Create PR Environment - #1030 (poetry: bump ruff from 0.3.3 to 0.12.12) #1420
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy PR Environment | |
| run-name: "${{ github.event.action == 'synchronize' && 'Update' || 'Create' }} PR Environment - #${{ github.event.pull_request.number }} (${{ github.event.pull_request.title }})" | |
| on: | |
| pull_request: | |
| types: [opened, reopened, synchronize] | |
| concurrency: | |
| group: environment-${{ github.event.pull_request.number }} | |
| cancel-in-progress: false | |
| permissions: | |
| id-token: write | |
| contents: read | |
| actions: write | |
| issues: write | |
| pull-requests: write | |
| jobs: | |
| set-environment-id: | |
| name: Set Environment ID | |
| runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }} | |
| environment: pull-request | |
| steps: | |
| - name: Set a ID based on the branch name | |
| id: set_environment_id | |
| run: | | |
| JIRA_TICKET=$( | |
| echo '${{ github.event.pull_request.head.ref }}' | \ | |
| grep -Po --color=none '[A-z]{3,4}-[0-9]{3,5}' | \ | |
| sed 's/-//g' | \ | |
| tr '[:upper:]' '[:lower:]' || \ | |
| true | |
| ) | |
| BRANCH_HASH=$(echo '${{ github.event.pull_request.head.ref }}${{ github.event.pull_request.id }}' | sha256sum | head -c 6) | |
| if [ -z "$JIRA_TICKET" ]; then | |
| echo "environment_id=${BRANCH_HASH}" > $GITHUB_OUTPUT | |
| else | |
| echo "environment_id=${JIRA_TICKET}-${BRANCH_HASH}" > $GITHUB_OUTPUT | |
| fi | |
| outputs: | |
| environment_id: ${{ steps.set_environment_id.outputs.environment_id }} | |
| build: | |
| name: Build Application | |
| runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }} | |
| environment: pull-request | |
| steps: | |
| - name: Git Clone - ${{ github.event.pull_request.head.ref }} | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.pull_request.head.ref }} | |
| - name: Setup environment | |
| run: | | |
| echo "${HOME}/.asdf/bin" >> $GITHUB_PATH | |
| poetry install --no-root | |
| - name: Run Linting | |
| run: make lint | |
| - name: Run Unit Tests | |
| run: make test | |
| - name: Build Project | |
| run: make build | |
| - name: Configure Management Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: eu-west-2 | |
| role-to-assume: ${{ secrets.MGMT_ROLE_ARN }} | |
| role-session-name: github-actions-ci-${{ needs.set-environment-id.outputs.environment_id }} | |
| - name: Add S3 Permissions to Lambda | |
| run: | | |
| make get-s3-perms ENV=dev | |
| - name: Save Build Artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: build-artifacts | |
| path: | | |
| dist/*.zip | |
| !dist/nrlf_permissions.zip | |
| - name: Save NRLF Permissions cache | |
| uses: actions/cache/save@v4 | |
| with: | |
| key: ${{ github.run_id }}-nrlf-permissions | |
| path: dist/nrlf_permissions.zip | |
| - name: Add Failure Pull Request Comment | |
| uses: actions/github-script@v7 | |
| if: ${{ failure() }} | |
| with: | |
| script: | | |
| github.rest.issues.createComment({ | |
| issue_number: context.issue.number, | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| body: `💥 Something went wrong while building the pull request environment.\n[Check Output Logs](${context.serverUrl}/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId})` | |
| }) | |
| deploy: | |
| name: Deploy PR Environment | |
| runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }} | |
| environment: pull-request | |
| needs: [set-environment-id, build] | |
| steps: | |
| - name: Git Clone - ${{ github.event.pull_request.head.ref }} | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.pull_request.head.ref }} | |
| - name: Setup environment | |
| run: | | |
| echo "${HOME}/.asdf/bin" >> $GITHUB_PATH | |
| poetry install --no-root | |
| - name: Configure Management Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: eu-west-2 | |
| role-to-assume: ${{ secrets.MGMT_ROLE_ARN }} | |
| role-session-name: github-actions-ci-${{ needs.set-environment-id.outputs.environment_id }} | |
| - name: Download Artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: build-artifacts | |
| path: dist | |
| - name: Restore NRLF permissions cache | |
| uses: actions/cache/restore@v4 | |
| with: | |
| key: ${{ github.run_id }}-nrlf-permissions | |
| path: dist/nrlf_permissions.zip | |
| fail-on-cache-miss: true | |
| - name: Retrieve Server Certificates | |
| run: make truststore-pull-server ENV=dev | |
| - name: Terraform Init | |
| run: | | |
| terraform -chdir=terraform/infrastructure init | |
| terraform -chdir=terraform/infrastructure workspace new ${{ needs.set-environment-id.outputs.environment_id }} || \ | |
| terraform -chdir=terraform/infrastructure workspace select ${{ needs.set-environment-id.outputs.environment_id }} | |
| - name: Terraform Plan | |
| run: | | |
| terraform -chdir=terraform/infrastructure plan \ | |
| --var-file=etc/dev.tfvars \ | |
| --var assume_role_arn=${{ secrets.DEPLOY_ROLE_ARN }} \ | |
| --var use_shared_resources=$(poetry run python scripts/are_resources_shared_for_stack.py ${{ needs.set-environment-id.outputs.environment_id }}) \ | |
| -out tfplan | |
| - name: Terraform Apply | |
| id: terraform-apply | |
| run: terraform -chdir=terraform/infrastructure apply tfplan | |
| - name: Add Success Pull Request Comment | |
| uses: actions/github-script@v7 | |
| if: ${{ success() }} | |
| with: | |
| script: | | |
| github.rest.issues.createComment({ | |
| issue_number: context.issue.number, | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| body: "🚀 PR environment successfully deployed.\nCommit Hash: `${{ github.event.pull_request.head.sha }}`\nURL: https://${{ needs.set-environment-id.outputs.environment_id }}.api.record-locator.dev.national.nhs.uk/" | |
| }) | |
| - name: Add Failure Pull Request Comment | |
| uses: actions/github-script@v7 | |
| if: ${{ failure() }} | |
| with: | |
| script: | | |
| github.rest.issues.createComment({ | |
| issue_number: context.issue.number, | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| body: `💥 Something went wrong while deploying the pull request environment.\n[Check Output Logs](${context.serverUrl}/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId})` | |
| }) | |
| integration-test: | |
| name: Run Integration Tests | |
| needs: [set-environment-id, deploy] | |
| environment: pull-request | |
| runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }} | |
| steps: | |
| - name: Git Clone - ${{ github.event.pull_request.head.ref }} | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.pull_request.head.ref }} | |
| - name: Setup environment | |
| run: | | |
| echo "${HOME}/.asdf/bin" >> $GITHUB_PATH | |
| poetry install --no-root | |
| - name: Configure Management Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: eu-west-2 | |
| role-to-assume: ${{ secrets.MGMT_ROLE_ARN }} | |
| role-session-name: github-actions-ci-${{ needs.set-environment-id.outputs.environment_id }} | |
| - name: Retrieve Client Certificates | |
| run: make truststore-pull-client ENV=dev | |
| - name: Configure Dev Account Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: eu-west-2 | |
| role-chaining: true | |
| role-to-assume: ${{ secrets.DEPLOY_ROLE_ARN }} | |
| role-session-name: github-actions-ci-${{ needs.set-environment-id.outputs.environment_id }} | |
| - name: Run Integration Tests | |
| run: make test-features-integration TF_WORKSPACE_NAME=${{ needs.set-environment-id.outputs.environment_id }} | |
| smoke-test: | |
| name: Run Smoke Tests | |
| needs: [set-environment-id, integration-test] | |
| environment: pull-request | |
| runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }} | |
| steps: | |
| - name: Git Clone - ${{ github.event.pull_request.head.ref }} | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.pull_request.head.ref }} | |
| - name: Setup environment | |
| run: | | |
| echo "${HOME}/.asdf/bin" >> $GITHUB_PATH | |
| poetry install --no-root | |
| - name: Configure Management Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: eu-west-2 | |
| role-to-assume: ${{ secrets.MGMT_ROLE_ARN }} | |
| role-session-name: github-actions-ci-${{ needs.set-environment-id.outputs.environment_id }} | |
| - name: Terraform Init | |
| run: | | |
| terraform -chdir=terraform/infrastructure init | |
| terraform -chdir=terraform/infrastructure workspace new ${{ needs.set-environment-id.outputs.environment_id }} || \ | |
| terraform -chdir=terraform/infrastructure workspace select ${{ needs.set-environment-id.outputs.environment_id }} | |
| - name: Smoke Test | |
| run: | | |
| make ENV=dev truststore-pull-client | |
| make ENV=dev TF_WORKSPACE_NAME=${{ needs.set-environment-id.outputs.environment_id }} test-smoke-internal | |
| performance-test: | |
| name: Run Performance Tests | |
| needs: [set-environment-id, integration-test] | |
| environment: pull-request | |
| runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }} | |
| steps: | |
| - name: Git Clone - ${{ github.event.pull_request.head.ref }} | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.pull_request.head.ref }} | |
| - name: Setup environment | |
| run: | | |
| echo "${HOME}/.asdf/bin" >> $GITHUB_PATH | |
| poetry install --no-root | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: eu-west-2 | |
| role-to-assume: ${{ secrets.MGMT_ROLE_ARN }} | |
| role-session-name: github-actions-ci-${{ needs.set-environment-id.outputs.environment_id }} | |
| - name: Pull Client Certificates | |
| run: make truststore-pull-client ENV=dev | |
| - name: Configure Dev Account Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: eu-west-2 | |
| role-chaining: true | |
| role-to-assume: ${{ secrets.DEPLOY_ROLE_ARN }} | |
| role-session-name: github-actions-ci-${{ needs.set-environment-id.outputs.environment_id }} | |
| - name: Setup Environment Test Data | |
| run: make test-performance-prepare TF_WORKSPACE_NAME=${{ needs.set-environment-id.outputs.environment_id }} | |
| - name: Run Performance Test - Baseline | |
| run: make test-performance-baseline HOST=${{ needs.set-environment-id.outputs.environment_id }}.api.record-locator.dev.national.nhs.uk ENV_TYPE=dev | |
| - name: Run Performance Test - Stress | |
| run: make test-performance-stress HOST=${{ needs.set-environment-id.outputs.environment_id }}.api.record-locator.dev.national.nhs.uk ENV_TYPE=dev | |
| - name: Process Performance Test Outputs | |
| run: make test-performance-output | |
| - name: Store Performance Test Outputs | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: performance-test-outputs | |
| path: dist/*.png | |
| - name: Cleanup Environment Test Data | |
| run: make test-performance-cleanup TF_WORKSPACE_NAME=${{ needs.set-environment-id.outputs.environment_id }} |