Skip to content

Merge pull request #1738 from govuk-one-login/dependabot/npm_and_yarn… #2

Merge pull request #1738 from govuk-one-login/dependabot/npm_and_yarn…

Merge pull request #1738 from govuk-one-login/dependabot/npm_and_yarn… #2

name: Build and Deploy frontend
env:
AWS_REGION: eu-west-2
# Deploy role & Artificate buckets are Logical id GitHubActionsRole & GitHubArtifactSourceBucket Value from Build Pipeline
on:
push:
branches:
- main
concurrency:
group: "deploy-frontend"
cancel-in-progress: false
jobs:
pr-data:
name: Get data for merged PR
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: read
outputs:
data: ${{ steps.get_pr_data.outputs.result }}
steps:
- name: Get PR data
uses: actions/github-script@v7
id: get_pr_data
with:
script: |
const query = `query($owner: String!, $name: String!, $oid: GitObjectID!) {
repository(owner: $owner, name: $name) {
object(oid: $oid) {
... on Commit {
oid
message
associatedPullRequests(first: 1) {
nodes {
number
title
merged
mergedAt
mergeCommit {
oid
}
}
}
}
}
owner {
login
}
name
nameWithOwner
}
}`
const variables = {
owner: context.repo.owner,
name: context.repo.repo,
oid: context.sha,
shortSha: context.sha.slice(0, 7),
}
const result = await github.graphql(query, variables).then((response) => {
const firstLineOfCommitMessage = response.repository.object.message.slice(0, response.repository.object.message.indexOf("\n"));
const res = {
pr_number: null,
pr_title: null,
pr_merged_at: null,
pr_merge_commit_sha: null,
commit_message: firstLineOfCommitMessage,
repo_full_name: response.repository.nameWithOwner,
repo_owner: response.repository.owner.login,
repo_name: response.repository.name,
repository: response.repository.nameWithOwner,
commitsha: context.sha,
commitmessage: firstLineOfCommitMessage,
}
res["codepipeline-artifact-revision-summary"] = `${context.sha}: ${firstLineOfCommitMessage}`;
if (response.repository.object.associatedPullRequests.nodes.length > 0 && response.repository.object.associatedPullRequests.nodes[0].merged) {
const prData = response.repository.object.associatedPullRequests.nodes[0];
res.pr_number = prData.number.toString();
res.pr_title = prData.title;
res.pr_merged_at = prData.mergedAt;
res.pr_merge_commit_sha = prData.mergeCommit.oid;
res.commitmessage = prData.title;
res["codepipeline-artifact-revision-summary"] = `${prData.mergeCommit.oid}: ${response.repository.nameWithOwner}#${prData.number} ${prData.title}`;
}
if (res["codepipeline-artifact-revision-summary"].length > 2048) {
res["codepipeline-artifact-revision-summary"] = res["codepipeline-artifact-revision-summary"].slice(0, 2048);
}
return res;
}).catch((error) => {
throw error;
});
for (const key in result) {
if (result[key] == null) {
result[key] = "";
}
// strip non-ascii characters from all values
result[key] = result[key].replace(/[^\x20-\x7E]/g, '');
}
console.log(result);
return result;
build:
runs-on: ubuntu-latest
timeout-minutes: 60
permissions:
id-token: write
contents: read
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Assume AWS DEPLOYER role in tooling acct
uses: aws-actions/configure-aws-credentials@v4.0.2
with:
role-to-assume: ${{ secrets.DEPLOYER_ROLE }}
aws-region: ${{ env.AWS_REGION }}
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Login to GDS Dev Dynatrace Container Registry
uses: docker/login-action@v3
with:
registry: khw46367.live.dynatrace.com
username: khw46367
password: ${{ secrets.DYNATRACE_PAAS_TOKEN }}
- name: Build, tag, and push frontend
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: ${{ secrets.TOOLING_ECR_FRONTEND_REPO }}
run: |
docker build -t "${ECR_REGISTRY}/${ECR_REPOSITORY}:${{ github.sha }}" .
docker push "${ECR_REGISTRY}/${ECR_REPOSITORY}:${{ github.sha }}"
- name: Build, tag, and push basic-auth-sidecar
working-directory: basic-auth-sidecar
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: ${{ secrets.BASIC_SIDECAR_ECR_REPO }}
run: |
docker build -t "${ECR_REGISTRY}/${ECR_REPOSITORY}:${{ github.sha }}" .
docker push "${ECR_REGISTRY}/${ECR_REPOSITORY}:${{ github.sha }}"
- name: Build, tag, and push service down page
working-directory: service-down-page-config
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: ${{ secrets.SERVICE_DOWN_ECR_REPO }}
run: |
docker build -t "${ECR_REGISTRY}/${ECR_REPOSITORY}:${{ github.sha }}" .
docker push "${ECR_REGISTRY}/${ECR_REPOSITORY}:${{ github.sha }}"
deploy:
runs-on: ubuntu-latest
timeout-minutes: 60
needs:
- pr-data
- build
permissions:
id-token: write
contents: read
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up AWS credentials
uses: aws-actions/configure-aws-credentials@v4.0.2
with:
role-to-assume: ${{ secrets.DEPLOY_ROLE }}
aws-region: ${{ env.AWS_REGION }}
- name: Upload frontend Terraform files
working-directory: ci/terraform
run: |
echo "::group::Zip up frontend terraform"
zip -r frontend.zip .
echo "::endgroup::"
echo "::group::Upload artifact to S3"
OBJECT_VERSION="$(aws s3api put-object \
--bucket ${{ secrets.ARTIFACT_BUCKET }} \
--key frontend.zip \
--body frontend.zip \
--metadata '${{ toJson(fromJson(needs.pr-data.outputs.data)) }}' \
--query VersionId --output text)"
echo "::endgroup::"
echo "::notice title=Final artifact uploaded to S3::object: frontend.zip, version: ${OBJECT_VERSION}"