deploy-prod #435
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: deploy-prod | |
| on: | |
| workflow_run: | |
| branches: | |
| - main | |
| workflows: | |
| - deploy-test | |
| types: | |
| - completed | |
| conclusion: | |
| - success | |
| jobs: | |
| deploy-ui: | |
| uses: nhsx/standards-registry/.github/workflows/helm-deploy-ui.yml@main | |
| with: | |
| environment: prod | |
| ecr_repository: nhsx-standards-directory-prod | |
| secrets: | |
| ckan_url: ${{ secrets.CKAN_URL }} | |
| tracking_id: ${{ secrets.TRACKING_ID }} | |
| google_tag_id: ${{ secrets.GOOGLE_TAG_ID }} | |
| ecr_registry: ${{ secrets.ECR_REGISTRY }} | |
| kubeconfig_file: ${{ secrets.KUBECONFIG_FILE }} | |
| aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| google_site_code: ${{ secrets.GOOGLE_SITE_CODE }} | |
| ckan: | |
| runs-on: ubuntu-latest | |
| environment: prod | |
| env: | |
| AWS_REGION: eu-west-2 | |
| steps: | |
| - name: checkout | |
| uses: actions/checkout@v3 | |
| - name: configure credentials (using us-east-1) | |
| uses: aws-actions/configure-aws-credentials@v1-node16 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: us-east-1 | |
| - name: Login to Public ECR | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: public.ecr.aws | |
| username: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| password: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| env: | |
| AWS_REGION: ${{ env.AWS_REGION }} | |
| - name: build and push | |
| id: build-image | |
| env: | |
| ECR_REGISTRY: ${{ secrets.ECR_REGISTRY }} | |
| ECR_REPOSITORY: nhsx-standards-directory-prod | |
| IMAGE_TAG: prod-ckan-${{ github.sha }} | |
| run: | | |
| # Build a docker container and push it to ECR | |
| docker build -t $ECR_REPOSITORY:$IMAGE_TAG -f ./Dockerfile-ckan . | |
| docker tag $ECR_REPOSITORY:$IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | |
| docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | |
| - name: ckan deploy | |
| uses: koslib/[email protected] | |
| env: | |
| KUBE_CONFIG_DATA: ${{ secrets.KUBECONFIG_FILE }} | |
| ECR_REGISTRY: ${{ secrets.ECR_REGISTRY }} | |
| ECR_REPOSITORY: nhsx-standards-directory-prod | |
| IMAGE_TAG: prod-ckan-${{ github.sha }} | |
| with: | |
| command: >- | |
| helm upgrade --debug ckan -n prod --repo https://marvell-consulting.github.io/ckan-helm-chart --install --wait ckan -f ./charts/ckan/values.yaml | |
| --set ckan.sysadminName='${{ secrets.CKAN_SYSADMIN_NAME }}' | |
| --set ckan.sysadminPassword='${{ secrets.CKAN_SYSADMIN_PASS }}' | |
| --set ckan.db.ckanDbPassword='${{ secrets.CKAN_DB_PASS }}' | |
| --set ckan.datastore.RwDbPassword='${{ secrets.CKAN_DATASTORE_RW_DB_PASS }}' | |
| --set ckan.datastore.RoDbPassword='${{ secrets.CKAN_DATASTORE_RO_DB_PASS }}' | |
| --set ckan.siteUrl='${{ secrets.CKAN_SITE_URL }}' | |
| --set ckan.psql.masterPassword='${{ secrets.MASTER_DB_PASS }}' | |
| --set ckan.db.ckanDbUrl='${{ secrets.DB_HOST }}' | |
| --set ckan.datastore.RwDbUrl='${{ secrets.DB_HOST }}' | |
| --set ckan.datastore.RoDbUrl='${{ secrets.DB_HOST }}' | |
| --set redis.auth.password='${{ secrets.REDIS_PASSWORD }}' | |
| --set ckan.redis='redis://default:${{ secrets.REDIS_PASSWORD }}@redis-headless:6379/0' | |
| --set image.repository=$ECR_REGISTRY/$ECR_REPOSITORY | |
| --set image.tag=$IMAGE_TAG | |
| --set postgresql.enabled=false | |
| --set ckan.psql.initialize=false | |
| --set solr.initialize.enabled=false | |
| integrationtest: | |
| if: ${{ success() }} | |
| needs: | |
| - deploy-ui | |
| - ckan | |
| uses: nhsx/standards-registry/.github/workflows/integration-test.yml@main | |
| with: | |
| base_url: https://data.standards.nhs.uk | |
| ckan_url: https://manage.standards.nhs.uk/api/action | |
| pages_ckan_url: https://manage.standards.nhs.uk/api/action | |
| link-checker: | |
| if: ${{ success() }} | |
| needs: | |
| - integrationtest | |
| uses: nhsx/standards-registry/.github/workflows/link-checker.yml@main | |
| with: | |
| base_url: https://data.standards.nhs.uk | |
| blc_args: --follow true --recursive | |
| sitemap-generator: | |
| if: ${{ success() }} | |
| needs: | |
| - integrationtest | |
| uses: nhsx/standards-registry/.github/workflows/sitemap.yml@main | |
| notifypass: | |
| runs-on: ubuntu-latest | |
| if: ${{ success() }} | |
| needs: | |
| - integrationtest | |
| steps: | |
| - name: Slack Notification | |
| uses: rtCamp/action-slack-notify@v2 | |
| env: | |
| SLACK_USERNAME: github-bot | |
| SLACK_CHANNEL: developers | |
| SLACK_COLOR: good | |
| SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} | |
| SLACK_TITLE: 'prod deployment: succeeded' | |
| SLACK_MESSAGE: ':+1::rocket:' | |
| MSG_MINIMAL: 'true' | |
| site-quality-test: | |
| needs: | |
| - integrationtest | |
| uses: nhsx/standards-registry/.github/workflows/lighthouse-test.yml@main | |
| with: | |
| test_url: https://data.standards.nhs.uk | |
| secrets: | |
| slack_webhook: ${{ secrets.SLACK_WEBHOOK }} |