name: Production CI/CD Pipeline on: release: types: [released] workflow_dispatch: env: REPO_URL: communitiesuk/submit-social-housing-lettings-and-sales-data defaults: run: shell: bash jobs: test: name: Test runs-on: ubuntu-latest outputs: releasetag: ${{ steps.latestrelease.outputs.releasetag }} services: postgres: image: postgres:13.5 env: POSTGRES_PASSWORD: password POSTGRES_USER: postgres POSTGRES_DB: data_collector ports: - 5432:5432 # Needed because the Postgres container does not provide a health check # tmpfs makes database faster by using RAM options: >- --mount type=tmpfs,destination=/var/lib/postgresql/data --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5 env: RAILS_ENV: test GEMFILE_RUBY_VERSION: 3.1.1 DB_HOST: localhost DB_DATABASE: data_collector DB_USERNAME: postgres DB_PASSWORD: password RAILS_MASTER_KEY: ${{ secrets.RAILS_MASTER_KEY }} PARALLEL_TEST_PROCESSORS: 4 steps: - name: Get latest release with tag id: latestrelease run: | echo "releasetag=$(curl -s https://api.github.com/repos/${REPO_URL}/releases/latest | jq '.tag_name' | sed 's/\"//g')" >> $GITHUB_OUTPUT - name: Confirm release tag run: | echo ${{ steps.latestrelease.outputs.releasetag }} - name: Checkout tag uses: actions/checkout@v3 with: ref: ${{ steps.latestrelease.outputs.releasetag }} - name: Set up Ruby uses: ruby/setup-ruby@v1 with: bundler-cache: true - name: Set up node uses: actions/setup-node@v3 with: cache: yarn node-version: 18 - name: Create database run: | bundle exec rake parallel:setup - name: Compile Assets run: | bundle exec rake assets:precompile - name: Run tests run: | bundle exec rake parallel:spec['spec\/(?!features)'] feature_test: name: Feature Tests if: '!github.event.pull_request.draft' runs-on: ubuntu-latest services: postgres: image: postgres:13.5 env: POSTGRES_PASSWORD: password POSTGRES_USER: postgres POSTGRES_DB: data_collector ports: - 5432:5432 # Needed because the Postgres container does not provide a health check # tmpfs makes database faster by using RAM options: >- --mount type=tmpfs,destination=/var/lib/postgresql/data --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5 env: RAILS_ENV: test GEMFILE_RUBY_VERSION: 3.1.1 DB_HOST: localhost DB_DATABASE: data_collector DB_USERNAME: postgres DB_PASSWORD: password RAILS_MASTER_KEY: ${{ secrets.RAILS_MASTER_KEY }} steps: - name: Checkout uses: actions/checkout@v3 - name: Set up Ruby uses: ruby/setup-ruby@v1 with: bundler-cache: true - name: Set up Node.js uses: actions/setup-node@v3 with: cache: yarn node-version: 18 - name: Create database run: | bundle exec rake db:prepare - name: Compile assets run: | bundle exec rake assets:precompile - name: Run tests run: | bundle exec rspec spec/features --fail-fast lint: name: Lint runs-on: ubuntu-latest steps: - name: Get latest release with tag id: latestrelease run: | echo "::set-output name=releasetag::$(curl -s https://api.github.com/repos/${REPO_URL}/releases/latest | jq '.tag_name' | sed 's/\"//g')" - name: Confirm release tag run: | echo ${{ steps.latestrelease.outputs.releasetag }} - name: Checkout tag uses: actions/checkout@v3 with: ref: ${{ steps.latestrelease.outputs.releasetag }} - name: Set up Ruby uses: ruby/setup-ruby@v1 with: bundler-cache: true - name: Rubocop run: | bundle exec rubocop audit: name: Audit dependencies runs-on: ubuntu-latest steps: - name: Get latest release with tag id: latestrelease run: | echo "::set-output name=releasetag::$(curl -s https://api.github.com/repos/${REPO_URL}/releases/latest | jq '.tag_name' | sed 's/\"//g')" - name: Confirm release tag run: | echo ${{ steps.latestrelease.outputs.releasetag }} - name: Checkout tag uses: actions/checkout@v3 with: ref: ${{ steps.latestrelease.outputs.releasetag }} - name: Set up Ruby uses: ruby/setup-ruby@v1 with: bundler-cache: true - name: Audit run: | bundle exec bundler-audit deploy: name: Deploy concurrency: "production" runs-on: ubuntu-latest environment: "production" needs: [lint, test, feature_test, audit] steps: - name: Get latest release with tag id: latestrelease run: | echo "::set-output name=releasetag::$(curl -s https://api.github.com/repos/${REPO_URL}/releases/latest | jq '.tag_name' | sed 's/\"//g')" - name: Confirm release tag run: | echo ${{ steps.latestrelease.outputs.releasetag }} - name: Checkout tag uses: actions/checkout@v3 with: ref: ${{ steps.latestrelease.outputs.releasetag }} - name: Install Cloud Foundry CLI run: | wget --user-agent "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.3 Safari/605.1.15" -q -O - https://packages.cloudfoundry.org/debian/cli.cloudfoundry.org.key | sudo apt-key add - echo "deb https://packages.cloudfoundry.org/debian stable main" | sudo tee /etc/apt/sources.list.d/cloudfoundry-cli.list sudo apt-get update sudo apt-get install cf8-cli - name: Deploy env: CF_USERNAME: ${{ secrets.CF_USERNAME }} CF_PASSWORD: ${{ secrets.CF_PASSWORD }} CF_API_ENDPOINT: ${{ secrets.CF_API_ENDPOINT }} CF_SPACE: ${{ secrets.CF_SPACE }} CF_ORG: ${{ secrets.CF_ORG }} APP_NAME: dluhc-core-production GOVUK_NOTIFY_API_KEY: ${{ secrets.GOVUK_NOTIFY_API_KEY }} APP_HOST: ${{ secrets.APP_HOST }} RAILS_MASTER_KEY: ${{ secrets.RAILS_MASTER_KEY }} OS_DATA_KEY: ${{ secrets.OS_DATA_KEY }} IMPORT_PAAS_INSTANCE: ${{ secrets.IMPORT_PAAS_INSTANCE }} EXPORT_PAAS_INSTANCE: ${{ secrets.EXPORT_PAAS_INSTANCE }} S3_CONFIG: ${{ secrets.S3_CONFIG }} CSV_DOWNLOAD_PAAS_INSTANCE: ${{ secrets.CSV_DOWNLOAD_PAAS_INSTANCE }} SENTRY_DSN: ${{ secrets.SENTRY_DSN }} run: | cf api $CF_API_ENDPOINT cf auth cf target -o $CF_ORG -s $CF_SPACE cf set-env $APP_NAME GOVUK_NOTIFY_API_KEY $GOVUK_NOTIFY_API_KEY cf set-env $APP_NAME APP_HOST $APP_HOST cf set-env $APP_NAME RAILS_MASTER_KEY $RAILS_MASTER_KEY cf set-env $APP_NAME OS_DATA_KEY $OS_DATA_KEY cf set-env $APP_NAME IMPORT_PAAS_INSTANCE $IMPORT_PAAS_INSTANCE cf set-env $APP_NAME EXPORT_PAAS_INSTANCE $EXPORT_PAAS_INSTANCE cf set-env $APP_NAME S3_CONFIG $S3_CONFIG cf set-env $APP_NAME CSV_DOWNLOAD_PAAS_INSTANCE $CSV_DOWNLOAD_PAAS_INSTANCE cf set-env $APP_NAME SENTRY_DSN $SENTRY_DSN cf push $APP_NAME --strategy rolling aws_deploy: name: AWS Deploy if: github.ref == 'refs/heads/main' needs: [lint, test, feature_test, audit] uses: ./.github/workflows/aws_deploy.yml with: aws_account_id: 977287343304 aws_resource_prefix: core-prod environment: production release_tag: ${{ needs.test.outputs.releasetag }} permissions: id-token: write