communitiesuk · robk-dluhc · Nov 30, 2023 · Nov 29, 2023 · Nov 29, 2023 · Nov 30, 2023
diff --git a/.github/workflows/copilot_deploy.yml b/.github/workflows/copilot_deploy.yml
@@ -141,23 +141,18 @@ jobs:
       run: |
         copilot svc deploy --env ${{ matrix.value }} --app pre-award
 
-  sandbox_deploy:
+  dev_deploy:
     if: ${{ needs.copilot_environments_workflow_setup.outputs.pre_matrix != '' && toJson(fromJson(needs.copilot_environments_workflow_setup.outputs.pre_matrix)) != '[]' }}
     concurrency:
-      group: 'fsd-preaward-copilot-sandbox-${{ matrix.value }}'
+      group: 'fsd-preaward-copilot-sandbox-dev'
       cancel-in-progress: false
     permissions:
       id-token: write # This is required for requesting the JWT
       contents: read  # This is required for actions/checkout
     needs: [ tag_version, pre_deploy_tests, paketo_build, copilot_environments_workflow_setup ]
     runs-on: ubuntu-latest
     continue-on-error: true
-    strategy:
-      max-parallel: 1
-      matrix:
-        value: ${{ fromJSON(needs.copilot_environments_workflow_setup.outputs.pre_matrix) }}
-      fail-fast: false
-    environment: ${{ matrix.value }}
+    environment: dev
     steps:
     - name: Git clone the repository
       uses: actions/checkout@v4
@@ -171,7 +166,7 @@ jobs:
       uses: aws-actions/configure-aws-credentials@v4
       with:
         role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT }}:role/GithubCopilotDeploy
-        role-session-name: ACCOUNT_STORE_${{ matrix.value }}_COPILOT_${{ steps.currentdatetime.outputs.datetime }}
+        role-session-name: ACCOUNT_STORE_DEV_COPILOT_${{ steps.currentdatetime.outputs.datetime }}
         aws-region: eu-west-2
 
     - name: Install AWS Copilot CLI
@@ -182,7 +177,7 @@ jobs:
     - name: confirm copilot env
       shell: bash
       run: |
-        if [ $(copilot env ls) != "${{ matrix.value }}" ]; then
+        if [ $(copilot env ls) != "dev" ]; then
           echo $(copilot env ls)
           exit 1
         fi
@@ -196,44 +191,109 @@ jobs:
         yq -i '.image.location = "ghcr.io/communitiesuk/funding-service-design-account-store:${{ github.ref_name == 'main' && 'latest' || needs.tag_version.outputs.version_to_tag }}"'  copilot/fsd-account-store/manifest.yml
 
     - name: Run database migrations
-      run: scripts/migration-task-script.py ${{ matrix.value }} fsd-account-store
+      run: scripts/migration-task-script.py dev fsd-account-store
 
-    - name: Copilot ${{ matrix.value }} deploy
+    - name: Copilot dev deploy
       id: deploy_build
       run: |
-        copilot svc deploy --env ${{ matrix.value }} --app pre-award
+        copilot svc deploy --env dev --app pre-award
+
+  post_dev_deploy_tests:
+    needs: dev_deploy
+    concurrency:
+      group: 'fsd-preaward-test-dev'
+      cancel-in-progress: false
+    secrets:
+      FSD_GH_APP_ID: ${{ secrets.FSD_GH_APP_ID }}
+      FSD_GH_APP_KEY: ${{ secrets.FSD_GH_APP_KEY }}
+    uses: communitiesuk/funding-service-design-workflows/.github/workflows/post-deploy.yml@main
+    with:
+      run_performance_tests: ${{ inputs.run_performance_tests || true }}
+      run_e2e_tests: ${{ inputs.run_e2e_tests || false }}
+      environment: dev
+
+  test_deploy:
+    if: ${{ needs.copilot_environments_workflow_setup.outputs.pre_matrix != '' && toJson(fromJson(needs.copilot_environments_workflow_setup.outputs.pre_matrix)) != '[]' }}
+    concurrency:
+      group: 'fsd-preaward-copilot-test'
+      cancel-in-progress: false
+    permissions:
+      id-token: write # This is required for requesting the JWT
+      contents: read  # This is required for actions/checkout
+    needs: [ tag_version, post_dev_deploy_tests, paketo_build, copilot_environments_workflow_setup ]
+    runs-on: ubuntu-latest
+    environment: test
+    steps:
+    - name: Git clone the repository
+      uses: actions/checkout@v4
+
+    - name: Get current date
+      shell: bash
+      id: currentdatetime
+      run: echo "datetime=$(date +'%Y%m%d%H%M%S')" >> $GITHUB_OUTPUT
 
-  # Can we realistically run E2E at this stage, or just plump for application on the grounds it checks account-store is operational?
-  post_deploy_tests:
-      needs: sandbox_deploy
-      if: inputs.environment == 'test' || inputs.environment == 'dev' || inputs.environment == ''
-      secrets:
-        FSD_GH_APP_ID: ${{ secrets.FSD_GH_APP_ID }}
-        FSD_GH_APP_KEY: ${{ secrets.FSD_GH_APP_KEY }}
-      uses: communitiesuk/funding-service-design-workflows/.github/workflows/post-deploy.yml@main
+    - name: configure aws credentials
+      uses: aws-actions/configure-aws-credentials@v4
       with:
-        run_performance_tests: ${{ inputs.run_performance_tests || false }}
-        run_e2e_tests: ${{ inputs.run_e2e_tests || true }}
-        app_name: application
-        environment: ${{ inputs.environment == '' && 'test' || inputs.environment }}
+        role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT }}:role/GithubCopilotDeploy
+        role-session-name: ACCOUNT_STORE_TEST_COPILOT_${{ steps.currentdatetime.outputs.datetime }}
+        aws-region: eu-west-2
+
+    - name: Install AWS Copilot CLI
+      shell: bash
+      run: |
+        curl -Lo aws-copilot https://github.com/aws/copilot-cli/releases/latest/download/copilot-linux && chmod +x aws-copilot && sudo mv aws-copilot /usr/local/bin/copilot
+
+    - name: confirm copilot env
+      shell: bash
+      run: |
+        if [ $(copilot env ls) != "test" ]; then
+          echo $(copilot env ls)
+          exit 1
+        fi
+
+    - name: Inject Git SHA into manifest
+      run: |
+        yq -i '.variables.GITHUB_SHA = "${{ github.sha }}"'  copilot/fsd-account-store/manifest.yml
+
+    - name: Inject replacement image into manifest
+      run: |
+        yq -i '.image.location = "ghcr.io/communitiesuk/funding-service-design-account-store:${{ github.ref_name == 'main' && 'latest' || needs.tag_version.outputs.version_to_tag }}"'  copilot/fsd-account-store/manifest.yml
+
+    - name: Run database migrations
+      run: scripts/migration-task-script.py test fsd-account-store
+
+    - name: Copilot test deploy
+      id: deploy_build
+      run: |
+        copilot svc deploy --env test --app pre-award
+
+  post_test_deploy_tests:
+    needs: test_deploy
+    concurrency:
+      group: 'fsd-preaward-test-test'
+      cancel-in-progress: false
+    secrets:
+      FSD_GH_APP_ID: ${{ secrets.FSD_GH_APP_ID }}
+      FSD_GH_APP_KEY: ${{ secrets.FSD_GH_APP_KEY }}
+    uses: communitiesuk/funding-service-design-workflows/.github/workflows/post-deploy.yml@main
+    with:
+      run_performance_tests: ${{ inputs.run_performance_tests || false }}
+      run_e2e_tests: ${{ inputs.run_e2e_tests || true }}
+      environment: test
 
-  release_deploy:
+  uat_deploy:
     if: ${{ needs.copilot_environments_workflow_setup.outputs.post_matrix != '' && toJson(fromJson(needs.copilot_environments_workflow_setup.outputs.post_matrix)) != '[]' }}
     concurrency:
-      group: 'fsd-preaward-copilot-release-${{ matrix.value }}'
+      group: 'fsd-preaward-copilot-uat'
       cancel-in-progress: false
     permissions:
       id-token: write # This is required for requesting the JWT
       contents: read  # This is required for actions/checkout
-    needs: [ tag_version, post_deploy_tests, paketo_build, copilot_environments_workflow_setup ]
+    needs: [ tag_version, post_test_deploy_tests, paketo_build, copilot_environments_workflow_setup ]
     runs-on: ubuntu-latest
     continue-on-error: true
-    strategy:
-      max-parallel: 1
-      matrix:
-        value: ${{ fromJSON(needs.copilot_environments_workflow_setup.outputs.post_matrix) }}
-      fail-fast: false
-    environment: ${{ matrix.value }}
+    environment: uat
     steps:
     - name: Git clone the repository
       uses: actions/checkout@v4
@@ -247,7 +307,7 @@ jobs:
       uses: aws-actions/configure-aws-credentials@v4
       with:
         role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT }}:role/GithubCopilotDeploy
-        role-session-name: ACCOUNT_STORE_${{ matrix.value }}_COPILOT_${{ steps.currentdatetime.outputs.datetime }}
+        role-session-name: ACCOUNT_STORE_UAT_COPILOT_${{ steps.currentdatetime.outputs.datetime }}
         aws-region: eu-west-2
 
     - name: Install AWS Copilot CLI
@@ -258,7 +318,7 @@ jobs:
     - name: confirm copilot env
       shell: bash
       run: |
-        if [ $(copilot env ls) != "${{ matrix.value }}" ]; then
+        if [ $(copilot env ls) != "uat" ]; then
           echo $(copilot env ls)
           exit 1
         fi
@@ -272,9 +332,80 @@ jobs:
         yq -i '.image.location = "ghcr.io/communitiesuk/funding-service-design-account-store:${{ github.ref_name == 'main' && 'latest' || needs.tag_version.outputs.version_to_tag }}"'  copilot/fsd-account-store/manifest.yml
 
     - name: Run database migrations
-      run: scripts/migration-task-script.py ${{ matrix.value }} fsd-account-store
+      run: scripts/migration-task-script.py uat fsd-account-store
 
-    - name: Copilot ${{ matrix.value }} deploy
+    - name: Copilot uat deploy
       id: deploy_build
       run: |
-        copilot svc deploy --env ${{ matrix.value }} --app pre-award
+        copilot svc deploy --env uat --app pre-award
+
+  post_uat_deploy_tests:
+    needs: uat_deploy
+    concurrency:
+      group: 'fsd-preaward-test-uat'
+      cancel-in-progress: false
+    secrets:
+      FSD_GH_APP_ID: ${{ secrets.FSD_GH_APP_ID }}
+      FSD_GH_APP_KEY: ${{ secrets.FSD_GH_APP_KEY }}
+    uses: communitiesuk/funding-service-design-workflows/.github/workflows/post-deploy.yml@main
+    with:
+      run_performance_tests: ${{ inputs.run_performance_tests || false }}
+      run_e2e_tests: ${{ inputs.run_e2e_tests || true }}
+      environment: uat
+
+  production_deploy:
+    if: ${{ needs.copilot_environments_workflow_setup.outputs.post_matrix != '' && toJson(fromJson(needs.copilot_environments_workflow_setup.outputs.post_matrix)) != '[]' }}
+    concurrency:
+      group: 'fsd-preaward-copilot-production'
+      cancel-in-progress: false
+    permissions:
+      id-token: write # This is required for requesting the JWT
+      contents: read  # This is required for actions/checkout
+    needs: [ tag_version, post_uat_deploy_tests, paketo_build, copilot_environments_workflow_setup ]
+    runs-on: ubuntu-latest
+    continue-on-error: true
+    environment: production
+    steps:
+    - name: Git clone the repository
+      uses: actions/checkout@v4
+
+    - name: Get current date
+      shell: bash
+      id: currentdatetime
+      run: echo "datetime=$(date +'%Y%m%d%H%M%S')" >> $GITHUB_OUTPUT
+
+    - name: configure aws credentials
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT }}:role/GithubCopilotDeploy
+        role-session-name: ACCOUNT_STORE_PRODUCTION_COPILOT_${{ steps.currentdatetime.outputs.datetime }}
+        aws-region: eu-west-2
+
+    - name: Install AWS Copilot CLI
+      shell: bash
+      run: |
+        curl -Lo aws-copilot https://github.com/aws/copilot-cli/releases/latest/download/copilot-linux && chmod +x aws-copilot && sudo mv aws-copilot /usr/local/bin/copilot
+
+    - name: confirm copilot env
+      shell: bash
+      run: |
+        if [ $(copilot env ls) != "production" ]; then
+          echo $(copilot env ls)
+          exit 1
+        fi
+
+    - name: Inject Git SHA into manifest
+      run: |
+        yq -i '.variables.GITHUB_SHA = "${{ github.sha }}"'  copilot/fsd-account-store/manifest.yml
+
+    - name: Inject replacement image into manifest
+      run: |
+        yq -i '.image.location = "ghcr.io/communitiesuk/funding-service-design-account-store:${{ github.ref_name == 'main' && 'latest' || needs.tag_version.outputs.version_to_tag }}"'  copilot/fsd-account-store/manifest.yml
+
+    - name: Run database migrations
+      run: scripts/migration-task-script.py production fsd-account-store
+
+    - name: Copilot production deploy
+      id: deploy_build
+      run: |
+        copilot svc deploy --env production --app pre-award