🚀 Deploy Backend - dvsa/des-workflow-actions GitHub Wiki
Description
This reusable workflow automates the deployment process for a DES backend service into the development environment. It includes steps for auditing dependencies, building, testing, packaging, and deploying Lambda functions, as well as sending notifications to a Microsoft Teams channel.
Workflow Triggers
On Workflow Call
This workflow is called from the DES backend service repositories when a change is pushed into the develop branch. It can also be manually run from the desired repository. It will also be used when creating a release tag from a backend service repository if no artefacts exists for the commit associated with the tagged release version.
Environment Variables
| Name | Description |
|---|---|
| DES_ACCESS_TOKEN | The access token required to access the DVSA private packages |
| AWS_ACCOUNT_ID | AWS Account ID for the MGMT account |
| AWS_NONPROD_ACCOUNT_ID | AWS Account ID for the NONPROD account |
| DVSA_AWS_REGION | The AWS region for deployment (defined as org secret) |
| NVMRC | The version of NodeJS outlined in .nvmrc |
| SERVICE_NAME | The microservice name outlined in package.json |
| ARTEFACT_S3 | The S3 artefact bucket in the MGMT AWS account |
| VERSION | The artefacts / component manifest version |
| GIT_REV | The artefacts / component manifest short commit |
| SONAR_TOKEN | SonarQube token used for authentication |
| SONAR_HOST_URL | The URL for the SonarQube server |
| MSTEAMS_WEBHOOK | Webhook URL for the Microsoft Teams channel |
Inputs
| Name | Description | Options |
|---|---|---|
| audit | Whether an audit should be run to detect vulnerabilities in packages | true | false |
| audit-level | Minimum level at which the audit check should fail if detected | high |
| component | The associated Terraform component for the service | api / |
| branch | The branch of the service to build the artefacts from | develop | release-* |
Artefacts
- The packaged lambda code, reports, and coverage is uploaded to the GutHub Action Summary
- The lambda code is uploaded to S3
- The generated version of the manifest for the service is uploaded to S3
- The test reports are also upload to S3
Notes
- The workflow assumes the presence of a
serverless.ymlfile. - Lambda functions are deployed to AWS Lambda using the AWS CLI.
- The generated manifest will be downloaded when running a Terraform Plan for a UAT deployment. It will combine the manifest with other manifests from the same Terraform component to generate the release tfvars for a specific release.
- Notifications are sent to Microsoft Teams upon completion of the workflow. The workflow uses a custom action designed to combine multiple steps from multiple jobs. Currently the official action only supports the current job context, so the custom action combines each job context and generates a json file to be passed into the official action. This gives us a better view of the entire workflow execution results.