.github/workflows/copilot_deploy.yml

name: Deploy to AWS
run-name: ${{ github.event_name == 'workflow_dispatch' && format('Deploy to {0}', github.event.inputs.environment) || (github.ref == 'refs/heads/main' && 'Deploy to Test-UAT-Prod' || 'Build & Unit Test') }}

permissions:
  packages: write
  contents: write

on:
  push:
    paths-ignore:
      [
        "**/README.md",
        ".github/workflows/increment-version.yml",
        "version",
        "python/**",
      ]
  workflow_dispatch:
    inputs:
      environment:
        description: Deploy to which environnment
        type: choice
        required: true
        options:
          - dev
          - test
          - uat
          - prod
      run_performance_tests:
        required: false
        default: false
        type: boolean
        description: Run performance tests
      run_e2e_tests_assessment:
        required: false
        default: false
        type: boolean
        description: Run e2e tests (assessment)
      run_e2e_tests_application:
        required: false
        default: true
        type: boolean
        description: Run e2e tests (application)

env:
  DOCKER_REGISTRY: ghcr.io
  IMAGE_NAME: "funding-service-design-form-runner"
  IMAGE_REPO_PATH: "ghcr.io/${{github.repository_owner}}"

jobs:
  setup:
    uses: communitiesuk/funding-service-design-workflows/.github/workflows/determine-jobs.yml@main
    with:
      environment: ${{ inputs.environment }}

  docker-build:
    runs-on: ubuntu-latest
    needs: [setup]
    steps:
      - name: Checkout repo
        uses: actions/checkout@v4

      - name: "Set version in env"
        id: set-version
        run: |
          source version
          echo "VERSION=$VERSION" >> $GITHUB_ENV

      - name: Docker metadata
        id: metadata
        uses: docker/metadata-action@v4
        with:
          images: ${{env.IMAGE_REPO_PATH}}/${{env.IMAGE_NAME}}
          tags: |
            type=sha,format=long
            type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }}
            type=raw,value=${{env.VERSION}},enable=${{ github.ref == format('refs/heads/{0}', 'main') }}
            type=ref,event=branch

      - name: Log in to the Container registry
        uses: docker/login-action@v1
        with:
          registry: ${{ env.DOCKER_REGISTRY }}
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Create .env for runner workspace
        run: |
          touch ./runner/.env
          echo LAST_TAG_GH=runner >> ./runner/.env
          echo LAST_COMMIT_GH=runner >> ./runner/.env
          cat ./runner/.env

      - name: Build and push docker image
        uses: docker/build-push-action@v4
        with:
          context: .
          tags: ${{ steps.metadata.outputs.tags}}
          labels: ${{ steps.metadata.outputs.labels }}
          push: true
          file: ./fsd_config/Dockerfile
          build-args: |
            LAST_TAG='${{env.VERSION}}'
            LAST_COMMIT='${{ github.sha }}'

  dev_deploy:
    permissions:
      id-token: write # This is required for requesting the JWT
      contents: read # This is required for actions/checkout
    needs: [docker-build, setup]
    if: ${{ always() && contains(fromJSON(needs.setup.outputs.jobs_to_run), 'dev') && (! contains(needs.*.result, 'failure') ) && (! contains(needs.*.result, 'cancelled') ) }}

    uses: communitiesuk/funding-service-design-workflows/.github/workflows/standard-deploy.yml@main
    secrets:
      AWS_ACCOUNT: ${{ secrets.AWS_ACCOUNT }}
    with:
      environment: dev
      app_name: "form-runner"
      version: sha-${{ github.sha }}

  post_dev_deploy_tests:
    needs: [dev_deploy]

    secrets:
      FSD_GH_APP_ID: ${{ secrets.FSD_GH_APP_ID }}
      FSD_GH_APP_KEY: ${{ secrets.FSD_GH_APP_KEY }}
    uses: communitiesuk/funding-service-design-workflows/.github/workflows/post-deploy.yml@main
    with:
      run_performance_tests: ${{ inputs.run_performance_tests || true }}
      run_e2e_tests_assessment: ${{ inputs.run_e2e_tests_assessment || false }}
      run_e2e_tests_application: ${{ inputs.run_e2e_tests_application || false }}
      run_static_security_python: false
      run_zap_scan: true
      app_name: forms
      environment: dev

  test_deploy:
    permissions:
      id-token: write # This is required for requesting the JWT
      contents: read # This is required for actions/checkout
    needs: [setup, docker-build, dev_deploy, post_dev_deploy_tests]
    if: ${{ always() && contains(fromJSON(needs.setup.outputs.jobs_to_run), 'test') && (! contains(needs.*.result, 'failure') ) && (! contains(needs.*.result, 'cancelled') ) }}

    uses: communitiesuk/funding-service-design-workflows/.github/workflows/standard-deploy.yml@main
    secrets:
      AWS_ACCOUNT: ${{ secrets.AWS_ACCOUNT }}
    with:
      environment: "test"
      app_name: "form-runner"
      version: sha-${{ github.sha }}

  post_test_deploy_tests:
    needs: [setup, docker-build, dev_deploy, post_dev_deploy_tests, test_deploy]
    if: ${{ always() && contains(fromJSON(needs.setup.outputs.jobs_to_run), 'test') && (! contains(needs.*.result, 'failure') ) && (! contains(needs.*.result, 'cancelled') )  }}

    secrets:
      FSD_GH_APP_ID: ${{ secrets.FSD_GH_APP_ID }}
      FSD_GH_APP_KEY: ${{ secrets.FSD_GH_APP_KEY }}
    uses: communitiesuk/funding-service-design-workflows/.github/workflows/post-deploy.yml@main
    with:
      run_performance_tests: ${{ inputs.run_performance_tests || true }}
      run_e2e_tests_assessment: ${{ inputs.run_e2e_tests_assessment || false }}
      run_e2e_tests_application: ${{ inputs.run_e2e_tests_application || true }}
      run_static_security_python: false
      run_zap_scan: true
      app_name: forms
      environment: test

  uat_deploy:
    permissions:
      id-token: write # This is required for requesting the JWT
      contents: read # This is required for actions/checkout
    needs:
      [
        setup,
        docker-build,
        dev_deploy,
        post_dev_deploy_tests,
        test_deploy,
        post_test_deploy_tests,
      ]
    if: ${{ always() && contains(fromJSON(needs.setup.outputs.jobs_to_run), 'uat') && (! contains(needs.*.result, 'failure') ) && (! contains(needs.*.result, 'cancelled') ) }}

    uses: communitiesuk/funding-service-design-workflows/.github/workflows/standard-deploy.yml@main
    secrets:
      AWS_ACCOUNT: ${{ secrets.AWS_ACCOUNT }}
    with:
      environment: "uat"
      app_name: "form-runner"
      version: sha-${{ github.sha }}

  post_uat_deploy_tests:
    needs:
      [
        setup,
        docker-build,
        dev_deploy,
        post_dev_deploy_tests,
        test_deploy,
        post_test_deploy_tests,
        uat_deploy,
      ]
    if: ${{ always()  && contains(fromJSON(needs.setup.outputs.jobs_to_run), 'uat') && (! contains(needs.*.result, 'failure') ) && (! contains(needs.*.result, 'cancelled') )  }}
    secrets:
      FSD_GH_APP_ID: ${{ secrets.FSD_GH_APP_ID }}
      FSD_GH_APP_KEY: ${{ secrets.FSD_GH_APP_KEY }}
    uses: communitiesuk/funding-service-design-workflows/.github/workflows/post-deploy.yml@main
    with:
      run_performance_tests: ${{ inputs.run_performance_tests || true }}
      run_e2e_tests_assessment: ${{ inputs.run_e2e_tests_assessment || false }}
      run_e2e_tests_application: ${{ inputs.run_e2e_tests_application || true }}
      run_static_security_python: false
      run_zap_scan: true
      app_name: forms
      environment: uat

  prod_deploy:
    permissions:
      id-token: write # This is required for requesting the JWT
      contents: read # This is required for actions/checkout
    needs:
      [
        setup,
        docker-build,
        dev_deploy,
        post_dev_deploy_tests,
        test_deploy,
        post_test_deploy_tests,
        uat_deploy,
        post_uat_deploy_tests,
      ]
    if: ${{ always() && contains(fromJSON(needs.setup.outputs.jobs_to_run), 'prod') && (! contains(needs.*.result, 'failure') ) && (! contains(needs.*.result, 'cancelled') ) }}
    uses: communitiesuk/funding-service-design-workflows/.github/workflows/standard-deploy.yml@main
    secrets:
      AWS_ACCOUNT: ${{ secrets.AWS_ACCOUNT }}
    with:
      environment: "prod"
      app_name: "form-runner"
      version: sha-${{ github.sha }}