diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 915c9cd3a2..04a77d58d7 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -1,12 +1,15 @@ name: Deploy Workflow on: - workflow_dispatch: workflow_call: env: PREFIX: "ct-staff" SHA: ${{ github.event.pull_request.head.sha || github.sha }} + KUBE_NAMESPACE: ${{ secrets.KUBE_NAMESPACE }} + KUBE_CERT: ${{ secrets.KUBE_CERT }} + KUBE_TOKEN: ${{ secrets.KUBE_TOKEN }} + KUBE_CLUSTER: ${{ secrets.KUBE_CLUSTER }} concurrency: group: deploy-${{ github.ref }} @@ -16,6 +19,9 @@ jobs: build: runs-on: ubuntu-latest + outputs: + build_tag: ${{ steps.vars.outputs.build_tag }} + permissions: id-token: write # This is required for requesting the JWT contents: read # This is required for actions/checkout @@ -56,7 +62,6 @@ jobs: - name: Push to ECR run: docker push ${{ vars.ECR_URL }}:$SHA - deploy-development: runs-on: ubuntu-latest needs: build @@ -66,9 +71,6 @@ jobs: id-token: write # This is required for requesting the JWT contents: read # This is required for actions/checkout - env: - KUBE_NAMESPACE: ${{ secrets.KUBE_NAMESPACE }} - steps: - name: Checkout uses: actions/checkout@v4 @@ -83,14 +85,6 @@ jobs: uses: aws-actions/amazon-ecr-login@v2 id: login-ec - - name: Store build tag - id: vars - run: | - branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}} - short_sha=$(git rev-parse --short $SHA) - build_tag=$PREFIX-$branch-$short_sha - echo "build_tag=$build_tag" >> $GITHUB_OUTPUT - - name: Tag build and push to ECR run: | docker pull ${{ vars.ECR_URL }}:$SHA @@ -98,10 +92,6 @@ jobs: docker push ${{ vars.ECR_URL }}:development.latest - name: Authenticate to the cluster - env: - KUBE_CERT: ${{ secrets.KUBE_CERT }} - KUBE_TOKEN: ${{ secrets.KUBE_TOKEN }} - KUBE_CLUSTER: ${{ secrets.KUBE_CLUSTER }} run: | echo "${KUBE_CERT}" > ca.crt kubectl config set-cluster ${KUBE_CLUSTER} --certificate-authority=./ca.crt --server=https://${KUBE_CLUSTER} @@ -127,35 +117,14 @@ jobs: kubectl set image -n ${KUBE_NAMESPACE} cronjobs/close-expired-rejected-offender-sars \ jobs="${{ vars.ECR_URL }}:$SHA" - - name: Send deploy notification to product Slack channel - uses: slackapi/slack-github-action@v1.25.0 - with: - payload: | - { - "attachments": [ - { - "color": "#1d990c", - "text": "${{ github.actor }} deployed *${{ steps.vars.outputs.build_tag }}* to *Development*", - "fields": [ - { - "title": "Project", - "value": "Correspondence Tool Staff", - "short": true - } - ], - "actions": [ - { - "text": "Visit Job", - "type": "button", - "url": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" - } - ] - } - ] - } - env: - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} - SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK + notify-development: + needs: [build, deploy-development] + uses: ./.github/workflows/notification.yml + secrets: + webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }} + with: + build_tag: ${{ needs.build.outputs.build_tag }} + environment: Development deploy-staging: runs-on: ubuntu-latest @@ -166,9 +135,6 @@ jobs: id-token: write # This is required for requesting the JWT contents: read # This is required for actions/checkout - env: - KUBE_NAMESPACE: ${{ secrets.KUBE_NAMESPACE }} - steps: - name: Checkout uses: actions/checkout@v4 @@ -183,14 +149,6 @@ jobs: uses: aws-actions/amazon-ecr-login@v2 id: login-ec - - name: Store build tag - id: vars - run: | - branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}} - short_sha=$(git rev-parse --short $SHA) - build_tag=$PREFIX-$branch-$short_sha - echo "build_tag=$build_tag" >> $GITHUB_OUTPUT - - name: Tag build and push to ECR run: | docker pull ${{ vars.ECR_URL }}:$SHA @@ -198,10 +156,6 @@ jobs: docker push ${{ vars.ECR_URL }}:staging.latest - name: Authenticate to the cluster - env: - KUBE_CERT: ${{ secrets.KUBE_CERT }} - KUBE_TOKEN: ${{ secrets.KUBE_TOKEN }} - KUBE_CLUSTER: ${{ secrets.KUBE_CLUSTER }} run: | echo "${KUBE_CERT}" > ca.crt kubectl config set-cluster ${KUBE_CLUSTER} --certificate-authority=./ca.crt --server=https://${KUBE_CLUSTER} @@ -227,35 +181,14 @@ jobs: kubectl set image -n ${KUBE_NAMESPACE} cronjobs/close-expired-rejected-offender-sars \ jobs="${{ vars.ECR_URL }}:$SHA" - - name: Send deploy notification to product Slack channel - uses: slackapi/slack-github-action@v1.25.0 - with: - payload: | - { - "attachments": [ - { - "color": "#1d990c", - "text": "${{ github.actor }} deployed *${{ steps.vars.outputs.build_tag }}* to *Staging*", - "fields": [ - { - "title": "Project", - "value": "Correspondence Tool Staff", - "short": true - } - ], - "actions": [ - { - "text": "Visit Job", - "type": "button", - "url": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" - } - ] - } - ] - } - env: - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} - SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK + notify-staging: + needs: [build, deploy-staging] + uses: ./.github/workflows/notification.yml + secrets: + webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }} + with: + build_tag: ${{ needs.build.outputs.build_tag }} + environment: Staging deploy-qa: runs-on: ubuntu-latest @@ -266,9 +199,6 @@ jobs: id-token: write # This is required for requesting the JWT contents: read # This is required for actions/checkout - env: - KUBE_NAMESPACE: ${{ secrets.KUBE_NAMESPACE }} - steps: - name: Checkout uses: actions/checkout@v4 @@ -283,14 +213,6 @@ jobs: uses: aws-actions/amazon-ecr-login@v2 id: login-ec - - name: Store build tag - id: vars - run: | - branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}} - short_sha=$(git rev-parse --short $SHA) - build_tag=$PREFIX-$branch-$short_sha - echo "build_tag=$build_tag" >> $GITHUB_OUTPUT - - name: Tag build and push to ECR run: | docker pull ${{ vars.ECR_URL }}:$SHA @@ -298,10 +220,6 @@ jobs: docker push ${{ vars.ECR_URL }}:qa.latest - name: Authenticate to the cluster - env: - KUBE_CERT: ${{ secrets.KUBE_CERT }} - KUBE_TOKEN: ${{ secrets.KUBE_TOKEN }} - KUBE_CLUSTER: ${{ secrets.KUBE_CLUSTER }} run: | echo "${KUBE_CERT}" > ca.crt kubectl config set-cluster ${KUBE_CLUSTER} --certificate-authority=./ca.crt --server=https://${KUBE_CLUSTER} @@ -327,35 +245,14 @@ jobs: kubectl set image -n ${KUBE_NAMESPACE} cronjobs/close-expired-rejected-offender-sars \ jobs="${{ vars.ECR_URL }}:$SHA" - - name: Send deploy notification to product Slack channel - uses: slackapi/slack-github-action@v1.25.0 - with: - payload: | - { - "attachments": [ - { - "color": "#1d990c", - "text": "${{ github.actor }} deployed *${{ steps.vars.outputs.build_tag }}* to *QA*", - "fields": [ - { - "title": "Project", - "value": "Correspondence Tool Staff", - "short": true - } - ], - "actions": [ - { - "text": "Visit Job", - "type": "button", - "url": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" - } - ] - } - ] - } - env: - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} - SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK + notify-qa: + needs: [build, deploy-qa] + uses: ./.github/workflows/notification.yml + secrets: + webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }} + with: + build_tag: ${{ needs.build.outputs.build_tag }} + environment: QA deploy-production: runs-on: ubuntu-latest @@ -367,9 +264,6 @@ jobs: id-token: write # This is required for requesting the JWT contents: read # This is required for actions/checkout - env: - KUBE_NAMESPACE: ${{ secrets.KUBE_NAMESPACE }} - steps: - name: Checkout uses: actions/checkout@v4 @@ -384,14 +278,6 @@ jobs: uses: aws-actions/amazon-ecr-login@v2 id: login-ec - - name: Store build tag - id: vars - run: | - branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}} - short_sha=$(git rev-parse --short $SHA) - build_tag=$PREFIX-$branch-$short_sha - echo "build_tag=$build_tag" >> $GITHUB_OUTPUT - - name: Tag build and push to ECR run: | docker pull ${{ vars.ECR_URL }}:$SHA @@ -399,10 +285,6 @@ jobs: docker push ${{ vars.ECR_URL }}:production.latest - name: Authenticate to the cluster - env: - KUBE_CERT: ${{ secrets.KUBE_CERT }} - KUBE_TOKEN: ${{ secrets.KUBE_TOKEN }} - KUBE_CLUSTER: ${{ secrets.KUBE_CLUSTER }} run: | echo "${KUBE_CERT}" > ca.crt kubectl config set-cluster ${KUBE_CLUSTER} --certificate-authority=./ca.crt --server=https://${KUBE_CLUSTER} @@ -431,62 +313,20 @@ jobs: kubectl set image -n ${KUBE_NAMESPACE} cronjobs/email-status \ jobs="${{ vars.ECR_URL }}:$SHA" - - name: Send deploy notification to product Slack channel - uses: slackapi/slack-github-action@v1.25.0 - with: - payload: | - { - "attachments": [ - { - "color": "#1d990c", - "text": "${{ github.actor }} deployed *${{ steps.vars.outputs.build_tag }}* to *Production*", - "fields": [ - { - "title": "Project", - "value": "Correspondence Tool Staff", - "short": true - } - ], - "actions": [ - { - "text": "Visit Job", - "type": "button", - "url": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" - } - ] - } - ] - } - env: - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} - SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK - - - name: Send deploy notification to cdpt production Slack channel - uses: slackapi/slack-github-action@v1.25.0 - with: - payload: | - { - "attachments": [ - { - "color": "#1d990c", - "text": "${{ github.actor }} deployed *${{ steps.vars.outputs.build_tag }}* to *Production*", - "fields": [ - { - "title": "Project", - "value": "Correspondence Tool Staff", - "short": true - } - ], - "actions": [ - { - "text": "Visit Job", - "type": "button", - "url": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" - } - ] - } - ] - } - env: - SLACK_WEBHOOK_URL: ${{ secrets.PROD_SLACK_WEBHOOK_URL }} - SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK + notify-production: + needs: [build, deploy-production] + uses: ./.github/workflows/notification.yml + secrets: + webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }} + with: + build_tag: ${{ needs.build.outputs.build_tag }} + environment: Production + + notify-production-2: + needs: [build, deploy-production] + uses: ./.github/workflows/notification.yml + secrets: + webhook_url: ${{ secrets.PROD_SLACK_WEBHOOK_URL }} + with: + build_tag: ${{ needs.build.outputs.build_tag }} + environment: Production diff --git a/.github/workflows/notification.yml b/.github/workflows/notification.yml new file mode 100644 index 0000000000..2de9234f83 --- /dev/null +++ b/.github/workflows/notification.yml @@ -0,0 +1,43 @@ +name: Notification Workflow + +on: + workflow_call: + secrets: + webhook_url: + required: true + inputs: + build_tag: + required: true + type: string + environment: + required: true + type: string + +jobs: + notify: + runs-on: ubuntu-latest + name: "notify-${{ inputs.environment }}" + + steps: + - name: Slack notification + uses: slackapi/slack-github-action@v2.0.0 + with: + webhook: ${{ secrets.webhook_url }} + webhook-type: incoming-webhook + payload: | + { + "attachments": [ + { + "color": "#1d990c", + "text": "${{ github.actor }} deployed *${{ inputs.build_tag }}* to *${{ inputs.environment }}*", + "fields": [ + { + "title": "Project", + "value": "Correspondence Tool Staff", + "short": true + } + ], + "footer": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" + } + ] + } diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index f6383fd948..c5f1a1437b 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -131,7 +131,6 @@ jobs: minimum_file_coverage: 100 build-and-deploy: - if: ${{ github.ref == 'refs/heads/main' }} needs: [linting, coverage] uses: ./.github/workflows/deploy.yml secrets: inherit