Skip to content

Merge pull request #2069 from govuk-one-login/BAU/dompurify-2.5.4 #117

Merge pull request #2069 from govuk-one-login/BAU/dompurify-2.5.4

Merge pull request #2069 from govuk-one-login/BAU/dompurify-2.5.4 #117

name: Build and Deploy frontend
on:
push:
branches:
- main
concurrency:
group: "deploy-frontend"
cancel-in-progress: false
jobs:
pr-data:
name: Get data for merged PR
permissions:
contents: read
pull-requests: read
uses: ./.github/workflows/call_get_pr_data.yml
build-frontend:
name: Build and push Frontend
permissions:
id-token: write
contents: read
uses: ./.github/workflows/call_build-push-docker-image.yml
with:
aws-region: eu-west-2
secrets:
dynatrace_registry: ${{ secrets.DYNATRACE_REGISTRY_NAME }}
dynatrace_token: ${{ secrets.DYNATRACE_PAAS_TOKEN }}
deployer_role: ${{ secrets.DEPLOYER_ROLE }}
ecr_repo: ${{ secrets.TOOLING_ECR_FRONTEND_REPO }}
build-sidecar:
name: Build and push Basic Auth Sidecar
permissions:
id-token: write
contents: read
uses: ./.github/workflows/call_build-push-docker-image.yml
with:
aws-region: eu-west-2
context: basic-auth-sidecar
secrets:
dynatrace_registry: ${{ secrets.DYNATRACE_REGISTRY_NAME }}
dynatrace_token: ${{ secrets.DYNATRACE_PAAS_TOKEN }}
deployer_role: ${{ secrets.DEPLOYER_ROLE }}
ecr_repo: ${{ secrets.BASIC_SIDECAR_ECR_REPO }}
build-service-down:
name: Build and push Service Down Page
permissions:
id-token: write
contents: read
uses: ./.github/workflows/call_build-push-docker-image.yml
with:
aws-region: eu-west-2
context: service-down-page-config
secrets:
dynatrace_registry: ${{ secrets.DYNATRACE_REGISTRY_NAME }}
dynatrace_token: ${{ secrets.DYNATRACE_PAAS_TOKEN }}
deployer_role: ${{ secrets.DEPLOYER_ROLE }}
ecr_repo: ${{ secrets.SERVICE_DOWN_ECR_REPO }}
deploy:
needs:
- build-frontend
- build-sidecar
- build-service-down
- pr-data
runs-on: ubuntu-latest
timeout-minutes: 60
permissions:
id-token: write
contents: read
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Set up AWS credentials
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with:
role-to-assume: ${{ secrets.DEPLOY_ROLE }}
aws-region: eu-west-2
- name: Upload frontend Terraform files
working-directory: ci/terraform
env:
METADATA: ${{ needs.pr-data.outputs.data }}
run: |
echo "::group::Zip up frontend terraform"
zip -r frontend.zip .
echo "::endgroup::"
echo "::group::Upload artifact to S3"
OBJECT_VERSION="$(aws s3api put-object \
--bucket ${{ secrets.ARTIFACT_BUCKET }} \
--key frontend.zip \
--body frontend.zip \
--metadata "${METADATA}" \
--query VersionId --output text)"
echo "::endgroup::"
echo "::notice title=Final artifact uploaded to S3::object: frontend.zip, version: ${OBJECT_VERSION}"