From 4288b50ce37c8775accb57c8dca0485a5e4356c4 Mon Sep 17 00:00:00 2001 From: Michael Justus <209924279+micjustus-nc@users.noreply.github.com> Date: Wed, 4 Jun 2025 10:38:59 +0100 Subject: [PATCH 01/22] Receive parameters from CI pipeline --- .azuredevops/templates/steps/tf_plan.yaml | 8 +++++++- .github/workflows/stage-3-build.yaml | 17 ++++++++++++++++- 2 files changed, 23 insertions(+), 2 deletions(-) diff --git a/.azuredevops/templates/steps/tf_plan.yaml b/.azuredevops/templates/steps/tf_plan.yaml index 04b538e2..0e9dbf41 100644 --- a/.azuredevops/templates/steps/tf_plan.yaml +++ b/.azuredevops/templates/steps/tf_plan.yaml @@ -24,7 +24,13 @@ steps: provider: azurerm command: plan workingDirectory: $(TF_DIRECTORY) - commandOptions: -input=false -var-file=$(tfVarsFile) ${{ parameters.tfCommandOptions }} -out=$(Build.ArtifactStagingDirectory)/$(ENVIRONMENT).tfplan + commandOptions: > + -input=false + -var-file=$(tfVarsFile) + -var="image_commit_hash=$(image-hash)" + -var="registry_host=$(registry-host)" + ${{ parameters.tfCommandOptions }} + -out=$(Build.ArtifactStagingDirectory)/$(ENVIRONMENT).tfplan environmentServiceNameAzureRM: $(SERVICE_CONNECTION) - task: PublishBuildArtifacts@1 diff --git a/.github/workflows/stage-3-build.yaml b/.github/workflows/stage-3-build.yaml index 52421f55..1823c3e5 100644 --- a/.github/workflows/stage-3-build.yaml +++ b/.github/workflows/stage-3-build.yaml @@ -197,6 +197,7 @@ jobs: env: pr_num_tag: ${{ needs.containers-to-build.outputs.pr_num_tag }} short_commit_hash: ${{ needs.containers-to-build.outputs.short_commit_hash }} + project_name: ${{ inputs.project_name }} permissions: id-token: write contents: read @@ -234,7 +235,6 @@ jobs: env: container_registry: ${{ env.REGISTRY_HOST }} docker_services: ${{ needs.containers-to-build.outputs.docker_services }} - project_name: ${{ inputs.project_name }} run: | echo Running 'docker buildx imagetools' on remote repositories... @@ -251,6 +251,21 @@ jobs: docker buildx imagetools create "${registry_image}:${pr_num_tag}" --tag "${registry_image}:${short_commit_hash}" || echo "Tagging failed for $service" done + - uses: azure/login@v2 + with: + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + + - name: Call deployment pipeline + run: | + az pipelines run \ + --commit-id ${short_commit_hash} \ + --name cd-infrastructure-dev-core \ + --org https://dev.azure.com/nhse-dtos \ + --project ${project_name} \ + --parameters image-hash=${short_commit_hash} use-acr=${USE_AZURECR == 'true} registry-host=${REGISTRY_HOST} ENVIRONMENT=${ENVIRONMENT_TAG} + aggregate-reports: name: Aggregate reports runs-on: ubuntu-latest From c31afec28eb440ebbdaf9f45980b9af99513943a Mon Sep 17 00:00:00 2001 From: Michael Justus <209924279+micjustus-nc@users.noreply.github.com> Date: Wed, 4 Jun 2025 12:45:15 +0100 Subject: [PATCH 02/22] Update quotes for arguments --- .github/workflows/stage-3-build.yaml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/stage-3-build.yaml b/.github/workflows/stage-3-build.yaml index 1823c3e5..b5ff5d38 100644 --- a/.github/workflows/stage-3-build.yaml +++ b/.github/workflows/stage-3-build.yaml @@ -258,13 +258,18 @@ jobs: subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - name: Call deployment pipeline + if: success() run: | az pipelines run \ --commit-id ${short_commit_hash} \ --name cd-infrastructure-dev-core \ --org https://dev.azure.com/nhse-dtos \ --project ${project_name} \ - --parameters image-hash=${short_commit_hash} use-acr=${USE_AZURECR == 'true} registry-host=${REGISTRY_HOST} ENVIRONMENT=${ENVIRONMENT_TAG} + --parameters \ + image-hash="${short_commit_hash}" \ + use-acr="$([ "${USE_AZURECR}" = "true" ] && echo true || echo false)" \ + registry-host="${REGISTRY_HOST}" \ + ENVIRONMENT="${ENVIRONMENT_TAG}" aggregate-reports: name: Aggregate reports From 3e7698b065f853981c24a3d327ea3dc722162ad0 Mon Sep 17 00:00:00 2001 From: Michael Justus <209924279+micjustus-nc@users.noreply.github.com> Date: Wed, 4 Jun 2025 13:37:31 +0100 Subject: [PATCH 03/22] Call the pipeline on the same branch as the build template (not using a commit SHA) --- .github/workflows/stage-3-build.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/stage-3-build.yaml b/.github/workflows/stage-3-build.yaml index b5ff5d38..21e2ea87 100644 --- a/.github/workflows/stage-3-build.yaml +++ b/.github/workflows/stage-3-build.yaml @@ -259,9 +259,11 @@ jobs: - name: Call deployment pipeline if: success() + env: + BRANCH_NAME: ${{ github.ref_name }} run: | az pipelines run \ - --commit-id ${short_commit_hash} \ + --branch "${GITHUB_REF_NAME}" \ --name cd-infrastructure-dev-core \ --org https://dev.azure.com/nhse-dtos \ --project ${project_name} \ From 6ea3521ffb7549ef854e8986923fe77dc8873224 Mon Sep 17 00:00:00 2001 From: Michael Justus <209924279+micjustus-nc@users.noreply.github.com> Date: Wed, 4 Jun 2025 14:51:06 +0100 Subject: [PATCH 04/22] Enable test scenario --- .github/workflows/stage-3-build.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/stage-3-build.yaml b/.github/workflows/stage-3-build.yaml index 21e2ea87..30765af4 100644 --- a/.github/workflows/stage-3-build.yaml +++ b/.github/workflows/stage-3-build.yaml @@ -190,7 +190,7 @@ jobs: image_name: ${{ inputs.project_name }}-${{ matrix.function }} tag-all-repositories: - name: Merge commit tag all images + name: Merge commit tag all images || true if: github.ref == 'refs/heads/main' runs-on: ubuntu-latest needs: [build-and-push, containers-to-build] @@ -216,7 +216,7 @@ jobs: ref: main - name: AzureCLI login - if: env.USE_AZURECR == 'true' + if: env.USE_AZURECR == 'true' || true uses: azure/login@v2 with: client-id: ${{ secrets.AZURE_CLIENT_ID }} @@ -224,7 +224,7 @@ jobs: subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - name: ghcr.io login - if: env.USE_AZURECR == 'false' + if: env.USE_AZURECR == 'false' || true uses: docker/login-action@v3 with: registry: ghcr.io @@ -258,7 +258,7 @@ jobs: subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - name: Call deployment pipeline - if: success() + if: success() || true env: BRANCH_NAME: ${{ github.ref_name }} run: | From de580c8df199086b21c3407e505313dda5e2d2fb Mon Sep 17 00:00:00 2001 From: Michael Justus <209924279+micjustus-nc@users.noreply.github.com> Date: Wed, 4 Jun 2025 15:07:07 +0100 Subject: [PATCH 05/22] Ensure steps alway execute for testing --- .github/workflows/stage-3-build.yaml | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/.github/workflows/stage-3-build.yaml b/.github/workflows/stage-3-build.yaml index 30765af4..1faa7582 100644 --- a/.github/workflows/stage-3-build.yaml +++ b/.github/workflows/stage-3-build.yaml @@ -151,7 +151,8 @@ jobs: [[ -n "${ENVIRONMENT_TAG}" ]] && docker tag "${image_lc}:latest" "${reg_image}:${ENVIRONMENT_TAG}" - name: AzureCLI login - if: (github.ref == 'refs/heads/main' && env.USE_AZURECR == 'true') + if: always() + #if: (github.ref == 'refs/heads/main' && env.USE_AZURECR == 'true') uses: azure/login@v2 with: client-id: ${{ secrets.AZURE_CLIENT_ID }} @@ -167,7 +168,8 @@ jobs: password: ${{ github.token }} - name: Push Docker image - if: github.ref == 'refs/heads/main' + #if: github.ref == 'refs/heads/main' + if: always() working-directory: ${{ needs.containers-to-build.outputs.docker_compose_dir }} env: pr_num_tag: ${{ needs.containers-to-build.outputs.pr_num_tag }} @@ -190,8 +192,9 @@ jobs: image_name: ${{ inputs.project_name }}-${{ matrix.function }} tag-all-repositories: - name: Merge commit tag all images || true - if: github.ref == 'refs/heads/main' + name: Merge commit tag all images + #if: github.ref == 'refs/heads/main' + if: always() runs-on: ubuntu-latest needs: [build-and-push, containers-to-build] env: @@ -216,7 +219,8 @@ jobs: ref: main - name: AzureCLI login - if: env.USE_AZURECR == 'true' || true + #if: env.USE_AZURECR == 'true' + if: always() uses: azure/login@v2 with: client-id: ${{ secrets.AZURE_CLIENT_ID }} @@ -224,7 +228,8 @@ jobs: subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - name: ghcr.io login - if: env.USE_AZURECR == 'false' || true + #if: env.USE_AZURECR == 'false' + if: always() uses: docker/login-action@v3 with: registry: ghcr.io @@ -258,7 +263,8 @@ jobs: subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - name: Call deployment pipeline - if: success() || true + #if: success() + if: always() env: BRANCH_NAME: ${{ github.ref_name }} run: | From b695ac1948b4bf2ed771e84e1da1a2d5cf357970 Mon Sep 17 00:00:00 2001 From: Michael Justus <209924279+micjustus-nc@users.noreply.github.com> Date: Wed, 4 Jun 2025 16:05:21 +0100 Subject: [PATCH 06/22] Format update for all services output; update ref for testing; --- .github/workflows/stage-3-build.yaml | 8 ++++---- scripts/deployments/get-docker-names.sh | 5 ++++- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/.github/workflows/stage-3-build.yaml b/.github/workflows/stage-3-build.yaml index 1faa7582..cc25e5ee 100644 --- a/.github/workflows/stage-3-build.yaml +++ b/.github/workflows/stage-3-build.yaml @@ -64,7 +64,7 @@ jobs: with: repository: NHSDigital/dtos-devops-templates path: templates - ref: main + ref: ${{ github.ref }} - name: Determine which Docker container(s) to build id: get-function-names @@ -126,7 +126,7 @@ jobs: with: repository: NHSDigital/dtos-devops-templates path: templates - ref: main + ref: ${{ github.ref }} - name: Build Docker image id: docker_image @@ -216,7 +216,7 @@ jobs: with: repository: NHSDigital/dtos-devops-templates path: templates - ref: main + ref: ${{ github.ref }} - name: AzureCLI login #if: env.USE_AZURECR == 'true' @@ -239,7 +239,7 @@ jobs: - name: Tag all Registry Container images env: container_registry: ${{ env.REGISTRY_HOST }} - docker_services: ${{ needs.containers-to-build.outputs.docker_services }} + docker_services: ${{ fromJSON(needs.containers-to-build.outputs.docker_services) }} run: | echo Running 'docker buildx imagetools' on remote repositories... diff --git a/scripts/deployments/get-docker-names.sh b/scripts/deployments/get-docker-names.sh index 0fcfc0a4..34945809 100644 --- a/scripts/deployments/get-docker-names.sh +++ b/scripts/deployments/get-docker-names.sh @@ -156,7 +156,10 @@ EOF fi changed_services_json="$(jq -c -n '$ARGS.positional | unique' --args "${changed_services[@]}")" -services_json="$(jq -c -n '$ARGS.positional | unique' --args "${docker_services_map[@]}")" + +args=("${docker_services_map[@]}") +services_json=$(jq -c -n '$ARGS.positional | unique' --args "${args[@]}") + IFS=$IFS_OLD echo "List of services to build:" From e15ab9ea4df85ac3a5f37265acb2d79e5645c52d Mon Sep 17 00:00:00 2001 From: Michael Justus <209924279+micjustus-nc@users.noreply.github.com> Date: Wed, 4 Jun 2025 16:31:45 +0100 Subject: [PATCH 07/22] Fix incorrect refs --- .github/workflows/stage-3-build.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/stage-3-build.yaml b/.github/workflows/stage-3-build.yaml index cc25e5ee..281d911e 100644 --- a/.github/workflows/stage-3-build.yaml +++ b/.github/workflows/stage-3-build.yaml @@ -64,7 +64,7 @@ jobs: with: repository: NHSDigital/dtos-devops-templates path: templates - ref: ${{ github.ref }} + ref: feat/dtoss-9326-trigger-cd-pipeline-with-commit - name: Determine which Docker container(s) to build id: get-function-names @@ -126,7 +126,7 @@ jobs: with: repository: NHSDigital/dtos-devops-templates path: templates - ref: ${{ github.ref }} + ref: feat/dtoss-9326-trigger-cd-pipeline-with-commit - name: Build Docker image id: docker_image @@ -216,7 +216,7 @@ jobs: with: repository: NHSDigital/dtos-devops-templates path: templates - ref: ${{ github.ref }} + ref: feat/dtoss-9326-trigger-cd-pipeline-with-commit - name: AzureCLI login #if: env.USE_AZURECR == 'true' From 1a2855fc5a27e6f09ac5a645eb7a093a63746376 Mon Sep 17 00:00:00 2001 From: Michael Justus <209924279+micjustus-nc@users.noreply.github.com> Date: Wed, 4 Jun 2025 16:57:04 +0100 Subject: [PATCH 08/22] Fix reference to branch name instead of PR name --- .github/workflows/stage-3-build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/stage-3-build.yaml b/.github/workflows/stage-3-build.yaml index 281d911e..e13f4b02 100644 --- a/.github/workflows/stage-3-build.yaml +++ b/.github/workflows/stage-3-build.yaml @@ -269,7 +269,7 @@ jobs: BRANCH_NAME: ${{ github.ref_name }} run: | az pipelines run \ - --branch "${GITHUB_REF_NAME}" \ + --branch "feat/dtoss-9326-trigger-cd-pipeline-with-commit" \ --name cd-infrastructure-dev-core \ --org https://dev.azure.com/nhse-dtos \ --project ${project_name} \ From f3d8d4f50a7b67df646128620c123d0dc81d8842 Mon Sep 17 00:00:00 2001 From: Michael Justus <209924279+micjustus-nc@users.noreply.github.com> Date: Wed, 4 Jun 2025 17:19:52 +0100 Subject: [PATCH 09/22] Parameter definition updates --- .azuredevops/templates/steps/tf_plan.yaml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/.azuredevops/templates/steps/tf_plan.yaml b/.azuredevops/templates/steps/tf_plan.yaml index 0e9dbf41..1dadb554 100644 --- a/.azuredevops/templates/steps/tf_plan.yaml +++ b/.azuredevops/templates/steps/tf_plan.yaml @@ -4,6 +4,11 @@ parameters: - name: tfCommandOptions type: string default: '' + - name: image-hash + type: string + default: '' + - name: registry-host + type: string steps: - template: tf_init.yaml @@ -27,8 +32,8 @@ steps: commandOptions: > -input=false -var-file=$(tfVarsFile) - -var="image_commit_hash=$(image-hash)" - -var="registry_host=$(registry-host)" + -var="image_commit_hash=${{ parameters.image-hash }}" + -var="registry_host=${{ parameters.registry-host }}" ${{ parameters.tfCommandOptions }} -out=$(Build.ArtifactStagingDirectory)/$(ENVIRONMENT).tfplan environmentServiceNameAzureRM: $(SERVICE_CONNECTION) From dfb4761a398245ec66e8a5e7f38648622e522467 Mon Sep 17 00:00:00 2001 From: Michael Justus <209924279+micjustus-nc@users.noreply.github.com> Date: Wed, 4 Jun 2025 17:44:58 +0100 Subject: [PATCH 10/22] Update parameter name casing --- .azuredevops/templates/steps/tf_plan.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.azuredevops/templates/steps/tf_plan.yaml b/.azuredevops/templates/steps/tf_plan.yaml index 1dadb554..c99ab848 100644 --- a/.azuredevops/templates/steps/tf_plan.yaml +++ b/.azuredevops/templates/steps/tf_plan.yaml @@ -4,10 +4,10 @@ parameters: - name: tfCommandOptions type: string default: '' - - name: image-hash + - name: imageHash type: string default: '' - - name: registry-host + - name: registryHost type: string steps: @@ -32,8 +32,8 @@ steps: commandOptions: > -input=false -var-file=$(tfVarsFile) - -var="image_commit_hash=${{ parameters.image-hash }}" - -var="registry_host=${{ parameters.registry-host }}" + -var="image_commit_hash=${{ parameters.imageHash }}" + -var="registry_host=${{ parameters.registryHost }}" ${{ parameters.tfCommandOptions }} -out=$(Build.ArtifactStagingDirectory)/$(ENVIRONMENT).tfplan environmentServiceNameAzureRM: $(SERVICE_CONNECTION) From 486b3d0dc06c1054bf3923f4b6e05cf6a7204cf9 Mon Sep 17 00:00:00 2001 From: Michael Justus <209924279+micjustus-nc@users.noreply.github.com> Date: Wed, 4 Jun 2025 17:55:20 +0100 Subject: [PATCH 11/22] Remove unnecessary parameter --- .github/workflows/stage-3-build.yaml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.github/workflows/stage-3-build.yaml b/.github/workflows/stage-3-build.yaml index e13f4b02..b0f8ab97 100644 --- a/.github/workflows/stage-3-build.yaml +++ b/.github/workflows/stage-3-build.yaml @@ -274,10 +274,8 @@ jobs: --org https://dev.azure.com/nhse-dtos \ --project ${project_name} \ --parameters \ - image-hash="${short_commit_hash}" \ - use-acr="$([ "${USE_AZURECR}" = "true" ] && echo true || echo false)" \ - registry-host="${REGISTRY_HOST}" \ - ENVIRONMENT="${ENVIRONMENT_TAG}" + imageHash="${short_commit_hash}" \ + registryHost="${REGISTRY_HOST}" aggregate-reports: name: Aggregate reports From 3b9d7240a6431dc1b7f27693b46f38e58bd7bb6d Mon Sep 17 00:00:00 2001 From: Michael Justus <209924279+micjustus-nc@users.noreply.github.com> Date: Thu, 5 Jun 2025 11:52:11 +0100 Subject: [PATCH 12/22] Fix variable reference issue --- scripts/deployments/get-docker-names.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/deployments/get-docker-names.sh b/scripts/deployments/get-docker-names.sh index 34945809..bbc13963 100644 --- a/scripts/deployments/get-docker-names.sh +++ b/scripts/deployments/get-docker-names.sh @@ -165,7 +165,7 @@ IFS=$IFS_OLD echo "List of services to build:" echo "${changed_services_json}" echo "FUNC_NAMES=${changed_services_json}" >> "${GITHUB_OUTPUT}" -echo "ALL_SERVICES=%{services_json}" >> "${GITHUB_OUTPUT}" +echo "ALL_SERVICES=${services_json}" >> "${GITHUB_OUTPUT}" # Assumes all compose files are together in the same folder echo "DOCKER_COMPOSE_DIR=$(dirname "${compose_file}")" >> "${GITHUB_OUTPUT}" From ba228e7da15c193116e6192be6d6b6f1c6af0c72 Mon Sep 17 00:00:00 2001 From: Michael Justus <209924279+micjustus-nc@users.noreply.github.com> Date: Thu, 5 Jun 2025 15:07:37 +0100 Subject: [PATCH 13/22] Issue with docker services JSON array --- .github/workflows/stage-3-build.yaml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/stage-3-build.yaml b/.github/workflows/stage-3-build.yaml index b0f8ab97..88509e2d 100644 --- a/.github/workflows/stage-3-build.yaml +++ b/.github/workflows/stage-3-build.yaml @@ -239,7 +239,8 @@ jobs: - name: Tag all Registry Container images env: container_registry: ${{ env.REGISTRY_HOST }} - docker_services: ${{ fromJSON(needs.containers-to-build.outputs.docker_services) }} + docker_services: >- + ${{ join(fromJSON(needs.containers-to-build.outputs.docker_services || '[]'), '\n') }} run: | echo Running 'docker buildx imagetools' on remote repositories... @@ -247,13 +248,13 @@ jobs: az acr login --name "${ACR_NAME}" fi - services=($(echo "$docker_services" | jq -r '.[]')) - for service in "${services[@]}"; do + echo "$docker_services" | while IFS= read -r service; do image_name="${project_name}-${service}" registry_image=${container_registry,,}/${image_name,,} echo "Adding tag ${short_commit_hash} to ${image_name}..." - docker buildx imagetools create "${registry_image}:${pr_num_tag}" --tag "${registry_image}:${short_commit_hash}" || echo "Tagging failed for $service" + docker buildx imagetools create "${registry_image}:${pr_num_tag}" --tag "${registry_image}:${short_commit_hash}" \ + || echo "Tagging failed for $service" done - uses: azure/login@v2 From 7ebf937a8f077cb4599b01332a18653448f2b8e6 Mon Sep 17 00:00:00 2001 From: Michael Justus <209924279+micjustus-nc@users.noreply.github.com> Date: Thu, 5 Jun 2025 15:19:53 +0100 Subject: [PATCH 14/22] Update services to separate by comma --- .github/workflows/stage-3-build.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/stage-3-build.yaml b/.github/workflows/stage-3-build.yaml index 88509e2d..c80a28cd 100644 --- a/.github/workflows/stage-3-build.yaml +++ b/.github/workflows/stage-3-build.yaml @@ -240,7 +240,7 @@ jobs: env: container_registry: ${{ env.REGISTRY_HOST }} docker_services: >- - ${{ join(fromJSON(needs.containers-to-build.outputs.docker_services || '[]'), '\n') }} + ${{ join(fromJSON(needs.containers-to-build.outputs.docker_services || '[]'), ',') }} run: | echo Running 'docker buildx imagetools' on remote repositories... @@ -248,7 +248,7 @@ jobs: az acr login --name "${ACR_NAME}" fi - echo "$docker_services" | while IFS= read -r service; do + echo "$docker_services" | while IFS=, read -r service; do image_name="${project_name}-${service}" registry_image=${container_registry,,}/${image_name,,} From 00ca16d60b88085801ca96836260bc95fb6473ef Mon Sep 17 00:00:00 2001 From: Michael Justus <209924279+micjustus-nc@users.noreply.github.com> Date: Thu, 5 Jun 2025 15:49:05 +0100 Subject: [PATCH 15/22] Fix correct item separation using comma --- .github/workflows/stage-3-build.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/stage-3-build.yaml b/.github/workflows/stage-3-build.yaml index c80a28cd..3108571c 100644 --- a/.github/workflows/stage-3-build.yaml +++ b/.github/workflows/stage-3-build.yaml @@ -248,7 +248,8 @@ jobs: az acr login --name "${ACR_NAME}" fi - echo "$docker_services" | while IFS=, read -r service; do + IFS=',' read -ra services <<< "$docker_services" + for service in "${services[@]}"; do image_name="${project_name}-${service}" registry_image=${container_registry,,}/${image_name,,} From e2ee32849164fa825ead554c7e8c380224d66cb1 Mon Sep 17 00:00:00 2001 From: Michael Justus <209924279+micjustus-nc@users.noreply.github.com> Date: Fri, 6 Jun 2025 11:04:01 +0100 Subject: [PATCH 16/22] Remove unnecessary parameter --- .github/workflows/stage-3-build.yaml | 2 -- .gitignore | 2 ++ 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/stage-3-build.yaml b/.github/workflows/stage-3-build.yaml index 3108571c..0dd073c0 100644 --- a/.github/workflows/stage-3-build.yaml +++ b/.github/workflows/stage-3-build.yaml @@ -267,8 +267,6 @@ jobs: - name: Call deployment pipeline #if: success() if: always() - env: - BRANCH_NAME: ${{ github.ref_name }} run: | az pipelines run \ --branch "feat/dtoss-9326-trigger-cd-pipeline-with-commit" \ diff --git a/.gitignore b/.gitignore index 969c6f2c..38ee8762 100644 --- a/.gitignore +++ b/.gitignore @@ -75,3 +75,5 @@ coverage.xml .pyre/ .pylint.d/ .prof +__azurite_db_blob__.json +__azurite_db_blob_extent__.json From b0b3a9f72ff3eded9d2ac992d8667865e8251825 Mon Sep 17 00:00:00 2001 From: Michael Justus <209924279+micjustus-nc@users.noreply.github.com> Date: Fri, 6 Jun 2025 11:13:44 +0100 Subject: [PATCH 17/22] Add required properties to build-3 pipeline --- .github/workflows/cicd-1-pull-request.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/cicd-1-pull-request.yaml b/.github/workflows/cicd-1-pull-request.yaml index cd068ec0..d6b078be 100644 --- a/.github/workflows/cicd-1-pull-request.yaml +++ b/.github/workflows/cicd-1-pull-request.yaml @@ -105,6 +105,12 @@ jobs: python_version: "${{ needs.metadata.outputs.python_version }}" terraform_version: "${{ needs.metadata.outputs.terraform_version }}" version: "${{ needs.metadata.outputs.version }}" + + docker_compose_file_csv_list: project-compose.yaml + excluded_containers_csv_list: exclude-service-1,exclude-service-2 + environment_tag: ${{ needs.metadata.outputs.environment_tag }} + function_app_source_code_path: source-folder + project_name: project-pipeline-name secrets: inherit acceptance-stage: # Recommended maximum execution time is 10 minutes name: "Acceptance stage" From 8010f9d954f9ac7220f5f3197b2fd8c22d05d389 Mon Sep 17 00:00:00 2001 From: Michael Justus <209924279+micjustus-nc@users.noreply.github.com> Date: Fri, 6 Jun 2025 11:15:01 +0100 Subject: [PATCH 18/22] Remove parameters not defined in referenced workflow --- .github/workflows/cicd-1-pull-request.yaml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/.github/workflows/cicd-1-pull-request.yaml b/.github/workflows/cicd-1-pull-request.yaml index d6b078be..1bcb4d80 100644 --- a/.github/workflows/cicd-1-pull-request.yaml +++ b/.github/workflows/cicd-1-pull-request.yaml @@ -98,14 +98,6 @@ jobs: uses: ./.github/workflows/stage-3-build.yaml if: needs.metadata.outputs.does_pull_request_exist == 'true' || (github.event_name == 'pull_request' && (github.event.action == 'opened' || github.event.action == 'reopened')) with: - build_datetime: "${{ needs.metadata.outputs.build_datetime }}" - build_timestamp: "${{ needs.metadata.outputs.build_timestamp }}" - build_epoch: "${{ needs.metadata.outputs.build_epoch }}" - nodejs_version: "${{ needs.metadata.outputs.nodejs_version }}" - python_version: "${{ needs.metadata.outputs.python_version }}" - terraform_version: "${{ needs.metadata.outputs.terraform_version }}" - version: "${{ needs.metadata.outputs.version }}" - docker_compose_file_csv_list: project-compose.yaml excluded_containers_csv_list: exclude-service-1,exclude-service-2 environment_tag: ${{ needs.metadata.outputs.environment_tag }} From 14db980b0d5fd6a65b5034743ab25c6d65ec1fa6 Mon Sep 17 00:00:00 2001 From: Michael Justus <209924279+micjustus-nc@users.noreply.github.com> Date: Fri, 6 Jun 2025 11:46:15 +0100 Subject: [PATCH 19/22] Prepare for PR --- .github/workflows/stage-3-build.yaml | 24 +++++++++--------------- 1 file changed, 9 insertions(+), 15 deletions(-) diff --git a/.github/workflows/stage-3-build.yaml b/.github/workflows/stage-3-build.yaml index 0dd073c0..59fcbc0c 100644 --- a/.github/workflows/stage-3-build.yaml +++ b/.github/workflows/stage-3-build.yaml @@ -64,7 +64,7 @@ jobs: with: repository: NHSDigital/dtos-devops-templates path: templates - ref: feat/dtoss-9326-trigger-cd-pipeline-with-commit + ref: main - name: Determine which Docker container(s) to build id: get-function-names @@ -126,7 +126,7 @@ jobs: with: repository: NHSDigital/dtos-devops-templates path: templates - ref: feat/dtoss-9326-trigger-cd-pipeline-with-commit + ref: main - name: Build Docker image id: docker_image @@ -151,8 +151,7 @@ jobs: [[ -n "${ENVIRONMENT_TAG}" ]] && docker tag "${image_lc}:latest" "${reg_image}:${ENVIRONMENT_TAG}" - name: AzureCLI login - if: always() - #if: (github.ref == 'refs/heads/main' && env.USE_AZURECR == 'true') + if: (github.ref == 'refs/heads/main' && env.USE_AZURECR == 'true') uses: azure/login@v2 with: client-id: ${{ secrets.AZURE_CLIENT_ID }} @@ -168,8 +167,7 @@ jobs: password: ${{ github.token }} - name: Push Docker image - #if: github.ref == 'refs/heads/main' - if: always() + if: github.ref == 'refs/heads/main' working-directory: ${{ needs.containers-to-build.outputs.docker_compose_dir }} env: pr_num_tag: ${{ needs.containers-to-build.outputs.pr_num_tag }} @@ -193,8 +191,7 @@ jobs: tag-all-repositories: name: Merge commit tag all images - #if: github.ref == 'refs/heads/main' - if: always() + if: github.ref == 'refs/heads/main' runs-on: ubuntu-latest needs: [build-and-push, containers-to-build] env: @@ -216,11 +213,10 @@ jobs: with: repository: NHSDigital/dtos-devops-templates path: templates - ref: feat/dtoss-9326-trigger-cd-pipeline-with-commit + ref: main - name: AzureCLI login - #if: env.USE_AZURECR == 'true' - if: always() + if: env.USE_AZURECR == 'true' uses: azure/login@v2 with: client-id: ${{ secrets.AZURE_CLIENT_ID }} @@ -228,8 +224,7 @@ jobs: subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - name: ghcr.io login - #if: env.USE_AZURECR == 'false' - if: always() + if: env.USE_AZURECR == 'false' uses: docker/login-action@v3 with: registry: ghcr.io @@ -265,8 +260,7 @@ jobs: subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - name: Call deployment pipeline - #if: success() - if: always() + if: success() run: | az pipelines run \ --branch "feat/dtoss-9326-trigger-cd-pipeline-with-commit" \ From c638f7703fa142e6a1692a3c4383aea8ae91d9a2 Mon Sep 17 00:00:00 2001 From: Michael Justus <209924279+micjustus-nc@users.noreply.github.com> Date: Fri, 6 Jun 2025 13:16:05 +0100 Subject: [PATCH 20/22] =?UTF-8?q?Update=20branch=20name=20used=20to=20run?= =?UTF-8?q?=20as=20"main"=E2=84=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/stage-3-build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/stage-3-build.yaml b/.github/workflows/stage-3-build.yaml index 59fcbc0c..90411e9b 100644 --- a/.github/workflows/stage-3-build.yaml +++ b/.github/workflows/stage-3-build.yaml @@ -263,7 +263,7 @@ jobs: if: success() run: | az pipelines run \ - --branch "feat/dtoss-9326-trigger-cd-pipeline-with-commit" \ + --branch "main" \ --name cd-infrastructure-dev-core \ --org https://dev.azure.com/nhse-dtos \ --project ${project_name} \ From 56098cb2d70ac6bfd3636ada1e81fa2fff8fb700 Mon Sep 17 00:00:00 2001 From: Michael Justus <209924279+micjustus-nc@users.noreply.github.com> Date: Fri, 6 Jun 2025 13:38:43 +0100 Subject: [PATCH 21/22] Update build stage parameter values --- .github/workflows/cicd-1-pull-request.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/cicd-1-pull-request.yaml b/.github/workflows/cicd-1-pull-request.yaml index 1bcb4d80..fd6487d3 100644 --- a/.github/workflows/cicd-1-pull-request.yaml +++ b/.github/workflows/cicd-1-pull-request.yaml @@ -98,10 +98,10 @@ jobs: uses: ./.github/workflows/stage-3-build.yaml if: needs.metadata.outputs.does_pull_request_exist == 'true' || (github.event_name == 'pull_request' && (github.event.action == 'opened' || github.event.action == 'reopened')) with: - docker_compose_file_csv_list: project-compose.yaml - excluded_containers_csv_list: exclude-service-1,exclude-service-2 + docker_compose_file_csv_list: compose.yaml + excluded_containers_csv_list: azurite,azurite-setup,sql-database,database-setup,db environment_tag: ${{ needs.metadata.outputs.environment_tag }} - function_app_source_code_path: source-folder + function_app_source_code_path: src project_name: project-pipeline-name secrets: inherit acceptance-stage: # Recommended maximum execution time is 10 minutes From 5bb57f1653d9f0533250ae45d10b7687e30a4c35 Mon Sep 17 00:00:00 2001 From: Michael Justus <209924279+micjustus-nc@users.noreply.github.com> Date: Fri, 6 Jun 2025 14:00:06 +0100 Subject: [PATCH 22/22] Testing default registry host value in pipeline --- .azuredevops/templates/steps/tf_plan.yaml | 10 ++-------- .github/workflows/stage-3-build.yaml | 8 ++++---- 2 files changed, 6 insertions(+), 12 deletions(-) diff --git a/.azuredevops/templates/steps/tf_plan.yaml b/.azuredevops/templates/steps/tf_plan.yaml index c99ab848..1b4e5eca 100644 --- a/.azuredevops/templates/steps/tf_plan.yaml +++ b/.azuredevops/templates/steps/tf_plan.yaml @@ -2,13 +2,7 @@ parameters: - name: tfCommandOptions - type: string default: '' - - name: imageHash - type: string - default: '' - - name: registryHost - type: string steps: - template: tf_init.yaml @@ -32,8 +26,8 @@ steps: commandOptions: > -input=false -var-file=$(tfVarsFile) - -var="image_commit_hash=${{ parameters.imageHash }}" - -var="registry_host=${{ parameters.registryHost }}" + -var="image_commit_hash=$(imageHash)" + -var="registry_host=$(registryHost)" ${{ parameters.tfCommandOptions }} -out=$(Build.ArtifactStagingDirectory)/$(ENVIRONMENT).tfplan environmentServiceNameAzureRM: $(SERVICE_CONNECTION) diff --git a/.github/workflows/stage-3-build.yaml b/.github/workflows/stage-3-build.yaml index 90411e9b..904a8cf6 100644 --- a/.github/workflows/stage-3-build.yaml +++ b/.github/workflows/stage-3-build.yaml @@ -235,7 +235,7 @@ jobs: env: container_registry: ${{ env.REGISTRY_HOST }} docker_services: >- - ${{ join(fromJSON(needs.containers-to-build.outputs.docker_services || '[]'), ',') }} + ${{ needs.containers-to-build.outputs.docker_services && join(fromJSON(needs.containers-to-build.outputs.docker_services || '[]'), ',') }} run: | echo Running 'docker buildx imagetools' on remote repositories... @@ -261,15 +261,15 @@ jobs: - name: Call deployment pipeline if: success() + env: + container_registry: ${{ env.REGISTRY_HOST }} run: | az pipelines run \ --branch "main" \ --name cd-infrastructure-dev-core \ --org https://dev.azure.com/nhse-dtos \ --project ${project_name} \ - --parameters \ - imageHash="${short_commit_hash}" \ - registryHost="${REGISTRY_HOST}" + --parameters "imageHash=${short_commit_hash}" "registryHost=${container_registry,,}" aggregate-reports: name: Aggregate reports