Renovate update admin minor and patch updates (PHP 8.2) #4498
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "[Workflow] PR Environment" | |
concurrency: | |
group: ${{ github.ref }}-${{ github.workflow }} | |
defaults: | |
run: | |
shell: bash | |
on: | |
pull_request: | |
branches: | |
- main | |
permissions: | |
contents: write | |
security-events: write | |
pull-requests: read | |
actions: none | |
checks: none | |
deployments: none | |
issues: none | |
packages: none | |
repository-projects: none | |
statuses: none | |
jobs: | |
workflow_variables: | |
name: Output workflow variables | |
runs-on: ubuntu-latest | |
outputs: | |
short_sha: ${{ steps.short_sha.outputs.short_sha }} | |
safe_branch_name: ${{ steps.safe_branch_name.outputs.safe }} | |
workspace_name: ${{ steps.set_workspace_name.outputs.workspace_name }} | |
environment_terraform_version: ${{ steps.terraform_version_environment.outputs.version }} | |
account_terraform_version: ${{ steps.terraform_version_account.outputs.version }} | |
region_terraform_version: ${{ steps.terraform_version_region.outputs.version }} | |
email_terraform_version: ${{ steps.terraform_version_email.outputs.version }} | |
steps: | |
- name: Set safe branch name | |
id: safe_branch_name | |
uses: ministryofjustice/opg-github-actions/.github/actions/[email protected] | |
- name: Set workspace name | |
id: set_workspace_name | |
run: | | |
echo "workspace_name=${{ github.event.number }}${{ steps.safe_branch_name.outputs.safe }}" >> $GITHUB_OUTPUT | |
- name: Set output to short SHA | |
id: short_sha | |
env: | |
HEAD_GITHUB_SHA: ${{ github.event.pull_request.head.sha }} | |
run: echo "short_sha=${HEAD_GITHUB_SHA::7}" >> $GITHUB_OUTPUT | |
- name: Set terraform version - environment | |
id: terraform_version_environment | |
uses: ministryofjustice/opg-github-actions/.github/actions/[email protected] | |
with: | |
terraform_directory: "./terraform/environment" | |
- name : Set terraform version - account | |
id: terraform_version_account | |
uses: ministryofjustice/opg-github-actions/.github/actions/[email protected] | |
with: | |
terraform_directory: "./terraform/account" | |
- name: Set terraform version - region | |
id: terraform_version_region | |
uses: ministryofjustice/opg-github-actions/.github/actions/[email protected] | |
with: | |
terraform_directory: "./terraform/region" | |
- name: Set terraform version - email | |
id: terraform_version_email | |
uses: ministryofjustice/opg-github-actions/.github/actions/[email protected] | |
with: | |
terraform_directory: "./terraform/email" | |
terraform_lint: | |
name: TF - Lint | |
needs: | |
- workflow_variables | |
uses: ministryofjustice/opg-github-workflows/.github/workflows/[email protected] | |
with: | |
terraform_version: ${{ needs.workflow_variables.outputs.environment_terraform_version }} | |
phpunit_tests: | |
name: Run PHPUnit tests | |
uses: ./.github/workflows/phpunit.yml | |
secrets: inherit | |
docker_build_scan_push: | |
name: Docker Build, Scan and Push | |
uses: ./.github/workflows/docker_job.yml | |
needs: | |
- workflow_variables | |
with: | |
tag: ${{ needs.workflow_variables.outputs.short_sha }} | |
secrets: inherit | |
terraform_account_development: | |
name: TF Development - Account | |
uses: ministryofjustice/opg-github-workflows/.github/workflows/[email protected] | |
needs: | |
- terraform_lint | |
- workflow_variables | |
with: | |
terraform_version: ${{ needs.workflow_variables.outputs.account_terraform_version }} | |
terraform_workspace: development | |
is_ephemeral: false | |
workspace_manager_aws_account_id: "050256574573" | |
workspace_manager_aws_iam_role: opg-lpa-ci | |
terraform_apply: true | |
terraform_directory: ./terraform/account | |
secrets: | |
GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
PAGERDUTY_TOKEN: ${{ secrets.PAGERDUTY_TOKEN }} | |
AWS_ACCESS_KEY_ID_ACTIONS: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} | |
AWS_SECRET_ACCESS_KEY_ACTIONS: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} | |
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} | |
terraform_region_development: | |
name: TF Development - Region | |
uses: ministryofjustice/opg-github-workflows/.github/workflows/[email protected] | |
needs: | |
- terraform_lint | |
- workflow_variables | |
with: | |
terraform_version: ${{ needs.workflow_variables.outputs.region_terraform_version }} | |
terraform_workspace: development | |
is_ephemeral: false | |
workspace_manager_aws_account_id: "050256574573" | |
workspace_manager_aws_iam_role: opg-lpa-ci | |
terraform_apply: true | |
terraform_directory: ./terraform/region | |
secrets: | |
GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
PAGERDUTY_TOKEN: ${{ secrets.PAGERDUTY_TOKEN }} | |
AWS_ACCESS_KEY_ID_ACTIONS: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} | |
AWS_SECRET_ACCESS_KEY_ACTIONS: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} | |
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} | |
terraform_email_development: | |
name: TF Development - Email | |
uses: ministryofjustice/opg-github-workflows/.github/workflows/[email protected] | |
needs: | |
- terraform_lint | |
- workflow_variables | |
with: | |
terraform_version: ${{ needs.workflow_variables.outputs.email_terraform_version }} | |
terraform_workspace: development | |
is_ephemeral: false | |
workspace_manager_aws_account_id: "050256574573" | |
workspace_manager_aws_iam_role: opg-lpa-ci | |
terraform_apply: true | |
terraform_directory: ./terraform/email | |
secrets: | |
GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
PAGERDUTY_TOKEN: ${{ secrets.PAGERDUTY_TOKEN }} | |
AWS_ACCESS_KEY_ID_ACTIONS: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} | |
AWS_SECRET_ACCESS_KEY_ACTIONS: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} | |
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} | |
terraform_environment_development: | |
name: TF Development - Environment | |
uses: ministryofjustice/opg-github-workflows/.github/workflows/[email protected] | |
needs: | |
- docker_build_scan_push | |
- phpunit_tests | |
- workflow_variables | |
- terraform_email_development | |
- terraform_account_development | |
- terraform_region_development | |
with: | |
terraform_version: ${{ needs.workflow_variables.outputs.environment_terraform_version }} | |
use_ssh_private_key: true | |
terraform_workspace: ${{ needs.workflow_variables.outputs.workspace_name }} | |
is_ephemeral: true | |
workspace_manager_aws_account_id: "050256574573" | |
workspace_manager_aws_iam_role: opg-lpa-ci | |
terraform_apply: true | |
terraform_directory: ./terraform/environment | |
terraform_variables: "-var container_version=${{ needs.workflow_variables.outputs.short_sha }}" | |
persist_artifacts: true | |
secrets: | |
GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
PAGERDUTY_TOKEN: ${{ secrets.PAGERDUTY_TOKEN }} | |
AWS_ACCESS_KEY_ID_ACTIONS: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} | |
AWS_SECRET_ACCESS_KEY_ACTIONS: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} | |
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} | |
terraform_account_preproduction: | |
name: TF Preproduction Plan - Account | |
uses: ministryofjustice/opg-github-workflows/.github/workflows/[email protected] | |
needs: | |
- workflow_variables | |
- terraform_lint | |
with: | |
terraform_version: ${{ needs.workflow_variables.outputs.account_terraform_version }} | |
terraform_workspace: preproduction | |
is_ephemeral: false | |
workspace_manager_aws_account_id: "987830934591" | |
workspace_manager_aws_iam_role: opg-lpa-ci | |
terraform_apply: false | |
terraform_directory: ./terraform/account | |
secrets: | |
GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
PAGERDUTY_TOKEN: ${{ secrets.PAGERDUTY_TOKEN }} | |
AWS_ACCESS_KEY_ID_ACTIONS: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} | |
AWS_SECRET_ACCESS_KEY_ACTIONS: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} | |
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} | |
terraform_region_preproduction: | |
name: TF Preproduction Plan - Region | |
uses: ministryofjustice/opg-github-workflows/.github/workflows/[email protected] | |
needs: | |
- workflow_variables | |
- terraform_lint | |
with: | |
terraform_version: ${{ needs.workflow_variables.outputs.region_terraform_version }} | |
terraform_workspace: preproduction | |
is_ephemeral: false | |
workspace_manager_aws_account_id: "987830934591" | |
workspace_manager_aws_iam_role: opg-lpa-ci | |
terraform_apply: false | |
terraform_directory: ./terraform/region | |
secrets: | |
GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
PAGERDUTY_TOKEN: ${{ secrets.PAGERDUTY_TOKEN }} | |
AWS_ACCESS_KEY_ID_ACTIONS: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} | |
AWS_SECRET_ACCESS_KEY_ACTIONS: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} | |
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} | |
terraform_environment_preproduction: | |
name: TF Preproduction Plan - Environment | |
uses: ministryofjustice/opg-github-workflows/.github/workflows/[email protected] | |
needs: | |
- workflow_variables | |
- terraform_lint | |
with: | |
terraform_version: ${{ needs.workflow_variables.outputs.environment_terraform_version }} | |
use_ssh_private_key: true | |
terraform_workspace: preproduction | |
is_ephemeral: false | |
workspace_manager_aws_account_id: "987830934591" | |
workspace_manager_aws_iam_role: opg-lpa-ci | |
terraform_apply: false | |
terraform_directory: ./terraform/environment | |
terraform_variables: "-var container_version=${{ needs.workflow_variables.outputs.short_sha }}" | |
secrets: | |
GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
PAGERDUTY_TOKEN: ${{ secrets.PAGERDUTY_TOKEN }} | |
AWS_ACCESS_KEY_ID_ACTIONS: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} | |
AWS_SECRET_ACCESS_KEY_ACTIONS: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} | |
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} | |
run_dev_seed_db_task: | |
name: Run development DB seeding | |
uses: ./.github/workflows/workflow_start_task.yml | |
with: | |
account_id: "050256574573" | |
task_name: "seeding" | |
needs: | |
- terraform_environment_development | |
secrets: inherit | |
terraform_outputs: | |
name: Render terraform outputs | |
runs-on: ubuntu-latest | |
needs: | |
- run_dev_seed_db_task | |
- terraform_environment_development | |
outputs: | |
admin_fqdn: ${{ steps.admin_fqdn.outputs.value }} | |
front_fqdn: ${{ steps.front_fqdn.outputs.value }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
- name: Download Terraform Task definition | |
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # tag=v3.0.2 | |
with: | |
name: terraform-artifact | |
path: /tmp/ | |
- name: Set environment variable | |
id: set_var | |
run: | | |
content=$(cat /tmp/environment_pipeline_tasks_config.json) | |
content="${content//'%'/'%25'}" | |
content="${content//$'\n'/'%0A'}" | |
content="${content//$'\r'/'%0D'}" | |
echo "configJson=${content}" >> $GITHUB_OUTPUT | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@50ac8dd1e1b10d09dac7b8727528b91bed831ac0 # v3.0.2 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} | |
aws-region: eu-west-1 | |
role-to-assume: arn:aws:iam::050256574573:role/opg-lpa-ci | |
role-duration-seconds: 900 | |
role-session-name: OPGLPABuildPipeline | |
- name: Extract Admin FQDN from JSON | |
id: admin_fqdn | |
env: | |
configJson: ${{steps.set_var.outputs.configJson}} | |
run: | | |
echo "value=${{ fromJson(env.configJson).admin_fqdn }}" >> $GITHUB_OUTPUT | |
- name: Extract Front FQDN from JSON | |
id: front_fqdn | |
run: | | |
echo "value=${{ fromJson(steps.set_var.outputs.configJson).front_fqdn }}" >> $GITHUB_OUTPUT | |
post_deployment_slack_msg: | |
name: Post-Deployment Slack message | |
runs-on: ubuntu-latest | |
outputs: | |
ts: ${{ steps.slack.outputs.ts }} | |
needs: | |
- terraform_outputs | |
- workflow_variables | |
env: | |
FRONT_URL: ${{ needs.terraform_outputs.outputs.front_fqdn }} | |
ADMIN_URL: ${{ needs.terraform_outputs.outputs.admin_fqdn }} | |
steps: | |
- uses: slackapi/slack-github-action@fcfb566f8b0aab22203f066d80ca1d7e4b5d05b3 # v1.27.1 | |
id: slack | |
with: | |
channel-id: "CAMB46M6Y" | |
payload: | | |
{ | |
"icon_emoji": ":robot_face:", | |
"blocks": [ | |
{ | |
"type": "header", | |
"text": { | |
"type": "plain_text", | |
"text": "Development Environment Deployment", | |
"emoji": true | |
} | |
}, | |
{ | |
"type": "section", | |
"fields": [ | |
{ | |
"type": "mrkdwn", | |
"text": "*Status:*\nDeployed (Tests running)" | |
}, | |
{ | |
"type": "mrkdwn", | |
"text": "*Started by:*\n ${{ github.triggering_actor }}" | |
} | |
] | |
}, | |
{ | |
"type": "section", | |
"fields": [ | |
{ | |
"type": "mrkdwn", | |
"text": "*Commit:*\n <https://github.com/ministryofjustice/opg-lpa/commit/${{ github.sha }}|${{ needs.workflow_variables.outputs.short_sha }}>" | |
} | |
] | |
}, | |
{ | |
"type": "section", | |
"text": { | |
"type": "mrkdwn", | |
"text": "<https://github.com/ministryofjustice/opg-lpa/actions/runs/${{github.run_id}}|View workflow>" | |
} | |
}, | |
{ | |
"type": "section", | |
"text": { | |
"type": "mrkdwn", | |
"text": "*Front URL:* https://${{ env.FRONT_URL }}/home\n*Admin URL:* https://${{ env.ADMIN_URL }}" | |
} | |
} | |
] | |
} | |
env: | |
SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} | |
cypress_tests_Signup_StichedPF: | |
name: Run Cypress tests - @Signup,@StitchedPF | |
uses: ./.github/workflows/cypress_tests.yml | |
needs: | |
- terraform_outputs | |
with: | |
admin_url: https://${{ needs.terraform_outputs.outputs.admin_fqdn }} | |
front_url: https://${{ needs.terraform_outputs.outputs.front_fqdn }} | |
account_id: "050256574573" | |
cypress_tags: "@Signup,@StitchedPF" | |
secrets: inherit | |
cypress_tests_Signup_StichedHW: | |
name: Run Cypress tests - @Signup,@StitchedHW | |
uses: ./.github/workflows/cypress_tests.yml | |
needs: | |
- terraform_outputs | |
with: | |
admin_url: https://${{ needs.terraform_outputs.outputs.admin_fqdn }} | |
front_url: https://${{ needs.terraform_outputs.outputs.front_fqdn }} | |
account_id: "050256574573" | |
cypress_tags: "@Signup,@StitchedHW" | |
secrets: inherit | |
cypress_tests_Signup_StichedClone: | |
name: Run Cypress tests - @Signup,@StitchedClone | |
uses: ./.github/workflows/cypress_tests.yml | |
needs: | |
- terraform_outputs | |
with: | |
admin_url: https://${{ needs.terraform_outputs.outputs.admin_fqdn }} | |
front_url: https://${{ needs.terraform_outputs.outputs.front_fqdn }} | |
account_id: "050256574573" | |
cypress_tags: "@Signup,@StitchedClone" | |
secrets: inherit | |
cypress_tests_SignupIncluded: | |
name: Run Cypress tests - @SignupIncluded | |
uses: ./.github/workflows/cypress_tests.yml | |
needs: | |
- terraform_outputs | |
with: | |
admin_url: https://${{ needs.terraform_outputs.outputs.admin_fqdn }} | |
front_url: https://${{ needs.terraform_outputs.outputs.front_fqdn }} | |
account_id: "050256574573" | |
cypress_tags: "@SignupIncluded" | |
secrets: inherit | |
# Remaining tests should ultimately just exclude SignUp and anything already done as part of stitched run. | |
# TODO CorrespondentReuse needs refactoring so that it can be included as part of the stitchedClone run. | |
cypress_tests_Remaining: | |
name: Run Cypress tests - Remaining | |
uses: ./.github/workflows/cypress_tests.yml | |
needs: | |
- terraform_outputs | |
with: | |
admin_url: https://${{ needs.terraform_outputs.outputs.admin_fqdn }} | |
front_url: https://${{ needs.terraform_outputs.outputs.front_fqdn }} | |
account_id: "050256574573" | |
cypress_tags: "@Signup,not @Signup and not @PartOfStitchedRun and not @StitchedHW and not @StitchedPF and not @StitchedClone and not @CorrespondentReuse and not @SignupIncluded and not @AdminSystemMessage and not @CheckoutPaymentGateway" | |
secrets: inherit | |
post_tests_slack_msg: | |
name: Post-Tests Slack message | |
runs-on: ubuntu-latest | |
needs: | |
- terraform_outputs | |
- workflow_variables | |
- post_deployment_slack_msg | |
- cypress_tests_Remaining | |
- cypress_tests_SignupIncluded | |
- cypress_tests_Signup_StichedClone | |
- cypress_tests_Signup_StichedHW | |
- cypress_tests_Signup_StichedPF | |
env: | |
FRONT_URL: ${{ needs.terraform_outputs.outputs.front_fqdn }} | |
ADMIN_URL: ${{ needs.terraform_outputs.outputs.admin_fqdn }} | |
steps: | |
- uses: slackapi/slack-github-action@fcfb566f8b0aab22203f066d80ca1d7e4b5d05b3 # v1.27.1 | |
with: | |
channel-id: "CAMB46M6Y" | |
update-ts: ${{ needs.post_deployment_slack_msg.outputs.ts }} | |
payload: | | |
{ | |
"icon_emoji": ":robot_face:", | |
"blocks": [ | |
{ | |
"type": "header", | |
"text": { | |
"type": "plain_text", | |
"text": "Development Environment Deployment", | |
"emoji": true | |
} | |
}, | |
{ | |
"type": "section", | |
"fields": [ | |
{ | |
"type": "mrkdwn", | |
"text": "*Status:*\nDeployed (Tests have passed!)" | |
}, | |
{ | |
"type": "mrkdwn", | |
"text": "*Started by:*\n ${{ github.triggering_actor }}" | |
} | |
] | |
}, | |
{ | |
"type": "section", | |
"fields": [ | |
{ | |
"type": "mrkdwn", | |
"text": "*Commit:*\n <https://github.com/ministryofjustice/opg-lpa/commit/${{ github.sha }}|${{ needs.workflow_variables.outputs.short_sha }}>" | |
} | |
] | |
}, | |
{ | |
"type": "section", | |
"text": { | |
"type": "mrkdwn", | |
"text": "<https://github.com/ministryofjustice/opg-lpa/actions/runs/${{github.run_id}}|View workflow>" | |
} | |
}, | |
{ | |
"type": "section", | |
"text": { | |
"type": "mrkdwn", | |
"text": "*Front URL:* https://${{ env.FRONT_URL }}/home\n*Admin URL:* https://${{ env.ADMIN_URL }}" | |
} | |
} | |
] | |
} | |
env: | |
SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} | |
end_of_workflow: | |
name: End of Workflow | |
runs-on: ubuntu-latest | |
needs: | |
- terraform_outputs | |
- workflow_variables | |
- post_tests_slack_msg | |
environment: | |
name: "dev_${{ needs.workflow_variables.outputs.workspace_name }}" | |
url: "https://${{ env.FRONT_URL }}/home" | |
env: | |
FRONT_URL: ${{ needs.terraform_outputs.outputs.front_fqdn }} | |
steps: | |
- name: End of Workflow | |
run: | | |
if ${{ contains(needs.terraform_outputs.result, 'success') && contains(needs.post_tests_slack_msg.result, 'success') }}; then | |
echo "${{ needs.workflow_variables.outputs.workspace_name }} PR environment tested, built and deployed" | |
echo "Tag Deployed: ${{ needs.workflow_variables.outputs.short_sha }}" | |
echo "URL: https://${{ env.FRONT_URL }}/home" | |
exit 0 | |
else | |
echo "Previous jobs in pipeline failed." | |
exit 1 | |
fi | |
if: always() |