diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml index 80f20305..b95a2383 100644 --- a/.github/workflows/build-and-deploy.yml +++ b/.github/workflows/build-and-deploy.yml @@ -140,3 +140,63 @@ jobs: environment: production image-tag: ${{ needs.build_image.outputs.docker-image-tag }} azure-credentials: ${{ secrets.AZURE_CREDENTIALS }} + + deploy_domains_infra: + name: Deploy Domains Infrastructure + runs-on: ubuntu-latest + if: github.ref == 'refs/heads/main' && github.event_name == 'push' + concurrency: deploy_production + needs: [deploy_production] + environment: + name: production + permissions: + id-token: write + + steps: + - uses: azure/login@v2 + with: + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + + - name: Deploy Domains Infrastructure + id: deploy_domains_infra + uses: DFE-Digital/github-actions/deploy-domains-infra@master + with: + azure-client-id: ${{ secrets.AZURE_CLIENT_ID }} + azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }} + azure-subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + slack-webhook: ${{ secrets.SLACK_WEBHOOK }} + + deploy_domains_env: + name: Deploy Domains to ${{ matrix.domain_environment }} environment + runs-on: ubuntu-latest + if: github.ref == 'refs/heads/main' && github.event_name == 'push' + concurrency: deploy_${{ matrix.domain_environment }} + needs: [deploy_domains_infra] + strategy: + max-parallel: 1 + matrix: + domain_environment: [test, preprod, production] + environment: + name: production + permissions: + id-token: write + + steps: + - uses: azure/login@v2 + with: + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + + - name: Deploy Domains Environment + id: deploy_domains_env + uses: DFE-Digital/github-actions/deploy-domains-env@master + with: + azure-client-id: ${{ secrets.AZURE_CLIENT_ID }} + azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }} + azure-subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + environment: ${{ matrix.domain_environment }} + healthcheck: health + slack-webhook: ${{ secrets.SLACK_WEBHOOK }} diff --git a/Makefile b/Makefile index d6304a49..20d3bed7 100644 --- a/Makefile +++ b/Makefile @@ -132,7 +132,7 @@ get-cluster-credentials: set-azure-account ## Get AKS cluster credentials .PHONY: vendor-domain-infra-modules vendor-domain-infra-modules: rm -rf terraform/domains/infrastructure/vendor/modules/domains - TERRAFORM_MODULES_TAG=stable + $(eval include global_config/domains.sh) git -c advice.detachedHead=false clone --depth=1 --single-branch --branch ${TERRAFORM_MODULES_TAG} https://github.com/DFE-Digital/terraform-modules.git terraform/domains/infrastructure/vendor/modules/domains domains-infra-init: domains composed-variables vendor-domain-infra-modules set-azure-account diff --git a/global_config/domains.sh b/global_config/domains.sh index a7b76418..7faeff71 100644 --- a/global_config/domains.sh +++ b/global_config/domains.sh @@ -2,3 +2,4 @@ AZURE_SUBSCRIPTION=s189-teacher-services-cloud-production AZURE_RESOURCE_PREFIX=s189p01 CONFIG_SHORT=dom DISABLE_KEYVAULTS=true +TERRAFORM_MODULES_TAG=stable diff --git a/terraform/domains/environment_domains/output.tf b/terraform/domains/environment_domains/output.tf new file mode 100644 index 00000000..5e008572 --- /dev/null +++ b/terraform/domains/environment_domains/output.tf @@ -0,0 +1,10 @@ +output "external_urls" { + value = flatten([ + for zone_name, zone_values in var.hosted_zone : [ + for domain in zone_values["domains"] : (domain == "apex" ? + "https://${zone_name}" : + "https://${domain}.${zone_name}" + ) + ] + ]) +}