Production deployment action (#287)

* Production deployment action

* Add CI back to production deploy action

* Consistent naming

* Use PG13.5 everywhere

* Pipeline name

* No automated triggers

* Indentation

* Define workflow trigger

* Shouldn't need to set timezone as env var

* Add additional env vars

* Update node and ruby

* Checkout latest release tag for production pipeline

* cf8

* Fix repo name

* Repo name

* Env var for repo url

.github/workflows/production_pipeline.yml

@@ -0,0 +1,188 @@
+name: 'Production CI/CD Pipeline'
+
+on:
+  release:
+    types: [released]
+  workflow_dispatch:
+
+concurrency: 'production'
+
+env:
+  REPO_URL: communitiesuk/mhclg-data-collection-beta
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  test:
+    name: Test
+    runs-on: ubuntu-latest
+
+    services:
+      postgres:
+        image: postgres:13.5
+        env:
+          POSTGRES_PASSWORD: password
+          POSTGRES_USER: postgres
+          POSTGRES_DB: data_collector
+        ports:
+          - 5432:5432
+        # needed because the postgres container does not provide a healthcheck
+        # tmpfs makes DB faster by using RAM
+        options: >-
+          --mount type=tmpfs,destination=/var/lib/postgresql/data
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+    env:
+      RAILS_ENV: test
+      GEMFILE_RUBY_VERSION: 3.1.0
+      DB_HOST: localhost
+      DB_DATABASE: data_collector
+      DB_USERNAME: postgres
+      DB_PASSWORD: password
+
+    steps:
+      - name: Get latest release with tag
+        id: latestrelease
+        run: |
+          echo "::set-output name=releasetag::$(curl -s https://api.github.com/repos/${REPO_URL}/releases/latest | jq '.tag_name' | sed 's/\"//g')"
+      - name: Confirm release tag
+        run: |
+          echo ${{ steps.latestrelease.outputs.releasetag }}
+      - name: Checkout tag
+        uses: actions/checkout@v2
+        with:
+          ref: ${{ steps.latestrelease.outputs.releasetag }}
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          # runs 'bundle install' and caches installed gems automatically
+          bundler-cache: true
+      - name: Set up node
+        uses: actions/setup-node@v2
+        with:
+          node-version: '16'
+
+      - name: Create DB
+        run: |
+          bundle exec rake db:prepare
+
+      - name: Compile Assets
+        run: |
+          bundle exec rake assets:precompile
+
+      - name: Run tests
+        run: |
+          bundle exec rspec
+
+  lint:
+    name: Lint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Get latest release with tag
+        id: latestrelease
+        run: |
+          echo "::set-output name=releasetag::$(curl -s https://api.github.com/repos/${REPO_URL}/releases/latest | jq '.tag_name' | sed 's/\"//g')"
+      - name: Confirm release tag
+        run: |
+          echo ${{ steps.latestrelease.outputs.releasetag }}
+      - name: Checkout tag
+        uses: actions/checkout@v2
+        with:
+          ref: ${{ steps.latestrelease.outputs.releasetag }}
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          # runs 'bundle install' and caches installed gems automatically
+          bundler-cache: true
+
+      - name: Rubocop
+        run: |
+          bundle exec rubocop
+
+  audit:
+    name: Audit dependencies
+    runs-on: ubuntu-latest
+    steps:
+      - name: Get latest release with tag
+        id: latestrelease
+        run: |
+          echo "::set-output name=releasetag::$(curl -s https://api.github.com/repos/${REPO_URL}/releases/latest | jq '.tag_name' | sed 's/\"//g')"
+      - name: Confirm release tag
+        run: |
+          echo ${{ steps.latestrelease.outputs.releasetag }}
+      - name: Checkout tag
+        uses: actions/checkout@v2
+        with:
+          ref: ${{ steps.latestrelease.outputs.releasetag }}SS
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          # runs 'bundle install' and caches installed gems automatically
+          bundler-cache: true
+
+      - name: Audit
+        run: |
+          bundle exec bundler-audit
+
+    deploy:
+      name: Deploy
+
+      runs-on: ubuntu-latest
+      environment: 'production'
+      needs: [lint, test, audit]
+
+      steps:
+      - name: Get latest release with tag
+        id: latestrelease
+        run: |
+          echo "::set-output name=releasetag::$(curl -s https://api.github.com/repos/communitiesuk/mhclg-data-collection-beta/releases/latest | jq '.tag_name' | sed 's/\"//g')"
+      - name: Confirm release tag
+        run: |
+          echo ${{ steps.latestrelease.outputs.releasetag }}
+      - name: Checkout tag
+        uses: actions/checkout@v2
+        with:
+          ref: ${{ steps.latestrelease.outputs.releasetag }}
+
+      - name: Install Cloud Foundry CLI
+        run: |
+          wget -q -O - https://packages.cloudfoundry.org/debian/cli.cloudfoundry.org.key | sudo apt-key add -
+          echo "deb https://packages.cloudfoundry.org/debian stable main" | sudo tee /etc/apt/sources.list.d/cloudfoundry-cli.list
+          sudo apt-get update
+          sudo apt-get install cf8-cli
+      - name: Deploy
+        env:
+          CF_USERNAME: ${{ secrets.CF_USERNAME }}
+          CF_PASSWORD: ${{ secrets.CF_PASSWORD }}
+          CF_API_ENDPOINT: ${{ secrets.CF_API_ENDPOINT }}
+          CF_SPACE: ${{ secrets.CF_SPACE }}
+          CF_ORG: ${{ secrets.CF_ORG }}
+          API_USER: ${{ secrets.API_USER }}
+          API_KEY: ${{ secrets.API_KEY }}
+          APP_NAME: dluhc-core-staging
+          GOVUK_NOTIFY_API_KEY: ${{ secrets.GOVUK_NOTIFY_API_KEY }}
+          APP_HOST: ${{ secrets.APP_HOST }}
+          RAILS_MASTER_KEY: ${{ secrets.RAILS_MASTER_KEY }}
+          IMPORT_PAAS_INSTANCE: ${{ secrets.IMPORT_PAAS_INSTANCE }}
+          EXPORT_PAAS_INSTANCE: ${{ secrets.EXPORT_PAAS_INSTANCE }}
+          SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
+        run: |
+          cf api $CF_API_ENDPOINT
+          cf auth
+          cf target -o $CF_ORG -s $CF_SPACE
+          cf set-env $APP_NAME API_USER $API_USER
+          cf set-env $APP_NAME API_KEY $API_KEY
+          cf set-env $APP_NAME GOVUK_NOTIFY_API_KEY $GOVUK_NOTIFY_API_KEY
+          cf set-env $APP_NAME APP_HOST $APP_HOST
+          cf set-env $APP_NAME RAILS_MASTER_KEY $RAILS_MASTER_KEY
+          cf set-env $APP_NAME IMPORT_PAAS_INSTANCE $IMPORT_PAAS_INSTANCE
+          cf set-env $APP_NAME EXPORT_PAAS_INSTANCE $EXPORT_PAAS_INSTANCE
+          cf set-env $APP_NAME SENTRY_DSN $SENTRY_DSN
+          cf push $APP_NAME --strategy rolling

.github/workflows/staging_pipeline.yml

@@ -1,4 +1,4 @@
-name: 'CI/CD Pipeline'
+name: 'Staging CI/CD Pipeline'
 
 on:
   push:
@@ -14,7 +14,6 @@ defaults:
     shell: bash
 
 jobs:
-
   test:
     name: Test
     runs-on: ubuntu-latest
@@ -44,10 +43,6 @@ jobs:
       DB_USERNAME: postgres
       DB_PASSWORD: password
 
-      # Rails verifies the time zone in DB is the same as the time zone of the Rails app
-      TZ: "Europe/London"
-
-
     steps:
       - name: Checkout
         uses: actions/checkout@v2
@@ -120,12 +115,12 @@ jobs:
     - name: Checkout code
       uses: actions/checkout@v2
 
-    - name: Install cf client
+    - name: Install Cloud Foundry CLI
-      env:
-        CF_CLI_VERSION: 7.0.0-beta.30
       run: |
-        curl -L "https://packages.cloudfoundry.org/stable?release=linux64-binary&version=${CF_CLI_VERSION}" | tar -zx -C /tmp
+        wget -q -O - https://packages.cloudfoundry.org/debian/cli.cloudfoundry.org.key | sudo apt-key add -
-        sudo cp /tmp/cf7 /usr/local/bin/cf7
+        echo "deb https://packages.cloudfoundry.org/debian stable main" | sudo tee /etc/apt/sources.list.d/cloudfoundry-cli.list
+        sudo apt-get update
+        sudo apt-get install cf8-cli
     - name: Deploy
       env:
         CF_USERNAME: ${{ secrets.CF_USERNAME }}
@@ -143,15 +138,15 @@ jobs:
         EXPORT_PAAS_INSTANCE: ${{ secrets.EXPORT_PAAS_INSTANCE }}
         SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
       run: |
-        cf7 api $CF_API_ENDPOINT
+        cf api $CF_API_ENDPOINT
-        cf7 auth
+        cf auth
-        cf7 target -o $CF_ORG -s $CF_SPACE
+        cf target -o $CF_ORG -s $CF_SPACE
-        cf7 set-env $APP_NAME API_USER $API_USER
+        cf set-env $APP_NAME API_USER $API_USER
-        cf7 set-env $APP_NAME API_KEY $API_KEY
+        cf set-env $APP_NAME API_KEY $API_KEY
-        cf7 set-env $APP_NAME GOVUK_NOTIFY_API_KEY $GOVUK_NOTIFY_API_KEY
+        cf set-env $APP_NAME GOVUK_NOTIFY_API_KEY $GOVUK_NOTIFY_API_KEY
-        cf7 set-env $APP_NAME APP_HOST $APP_HOST
+        cf set-env $APP_NAME APP_HOST $APP_HOST
-        cf7 set-env $APP_NAME RAILS_MASTER_KEY $RAILS_MASTER_KEY
+        cf set-env $APP_NAME RAILS_MASTER_KEY $RAILS_MASTER_KEY
-        cf7 set-env $APP_NAME IMPORT_PAAS_INSTANCE $IMPORT_PAAS_INSTANCE
+        cf set-env $APP_NAME IMPORT_PAAS_INSTANCE $IMPORT_PAAS_INSTANCE
-        cf7 set-env $APP_NAME EXPORT_PAAS_INSTANCE $EXPORT_PAAS_INSTANCE
+        cf set-env $APP_NAME EXPORT_PAAS_INSTANCE $EXPORT_PAAS_INSTANCE
-        cf7 set-env $APP_NAME SENTRY_DSN $SENTRY_DSN
+        cf set-env $APP_NAME SENTRY_DSN $SENTRY_DSN
-        cf7 push $APP_NAME --strategy rolling
+        cf push $APP_NAME --strategy rolling