darkhelm/notifications-admin
1
0
Fork 0
mirror of https://github.com/GSA/notifications-admin.git synced 2025-12-12 08:03:20 -05:00
Code Issues Packages Projects Releases Wiki Activity

Setup github workflows for new spaces

Browse Source
This commit is contained in:
Ryan Ahearn
2022-11-02 15:31:01 -04:00
parent 43201f37fa
commit bdc38b2e72
8 changed files with 178 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

68
.github/workflows/deploy-demo.yml vendored Normal file
View File

@@ -0,0 +1,68 @@
name: Deploy to demo environment
on:
push:
branches: [ production ]
permissions:
contents: read
jobs:
deploy:
runs-on: ubuntu-latest
environment: demo
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 2
- name: Check for changes to Terraform
id: changed-terraform-files
uses: tj-actions/changed-files@v1.1.2
with:
files: terraform/demo
- name: Terraform init
if: steps.changed-terraform-files.outputs.any_changed == 'true'
working-directory: terraform/demo
env:
AWS_ACCESS_KEY_ID: ${{ secrets.TERRAFORM_STATE_ACCESS_KEY }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.TERRAFORM_STATE_SECRET_ACCESS_KEY }}
run: terraform init
- name: Terraform apply
if: steps.changed-terraform-files.outputs.any_changed == 'true'
working-directory: terraform/demo
env:
AWS_ACCESS_KEY_ID: ${{ secrets.TERRAFORM_STATE_ACCESS_KEY }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.TERRAFORM_STATE_SECRET_ACCESS_KEY }}
TF_VAR_cf_user: ${{ secrets.CLOUDGOV_USERNAME }}
TF_VAR_cf_password: ${{ secrets.CLOUDGOV_PASSWORD }}
run: terraform apply -auto-approve -input=false
- uses: ./.github/actions/setup-project
- name: Deploy to cloud.gov
uses: 18f/cg-deploy-action@main
env:
DANGEROUS_SALT: ${{ secrets.DANGEROUS_SALT }}
SECRET_KEY: ${{ secrets.SECRET_KEY }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
ADMIN_CLIENT_SECRET: ${{ secrets.ADMIN_CLIENT_SECRET }}
BASIC_AUTH_PASSWORD: ${{ secrets.BASIC_AUTH_PASSWORD }}
REDIS_ENABLED: ${{ secrets.REDIS_ENABLED }}
with:
cf_username: ${{ secrets.CLOUDGOV_USERNAME }}
cf_password: ${{ secrets.CLOUDGOV_PASSWORD }}
cf_org: gsa-tts-benefits-studio-prototyping
cf_space: notify-demo
push_arguments: >-
--vars-file deploy-config/staging.yml
--var DANGEROUS_SALT="$DANGEROUS_SALT"
--var SECRET_KEY="$SECRET_KEY"
--var AWS_ACCESS_KEY_ID="$AWS_ACCESS_KEY_ID"
--var AWS_SECRET_ACCESS_KEY="$AWS_SECRET_ACCESS_KEY"
--var REDIS_ENABLED="$REDIS_ENABLED"
--var ADMIN_CLIENT_USERNAME="notify-admin"
--var ADMIN_CLIENT_SECRET="$ADMIN_CLIENT_SECRET"
--var BASIC_AUTH_USERNAME="curiousabout"
--var BASIC_AUTH_PASSWORD="$BASIC_AUTH_PASSWORD"

31
.github/workflows/deploy.yml vendored
View File

@@ -15,13 +15,8 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
if: ${{ github.event.workflow_run.conclusion == 'success' }} if: ${{ github.event.workflow_run.conclusion == 'success' }}
environment: staging
steps: steps:
- name: Install container dependencies
run: |
sudo apt-get update \
&& sudo apt-get install -y --no-install-recommends \
libcurl4-openssl-dev
- uses: actions/checkout@v3 - uses: actions/checkout@v3
with: with:
fetch-depth: 2 fetch-depth: 2
@@ -48,31 +43,25 @@ jobs:
TF_VAR_cf_password: ${{ secrets.CLOUDGOV_PASSWORD }} TF_VAR_cf_password: ${{ secrets.CLOUDGOV_PASSWORD }}
run: terraform apply -auto-approve -input=false run: terraform apply -auto-approve -input=false
- name: Set up Python 3.9 - uses: ./.github/actions/setup-project
uses: actions/setup-python@v3
with:
python-version: "3.9"
- name: Install application dependencies
run: make bootstrap
- name: Deploy to cloud.gov - name: Deploy to cloud.gov
uses: 18f/cg-deploy-action@main uses: 18f/cg-deploy-action@main
env: env:
DANGEROUS_SALT: ${{ secrets.PROD_DANGEROUS_SALT }} DANGEROUS_SALT: ${{ secrets.DANGEROUS_SALT }}
SECRET_KEY: ${{ secrets.PROD_SECRET_KEY }} SECRET_KEY: ${{ secrets.SECRET_KEY }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
ADMIN_CLIENT_SECRET: ${{ secrets.PROD_ADMIN_CLIENT_SECRET }} ADMIN_CLIENT_SECRET: ${{ secrets.ADMIN_CLIENT_SECRET }}
BASIC_AUTH_PASSWORD: ${{ secrets.BASIC_AUTH_PASSWORD }} BASIC_AUTH_PASSWORD: ${{ secrets.BASIC_AUTH_PASSWORD }}
REDIS_ENABLED: ${{ secrets.REDIS_ENABLED }} REDIS_ENABLED: ${{ secrets.REDIS_ENABLED }}
with: with:
cf_username: ${{ secrets.CLOUDGOV_USERNAME }} cf_username: ${{ secrets.CLOUDGOV_USERNAME }}
cf_password: ${{ secrets.CLOUDGOV_PASSWORD }} cf_password: ${{ secrets.CLOUDGOV_PASSWORD }}
cf_org: gsa-10x-prototyping cf_org: gsa-tts-benefits-studio-prototyping
cf_space: 10x-notifications cf_space: notify-staging
push_arguments: >- push_arguments: >-
--var env=staging --vars-file deploy-config/staging.yml
--var DANGEROUS_SALT="$DANGEROUS_SALT" --var DANGEROUS_SALT="$DANGEROUS_SALT"
--var SECRET_KEY="$SECRET_KEY" --var SECRET_KEY="$SECRET_KEY"
--var AWS_ACCESS_KEY_ID="$AWS_ACCESS_KEY_ID" --var AWS_ACCESS_KEY_ID="$AWS_ACCESS_KEY_ID"
@@ -87,4 +76,6 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
if: ${{ github.event.workflow_run.conclusion == 'failure' }} if: ${{ github.event.workflow_run.conclusion == 'failure' }}
steps: steps:
- run: echo 'Checks failed, not deploying' - uses: actions/github-script@v6
with:
script: core.setFailed('Checks failed, not deploying')

79
.github/workflows/terraform-demo.yml vendored Normal file
View File

@@ -0,0 +1,79 @@
name: Run Terraform plan in demo
on:
pull_request:
branches: [ production ]
paths: [ 'terraform/**' ]
defaults:
run:
working-directory: terraform/demo
jobs:
terraform:
name: Terraform plan
runs-on: ubuntu-latest
environment: demo
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Terraform format
id: format
run: terraform fmt -check
- name: Terraform init
id: init
env:
AWS_ACCESS_KEY_ID: ${{ secrets.TERRAFORM_STATE_ACCESS_KEY }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.TERRAFORM_STATE_SECRET_ACCESS_KEY }}
run: terraform init
- name: Terraform validate
id: validation
run: terraform validate -no-color
- name: Terraform plan
id: plan
env:
AWS_ACCESS_KEY_ID: ${{ secrets.TERRAFORM_STATE_ACCESS_KEY }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.TERRAFORM_STATE_SECRET_ACCESS_KEY }}
TF_VAR_cf_user: ${{ secrets.CLOUDGOV_USERNAME }}
TF_VAR_cf_password: ${{ secrets.CLOUDGOV_PASSWORD }}
run: terraform plan -no-color -input=false 2>&1 | tee plan_output.txt
- name: Read Terraform plan output file
id: terraform_output
uses: juliangruber/read-file-action@v1
if: ${{ always() }}
with:
path: ./terraform/demo/plan_output.txt
# inspiration: https://learn.hashicorp.com/tutorials/terraform/github-actions#review-actions-workflow
- name: Update PR
uses: actions/github-script@v6
# we would like to update the PR even when a prior step failed
if: ${{ always() }}
with:
script: |
const output = `Terraform Format and Style: ${{ steps.format.outcome }}
Terraform Initialization: ${{ steps.init.outcome }}
Terraform Validation: ${{ steps.validation.outcome }}
Terraform Plan: ${{ steps.plan.outcome }}
<details><summary>Show Plan</summary>
\`\`\`\n
${{ steps.terraform_output.outputs.content }}
\`\`\`
</details>
*Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`;
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: output
})

10
.github/workflows/terraform-production.yml vendored
View File

@@ -2,7 +2,7 @@ name: Run Terraform plan in production
on: on:
pull_request: pull_request:
branches: [ production ] branches: [ production-disabled-for-now ]
paths: [ 'terraform/**' ] paths: [ 'terraform/**' ]
defaults: defaults:
@@ -38,8 +38,8 @@ jobs:
env: env:
AWS_ACCESS_KEY_ID: ${{ secrets.TERRAFORM_STATE_ACCESS_KEY }} AWS_ACCESS_KEY_ID: ${{ secrets.TERRAFORM_STATE_ACCESS_KEY }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.TERRAFORM_STATE_SECRET_ACCESS_KEY }} AWS_SECRET_ACCESS_KEY: ${{ secrets.TERRAFORM_STATE_SECRET_ACCESS_KEY }}
TF_VAR_cf_user: ${{ secrets.CF_USERNAME }} TF_VAR_cf_user: ${{ secrets.CLOUDGOV_USERNAME }}
TF_VAR_cf_password: ${{ secrets.CF_PASSWORD }} TF_VAR_cf_password: ${{ secrets.CLOUDGOV_PASSWORD }}
run: terraform plan -no-color -input=false 2>&1 | tee plan_output.txt run: terraform plan -no-color -input=false 2>&1 | tee plan_output.txt
- name: Read Terraform plan output file - name: Read Terraform plan output file
@@ -51,7 +51,7 @@ jobs:
# inspiration: https://learn.hashicorp.com/tutorials/terraform/github-actions#review-actions-workflow # inspiration: https://learn.hashicorp.com/tutorials/terraform/github-actions#review-actions-workflow
- name: Update PR - name: Update PR
uses: actions/github-script@v4 uses: actions/github-script@v6
# we would like to update the PR even when a prior step failed # we would like to update the PR even when a prior step failed
if: ${{ always() }} if: ${{ always() }}
with: with:
@@ -71,7 +71,7 @@ jobs:
*Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`; *Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`;
github.issues.createComment({ github.rest.issues.createComment({
issue_number: context.issue.number, issue_number: context.issue.number,
owner: context.repo.owner, owner: context.repo.owner,
repo: context.repo.repo, repo: context.repo.repo,

5
.github/workflows/terraform-staging.yml vendored
View File

@@ -13,6 +13,7 @@ jobs:
terraform: terraform:
name: Terraform plan name: Terraform plan
runs-on: ubuntu-latest runs-on: ubuntu-latest
environment: staging
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v2 uses: actions/checkout@v2
@@ -50,7 +51,7 @@ jobs:
# inspiration: https://learn.hashicorp.com/tutorials/terraform/github-actions#review-actions-workflow # inspiration: https://learn.hashicorp.com/tutorials/terraform/github-actions#review-actions-workflow
- name: Update PR - name: Update PR
uses: actions/github-script@v4 uses: actions/github-script@v6
# we would like to update the PR even when a prior step failed # we would like to update the PR even when a prior step failed
if: ${{ always() }} if: ${{ always() }}
with: with:
@@ -70,7 +71,7 @@ jobs:
*Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`; *Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`;
github.issues.createComment({ github.rest.issues.createComment({
issue_number: context.issue.number, issue_number: context.issue.number,
owner: context.repo.owner, owner: context.repo.owner,
repo: context.repo.repo, repo: context.repo.repo,

4
deploy-config/demo.yml Normal file
View File

@@ -0,0 +1,4 @@
env: demo
instances: 1
memory: 1G
public_admin_route: notify-demo.app.cloud.gov

4
deploy-config/production.yml Normal file
View File

@@ -0,0 +1,4 @@
env: production
instances: 2
memory: 1G
public_admin_route: notify.app.cloud.gov

4
deploy-config/staging.yml Normal file
View File

@@ -0,0 +1,4 @@
env: staging
instances: 1
memory: 1G
public_admin_route: notify-staging.app.cloud.gov