ELI-716 | apply UK timezone when parsing start/end dates and iteratio… #592
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Description: Deploys merged code to the dev environment. | |
| # Triggered on push to main. Tags the commit with a dev-<timestamp> label. | |
| # Does not create GitHub Releases or production tags (v1.x.x). | |
| name: "2. CD | Deploy to Dev" | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - hotfix/* | |
| workflow_dispatch: {} | |
| concurrency: | |
| group: terraform-dev | |
| cancel-in-progress: false | |
| jobs: | |
| metadata: | |
| name: "Set CI/CD metadata" | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 1 | |
| outputs: | |
| build_datetime: ${{ steps.variables.outputs.build_datetime }} | |
| build_timestamp: ${{ steps.variables.outputs.build_timestamp }} | |
| build_epoch: ${{ steps.variables.outputs.build_epoch }} | |
| nodejs_version: ${{ steps.variables.outputs.nodejs_version }} | |
| python_version: ${{ steps.variables.outputs.python_version }} | |
| terraform_version: ${{ steps.variables.outputs.terraform_version }} | |
| version: ${{ steps.variables.outputs.version }} | |
| steps: | |
| - name: "Checkout code" | |
| uses: actions/checkout@v6 | |
| with: | |
| ref: ${{ github.ref_name }} | |
| - name: "Set CI/CD variables" | |
| id: variables | |
| run: | | |
| datetime=$(date -u +'%Y-%m-%dT%H:%M:%S%z') | |
| echo "build_datetime=$datetime" >> $GITHUB_OUTPUT | |
| echo "build_timestamp=$(date --date=$datetime -u +'%Y%m%d%H%M%S')" >> $GITHUB_OUTPUT | |
| echo "build_epoch=$(date --date=$datetime -u +'%s')" >> $GITHUB_OUTPUT | |
| echo "nodejs_version=$(grep "^nodejs" .tool-versions | cut -f2 -d' ')" >> $GITHUB_OUTPUT | |
| echo "python_version=$(grep "^nodejs" .tool-versions | cut -f2 -d' ')" >> $GITHUB_OUTPUT | |
| echo "terraform_version=$(grep "^terraform" .tool-versions | cut -f2 -d' ')" >> $GITHUB_OUTPUT | |
| echo "version=dev-$(date +'%Y%m%d%H%M%S')" >> $GITHUB_OUTPUT | |
| - name: "List variables" | |
| run: | | |
| echo "Deploying to: DEV" | |
| echo "VERSION=${{ steps.variables.outputs.version }}" | |
| publish: | |
| name: "Publish to dev" | |
| runs-on: ubuntu-latest | |
| needs: [metadata] | |
| timeout-minutes: 30 | |
| environment: "dev" | |
| permissions: | |
| id-token: write | |
| contents: write | |
| steps: | |
| - name: "Setup Terraform" | |
| uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: ${{ needs.metadata.outputs.terraform_version }} | |
| - name: "Set up Python" | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version: '3.13' | |
| - name: "Checkout Repository" | |
| uses: actions/checkout@v6 | |
| with: | |
| ref: ${{ github.ref_name }} | |
| - name: "Build lambda artefact" | |
| run: | | |
| make dependencies install-python | |
| make build | |
| - name: "Upload lambda artefact for cross-workflow use" | |
| uses: actions/upload-artifact@v6 | |
| with: | |
| name: lambda-${{ needs.metadata.outputs.version }} | |
| path: dist/lambda.zip | |
| - name: "Configure AWS Credentials (IAM Bootstrap Role)" | |
| uses: aws-actions/configure-aws-credentials@v6 | |
| with: | |
| role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/service-roles/github-actions-iam-bootstrap-role | |
| aws-region: eu-west-2 | |
| - name: "Deploy IAM roles (iams-developer-roles stack)" | |
| working-directory: ./infrastructure | |
| run: | | |
| make terraform env=dev stack=iams-developer-roles tf-command=apply workspace=default | |
| - name: "Configure AWS Credentials (Main Deployment Role)" | |
| uses: aws-actions/configure-aws-credentials@v6 | |
| with: | |
| role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/service-roles/github-actions-api-deployment-role | |
| aws-region: eu-west-2 | |
| - name: "Terraform Apply" | |
| env: | |
| ENVIRONMENT: dev | |
| WORKSPACE: "default" | |
| TF_VAR_API_CA_CERT: ${{ secrets.API_CA_CERT }} | |
| TF_VAR_API_CLIENT_CERT: ${{ secrets.API_CLIENT_CERT }} | |
| TF_VAR_API_PRIVATE_KEY_CERT: ${{ secrets.API_PRIVATE_KEY_CERT }} | |
| TF_VAR_SPLUNK_HEC_TOKEN: ${{ secrets.SPLUNK_HEC_TOKEN }} | |
| TF_VAR_SPLUNK_HEC_ENDPOINT: ${{ secrets.SPLUNK_HEC_ENDPOINT }} | |
| TF_VAR_OPERATOR_EMAILS: ${{ vars.SECRET_ROTATION_OPERATOR_EMAILS }} | |
| TF_VAR_PROXYGEN_PRIVATE_KEY_PTL: ${{ secrets.PROXYGEN_PRIVATE_KEY_PTL }} | |
| TF_VAR_PROXYGEN_PRIVATE_KEY_PROD: ${{ secrets.PROXYGEN_PRIVATE_KEY_PROD }} | |
| run: | | |
| mkdir -p ./build | |
| echo "Running: make terraform env=$ENVIRONMENT workspace=$WORKSPACE stack=networking tf-command=apply" | |
| make terraform env=$ENVIRONMENT stack=networking tf-command=apply workspace=$WORKSPACE | |
| echo "Running: make terraform env=$ENVIRONMENT workspace=$WORKSPACE stack=api-layer tf-command=apply" | |
| make terraform env=$ENVIRONMENT stack=api-layer tf-command=apply workspace=$WORKSPACE | |
| working-directory: ./infrastructure | |
| - name: "Validate Feature Toggles" | |
| env: | |
| ENV: dev | |
| run: | | |
| pip install boto3 | |
| python scripts/feature_toggle/validate_toggles.py | |
| - name: "Tag the dev deployment" | |
| run: | | |
| git config user.name "github-actions" | |
| git config user.email "github-actions@github.com" | |
| git tag ${{ needs.metadata.outputs.version }} | |
| git push origin ${{ needs.metadata.outputs.version }} | |
| - name: "Notify Slack on PR merge" | |
| uses: slackapi/slack-github-action@v2.1.1 | |
| with: | |
| webhook: ${{ secrets.SLACK_WEBHOOK_URL }} | |
| webhook-type: webhook-trigger | |
| payload: | | |
| status: "${{ job.status }}" | |
| link: "https://github.com/${{ github.repository }}/commit/${{ github.sha }}" | |
| Author: "${{ github.actor }}" | |
| title: "Pushed to main" | |
| version: "${{ needs.metadata.outputs.version }}" | |
| regression-tests: | |
| name: "Regression Tests" | |
| needs: publish | |
| uses: ./.github/workflows/regression-tests.yml | |
| with: | |
| ENVIRONMENT: "dev" | |
| VERSION_NUMBER: "main" | |
| secrets: inherit |