From f7632aaa1bd149e80c0047ee7470176652232860 Mon Sep 17 00:00:00 2001
From: Sam Seed <sam.seed@softwire.com>
Date: Thu, 5 Oct 2023 16:03:39 +0100
Subject: [PATCH] Production WIP

---
 .github/workflows/aws_deploy.yml          | 33 +++++++++++++++++++++--
 .github/workflows/production_pipeline.yml | 12 +++++++++
 2 files changed, 43 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/aws_deploy.yml b/.github/workflows/aws_deploy.yml
index 247efbfab..b3b9a4782 100644
--- a/.github/workflows/aws_deploy.yml
+++ b/.github/workflows/aws_deploy.yml
@@ -21,9 +21,11 @@ env:
   app_repo_role: arn:aws:iam::815624722760:role/core-application-repo
   aws_region: eu-west-2
   repository: core
+  REPO_URL: communitiesuk/submit-social-housing-lettings-and-sales-data
 
 jobs:
   push_docker_image:
+    if: inputs.environment != 'production'
     name: Push docker image to AWS
     runs-on: ubuntu-latest
     permissions:
@@ -59,6 +61,9 @@ jobs:
     runs-on: ubuntu-latest
     environment: ${{ inputs.environment }}
     needs: push_docker_image
+    if: |
+      always() &&
+      (needs.push_docker_image.result == 'success' || needs.push_docker_image.result == 'skipped')
 
     steps:
       - name: Configure AWS credentials
@@ -75,13 +80,37 @@ jobs:
 
       - name: Get timestamp
         id: timestamp
-        run: echo "timestamp=$(date +%Y%m%d%H%M%S)" >> $GITHUB_ENV
+        if: inputs.environment != 'production'
+        run: |
+          echo "::set-output name=timestamp::$(echo "timestamp=$(date +%Y%m%d%H%M%S)")"
+
+      - name: Get latest release with tag
+        id: latestrelease
+        if: inputs.environment == 'production'
+        run: |
+          echo "::set-output name=releasetag::$(curl -s https://api.github.com/repos/${REPO_URL}/releases/latest | jq '.tag_name' | sed 's/\"//g')"
+
+      - name: Confirm release tag
+        if: inputs.environment == 'production'
+        run: |
+          echo ${{ steps.latestrelease.outputs.releasetag }}
+
+      - name: Checkout tag
+        uses: actions/checkout@v3
+        if: inputs.environment == 'production'
+        with:
+          ref: ${{ steps.latestrelease.outputs.releasetag }}
+
+      - name: Construct environment-dependent tag
+        id: tag
+        run: |
+          echo "::set-output name=tag::$(if [[ ${{ inputs.environment == 'production' }} ]] then ${{ steps.latestrelease.outputs.releasetag }} else ${{ steps.timestamp.outputs.timestamp }} fi)"
 
       - name: Add environment tag to existing image
         env:
           registry: ${{ steps.ecr-login.outputs.registry }}
           commit_tag: ${{ github.sha }}
-          readable_tag: ${{ inputs.environment }}-${{ env.timestamp }}
+          readable_tag: ${{ inputs.environment }}-${{ steps.tag.outputs.tag }}
         run: |
           manifest=$(aws ecr batch-get-image --repository-name $repository --image-ids imageTag=$commit_tag --output text --query images[].imageManifest)
           aws ecr put-image --repository-name $repository --image-tag $readable_tag --image-manifest "$manifest"
diff --git a/.github/workflows/production_pipeline.yml b/.github/workflows/production_pipeline.yml
index fd0a73b9d..09f8119cf 100644
--- a/.github/workflows/production_pipeline.yml
+++ b/.github/workflows/production_pipeline.yml
@@ -257,3 +257,15 @@ jobs:
           cf set-env $APP_NAME CSV_DOWNLOAD_PAAS_INSTANCE $CSV_DOWNLOAD_PAAS_INSTANCE
           cf set-env $APP_NAME SENTRY_DSN $SENTRY_DSN
           cf push $APP_NAME --strategy rolling
+
+  # aws_deploy:
+  #   name: AWS Deploy
+  #   if: github.ref == 'refs/heads/main'
+  #   needs: [lint, test, feature_test, audit]
+  #   uses: ./.github/workflows/aws_deploy.yml
+  #   with:
+  #     aws_account_id: 977287343304
+  #     aws_resource_prefix: core-prod
+  #     environment: production
+  #   permissions:
+  #     id-token: write