submit-social-housing-letti.../.github/workflows/review_pipeline.yml

name: Review app pipeline

concurrency:
  group: review-${{ github.event.pull_request.number }}

on:
  pull_request:
    types:
      - opened
      - synchronize
      - reopened
  workflow_dispatch:

defaults:
  run:
    shell: bash

env:
  app_repo_role: arn:aws:iam::815624722760:role/core-application-repo
  aws_region: eu-west-2
  repository: core

jobs:
  infra:
    name: Deploy review app infrastructure
    uses: communitiesuk/submit-social-housing-lettings-and-sales-data-infrastructure/.github/workflows/create_review_app_infra.yml@main
    with:
      key: ${{ github.event.pull_request.number }}
      app_repo_role: arn:aws:iam::815624722760:role/core-application-repo
    permissions:
      id-token: write

  code:
    name: Deploy review app code
    needs: [infra]
    uses: ./.github/workflows/aws_deploy.yml
    with:
      aws_account_id: 837698168072
      aws_role_prefix: core-dev
      aws_task_prefix: core-review-${{ github.event.pull_request.number }}
      concurrency_tag: ${{ github.event.pull_request.number }}
      environment: review
    permissions:
      id-token: write

  performance:
    needs: [code]
    runs-on: ubuntu-latest
    permissions:
        id-token: write

    steps:
      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v3
        with:
          aws-region: ${{ env.aws_region }}
          role-to-assume: ${{ env.app_repo_role }}

      - name: Configure AWS credentials for the environment
        uses: aws-actions/configure-aws-credentials@v3
        with:
          aws-region: eu-west-2
          role-to-assume: arn:aws:iam::837698168072:role/core-dev-deployment
          role-chaining: true

      - name: Run Performance Test
        env:
          email: performance_testing_user@example.com
          password: password
          ad_hoc_task_definition: core-review-${{ github.event.pull_request.number }}-ad-hoc
          cluster: core-review-${{ github.event.pull_request.number }}-app
          service: core-review-${{ github.event.pull_request.number }}-app
        run: |
          echo $cluster
          network=$(aws ecs describe-services --cluster $cluster --services $service --query services[0].networkConfiguration)
          overrides='{
            "containerOverrides": [{
              "name": "app",
              "command": ["sh", "./lib/tasks/performance_test.sh"]
            }]
          }'
          arn=$(aws ecs run-task --cluster $cluster --task-definition $ad_hoc_task_definition --network-configuration "$network" --overrides "$overrides" --group migrations --launch-type FARGATE --query tasks[0].taskArn)

          echo "Waiting for performance tests to run"
          task_id=${arn##*/}
          task_id=${task_id%*\"}

          aws ecs wait tasks-stopped --cluster $cluster --tasks $task_id

          succeeded=$(aws ecs describe-tasks --cluster $cluster --tasks $task_id --query "tasks[0].containers[0].exitCode == '0'")
          if [ "$succeeded" == "true" ]; then exit 0; else exit 1; fi

  comment:
    name: Add link to PR
    needs: [code]
    runs-on: ubuntu-latest
    permissions:
      issues: write
      pull-requests: write

    steps:
      - name: Comment on PR with URL
        uses: unsplash/comment-on-pr@v1.3.0
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          msg: "Created review app at https://review.submit-social-housing-data.levellingup.gov.uk/${{ github.event.pull_request.number }}"
          check_for_duplicate_msg: true
          duplicate_msg_pattern: Created review app at*
Add review app pipeline (#993) * Add review app pipeline * disable 2FA on review apps * update infrastructure docs about review apps 2 years ago			`name: Review app pipeline`

Review apps on AWS (#2062) * CLDC-2812: update app config to run from relative root * Deploy to staging on pushes to branch * Add action mailer relative root config for review envs * Temporary pipeline to deploy this branch for testing * Update aws deploy pipeline to allow different prefixes for roles and tasks * Prepare database when deploying review apps * Update app nav and sentry to take account of relative root * Update more fixed paths * Update header root link path * Rack attack path * Revert "Deploy to staging on pushes to branch" This reverts commit b05f13d474607299a4fc2407d864bff644d48a3d. * Start updating workflows * Update teardown pipeline to drop database * Ensure destroy infra step runs after drop database * Remove user_password_path because it can't be found * Don't override path helpers in navigation items helper tests * Checkout infra code to run workflow * Try separating workflow call to job * Sync with infra repo updates * Use workflow on dev * Don't trigger on push to branch * Avoid rack attack path helper issue * Update review apps teardown pipeline * Update infra repo reference to main * Fix linting * Fix /logs redirect * Fix lettings_logs_current and sales_logs_current checks in navigation items helper * Fix existing bug in schemes nav item highlighting * Use starts with rather than == in logs nav items current checks * Split off non-support schemes current nav item checks --------- Co-authored-by: Sam Seed <sam.seed@softwire.com> 1 year ago			`concurrency:`
			`group: review-${{ github.event.pull_request.number }}`
limit review pipeline to single concurrency (#1033) 2 years ago
Add review app pipeline (#993) * Add review app pipeline * disable 2FA on review apps * update infrastructure docs about review apps 2 years ago			`on:`
			`pull_request:`
			`types:`
			`- opened`
			`- synchronize`
			`- reopened`
			`workflow_dispatch:`

			`defaults:`
			`run:`
			`shell: bash`

Add test to the pipeline 4 months ago			`env:`
			`app_repo_role: arn:aws:iam::815624722760:role/core-application-repo`
			`aws_region: eu-west-2`
			`repository: core`

Add review app pipeline (#993) * Add review app pipeline * disable 2FA on review apps * update infrastructure docs about review apps 2 years ago			`jobs:`
Review apps on AWS (#2062) * CLDC-2812: update app config to run from relative root * Deploy to staging on pushes to branch * Add action mailer relative root config for review envs * Temporary pipeline to deploy this branch for testing * Update aws deploy pipeline to allow different prefixes for roles and tasks * Prepare database when deploying review apps * Update app nav and sentry to take account of relative root * Update more fixed paths * Update header root link path * Rack attack path * Revert "Deploy to staging on pushes to branch" This reverts commit b05f13d474607299a4fc2407d864bff644d48a3d. * Start updating workflows * Update teardown pipeline to drop database * Ensure destroy infra step runs after drop database * Remove user_password_path because it can't be found * Don't override path helpers in navigation items helper tests * Checkout infra code to run workflow * Try separating workflow call to job * Sync with infra repo updates * Use workflow on dev * Don't trigger on push to branch * Avoid rack attack path helper issue * Update review apps teardown pipeline * Update infra repo reference to main * Fix linting * Fix /logs redirect * Fix lettings_logs_current and sales_logs_current checks in navigation items helper * Fix existing bug in schemes nav item highlighting * Use starts with rather than == in logs nav items current checks * Split off non-support schemes current nav item checks --------- Co-authored-by: Sam Seed <sam.seed@softwire.com> 1 year ago			`infra:`
			`name: Deploy review app infrastructure`
			`uses: communitiesuk/submit-social-housing-lettings-and-sales-data-infrastructure/.github/workflows/create_review_app_infra.yml@main`
			`with:`
			`key: ${{ github.event.pull_request.number }}`
			`app_repo_role: arn:aws:iam::815624722760:role/core-application-repo`
			`permissions:`
			`id-token: write`

			`code:`
			`name: Deploy review app code`
			`needs: [infra]`
			`uses: ./.github/workflows/aws_deploy.yml`
			`with:`
			`aws_account_id: 837698168072`
			`aws_role_prefix: core-dev`
			`aws_task_prefix: core-review-${{ github.event.pull_request.number }}`
Ensure aws_deploy has different concurrency groups for different review apps (#2079) 1 year ago			`concurrency_tag: ${{ github.event.pull_request.number }}`
Review apps on AWS (#2062) * CLDC-2812: update app config to run from relative root * Deploy to staging on pushes to branch * Add action mailer relative root config for review envs * Temporary pipeline to deploy this branch for testing * Update aws deploy pipeline to allow different prefixes for roles and tasks * Prepare database when deploying review apps * Update app nav and sentry to take account of relative root * Update more fixed paths * Update header root link path * Rack attack path * Revert "Deploy to staging on pushes to branch" This reverts commit b05f13d474607299a4fc2407d864bff644d48a3d. * Start updating workflows * Update teardown pipeline to drop database * Ensure destroy infra step runs after drop database * Remove user_password_path because it can't be found * Don't override path helpers in navigation items helper tests * Checkout infra code to run workflow * Try separating workflow call to job * Sync with infra repo updates * Use workflow on dev * Don't trigger on push to branch * Avoid rack attack path helper issue * Update review apps teardown pipeline * Update infra repo reference to main * Fix linting * Fix /logs redirect * Fix lettings_logs_current and sales_logs_current checks in navigation items helper * Fix existing bug in schemes nav item highlighting * Use starts with rather than == in logs nav items current checks * Split off non-support schemes current nav item checks --------- Co-authored-by: Sam Seed <sam.seed@softwire.com> 1 year ago			`environment: review`
			`permissions:`
			`id-token: write`
Add review app pipeline (#993) * Add review app pipeline * disable 2FA on review apps * update infrastructure docs about review apps 2 years ago
Add test to the pipeline 4 months ago			`performance:`
			`needs: [code]`
			`runs-on: ubuntu-latest`
			`permissions:`
			`id-token: write`

			`steps:`
			`- name: Configure AWS credentials`
			`uses: aws-actions/configure-aws-credentials@v3`
			`with:`
			`aws-region: ${{ env.aws_region }}`
			`role-to-assume: ${{ env.app_repo_role }}`

			`- name: Configure AWS credentials for the environment`
			`uses: aws-actions/configure-aws-credentials@v3`
			`with:`
			`aws-region: eu-west-2`
			`role-to-assume: arn:aws:iam::837698168072:role/core-dev-deployment`
			`role-chaining: true`

			`- name: Run Performance Test`
			`env:`
			`email: performance_testing_user@example.com`
			`password: password`
			`ad_hoc_task_definition: core-review-${{ github.event.pull_request.number }}-ad-hoc`
			`cluster: core-review-${{ github.event.pull_request.number }}-app`
			`service: core-review-${{ github.event.pull_request.number }}-app`
			`run: \|`
			`echo $cluster`
			`network=$(aws ecs describe-services --cluster $cluster --services $service --query services[0].networkConfiguration)`
			`overrides='{`
			`"containerOverrides": [{`
			`"name": "app",`
			`"command": ["sh", "./lib/tasks/performance_test.sh"]`
			`}]`
			`}'`
			`arn=$(aws ecs run-task --cluster $cluster --task-definition $ad_hoc_task_definition --network-configuration "$network" --overrides "$overrides" --group migrations --launch-type FARGATE --query tasks[0].taskArn)`

			`echo "Waiting for performance tests to run"`
			`task_id=${arn##*/}`
			`task_id=${task_id%*\"}`

			`aws ecs wait tasks-stopped --cluster $cluster --tasks $task_id`

			`succeeded=$(aws ecs describe-tasks --cluster $cluster --tasks $task_id --query "tasks[0].containers[0].exitCode == '0'")`
			`if [ "$succeeded" == "true" ]; then exit 0; else exit 1; fi`

Review apps on AWS (#2062) * CLDC-2812: update app config to run from relative root * Deploy to staging on pushes to branch * Add action mailer relative root config for review envs * Temporary pipeline to deploy this branch for testing * Update aws deploy pipeline to allow different prefixes for roles and tasks * Prepare database when deploying review apps * Update app nav and sentry to take account of relative root * Update more fixed paths * Update header root link path * Rack attack path * Revert "Deploy to staging on pushes to branch" This reverts commit b05f13d474607299a4fc2407d864bff644d48a3d. * Start updating workflows * Update teardown pipeline to drop database * Ensure destroy infra step runs after drop database * Remove user_password_path because it can't be found * Don't override path helpers in navigation items helper tests * Checkout infra code to run workflow * Try separating workflow call to job * Sync with infra repo updates * Use workflow on dev * Don't trigger on push to branch * Avoid rack attack path helper issue * Update review apps teardown pipeline * Update infra repo reference to main * Fix linting * Fix /logs redirect * Fix lettings_logs_current and sales_logs_current checks in navigation items helper * Fix existing bug in schemes nav item highlighting * Use starts with rather than == in logs nav items current checks * Split off non-support schemes current nav item checks --------- Co-authored-by: Sam Seed <sam.seed@softwire.com> 1 year ago			`comment:`
			`name: Add link to PR`
			`needs: [code]`
Add review app pipeline (#993) * Add review app pipeline * disable 2FA on review apps * update infrastructure docs about review apps 2 years ago			`runs-on: ubuntu-latest`
Allow issues/pull-request write permissions for GitHub token (#1310) 2 years ago			`permissions:`
			`issues: write`
			`pull-requests: write`
Add review app pipeline (#993) * Add review app pipeline * disable 2FA on review apps * update infrastructure docs about review apps 2 years ago
			`steps:`
			`- name: Comment on PR with URL`
			`uses: unsplash/comment-on-pr@v1.3.0`
			`env:`
			`GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}`
			`with:`
Review apps on AWS (#2062) * CLDC-2812: update app config to run from relative root * Deploy to staging on pushes to branch * Add action mailer relative root config for review envs * Temporary pipeline to deploy this branch for testing * Update aws deploy pipeline to allow different prefixes for roles and tasks * Prepare database when deploying review apps * Update app nav and sentry to take account of relative root * Update more fixed paths * Update header root link path * Rack attack path * Revert "Deploy to staging on pushes to branch" This reverts commit b05f13d474607299a4fc2407d864bff644d48a3d. * Start updating workflows * Update teardown pipeline to drop database * Ensure destroy infra step runs after drop database * Remove user_password_path because it can't be found * Don't override path helpers in navigation items helper tests * Checkout infra code to run workflow * Try separating workflow call to job * Sync with infra repo updates * Use workflow on dev * Don't trigger on push to branch * Avoid rack attack path helper issue * Update review apps teardown pipeline * Update infra repo reference to main * Fix linting * Fix /logs redirect * Fix lettings_logs_current and sales_logs_current checks in navigation items helper * Fix existing bug in schemes nav item highlighting * Use starts with rather than == in logs nav items current checks * Split off non-support schemes current nav item checks --------- Co-authored-by: Sam Seed <sam.seed@softwire.com> 1 year ago			`msg: "Created review app at https://review.submit-social-housing-data.levellingup.gov.uk/${{ github.event.pull_request.number }}"`
Add review app pipeline (#993) * Add review app pipeline * disable 2FA on review apps * update infrastructure docs about review apps 2 years ago			`check_for_duplicate_msg: true`
			`duplicate_msg_pattern: Created review app at*`