diff --git a/.github/workflows/prod-deploy.yml b/.github/workflows/prod-deploy.yml deleted file mode 100644 index 876cb19a..00000000 --- a/.github/workflows/prod-deploy.yml +++ /dev/null @@ -1,74 +0,0 @@ -name: Production - Deploy - -on: - workflow_run: - workflows: ["Production — Docker build and push"] - types: - - completed - -env: - AWS_ACCOUNT_ID: ${{ vars.PRODUCTION_AWS_ACCOUNT_ID }} - AWS_REGION: ca-central-1 - CLUSTER_NAME: Forms - SERVICE_NAME: forms-api - TASK_DEFINITION_NAME: forms-api - REGISTRY: ${{ vars.PRODUCTION_AWS_ACCOUNT_ID }}.dkr.ecr.ca-central-1.amazonaws.com/forms/api - -permissions: - id-token: write - contents: read - -jobs: - deploy-forms-api-service: - if: ${{ github.event.workflow_run.conclusion == 'success' }} - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - - - name: Configure AWS credentials using OIDC - uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1 - with: - role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT_ID }}:role/forms-api-apply - role-session-name: ECSDeploy - aws-region: ${{ env.AWS_REGION }} - - - name: Download ECS task definition - run: | - aws ecs describe-task-definition \ - --task-definition ${{ env.SERVICE_NAME }} \ - --query taskDefinition > task-definition.json - - - name: Update ECS task image - id: task-def - uses: aws-actions/amazon-ecs-render-task-definition@6853cfae8c3a7d978fbf68b5a55453395541dfbb # v1.8.5 - with: - task-definition: task-definition.json - container-name: ${{ env.SERVICE_NAME }} - image: "${{ env.REGISTRY }}:${{ github.event.workflow_run.head_branch }}" - - - name: Create the new ECS task definition - uses: aws-actions/amazon-ecs-deploy-task-definition@a310a830f5c14e583e35d84e4e1ec7dd177c3c9c # v2.6.2 - with: - task-definition: ${{ steps.task-def.outputs.task-definition }} - cluster: ${{ env.CLUSTER_NAME }} - - - name: Deploy the new ECS task definition - run: | - aws ecs update-service \ - --cluster ${{ env.CLUSTER_NAME }} \ - --service ${{ env.SERVICE_NAME }} \ - --task-definition ${{ env.TASK_DEFINITION_NAME }} \ - --force-new-deployment > /dev/null 2>&1 - aws ecs wait services-stable \ - --cluster ${{ env.CLUSTER_NAME }} \ - --services ${{ env.SERVICE_NAME }} - - - name: Report deployment to Sentinel - if: always() - uses: cds-snc/sentinel-forward-data-action@52ea856d686360100a680e38c40134d4e010b94d # main - with: - input_data: '{"product": "forms", "sha": "${{ github.event.workflow_run.head_branch }}", "version": "${{ github.event.workflow_run.head_branch }}", "repository": "${{ github.repository }}", "environment": "production", "status": "${{ job.status }}"}' - log_type: CDS_Product_Deployment_Data - log_analytics_workspace_id: ${{ secrets.LOG_ANALYTICS_WORKSPACE_ID }} - log_analytics_workspace_key: ${{ secrets.LOG_ANALYTICS_WORKSPACE_KEY }} diff --git a/.github/workflows/prod-docker-build-push.yml b/.github/workflows/prod-docker-build-push.yml deleted file mode 100644 index df586516..00000000 --- a/.github/workflows/prod-docker-build-push.yml +++ /dev/null @@ -1,51 +0,0 @@ -name: "Production — Docker build and push" - -on: - release: - types: [published] - -env: - AWS_ACCOUNT_ID: ${{ vars.PRODUCTION_AWS_ACCOUNT_ID }} - AWS_REGION: ca-central-1 - ECR_REPOSITORY: forms/api - TAG_VERSION: ${{ github.ref_name }} - -permissions: - id-token: write - contents: write - security-events: write - -jobs: - push-production: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - - - name: Build Docker image - run: docker build --platform=linux/amd64 --provenance false -t forms/api . - - - name: Configure AWS credentials using OIDC - uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1 - with: - role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT_ID }}:role/forms-api-release - role-session-name: ECRPush - aws-region: ${{ env.AWS_REGION }} - - - name: Login to Amazon ECR - id: login-ecr - uses: aws-actions/amazon-ecr-login@f2e9fc6c2b355c1890b65e6f6f0e2ac3e6e22f78 - - - name: Tag images - env: - ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} - run: | - docker tag forms/api $ECR_REGISTRY/$ECR_REPOSITORY:$TAG_VERSION - docker tag forms/api $ECR_REGISTRY/$ECR_REPOSITORY:latest - - - name: Push images to Amazon ECR - env: - ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} - run: | - docker push $ECR_REGISTRY/$ECR_REPOSITORY:$TAG_VERSION - docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest diff --git a/.github/workflows/prod-post-deployment.yml b/.github/workflows/prod-post-deployment.yml new file mode 100644 index 00000000..e045638b --- /dev/null +++ b/.github/workflows/prod-post-deployment.yml @@ -0,0 +1,25 @@ +name: "Production — Post deployment" + +on: + release: + types: [published] + +# Limit execution to 1 and also makes new trigger events cancel currently running workflow +concurrency: + group: production-post-deployment + cancel-in-progress: true + +permissions: + contents: read + +jobs: + report-to-sentinel: + runs-on: ubuntu-latest + steps: + - name: Report deployment to Sentinel + uses: cds-snc/sentinel-forward-data-action@343498df663a056249bd96f260265aa80691b747 # main + with: + input_data: '{"product": "forms", "sha": "${{ github.sha }}", "version": "${{ github.ref_name }}", "repository": "${{ github.repository }}", "environment": "production", "status": "${{ job.status }}"}' + log_type: CDS_Product_Deployment_Data + log_analytics_workspace_id: ${{ secrets.LOG_ANALYTICS_WORKSPACE_ID }} + log_analytics_workspace_key: ${{ secrets.LOG_ANALYTICS_WORKSPACE_KEY }} diff --git a/.github/workflows/workflow-failure.yml b/.github/workflows/workflow-failure.yml index 64fea81e..01bd0dab 100644 --- a/.github/workflows/workflow-failure.yml +++ b/.github/workflows/workflow-failure.yml @@ -4,8 +4,7 @@ on: workflow_run: workflows: - "Staging — Post deployment" - - "Production - Deploy" - - "Production — Docker build and push" + - "Production — Post deployment" types: - completed