Daily Healthcheck Deploy, Test and Destroy #68
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: 'Daily Healthcheck Deploy, Test and Destroy' | |
on: | |
schedule: | |
- cron: 30 4 * * 1-5 | |
permissions: | |
pull-requests: write | |
id-token: write | |
contents: read | |
jobs: | |
set_workspace: | |
runs-on: ubuntu-latest | |
outputs: | |
workspace: ${{ steps.set-output.outputs.workspace }} | |
steps: | |
- name: Set Output | |
id: set-output | |
run: echo 'workspace=ndrd' >> $GITHUB_OUTPUT | |
terraform_process: | |
runs-on: ubuntu-latest | |
environment: development | |
needs: ['set_workspace'] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
ref: main | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{ secrets.AWS_ASSUME_ROLE }} | |
role-skip-session-tagging: true | |
aws-region: ${{ vars.AWS_REGION }} | |
mask-aws-account-id: true | |
- name: View AWS Role | |
run: aws sts get-caller-identity | |
- name: Setup Terraform | |
uses: hashicorp/setup-terraform@v3 | |
with: | |
terraform_version: 1.5.4 | |
terraform_wrapper: false | |
- name: Terraform Init | |
id: init | |
run: terraform init -backend-config=backend.conf | |
working-directory: ./infrastructure | |
shell: bash | |
- name: Terraform Set Workspace | |
id: workspace | |
run: terraform workspace select -or-create ${{ needs.set_workspace.outputs.workspace }} | |
working-directory: ./infrastructure | |
shell: bash | |
- name: Terraform Format | |
run: terraform fmt -check | |
working-directory: ./infrastructure | |
- name: Terraform Plan | |
id: plan | |
run: | | |
terraform plan -input=false -no-color -var-file="${{vars.TF_VARS_FILE}}" -out tf.plan | |
working-directory: ./infrastructure | |
shell: bash | |
- name: Terraform Apply | |
run: terraform apply -auto-approve -input=false tf.plan | |
working-directory: ./infrastructure | |
lambda_test_job: | |
name: Run Lambda Unit Tests | |
uses: nhsconnect/national-document-repository/.github/workflows/base-lambdas-reusable-test.yml@main | |
with: | |
python_version: "3.11" | |
build_branch: main | |
react_testing_job: | |
name: Run UI Unit Tests | |
uses: nhsconnect/national-document-repository/.github/workflows/base-jest-test.yml@main | |
with: | |
build_branch: main | |
cypress-run-job: | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
repository: nhsconnect/national-document-repository | |
- name: Cypress install | |
run: npm install --legacy-peer-deps | |
working-directory: ./app | |
- name: Configure React environment vars | |
env: | |
ENDPOINT_DOC_STORE_API: http://localhost:3000 | |
AWS_REGION: test region | |
OIDC_PROVIDER_ID: not provided yet | |
BUILD_ENV: development | |
IMAGE_VERSION: 'not-required' | |
run: | | |
./react-environment-config.sh | |
working-directory: ./app | |
- name: Cypress build | |
uses: cypress-io/github-action@v5 | |
with: | |
install: false | |
runTests: false | |
build: npm run build | |
working-directory: ./app | |
- name: Install NPM serve | |
run: npm install serve -g | |
- name: Cypress run | |
uses: cypress-io/github-action@v6 | |
with: | |
install: false | |
start: serve -s build | |
browser: chrome | |
working-directory: ./app | |
env: | |
CYPRESS_BASE_URL: http://localhost:3000 | |
CYPRESS_grepTags: 'regression' | |
- uses: actions/upload-artifact@v4 | |
if: failure() | |
with: | |
name: cypress-screenshots | |
path: /home/runner/work/national-document-repository/national-document-repository/app/cypress/screenshots | |
if-no-files-found: ignore | |
- uses: actions/upload-artifact@v4 | |
if: failure() | |
with: | |
name: cypress-videos | |
path: /home/runner/work/national-document-repository/national-document-repository/app/cypress/videos | |
if-no-files-found: ignore | |
publish_all_lambda_layers: | |
name: Publish all Lambda Layers | |
needs: ['set_workspace', 'terraform_process'] | |
uses: nhsconnect/national-document-repository/.github/workflows/base-lambda-layer-reusable-publish-all.yml@main | |
with: | |
build_branch: main | |
sandbox: ${{ needs.set_workspace.outputs.workspace }} | |
environment: development | |
python_version: "3.11" | |
secrets: | |
AWS_ASSUME_ROLE: ${{ secrets.AWS_ASSUME_ROLE }} | |
deploy_all_lambdas: | |
name: Deploy all Lambdas | |
uses: nhsconnect/national-document-repository/.github/workflows/base-lambdas-reusable-deploy-all.yml@main | |
needs: ['set_workspace', 'publish_all_lambda_layers'] | |
with: | |
build_branch: main | |
sandbox: ${{ needs.set_workspace.outputs.workspace }} | |
environment: development | |
python_version: "3.11" | |
is_sandbox: true | |
secrets: | |
AWS_ASSUME_ROLE: ${{ secrets.AWS_ASSUME_ROLE }} | |
deploy_ui: | |
name: Deploy UI | |
uses: nhsconnect/national-document-repository/.github/workflows/base-deploy-ui.yml@main | |
needs: ['terraform_process', 'set_workspace'] | |
with: | |
build_branch: main | |
sandbox: ${{ needs.set_workspace.outputs.workspace }} | |
environment: development | |
secrets: | |
AWS_ASSUME_ROLE: ${{ secrets.AWS_ASSUME_ROLE }} | |
destroy_test_environment: | |
if: always() | |
name: Destroy the Sandbox Environment from previous job | |
needs: [ 'set_workspace', 'deploy_ui', 'deploy_all_lambdas' ] | |
uses: ./.github/workflows/terraform-destroy-environment-manual.yml | |
with: | |
build_branch: main | |
environment: development | |
sandbox_workspace: ${{ needs.set_workspace.outputs.workspace }} | |
terraform_vars: dev.tfvars | |
backend: backend.conf | |
secrets: inherit |