Merge pull request #1704 from govuk-one-login/AUT-2904/update-privacy… #8

Workflow file for this run

.github/workflows/build-deploy-frontend.yml at b87fa36

	name: Build and Deploy frontend

	env:
	AWS_REGION: eu-west-2

	# Deploy role & Artificate buckets are Logical id GitHubActionsRole & GitHubArtifactSourceBucket Value from Build Pipeline

	on:
	push:
	branches:
	- main

	concurrency:
	group: "deploy-frontend"
	cancel-in-progress: false

	jobs:
	pr-data:
	name: Get data for merged PR
	runs-on: ubuntu-latest
	permissions:
	contents: read
	pull-requests: read
	outputs:
	data: ${{ steps.get_pr_data.outputs.result }}
	steps:
	- name: Get PR data
	uses: actions/github-script@v7
	id: get_pr_data
	with:
	script: \|
	const query = `query($owner: String!, $name: String!, $oid: GitObjectID!) {
	repository(owner: $owner, name: $name) {
	object(oid: $oid) {
	... on Commit {
	oid
	message
	associatedPullRequests(first: 1) {
	nodes {
	number
	title
	merged
	mergedAt
	mergeCommit {
	oid
	}
	}
	}
	}
	}
	owner {
	login
	}
	name
	nameWithOwner
	}
	}`
	const variables = {
	owner: context.repo.owner,
	name: context.repo.repo,
	oid: context.sha,
	shortSha: context.sha.slice(0, 7),
	}

	const result = await github.graphql(query, variables).then((response) => {
	const firstLineOfCommitMessage = response.repository.object.message.slice(0, response.repository.object.message.indexOf("\n"));
	const res = {
	pr_number: null,
	pr_title: null,
	pr_merged_at: null,
	pr_merge_commit_sha: null,

	commit_message: firstLineOfCommitMessage,

	repo_full_name: response.repository.nameWithOwner,
	repo_owner: response.repository.owner.login,
	repo_name: response.repository.name,

	repository: response.repository.nameWithOwner,
	commitsha: context.sha,
	commitmessage: firstLineOfCommitMessage,
	}
	res["codepipeline-artifact-revision-summary"] = `${context.sha}: ${firstLineOfCommitMessage}`;

	if (response.repository.object.associatedPullRequests.nodes.length > 0 && response.repository.object.associatedPullRequests.nodes[0].merged) {
	const prData = response.repository.object.associatedPullRequests.nodes[0];
	res.pr_number = prData.number.toString();
	res.pr_title = prData.title;
	res.pr_merged_at = prData.mergedAt;
	res.pr_merge_commit_sha = prData.mergeCommit.oid;
	res.commitmessage = prData.title;

	res["codepipeline-artifact-revision-summary"] = `${prData.mergeCommit.oid}: ${response.repository.nameWithOwner}#${prData.number} ${prData.title}`;
	}

	if (res["codepipeline-artifact-revision-summary"].length > 2048) {
	res["codepipeline-artifact-revision-summary"] = res["codepipeline-artifact-revision-summary"].slice(0, 2048);
	}

	return res;
	}).catch((error) => {
	throw error;
	});

	for (const key in result) {
	if (result[key] == null) {
	result[key] = "";
	}
	// strip non-ascii characters from all values
	result[key] = result[key].replace(/[^\x20-\x7E]/g, '');
	}

	console.log(result);
	return result;

	build:
	runs-on: ubuntu-latest
	timeout-minutes: 60
	permissions:
	id-token: write
	contents: read
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Assume AWS DEPLOYER role in tooling acct
	uses: aws-actions/configure-aws-credentials@v4.0.2
	with:
	role-to-assume: ${{ secrets.DEPLOYER_ROLE }}
	aws-region: ${{ env.AWS_REGION }}

	- name: Login to Amazon ECR
	id: login-ecr
	uses: aws-actions/amazon-ecr-login@v2

	- name: Login to GDS Dev Dynatrace Container Registry
	uses: docker/login-action@v3
	with:
	registry: khw46367.live.dynatrace.com
	username: khw46367
	password: ${{ secrets.DYNATRACE_PAAS_TOKEN }}

	- name: Build, tag, and push frontend
	env:
	ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
	ECR_REPOSITORY: ${{ secrets.TOOLING_ECR_FRONTEND_REPO }}
	run: \|
	docker build -t "${ECR_REGISTRY}/${ECR_REPOSITORY}:${{ github.sha }}" .
	docker push "${ECR_REGISTRY}/${ECR_REPOSITORY}:${{ github.sha }}"

	- name: Build, tag, and push basic-auth-sidecar
	working-directory: basic-auth-sidecar
	env:
	ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
	ECR_REPOSITORY: ${{ secrets.BASIC_SIDECAR_ECR_REPO }}
	run: \|
	docker build -t "${ECR_REGISTRY}/${ECR_REPOSITORY}:${{ github.sha }}" .
	docker push "${ECR_REGISTRY}/${ECR_REPOSITORY}:${{ github.sha }}"

	- name: Build, tag, and push service down page
	working-directory: service-down-page-config
	env:
	ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
	ECR_REPOSITORY: ${{ secrets.SERVICE_DOWN_ECR_REPO }}
	run: \|
	docker build -t "${ECR_REGISTRY}/${ECR_REPOSITORY}:${{ github.sha }}" .
	docker push "${ECR_REGISTRY}/${ECR_REPOSITORY}:${{ github.sha }}"

	deploy:
	runs-on: ubuntu-latest
	timeout-minutes: 60
	needs:
	- pr-data
	- build
	permissions:
	id-token: write
	contents: read
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Set up AWS credentials
	uses: aws-actions/configure-aws-credentials@v4.0.2
	with:
	role-to-assume: ${{ secrets.DEPLOY_ROLE }}
	aws-region: ${{ env.AWS_REGION }}

	- name: Upload frontend Terraform files
	working-directory: ci/terraform
	run: \|
	echo "::group::Zip up frontend terraform"
	zip -r frontend.zip .
	echo "::endgroup::"

	echo "::group::Upload artifact to S3"
	OBJECT_VERSION="$(aws s3api put-object \
	--bucket ${{ secrets.ARTIFACT_BUCKET }} \
	--key frontend.zip \
	--body frontend.zip \
	--metadata '${{ toJson(fromJson(needs.pr-data.outputs.data)) }}' \
	--query VersionId --output text)"
	echo "::endgroup::"
	echo "::notice title=Final artifact uploaded to S3::object: frontend.zip, version: ${OBJECT_VERSION}"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge pull request #1704 from govuk-one-login/AUT-2904/update-privacy… #8

Workflow file

Merge pull request #1704 from govuk-one-login/AUT-2904/update-privacy… #8

Jobs

Run details

Workflow file for this run