Skip to content

[CRIMAPP-1553] replace MoJ task list with Govuk one #5359

[CRIMAPP-1553] replace MoJ task list with Govuk one

[CRIMAPP-1553] replace MoJ task list with Govuk one #5359

name: CI and CD
on:
pull_request:
push:
branches:
- main
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
test:
runs-on: ubuntu-latest
env:
RACK_ENV: test
RAILS_ENV: test
DATABASE_URL: "postgresql://postgres:postgres@127.0.0.1/laa-apply-for-criminal-legal-aid-test"
services:
postgres:
image: postgres:15.2-alpine
env:
POSTGRES_DB: laa-apply-for-criminal-legal-aid-test
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
ports:
- 5432:5432
options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Ruby and install gems
uses: ruby/setup-ruby@v1
with:
bundler-cache: true
- name: Find yarn cache location
id: yarn-cache-dir-path
run: echo "dir=$(yarn cache dir)" >> $GITHUB_OUTPUT
- name: JS package cache
uses: actions/cache@v4
id: yarn-cache
with:
path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }}
restore-keys: |
${{ runner.os }}-yarn-
- name: Install packages with yarn
run: yarn install --frozen-lockfile --ignore-scripts
- name: Precompile assets
run: bin/rails assets:precompile
- name: Setup test database
run: bin/rails db:prepare
- name: Run linters and tests
run: bundle exec rake
- name: Upload rspec coverage (if failure)
if: failure()
uses: actions/upload-artifact@v4
with:
name: rspec-coverage
path: coverage/*
build:
runs-on: ubuntu-latest
needs: test
if: github.ref == 'refs/heads/main'
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
outputs:
ecr_url: ${{ steps.ecr-url-output.outputs.ecr_url }}
steps:
- name: Checkout
uses: actions/checkout@v4
# Assume role in Cloud Platform
- uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.ECR_ROLE_TO_ASSUME }}
aws-region: ${{ vars.ECR_REGION }}
# Login to container repository
- uses: aws-actions/amazon-ecr-login@v2
id: login-ecr
- name: Store ECR endpoint as output
id: ecr-url-output
run: echo "ecr_url=${{ steps.login-ecr.outputs.registry }}/${{ vars.ECR_REPOSITORY }}" >> $GITHUB_OUTPUT
- name: Store current date
run: echo "BUILD_DATE=$(date +%Y%m%d%H%M)" >> $GITHUB_ENV
- name: Build
run: |
docker build \
--label build.git.sha=${{ github.sha }} \
--label build.git.branch=${{ github.ref }} \
--label build.date=${{ env.BUILD_DATE }} \
--build-arg APP_BUILD_DATE=${{ env.BUILD_DATE }} \
--build-arg APP_BUILD_TAG=${{ github.ref }} \
--build-arg APP_GIT_COMMIT=${{ github.sha }} \
-t app .
- name: Push to ECR
id: ecr
env:
ECR_URL: ${{ steps.ecr-url-output.outputs.ecr_url }}
run: |
docker tag app $ECR_URL:${{ github.sha }}
docker tag app $ECR_URL:staging.latest
docker push $ECR_URL:${{ github.sha }}
docker push $ECR_URL:staging.latest
deploy-staging:
runs-on: ubuntu-latest
needs: build
environment: staging
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Deploy staging
uses: ./.github/actions/deploy
with:
environment-name: staging
git-crypt-key: ${{ secrets.GIT_CRYPT_KEY }}
ecr-url: ${{ needs.build.outputs.ecr_url }}
kube-cert: ${{ secrets.KUBE_STAGING_CERT }}
kube-token: ${{ secrets.KUBE_STAGING_TOKEN }}
kube-cluster: ${{ secrets.KUBE_STAGING_CLUSTER }}
kube-namespace: ${{ secrets.KUBE_STAGING_NAMESPACE }}
deploy-production:
runs-on: ubuntu-latest
needs: [build, deploy-staging]
environment: production
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Deploy production
uses: ./.github/actions/deploy
with:
environment-name: production
git-crypt-key: ${{ secrets.GIT_CRYPT_KEY }}
ecr-url: ${{ needs.build.outputs.ecr_url }}
kube-cert: ${{ secrets.KUBE_PRODUCTION_CERT }}
kube-token: ${{ secrets.KUBE_PRODUCTION_TOKEN }}
kube-cluster: ${{ secrets.KUBE_PRODUCTION_CLUSTER }}
kube-namespace: ${{ secrets.KUBE_PRODUCTION_NAMESPACE }}