name }}-${{ vars.VERSION }}
- name: CLI πŸ“
run: |
echo ACR=$(az acr show -n $(az resource list --resource-type 'Microsoft.ContainerRegistry/registries' --query '[0].name' -o tsv) --query loginServer -o tsv) >> $GITHUB_ENV
echo ACR_USER=$(az acr show -n $(az resource list --resource-type 'Microsoft.ContainerRegistry/registries' --query '[0].name' -o tsv) --query name -o tsv) >> $GITHUB_ENV
echo WEBAPP=$(az resource list --resource-type 'Microsoft.Web/sites' --query '[?contains(name, `${{ env.NAME }}`)].name' -o tsv) >> $GITHUB_ENV
- name: ACR πŸ”
uses: azure/docker-login@v1
with:
login-server: ${{ env.ACR }}
username: ${{ env.ACR_USER }}
password: ${{ secrets.ACR_PASSWORD }}
- name: Artifacts πŸ—ƒοΈ
working-directory: src/${{ env.NAME }}
run: |
# Build images
docker build . \
-t ${{ env.ACR }}/${{ env.NAME }}:${{ github.sha }} \
-t ${{ env.ACR }}/${{ env.NAME }}:${{ env.FROM }} \
--build-arg NODE_ENV=${{ vars.NODE_ENV }} \
--build-arg PORT=${{ vars.API_PORT }} \
--build-arg SESSION_SECRET=${{ secrets.SESSION_SECRET }} \
--build-arg GOV_NOTIFY_API_KEY=${{ secrets.GOV_NOTIFY_API_KEY }}
# Push images
docker push ${{ env.ACR }}/${{ env.NAME }}:${{ github.sha }}
docker push ${{ env.ACR }}/${{ env.NAME }}:${{ env.FROM }}
- name: Slot πŸ”€
uses: azure/[email protected]
with:
inlineScript: |
# Create new temporary slot
az webapp deployment slot create \
--slot ${{ github.sha }} \
--name ${{ env.WEBAPP }} \
--configuration-source ${{ env.WEBAPP }}
# Swap slot
az webapp deployment slot swap \
--slot ${{ github.sha }} \
--name ${{ env.WEBAPP }} \
--action swap
# Delete temporary slot
az webapp deployment slot delete \
--slot ${{ github.sha }} \
--name ${{ env.WEBAPP }}
- name: Reboot ♻️
uses: azure/[email protected]
with:
inlineScript: |
az webapp restart \
--name ${{ env.WEBAPP }}
ui:
name: UI πŸ“¦οΈ
needs: setup
environment: ${{ needs.setup.outputs.environment }}
env:
NAME: ui
ENVIRONMENT: ${{ needs.setup.outputs.environment }}
runs-on: [self-hosted, EXIP, deployment]
steps:
- name: Repository πŸ—ƒοΈ
uses: actions/checkout@v4
- name: Azure πŸ”
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Defaults ✨
uses: Azure/[email protected]
with:
inlineScript: |
# Basic
az configure --defaults location=${{ vars.REGION }}
az configure --defaults group=rg-${{ env.PRODUCT }}-${{ github.ref_name }}-${{ vars.VERSION }}
- name: CLI πŸ“
run: |
echo ACR=$(az acr show -n $(az resource list --resource-type 'Microsoft.ContainerRegistry/registries' --query '[0].name' -o tsv) --query loginServer -o tsv) >> $GITHUB_ENV
echo ACR_USER=$(az acr show -n $(az resource list --resource-type 'Microsoft.ContainerRegistry/registries' --query '[0].name' -o tsv) --query name -o tsv) >> $GITHUB_ENV
echo WEBAPP=$(az resource list --resource-type 'Microsoft.Web/sites' --query '[?contains(name, `${{ env.NAME }}`)].name' -o tsv) >> $GITHUB_ENV
- name: ACR πŸ”
uses: azure/docker-login@v1
with:
login-server: ${{ env.ACR }}
username: ${{ env.ACR_USER }}
password: ${{ secrets.ACR_PASSWORD }}
- name: Artifacts πŸ—ƒοΈ
working-directory: src/${{ env.NAME }}
run: |
# Build images
docker build . \
-t ${{ env.ACR }}/${{ env.NAME }}:${{ github.sha }} \
-t ${{ env.ACR }}/${{ env.NAME }}:${{ env.FROM }} \
--build-arg NODE_ENV=${{ vars.NODE_ENV }} \
--build-arg PORT=${{ vars.UI_PORT }}
# Push images
docker push ${{ env.ACR }}/${{ env.NAME }}:${{ github.sha }}
docker push ${{ env.ACR }}/${{ env.NAME }}:${{ env.FROM }}
- name: Slot πŸ”€
uses: azure/[email protected]
with:
inlineScript: |
# Create new temporary slot
az webapp deployment slot create \
--slot ${{ github.sha }} \
--name ${{ env.WEBAPP }} \
--configuration-source ${{ env.WEBAPP }}
# Swap slot
az webapp deployment slot swap \
--slot ${{ github.sha }} \
--name ${{ env.WEBAPP }} \
--action swap
# Delete temporary slot
az webapp deployment slot delete \
--slot ${{ github.sha }} \
--name ${{ env.WEBAPP }}
- name: Reboot ♻️
uses: azure/[email protected]
with:
inlineScript: |
az webapp restart \
--name ${{ env.WEBAPP }}