UML-3000 move to github actions

ministryofjustice · Oct 9, 2023 · 6f61b21 · 6f61b21
1 parent 112cbaa
commit 6f61b21
Show file tree

Hide file tree

Showing 21 changed files with 1,073 additions and 138 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -22,115 +22,122 @@ workflows:
   pull_request:
     when: << pipeline.parameters.run_pull_request >>
     jobs:
-      - build_lambda_as_image:
-          name: build and push
-          filters: {branches:{ignore:[main]}}
-
-      - run_unit_tests:
-          name: run unit tests
-          filters: {branches:{ignore:[main]}}
-
-      - terraform_pre_checks:
-          name: terraform preflight checks
-          requires: [build and push, run unit tests]
-          filters: {branches:{ignore:[main]}}
-
-      - terraform_action:
-          name: apply branch environment
-          requires: [terraform preflight checks]
-          tf_command: apply
-          filters: {branches:{ignore:[main]}}
-
-      - workspace_protection:
-          name: protect current workspace
-          requires: [terraform preflight checks]
-          filters: {branches:{ignore:[main]}}
-
-      - integration_tests:
-          name: run integration tests
-          requires: [protect current workspace, apply branch environment]
-          filters: {branches:{ignore:[main]}}
-
       - workflow_complete:
           name: workflow complete
-          requires: [run integration tests]
           filters: {branches:{ignore:[main]}}
 
   commit_to_main:
     when: << pipeline.parameters.run_commit_to_main >>
     jobs:
-      - build_lambda_as_image:
-          name: build and push
-          filters: {branches:{only:[main]}}
-
-      - terraform_action:
-          name: development apply
-          requires: [build and push]
-          tf_command: apply --auto-approve
-          tf_workspace: development
-          applycheck: true
-          filters: {branches:{only:[main]}}
-
-      - terraform_action:
-          name: preprod apply
-          requires: [development apply]
-          tf_command: apply --auto-approve
-          tf_workspace: preproduction
-          applycheck: true
-          filters: {branches:{only:[main]}}
-
-      - integration_tests:
-          name: run integration tests preprod
-          workspace: preproduction
-          requires: [preprod apply]
-          filters: {branches:{only:[main]}}
-
-      - approve:
-          name: approve release to production
-          type: approval
-          requires: [run integration tests preprod]
-          filters: {branches:{only:[main]}}
-
-      - terraform_action:
-          name: integration apply
-          requires: [approve release to production]
-          tf_command: apply --auto-approve
-          tf_workspace: integration
-          applycheck: true
-          filters: {branches:{only:[main]}}
-
-      - terraform_action:
-          name: integration apply
-          requires: [approve release to production]
-          tf_command: apply --auto-approve
-          tf_workspace: integration
-          applycheck: true
+      - workflow_complete:
+          name: workflow complete
           filters: {branches:{only:[main]}}
+#      - build_lambda_as_image:
+#          name: build and push
+#          filters: {branches:{ignore:[main]}}
+#
+#      - run_unit_tests:
+#          name: run unit tests
+#          filters: {branches:{ignore:[main]}}
+#
+#      - terraform_pre_checks:
+#          name: terraform preflight checks
+#          requires: [build and push, run unit tests]
+#          filters: {branches:{ignore:[main]}}
+#
+#      - terraform_action:
+#          name: apply branch environment
+#          requires: [terraform preflight checks]
+#          tf_command: apply
+#          filters: {branches:{ignore:[main]}}
+#
+#      - workspace_protection:
+#          name: protect current workspace
+#          requires: [terraform preflight checks]
+#          filters: {branches:{ignore:[main]}}
+#
+#      - integration_tests:
+#          name: run integration tests
+#          requires: [protect current workspace, apply branch environment]
+#          filters: {branches:{ignore:[main]}}
+#
 
-      - terraform_action:
-         name: production apply
-         requires: [approve release to production]
-         tf_command: apply --auto-approve
-         tf_workspace: production
-         applycheck: true
-         filters: {branches:{only:[main]}}
-         pact_tag_production: true
+#
+#  commit_to_main:
+#    when: << pipeline.parameters.run_commit_to_main >>
+#    jobs:
+#      - build_lambda_as_image:
+#          name: build and push
+#          filters: {branches:{only:[main]}}
+#
+#      - terraform_action:
+#          name: development apply
+#          requires: [build and push]
+#          tf_command: apply --auto-approve
+#          tf_workspace: development
+#          applycheck: true
+#          filters: {branches:{only:[main]}}
+#
+#      - terraform_action:
+#          name: preprod apply
+#          requires: [development apply]
+#          tf_command: apply --auto-approve
+#          tf_workspace: preproduction
+#          applycheck: true
+#          filters: {branches:{only:[main]}}
+#
+#      - integration_tests:
+#          name: run integration tests preprod
+#          workspace: preproduction
+#          requires: [preprod apply]
+#          filters: {branches:{only:[main]}}
+#
+#      - approve:
+#          name: approve release to production
+#          type: approval
+#          requires: [run integration tests preprod]
+#          filters: {branches:{only:[main]}}
+#
+#      - terraform_action:
+#          name: integration apply
+#          requires: [approve release to production]
+#          tf_command: apply --auto-approve
+#          tf_workspace: integration
+#          applycheck: true
+#          filters: {branches:{only:[main]}}
+#
+#      - terraform_action:
+#          name: integration apply
+#          requires: [approve release to production]
+#          tf_command: apply --auto-approve
+#          tf_workspace: integration
+#          applycheck: true
+#          filters: {branches:{only:[main]}}
+#
+#      - terraform_action:
+#         name: production apply
+#         requires: [approve release to production]
+#         tf_command: apply --auto-approve
+#         tf_workspace: production
+#         applycheck: true
+#         filters: {branches:{only:[main]}}
+#         pact_tag_production: true
 
 #  verify_pact:
 #    when: << pipeline.parameters.run_verify_pact >>
 #    jobs:
 #      - pact_verification:
 #          name: verify the latest pact
 
-  nightly_workspace_deletion:
-    triggers:
-      - schedule:
-          cron: "00 00 * * *"
-          filters: {branches:{only:[main]}}
-    jobs:
-      - destroy_workspaces:
-          name: destroy non protected workspaces
-          filters: {branches:{only:[main]}}
+#  nightly_workspace_deletion:
+#    triggers:
+#      - schedule:
+#          cron: "00 00 * * *"
+#          filters: {branches:{only:[main]}}
+#    jobs:
+#      - destroy_workspaces:
+#          name: destroy non protected workspaces
+#          filters: {branches:{only:[main]}}
 
 orbs:
   slack: circleci/slack@3.4.2
@@ -546,10 +553,13 @@ jobs:
     resource_class: small
     working_directory: ~/project
     steps:
-      - slack/status:
-          channel: opg-integrations
-          failure_message: Failure of LPA Codes Workflow for Branch - ${CIRCLE_BRANCH}
-          success_message: Success of LPA Codes Workflow for Branch - ${CIRCLE_BRANCH}. Ready to Merge!
+      - run:
+          name: complete
+          command: echo "workflow complete"
+#      - slack/status:
+#          channel: opg-integrations
+#          failure_message: Failure of LPA Codes Workflow for Branch - ${CIRCLE_BRANCH}
+#          success_message: Success of LPA Codes Workflow for Branch - ${CIRCLE_BRANCH}. Ready to Merge!
   destroy_workspaces:
     executor: lpa-codes/python_with_tfvars
     resource_class: small

diff --git a/.github/labeller.yml b/.github/labeller.yml
@@ -0,0 +1,20 @@
+repo:
+  - any: ["./*"]
+
+actions:
+  - any: [".github/**"]
+
+docs:
+  - any: ["docs/**/*"]
+
+lambda:
+  - any: ["lambda_functions/**/*"]
+
+infrastructure:
+  - any: ["terraform/**/*"]
+
+scripts:
+  - any: ["scripts/**/*"]
+
+pact:
+  - any: ["pact/**/*"]
diff --git a/.github/workflows/pact-provider-verification.yml b/.github/workflows/pact-provider-verification.yml
@@ -46,8 +46,10 @@ jobs:
             --enable-pending
       - name: Verify pacts are still upheld
         if: ${{ github.event_name == 'pull_request' }}
+        env:
+          HEADREF: ${{ github.head_ref }}
         run: |
           docker-compose -f docker-compose-pact.yml run --rm pact-verifier \
             --provider-version=$(git rev-parse HEAD) \
-            --provider-branch=${{ github.head_ref }} \
+            --provider-branch=${HEADREF} \
             --consumer-version-selectors='{"mainBranch": true}'
diff --git a/.github/workflows/scheduled-destroy.yml b/.github/workflows/scheduled-destroy.yml
@@ -0,0 +1,53 @@
+name: "[Workflow] Cleanup PR Workspaces"
+
+on:
+  schedule:
+    # 4am every day except Sundays
+    - cron: '0 4 * * 0-6'
+
+permissions:
+  contents: read
+  security-events: none
+  pull-requests: none
+  actions: none
+  checks: none
+  deployments: none
+  issues: none
+  packages: none
+  repository-projects: none
+  statuses: none
+
+jobs:
+  terraform_environment_cleanup:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@bf085276cecdb0cc76fbbe0687a5a0e786646936
+      - uses: unfor19/install-aws-cli-action@7a427b852d87c231cb6a8ace7aff7317a6a37243
+      - uses: hashicorp/setup-terraform@8feba2b913ea459066180f9cb177f58a881cf146
+        with:
+          terraform_version: 1.5.5
+          terraform_wrapper: false
+
+      - name: Configure AWS Credentials For Terraform
+        uses: aws-actions/configure-aws-credentials@67fbcbb121271f7775d2e7715933280b06314838
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }}
+          aws-region: eu-west-1
+          role-duration-seconds: 3600
+          role-session-name: OPGLPACodesClearupEnvs
+
+      - name: Install Terraform Workspace Manager
+        run: |
+          wget https://github.com/TomTucka/terraform-workspace-manager/releases/download/v0.3.1/terraform-workspace-manager_Linux_x86_64.tar.gz -O $HOME/terraform-workspace-manager.tar.gz
+          sudo tar -xvf $HOME/terraform-workspace-manager.tar.gz -C /usr/local/bin
+          sudo chmod +x /usr/local/bin/terraform-workspace-manager
+
+      - name: Terraform Init
+        working-directory: terraform/environment
+        run: terraform init -input=false
+
+      - name: Destroy PR Terraform Workspaces
+        working-directory: terraform/environment
+        run: |
+          ./scripts/workspace_cleanup.sh $(terraform-workspace-manager -protected-workspaces=true -aws-account-id=288342028542 -aws-iam-role=integrations-ci)