initial dev actions deploy with github container registry and paas ss…

…o passcode adaptations
DFE-Digital · May 12, 2021 · fc98c1c · fc98c1c
1 parent 403a899
commit fc98c1c
Show file tree

Hide file tree

Showing 11 changed files with 28 additions and 327 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -4,6 +4,7 @@ on:
   push:
     branches:
       - main
+  workflow_dispatch:
 
 env:
   RAILS_ENV: production
@@ -16,20 +17,21 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v2
 
-      - name: Login to DockerHub
+      - name: Login to GitHub container registry
         uses: docker/login-action@v1
         with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_PASSWORD }}
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Set up Docker Buildx
         id: buildx
         uses: docker/setup-buildx-action@v1
 
       - name: Set DOCKER_IMAGE Environment Variable
-        run:  echo "DOCKER_IMAGE=dfedigital/eyfsreform:${{ github.sha }}" >> $GITHUB_ENV
+        run:  echo "DOCKER_IMAGE=ghcr.io/dfe-digital/ghre-eyfs-cms-alpha:${{ github.sha }}" >> $GITHUB_ENV
 
-      - name: Build and push docker image to DockerHub
+      - name: Build and push docker image to GitHub container registry
         id: docker_build
         uses: docker/build-push-action@v2
         with:

diff --git a/.github/workflows/delete_user.yml b/.github/workflows/delete_user.yml
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -11,6 +11,9 @@ on:
         description: Git ref to deploy
         required: true
         default: main
+      paas_sso_passcode:
+        description: paas_sso_passcode
+        required: true
 
 jobs:
   turnstyle:
@@ -40,20 +43,21 @@ jobs:
         with:
           terraform_version: 0.14.0
 
-      - name: Login to DockerHub
+      - name: Login to GitHub Container Registry
         uses: docker/login-action@v1
         with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_PASSWORD }}
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Set up Docker Buildx
         id: buildx
         uses: docker/setup-buildx-action@v1
 
       - name: Set DOCKER_IMAGE Environment Variable
-        run:  echo "DOCKER_IMAGE=dfedigital/eyfsreform:${{ github.sha }}" >> $GITHUB_ENV
+        run:  echo "DOCKER_IMAGE=ghcr.io/dfe-digital/ghre-eyfs-cms-alpha:${{ github.sha }}" >> $GITHUB_ENV
 
-      - name: Build and push docker image to DockerHub
+      - name: Build and push docker image to GitHub Container Registry
         id: docker_build
         uses: docker/build-push-action@v2
         with:
@@ -69,71 +73,10 @@ jobs:
         env:
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          TF_VAR_paas_user: ${{ secrets.GOVPAAS_USERNAME }}
-          TF_VAR_paas_password: ${{ secrets.GOVPAAS_PASSWORD }}
+          TF_VAR_paas_sso_passcode: ${{ github.event.inputs.paas_sso_passcode }}
         run: |
           export TF_VAR_paas_app_docker_image=${{ env.DOCKER_IMAGE }}
           cd terraform/app
           terraform init -reconfigure -input=false -backend-config="bucket=${{secrets.AWS_BUCKET}}"
           terraform plan -var-file ../workspace-variables/dev.tfvars
           terraform apply -input=false -auto-approve -var-file ../workspace-variables/dev.tfvars -var='secret_paas_app_env_values={"RAILS_MASTER_KEY":"${{secrets.RAILS_MASTER_KEY_DEV}}", "AWS_ACCESS_KEY_ID": "${{secrets.AWS_ACCESS_KEY_ID}}", "AWS_SECRET_ACCESS_KEY": "${{secrets.AWS_SECRET_ACCESS_KEY}}", "AWS_REGION": "${{secrets.AWS_REGION}}", "AWS_BUCKET": "${{secrets.AWS_BUCKET}}", "BASIC_AUTH_USER": "${{secrets.BASIC_AUTH_USER}}", "BASIC_AUTH_PASSWORD": "${{secrets.BASIC_AUTH_PASSWORD}}"}'
-
-      - name: Deploy to test
-        if: ${{ github.event.inputs.environment == 'test' }}
-        env:
-          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_TEST }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_TEST }}
-          TF_VAR_paas_user: ${{ secrets.GOVPAAS_USERNAME_TEST }}
-          TF_VAR_paas_password: ${{ secrets.GOVPAAS_PASSWORD_TEST }}
-        run: |
-          export TF_VAR_paas_app_docker_image=${{ env.DOCKER_IMAGE }}
-          cd terraform/app
-          terraform init -reconfigure -input=false -backend-config="bucket=${{secrets.AWS_BUCKET_TEST}}"
-          terraform plan -var-file ../workspace-variables/test.tfvars
-          terraform apply -input=false -auto-approve -var-file ../workspace-variables/test.tfvars -var='secret_paas_app_env_values={"RAILS_MASTER_KEY":"${{secrets.RAILS_MASTER_KEY_TEST}}", "AWS_ACCESS_KEY_ID": "${{secrets.AWS_ACCESS_KEY_ID_TEST}}", "AWS_SECRET_ACCESS_KEY": "${{secrets.AWS_SECRET_ACCESS_KEY_TEST}}", "AWS_REGION": "${{secrets.AWS_REGION}}", "AWS_BUCKET": "${{secrets.AWS_BUCKET_TEST}}", "BASIC_AUTH_USER": "${{secrets.BASIC_AUTH_USER}}", "BASIC_AUTH_PASSWORD": "${{secrets.BASIC_AUTH_PASSWORD}}"}'
-
-      - name: Deploy to pre-prod
-        if: ${{ github.event.inputs.environment == 'pre-prod' }}
-        env:
-          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_PREPROD }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_PREPROD }}
-          TF_VAR_paas_user: ${{ secrets.GOVPAAS_USERNAME_PREPROD }}
-          TF_VAR_paas_password: ${{ secrets.GOVPAAS_PASSWORD_PREPROD }}
-        run: |
-          export TF_VAR_paas_app_docker_image=${{ env.DOCKER_IMAGE }}
-          cd terraform/app
-          terraform init -reconfigure -input=false -backend-config="bucket=${{secrets.AWS_BUCKET_PREPROD}}"
-          terraform plan -var-file ../workspace-variables/preprod.tfvars
-          terraform apply -input=false -auto-approve -var-file ../workspace-variables/preprod.tfvars -var='secret_paas_app_env_values={"RAILS_MASTER_KEY":"${{secrets.RAILS_MASTER_KEY_PREPROD}}", "AWS_ACCESS_KEY_ID": "${{secrets.AWS_ACCESS_KEY_ID_PREPROD}}", "AWS_SECRET_ACCESS_KEY": "${{secrets.AWS_SECRET_ACCESS_KEY_PREPROD}}", "AWS_REGION": "${{secrets.AWS_REGION}}", "AWS_BUCKET": "${{secrets.AWS_BUCKET_PREPROD}}", "BASIC_AUTH_USER": "${{secrets.BASIC_AUTH_USER}}", "BASIC_AUTH_PASSWORD": "${{secrets.BASIC_AUTH_PASSWORD}}"}'
-
-      - name: Deploy to prod
-        if: ${{ github.event.inputs.environment == 'prod' }}
-        env:
-          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_PROD }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_PROD }}
-          TF_VAR_paas_user: ${{ secrets.GOVPAAS_USERNAME_PROD }}
-          TF_VAR_paas_password: ${{ secrets.GOVPAAS_PASSWORD_PROD }}
-        run: |
-          export TF_VAR_paas_app_docker_image=${{ env.DOCKER_IMAGE }}
-          cd terraform/app
-          terraform init -reconfigure -input=false -backend-config="bucket=${{secrets.AWS_BUCKET_PROD}}"
-          terraform plan -var-file ../workspace-variables/prod.tfvars
-          terraform apply -input=false -auto-approve -var-file ../workspace-variables/prod.tfvars -var='secret_paas_app_env_values={"RAILS_MASTER_KEY":"${{secrets.RAILS_MASTER_KEY_PROD}}", "AWS_ACCESS_KEY_ID": "${{secrets.AWS_ACCESS_KEY_ID_PROD}}", "AWS_SECRET_ACCESS_KEY": "${{secrets.AWS_SECRET_ACCESS_KEY_PROD}}", "AWS_REGION": "${{secrets.AWS_REGION}}", "AWS_BUCKET": "${{secrets.AWS_BUCKET_PROD}}", "BASIC_AUTH_USER": "${{secrets.BASIC_AUTH_USER}}", "BASIC_AUTH_PASSWORD": "${{secrets.BASIC_AUTH_PASSWORD}}"}'
-
-      - name: Install CF CLI on Prod
-        uses: DFE-Digital/github-actions/setup-cf-cli@master
-        if: ${{ github.event.inputs.environment == 'prod' }}
-        with:
-          CF_USERNAME: ${{ secrets.GOVPAAS_USERNAME_PROD }}
-          CF_PASSWORD: ${{ secrets.GOVPAAS_PASSWORD_PROD }}
-          CF_SPACE_NAME: eyfs-${{ github.event.inputs.environment }} # required
-          # Optional inputs
-          CF_CLI_VERSION: v7 # default v7, allowed values: v6 or v7
-          CF_ORG_NAME: dfe # default
-          CF_API_URL:  https://api.london.cloud.service.gov.uk # default
-          INSTALL_CONDUIT: false # default: false
-
-      - name: Remap DNS route on Prod
-        if: ${{ github.event.inputs.environment == 'prod' }}
-        run: |
-          cf map-route eyfs-prod education.gov.uk --hostname help-for-early-years-providers
diff --git a/.github/workflows/deploy_to_dev.yml b/.github/workflows/deploy_to_dev.yml
@@ -1,9 +1,11 @@
 name: Deploy to Dev
 
 on:
-  push:
-    branches:
-      - main
+  workflow_dispatch:
+    inputs:
+      paas_sso_passcode:
+        description: paas_sso_passcode
+        required: true
 
 jobs:
   deploy:
@@ -12,7 +14,7 @@ jobs:
     steps:
       - name: setup-inputs
         run: |
-          INPUTS='${{ format('{{"environment": "dev", "ref": "{0}"}}', github.sha) }}'
+          INPUTS='${{ format('{{"environment": "dev", "ref": "{0}", "paas_sso_passcode": "{1}"}}', github.sha, github.event.inputs.paas_sso_passcode) }}'
           echo "INPUTS=${INPUTS}" >> $GITHUB_ENV
 
       - name: trigger-deploy

diff --git a/.github/workflows/deploy_to_preprod.yml b/.github/workflows/deploy_to_preprod.yml
diff --git a/.github/workflows/deploy_to_prod.yml b/.github/workflows/deploy_to_prod.yml
diff --git a/.github/workflows/deploy_to_test.yml b/.github/workflows/deploy_to_test.yml