v2.61 #202
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deploy to staging | |
on: | |
release: | |
types: | |
- prereleased | |
jobs: | |
terraform_lint: | |
name: Terraform lint | |
runs-on: ubuntu-latest | |
defaults: | |
run: | |
working-directory: terraform | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: hashicorp/setup-terraform@v2 | |
with: | |
terraform_version: 1.0.0 | |
- name: Terraform Lint | |
run: terraform fmt --recursive --check | |
prettier_check: | |
name: Prettier check | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: "16.17.0" | |
- name: Prettier check | |
run: | | |
npm ci | |
npm run format:check | |
test_webapp: | |
name: Test Webapp | |
uses: ./.github/workflows/test-webapp.yml | |
secrets: | |
test_azure_b2c_session_token: ${{ secrets.TEST_WEBAPP_AZURE_B2C_SESSION_TOKEN }} | |
test_azure_b2c_jwt_secret: ${{ secrets.TEST_WEBAPP_AZURE_B2C_JWT_SECRET }} | |
test_service: | |
name: Test Service | |
uses: ./.github/workflows/test-service.yml | |
with: | |
environment: staging | |
secrets: | |
microsoft_graph_client_id: ${{ secrets.MICROSOFT_GRAPH_CLIENT_ID }} | |
microsoft_graph_client_secret: ${{ secrets.MICROSOFT_GRAPH_CLIENT_SECRET }} | |
microsoft_graph_b2c_tenant_id: ${{ secrets.MICROSOFT_GRAPH_B2C_TENANT_ID }} | |
microsoft_graph_b2c_tenant_name: ${{ secrets.MICROSOFT_GRAPH_B2C_TENANT_NAME }} | |
test_backoffice: | |
name: Test Backoffice | |
uses: ./.github/workflows/test-backoffice.yml | |
publish_webapp_image: | |
name: Webapp | |
uses: ./.github/workflows/publish-webapp-image.yml | |
with: | |
tag: ${{ github.event.release.tag_name }} | |
registry_url: 232705206979.dkr.ecr.eu-west-2.amazonaws.com | |
secrets: | |
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
needs: [test_webapp] | |
publish_service_image: | |
name: Service | |
uses: ./.github/workflows/publish-service-image.yml | |
with: | |
tag: ${{ github.event.release.tag_name }} | |
registry_url: 232705206979.dkr.ecr.eu-west-2.amazonaws.com | |
secrets: | |
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
needs: [test_service] | |
publish_backoffice_image: | |
name: Publish Backoffice | |
uses: ./.github/workflows/publish-backoffice-image.yml | |
with: | |
tag: ${{ github.event.release.tag_name }} | |
registry_url: 232705206979.dkr.ecr.eu-west-2.amazonaws.com | |
secrets: | |
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
feedback_email_addresses: ${{ secrets.BACKOFFICE_FEEDBACK_EMAIL_ADDRESSES }} | |
mui_pro_license_key: ${{ secrets.MUI_PRO_LICENSE_KEY }} | |
needs: [test_backoffice] | |
publish_opensearch_proxy_image: | |
name: OpenSearch proxy | |
uses: ./.github/workflows/publish-opensearch-proxy-image.yml | |
with: | |
tag: ${{ github.event.release.tag_name }} | |
registry_url: 232705206979.dkr.ecr.eu-west-2.amazonaws.com | |
secrets: | |
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
end_to_end_tests: | |
name: End-to-end tests | |
needs: | |
[ | |
publish_webapp_image, | |
publish_service_image, | |
publish_backoffice_image, | |
publish_opensearch_proxy_image, | |
] | |
uses: ./.github/workflows/end-to-end-tests.yml | |
with: | |
image-tag: ${{ github.sha }} | |
test_gov_notify_feedback_email_address: beacons_test_feedback@mailsac.com | |
test_azure_ad_tenant_id: 513fb495-9a90-425b-a49a-bc6ebe2a429e | |
environment: staging | |
secrets: | |
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
test_webapp_azure_b2c_session_token: ${{ secrets.TEST_WEBAPP_AZURE_B2C_SESSION_TOKEN }} | |
test_webapp_azure_b2c_jwt_secret: ${{ secrets.TEST_WEBAPP_AZURE_B2C_JWT_SECRET }} | |
test_webapp_azure_b2c_client_secret: ${{ secrets.TEST_WEBAPP_AZURE_B2C_CLIENT_SECRET }} | |
test_webapp_azure_ad_client_secret: ${{ secrets.TEST_WEBAPP_AZURE_AD_CLIENT_SECRET }} | |
test_webapp_gov_notify_api_key: ${{ secrets.TEST_GOV_NOTIFY_API_KEY }} | |
microsoft_graph_client_id: ${{ secrets.MICROSOFT_GRAPH_CLIENT_ID }} | |
microsoft_graph_client_secret: ${{ secrets.MICROSOFT_GRAPH_CLIENT_SECRET }} | |
microsoft_graph_b2c_tenant_id: ${{ secrets.MICROSOFT_GRAPH_B2C_TENANT_ID }} | |
microsoft_graph_b2c_tenant_name: ${{ secrets.MICROSOFT_GRAPH_B2C_TENANT_NAME }} | |
codeql: | |
name: CodeQL check | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Initialize CodeQL | |
uses: github/codeql-action/init@v2 | |
with: | |
config-file: .github/codeql/codeql-config.yml | |
languages: java, typescript | |
- uses: actions/setup-java@v3 | |
with: | |
distribution: "adopt" | |
java-version: 11 | |
- name: Compile code | |
working-directory: service | |
run: ./gradlew clean assemble | |
- name: Perform CodeQL Analysis | |
uses: github/codeql-action/analyze@v2 | |
deploy_staging: | |
name: Staging | |
needs: [end_to_end_tests, terraform_lint, prettier_check] | |
uses: ./.github/workflows/deploy.yml | |
with: | |
environment: staging | |
terraform_workspace: staging | |
version: ${{ github.event.release.tag_name }} | |
trello_list_id: 6157064b4d7e1b3b1ea839ad | |
secrets: | |
alert_email_address: ${{ secrets.ALERT_EMAIL_ADDRESS }} | |
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
db_password: ${{ secrets.DB_PASSWORD }} | |
gov_notify_api_key: ${{ secrets.TEST_GOV_NOTIFY_API_KEY }} | |
webapp_azure_ad_client_secret: ${{ secrets.TEST_WEBAPP_AZURE_AD_CLIENT_SECRET }} | |
webapp_azure_b2c_client_secret: ${{ secrets.TEST_WEBAPP_AZURE_B2C_CLIENT_SECRET }} | |
webapp_azure_b2c_next_auth_jwt_secret: ${{ secrets.TEST_WEBAPP_AZURE_B2C_JWT_SECRET }} | |
service_basic_auth_username: ${{ secrets.SERVICE_BASIC_AUTH_USERNAME }} | |
service_basic_auth_password: ${{ secrets.SERVICE_BASIC_AUTH_PASSWORD }} | |
aws_account_number: ${{ secrets.AWS_ACCOUNT_NUMBER }} | |
trello_api_key: ${{ secrets.TRELLO_API_KEY }} | |
trello_board_email_address: ${{ secrets.TRELLO_BOARD_EMAIL_ADDRESS }} | |
trello_token: ${{ secrets.TRELLO_TOKEN }} | |
opensearch_master_user_name: ${{ secrets.OPENSEARCH_USERNAME }} | |
opensearch_master_user_password: ${{ secrets.OPENSEARCH_PASSWORD }} | |
opensearch_proxy_sso_client_id: ${{ secrets.OPENSEARCH_PROXY_SSO_CLIENT_ID }} | |
opensearch_proxy_sso_client_secret: ${{ secrets.OPENSEARCH_PROXY_SSO_CLIENT_SECRET }} | |
microsoft_graph_client_id: ${{ secrets.MICROSOFT_GRAPH_CLIENT_ID }} | |
microsoft_graph_client_secret: ${{ secrets.MICROSOFT_GRAPH_CLIENT_SECRET }} | |
microsoft_graph_b2c_tenant_id: ${{ secrets.MICROSOFT_GRAPH_B2C_TENANT_ID }} | |
microsoft_graph_b2c_tenant_name: ${{ secrets.MICROSOFT_GRAPH_B2C_TENANT_NAME }} | |
manual_testing: | |
name: Manual testing | |
runs-on: ubuntu-latest | |
steps: | |
- name: Link to manual testing document | |
run: | | |
echo "::notice file=tests/pre-release-testing-scenarios.md,title={Remember to run through the pre-release testing scenarios before pushing to production}::This should be automated soon." |