Creating, updating or testing review app for PR "[dependabot:npm] bump the regular-updates group across 1 directory with 3 updates" #1432
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: review-app-create | |
run-name: Creating, updating or testing review app for PR "${{ github.event.pull_request.title }}" | |
on: | |
pull_request: | |
types: ["labeled", "ready_for_review", "synchronize", "opened"] | |
concurrency: | |
group: review-app-${{ github.event.pull_request.number }}-${{ github.workflow }} | |
cancel-in-progress: true | |
env: | |
NAMESPACE: review-${{ github.event.pull_request.number }}-energy-apps | |
HOST_NAME: review-${{ github.event.pull_request.number }}-energy-apps.qa.citizensadvice.org.uk | |
IMAGE_TAG: dev_${{ github.sha }} | |
CLUSTER: dev-eks-platform | |
jobs: | |
build: | |
name: Build Image | |
runs-on: ubuntu-22.04 | |
permissions: | |
id-token: write | |
contents: read | |
issues: read | |
# This can be removed once tests are working. At the moment it just means that environments | |
# are created and destroyed on every push for no reason. | |
if: contains(github.event.pull_request.labels.*.name, 'Review app') | |
steps: | |
- name: Build and push to ECR | |
uses: citizensadvice/build-and-private-ecr-push-action@v1 | |
with: | |
dockerfile_context: "." | |
repository_name: energy-apps | |
multiarch_build: "disabled" | |
role_arn: "arn:aws:iam::979633842206:role/EnergyAppsDeployment" | |
auth_token: ${{ secrets.GITHUB_TOKEN }} | |
prod_image: false | |
deploy: | |
name: Deploy Review Environment | |
runs-on: ubuntu-22.04 | |
environment: | |
name: dev | |
permissions: | |
id-token: write | |
contents: read | |
issues: write | |
pull-requests: write | |
needs: build | |
steps: | |
- name: Git Checkout energy comparison table | |
uses: actions/checkout@v4 | |
with: | |
path: energy-apps | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: "arn:aws:iam::979633842206:role/EnergyAppsDeployment" | |
role-session-name: energy-apps-actions-workflow | |
aws-region: eu-west-1 | |
- name: Get Kube Config | |
run: aws eks update-kubeconfig --name=${{ env.CLUSTER }} | |
- name: Create Sub-namespace | |
run: | | |
kubectl apply -f - << EOF | |
apiVersion: hnc.x-k8s.io/v1alpha2 | |
kind: SubnamespaceAnchor | |
metadata: | |
name: ${{ env.NAMESPACE }} | |
namespace: "dev-energy-apps" | |
EOF | |
- name: Escape Characters | |
id: escape_chars | |
run: | | |
echo "title=$(echo "${{ github.event.pull_request.title }}" | tr -d ',')" >> $GITHUB_OUTPUT | |
- name: Helm Deploy | |
run: | | |
cat > secrets.json << EOF | |
{ | |
"secrets": ${{toJson(secrets)}} | |
} | |
EOF | |
helm upgrade --install \ | |
--namespace=${{ env.NAMESPACE }} \ | |
--values energy-apps/.github/resources/preview-overrides.yaml \ | |
--values secrets.json \ | |
--set metadata.pullRequestNumber=${{ github.event.pull_request.number }} \ | |
--set metadata.pullRequestName="${{ steps.escape_chars.outputs.title }}" \ | |
--set image.repository=979633842206.dkr.ecr.eu-west-1.amazonaws.com/energy-apps \ | |
--set image.tag=${{ env.IMAGE_TAG }} \ | |
--set env.URL_HOST=${{ env.HOST_NAME }} \ | |
--set env.IMAGE_TAG=${{ env.IMAGE_TAG }} \ | |
--set ingress.hostname=${{ env.HOST_NAME }} \ | |
--set minio.ingress.hostname=minio-${{ env.HOST_NAME }} \ | |
--set datadog.labels.env="pr-${{ github.event.pull_request.number }}" \ | |
${{ env.NAMESPACE }} \ | |
energy-apps/infrastructure/app/chart/energy-apps | |
- name: Find Comment | |
uses: peter-evans/find-comment@v3 | |
id: find-comment | |
if: contains(github.event.pull_request.labels.*.name, 'Review app') | |
with: | |
issue-number: ${{ github.event.pull_request.number }} | |
comment-author: "github-actions[bot]" | |
body-includes: A review app has been created in the Kubernetes namespace | |
direction: last | |
- name: Add New Comment | |
uses: peter-evans/create-or-update-comment@v4 | |
if: steps.find-comment.outputs.comment-id == 0 && contains(github.event.pull_request.labels.*.name, 'Review app') | |
with: | |
issue-number: ${{ github.event.pull_request.number }} | |
body: | | |
A review app has been created in the Kubernetes namespace `${{ env.NAMESPACE }}` in the `${{ env.CLUSTER }}` cluster. | |
It can be accessed at https://${{ env.HOST_NAME }}. | |
On first-time startup the environment may take 15-20 minutes to become accessible. | |
Tests are now running and can be viewed [here.](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) | |
To destroy the review app remove the label `Review app`, close this PR or convert it to draft. | |
- name: Update Comment | |
uses: peter-evans/create-or-update-comment@v4 | |
if: steps.find-comment.outputs.comment-id && contains(github.event.pull_request.labels.*.name, 'Review app') | |
with: | |
issue-number: ${{ github.event.pull_request.number }} | |
edit-mode: replace | |
comment-id: ${{ steps.find-comment.outputs.comment-id }} | |
body: | | |
A review app has been created in the Kubernetes namespace `${{ env.NAMESPACE }}` in the `${{ env.CLUSTER }}` cluster. | |
It can be accessed at https://${{ env.HOST_NAME }}. | |
Tests are now running and can be viewed [here.](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) | |
To destroy the review app remove the label `Review app`, close this PR or convert it to draft. | |
--- | |
Edit: A new version of the review app has been deployed based off the latest commit: [${{ github.event.pull_request.head.sha }}](https://github.com/citizensadvice/energy-comparison-table/pull/${{ github.event.pull_request.number }}/commits/${{ github.event.pull_request.head.sha }}) | |
trigger_destroy: | |
# if: (contains(github.event.pull_request.labels.*.name, 'Review app') == false) || failure() | |
# While tests are not enabled, we only want the destroy job to be triggered from this workfow | |
# when a deployment fails, otherwise it will run the destroy job on every PR even when the | |
# environment doesn't exist | |
if: failure() | |
secrets: inherit | |
uses: ./.github/workflows/review-app-destroy.yml | |
with: | |
pr_number: ${{ github.event.pull_request.number }} |