diff --git a/.circleci/config.yml b/.circleci/config.yml deleted file mode 100644 index 49bcca585c..0000000000 --- a/.circleci/config.yml +++ /dev/null @@ -1,411 +0,0 @@ -version: 2.1 - -orbs: - slack: circleci/slack@3.4.2 - aws-cli: circleci/aws-cli@4.0.0 # use v4 of this orb - aws-ecr: circleci/aws-ecr@8.2.1 # this orb doesn't support OIDC v2, so we use aws-cli to authenticate - -executors: - machine_executor: - machine: - image: default - -references: - defaults: &defaults - working_directory: ~/track-a-query - -# Sets up the docker images and environment variables that we use - test_container_config: &test_container_config - docker: - - image: cimg/ruby:3.1.4-browsers - environment: - GITHUB_TEAM_NAME_SLUG: correspondence - APPLICATION_DEPLOY_NAME: Track-a-query - RAILS_ENV: test - RACK_ENV: test - PGHOST: 127.0.0.1 - PGUSER: postgres - POSTGRES_DB: correspondence_platform_test - - - image: cimg/postgres:12.15 - environment: - POSTGRES_USER: postgres - POSTGRES_DB: correspondence_platform_test - - deploy_container_config: &deploy_container_config - docker: - - image: ministryofjustice/cloud-platform-tools:2.7.0 - - install_psql: &install_psql - run: - name: Install psql client - command: | - sudo apt update && sudo apt install postgresql-client - - update_chrome: &update_chrome - run: - name: Update chrome - command: | - sudo curl https://dl-ssl.google.com/linux/linux_signing_key.pub | sudo apt-key add - - sudo sh -c 'echo "deb http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google.list' - sudo apt-get update - sudo apt-get install -y google-chrome-stable - - install_expect: &install_expect - run: - name: Install Expect - command: | - apk add \ - --no-cache \ - --no-progress \ - expect - - install_bundler: &install_bundler - run: - name: Install bundler - command: | - gem install bundler -v 2.4.19 - - restore_cache: &restore_cache - restore_cache: - keys: - - correspondence-tool-staff-{{ checksum "Gemfile.lock" }} - # fallback to using the latest cache if no exact match is found - - correspondence-tool-staff- - - install_dependencies: &install_dependencies - run: - name: Install dependencies - command: | - sudo apt-get update - sudo apt-get install bc - if [ "${CIRCLE_NODE_INDEX}" == "0" ]; then - bundle config deployment true - bundle check || bundle install && bundle clean - yarn install --frozen-lockfile --ignore-scripts - fi - - save_cache: &save_cache - save_cache: - key: correspondence-tool-staff-{{ checksum "Gemfile.lock" }} - paths: - - vendor/bundle - - wait_for_db: &wait_for_db - run: - name: Wait for DB - command: dockerize -wait tcp://localhost:5432 -timeout 1m - - set_up_the_database: &set_up_the_database - run: - name: Set up the database - command: | - bundle exec rake db:setup - - rubocop: &rubocop - run: - name: Run rubocop - command: bundle exec rubocop - - brakeman: &brakeman - run: - name: Run Brakeman - command: bundle exec brakeman - - run_unit_and_feature_tests: &run_unit_and_feature_tests - run: - name: Run unit and feature tests - command: | - export PARALLEL_TEST_PROCESSORS=8 - export COVERAGE=1 - bundle exec rake parallel:create - bundle exec rake parallel:prepare - bundle exec rake parallel:spec - - store_coverage: &store_coverage - store_artifacts: - path: coverage - - check_coverage: &check_coverage - run: - name: Check test coverage - command: | - limit=92 # Coverage percentage below this number will cause the build to fail - coverage=$(grep -o '"line":.*' coverage/.last_run.json | cut -d" " -f2-) - echo "Details of test coverage is available from the Artifacts tab" - echo "Tests cover $coverage% of code" - if (( $(echo "$coverage < $limit" | bc -l) )); then - echo "This is under the target of $limit%" - exit 1 - fi - - aws_setup: &aws_setup - # Authenticate to AWS using OIDC v2 with the AWS CLI - aws-cli/setup: - role_arn: $ECR_ROLE_TO_ASSUME - region: $ECR_REGION - - ecr_login: &ecr_login - run: - name: Authenticate to the ECR repository - command: | - aws ecr get-login-password --region $ECR_REGION | docker login --username AWS --password-stdin ${AWS_ECR_REGISTRY_ID}.dkr.ecr.${ECR_REGION}.amazonaws.com - - configure_build_tag: &configure_build_tag - run: - name: Create build tag - command: | - prefix="ct" - short_version=$(git rev-parse --short $CIRCLE_BRANCH) - branch=$(echo $CIRCLE_BRANCH | sed -r 's/[\/]+/-/g') # replace / with - - build_tag=$prefix-$branch-$short_version - - echo "export BUILD_TAG=$build_tag" >> $BASH_ENV - source $BASH_ENV - - mkdir -p workspace - echo $BUILD_TAG > workspace/build_tag - - build_and_push_image: &build_and_push_image - aws-ecr/build-image: - push-image: true - tag: $BUILD_TAG - region: $ECR_REGION - repo: $ECR_REPOSITORY - extra-build-args: | - --build-arg BUILD_DATE=$(date +%Y-%m-%dT%H:%M:%S%z) \ - --build-arg COMMIT_ID=$CIRCLE_SHA1 \ - --build-arg BUILD_TAG=$BUILD_TAG \ - - deploy_to_development: &deploy_to_development - run: - name: Deploy to Development environment - command: | - build_tag=`cat /tmp/workspace/build_tag` - ./deploy.sh $build_tag development circleci - echo "export BUILD_TAG=${build_tag}" >> $BASH_ENV - source $BASH_ENV - - deploy_to_qa: &deploy_to_qa - run: - name: Deploy to QA environment - command: | - build_tag=`cat /tmp/workspace/build_tag` - ./deploy.sh $build_tag qa circleci - echo "export BUILD_TAG=${build_tag}" >> $BASH_ENV - source $BASH_ENV - - deploy_to_staging: &deploy_to_staging - run: - name: Deploy to Staging environment - command: | - build_tag=`cat /tmp/workspace/build_tag` - ./deploy.sh $build_tag staging circleci - echo "export BUILD_TAG=${build_tag}" >> $BASH_ENV - source $BASH_ENV - - deploy_to_production: &deploy_to_production - run: - name: Deploy to production environment - command: | - build_tag=`cat /tmp/workspace/build_tag` - ./deploy.sh $build_tag production circleci - echo "export BUILD_TAG=${build_tag}" >> $BASH_ENV - source $BASH_ENV - -jobs: - build_and_test: - <<: *test_container_config - <<: *defaults - resource_class: xlarge - steps: - - checkout - - *restore_cache - - *install_bundler - - *install_psql - - *install_dependencies - - *save_cache - - *rubocop - - *brakeman - - *wait_for_db - - *set_up_the_database - - *update_chrome - - *run_unit_and_feature_tests - - *store_coverage - - *check_coverage - - build_branch_and_push_to_ecr: - executor: machine_executor - <<: *defaults - steps: - - checkout - - attach_workspace: - at: /tmp/workspace - - *aws_setup - - *ecr_login - - *configure_build_tag - - *build_and_push_image - - persist_to_workspace: - root: workspace - paths: - - build_tag - - build_main_and_push_to_ecr: - executor: machine_executor - <<: *defaults - steps: - - checkout - - attach_workspace: - at: /tmp/workspace - - *aws_setup - - *ecr_login - - *configure_build_tag - - *build_and_push_image - - persist_to_workspace: - root: workspace - paths: - - build_tag - - development_deployment_tasks: &do_development_deployment_tasks - <<: *deploy_container_config - <<: *defaults - steps: - - checkout - - attach_workspace: - at: /tmp/workspace - - *install_expect - - *deploy_to_development - - slack/notify: - color: '#1d990c' - message: '${CIRCLE_USERNAME} deployed *${BUILD_TAG}* to *Development*' - webhook: ${SLACK_WEBHOOK_CT} - - - - deploy_branch_to_dev: *do_development_deployment_tasks - deploy_main_to_dev: *do_development_deployment_tasks - - staging_deployment_tasks: &do_staging_deployment_tasks - <<: *deploy_container_config - <<: *defaults - steps: - - checkout - - attach_workspace: - at: /tmp/workspace - - *install_expect - - *deploy_to_staging - - slack/notify: - color: '#1d990c' - message: '${CIRCLE_USERNAME} deployed *${BUILD_TAG}* to *Staging*' - webhook: ${SLACK_WEBHOOK_CT} - - deploy_branch_to_staging: *do_staging_deployment_tasks - deploy_main_to_staging: *do_staging_deployment_tasks - - qa_deployment_tasks: &do_qa_deployment_tasks - <<: *deploy_container_config - <<: *defaults - steps: - - checkout - - attach_workspace: - at: /tmp/workspace - - *install_expect - - *deploy_to_qa - - slack/notify: - color: '#1d990c' - message: '${CIRCLE_USERNAME} deployed *${BUILD_TAG}* to *QA*' - webhook: ${SLACK_WEBHOOK_CT} - - deploy_branch_to_qa: *do_qa_deployment_tasks - deploy_main_to_qa: *do_qa_deployment_tasks - - deploy_main_to_production: - <<: *deploy_container_config - <<: *defaults - steps: - - checkout - - attach_workspace: - at: /tmp/workspace - - *install_expect - - *deploy_to_production - - slack/notify: - color: '#1d990c' - mentions: 'staff-tools-team' - message: '${CIRCLE_USERNAME} deployed *${BUILD_TAG}* to *Production*' - webhook: ${SLACK_WEBHOOK_SS_CIRCLECI} - - slack/notify: - color: '#1d990c' - message: '${CIRCLE_USERNAME} deployed *${BUILD_TAG}* to *Production*' - webhook: ${SLACK_WEBHOOK_CT} - -workflows: - version: 2 - - build_and_deploy_main: - jobs: - - build_and_test: - filters: - branches: - only: main - - build_main_and_push_to_ecr: - requires: - - build_and_test - - deploy_main_to_dev: - requires: - - build_main_and_push_to_ecr - - deploy_main_to_staging_approval: - type: approval - requires: - - deploy_main_to_dev - - deploy_main_to_staging: - requires: - - deploy_main_to_staging_approval - - deploy_main_to_production_approval: - type: approval - requires: - - deploy_main_to_staging - - deploy_main_to_production: - requires: - - deploy_main_to_production_approval - - deploy_main_to_qa_approval: - type: approval - requires: - - build_main_and_push_to_ecr - - deploy_main_to_qa: - requires: - - deploy_main_to_qa_approval - - build_and_deploy_branch: - jobs: - - build_and_test: - filters: - branches: - ignore: main - - build_branch_and_push_to_ecr_approval: - type: approval - requires: - - build_and_test - - build_branch_and_push_to_ecr: - requires: - - build_branch_and_push_to_ecr_approval - - deploy_branch_to_dev_approval: - type: approval - requires: - - build_branch_and_push_to_ecr - - deploy_branch_to_dev: - requires: - - deploy_branch_to_dev_approval - - deploy_branch_to_staging_approval: - type: approval - requires: - - build_branch_and_push_to_ecr - - deploy_branch_to_staging: - requires: - - deploy_branch_to_staging_approval - - deploy_branch_to_qa_approval: - type: approval - requires: - - build_branch_and_push_to_ecr - - deploy_branch_to_qa: - requires: - - deploy_branch_to_qa_approval diff --git a/build.sh b/build.sh deleted file mode 100755 index 561076ef34..0000000000 --- a/build.sh +++ /dev/null @@ -1,99 +0,0 @@ -#!/bin/sh - -# exit when any command fails -set -e - -p() { - printf "\e[33m$1\e[0m\n" -} - -function _build() { - - # 1. Define variables for use in the script - team_name=correspondence - ecr_repo_name=track-a-query-ecr - component=track-a-query - - region='eu-west-2' - aws_profile='ecr-live' - - git_remote_url="https://github.com/ministryofjustice/correspondence_tool_staff.git"; - docker_endpoint=754256621582.dkr.ecr.eu-west-2.amazonaws.com - docker_registry=${docker_endpoint}/${team_name}/${ecr_repo_name} - - current_branch=$(git branch | grep \* | cut -d ' ' -f2) - current_version=$(git rev-parse $current_branch) - short_version=$(git rev-parse --short $current_branch) - - docker_build_tag=cts-${current_branch}-${short_version} - export BUILD_TAG=${docker_build_tag} - docker_registry_tag=${docker_registry}:${docker_build_tag} - - # 2. Display status message - include warning if the working copy is not clean - p "------------------------------------------------------------------------" - p "Building Track a Query image for deployment" - p "Git repository: $git_remote_url" - p "Build tag: $docker_build_tag" - p "Branch: $current_branch" - p "Registry tag: $docker_registry_tag" - - if [ -z "$(git status --porcelain)" ]; then - p "Deploying from a clean working directory..." - else - p "\e[31mWarning! Working directory contains new or modified files...\e[0m\n" - git status --porcelain - fi - p "------------------------------------------------------------------------" - - # 3. Get a logged in context so we can push images to the ECR - p "Docker login to registry (ECR)..." - # $(aws ecr --profile "$aws_profile" get-login --no-include-email --region "$region" --profile "$aws_profile") - docker login -u AWS -p $(aws ecr get-login-password --profile "$aws_profile" --region "$region") $docker_endpoint - # 4. Compose the URL for the remote git object we'll use as the Docker build context - p "Using git repository as Docker context" - git_fetch_url=$git_remote_url#$current_version - - # 5. Ensure the current checked out commit is the head of the current branch - if [ $(git rev-parse HEAD) == $(git rev-parse @{u}) ] || [ $1 == 'circleci' ] - then - p "Building app container image from git using $short_version" - else - p "\e[31mFatal error: Local git branch is out of sync with origin\e[0m" - p "\e[31mExiting... run git push to sync changes\e[0m\n" - return 1; - fi - - # 6. Build the image using the application's docker file and the git build context above - docker build \ - --build-arg VERSION_NUMBER=$docker_registry_tag \ - --build-arg BUILD_DATE=$(date +%Y-%m-%dT%H:%M:%S%z) \ - --build-arg COMMIT_ID=$current_version \ - --build-arg BUILD_TAG=$docker_build_tag \ - --pull \ - --tag ${docker_registry_tag} \ - --file ./Dockerfile \ - $git_fetch_url - - # 7. Tag and push the image to the ECR - p "Beginning push to ECR..." - docker push ${docker_registry_tag} - - if [[ $current_branch == "main" ]] - then - p "...and tagging main as latest for Cron jobs that don't know tag hashes on spin up" - latest_tag=${docker_registry}:${component}-latest - p $latest_tag - docker tag $docker_registry_tag $latest_tag - docker push $latest_tag - p "Push latest tag complete" - fi - - - p "...push to ECR complete" - - # 8. Display the tag to use for deployment - p "Pushed to ${docker_registry_tag}" - p "Image created with unique tag: \e[32m$docker_build_tag\e[0m\n" -} - -_build $@ diff --git a/config/docker/entrypoint-webapp.sh b/config/docker/entrypoint-webapp.sh index 7d1f96497d..e7b17bf997 100755 --- a/config/docker/entrypoint-webapp.sh +++ b/config/docker/entrypoint-webapp.sh @@ -1,11 +1,6 @@ #!/bin/sh set +ex -# Make these available via Settings in the app -export SETTINGS__GIT_COMMIT="$APP_GIT_COMMIT" -export SETTINGS__BUILD_DATE="$APP_BUILD_DATE" -export SETTINGS__GIT_SOURCE="$APP_BUILD_TAG" - set -ex printf '\e[33mINFO: Launching Puma\e[0m\n'