Merge branch 'main' into VOL-5817

dvsa · Jan 28, 2025 · 8b9c76b · 8b9c76b
2 parents cb0fa15 + 4f32ef7
commit 8b9c76b
Show file tree

Hide file tree

Showing 6 changed files with 157 additions and 151 deletions.
diff --git a/.github/workflows/cd.yaml b/.github/workflows/cd.yaml
@@ -286,34 +286,13 @@ jobs:
       pull-requests: write
     secrets: inherit
 
-  liquibase-dev:
-    name: Liquibase Migrations (dev)
-    needs:
-      - release-please
-      - get-version
-      - docker
-    uses: ./.github/workflows/run-liquibase.yaml
-    with:
-      version: ${{ needs.get-version.outputs.api }}
-      push: true
-      account: nonprod
-      environment: dev
-      dry_run: false
-      etl_ref: ${{ needs.release-please.outputs.release_created && needs.release-please.outputs.tag_name || 'main' }}
-    permissions:
-      contents: read
-      id-token: write
-    secrets:
-      VOL_GITHUB_APP_PRIVATE_KEY: ${{ secrets.VOL_GITHUB_APP_PRIVATE_KEY }}
-
   terraform_env_dev:
     name: Environment (dev)
     if: |
       always() &&
       !cancelled() &&
       !failure() &&
-      (needs.orchestrator.outputs.should-apply-environment-terraform || needs.docker.result == 'success' || needs.cdn.result == 'success') &&
-      (needs.liquibase-dev.result == 'success' && needs.liquibase-dev.outputs.job_status == 'SUCCEEDED')
+      (needs.orchestrator.outputs.should-apply-environment-terraform || needs.docker.result == 'success' || needs.cdn.result == 'success')
     concurrency:
       group: terraform-environment-dev
     needs:
@@ -322,7 +301,6 @@ jobs:
       - docker
       - cdn-nonprod
       - terraform-account-nonprod
-      - liquibase-dev
     uses: ./.github/workflows/deploy-environment.yaml
     with:
       environment: dev
@@ -339,11 +317,34 @@ jobs:
       pull-requests: write
     secrets: inherit
 
+  liquibase-dev:
+    name: Liquibase Migrations (dev)
+    needs:
+      - release-please
+      - get-version
+      - docker
+      - terraform_env_dev
+    uses: ./.github/workflows/run-liquibase.yaml
+    with:
+      version: ${{ needs.get-version.outputs.api }}
+      push: true
+      submit_job: true
+      account: nonprod
+      environment: dev
+      dry_run: false
+      etl_ref: ${{ needs.release-please.outputs.release_created && needs.release-please.outputs.tag_name || 'main' }}
+    permissions:
+      contents: read
+      id-token: write
+    secrets:
+      VOL_GITHUB_APP_PRIVATE_KEY: ${{ secrets.VOL_GITHUB_APP_PRIVATE_KEY }}
+
   test_dev:
     name: Run Tests on DEV
     if: ${{ always() && !cancelled() && !failure() && needs.terraform_env_dev.result == 'success' }}
     needs:
       - terraform_env_dev
+      - liquibase-dev
     uses: dvsa/vol-functional-tests/.github/workflows/e2eSmoke.yaml@main
     with:
       platform_env: dev
@@ -357,44 +358,20 @@ jobs:
       id-token: write
       checks: write
 
-  liquibase-int:
-    name: Database Migrations (int)
-    needs:
-      - release-please
-      - get-version
-      - terraform_env_dev
-      - test_dev
-    uses: ./.github/workflows/run-liquibase.yaml
-    with:
-      version: ${{ needs.get-version.outputs.api }}
-      push: true
-      account: nonprod
-      environment: int
-      dry_run: false
-      etl_ref: ${{ needs.release-please.outputs.release_created && needs.release-please.outputs.tag_name || 'main' }}
-    permissions:
-      contents: read
-      id-token: write
-    secrets:
-      VOL_GITHUB_APP_PRIVATE_KEY: ${{ secrets.VOL_GITHUB_APP_PRIVATE_KEY }}
-
   terraform_env_int:
     name: Environment (int)
     if: |
       always() &&
       !cancelled() &&
       !failure() &&
-      needs.terraform_env_dev.result == 'success' &&
-      needs.liquibase-int.result == 'success' &&
-      needs.liquibase-int.outputs.job_status == 'SUCCEEDED'
+      needs.terraform_env_dev.result == 'success'
     concurrency:
       group: terraform-environment-int
     needs:
       - get-version
       - orchestrator
       - terraform_env_dev
       - test_dev
-      - liquibase-int
     uses: ./.github/workflows/deploy-environment.yaml
     with:
       environment: int
@@ -411,11 +388,34 @@ jobs:
       pull-requests: write
     secrets: inherit
 
+  liquibase-int:
+    name: Database Migrations (int)
+    needs:
+      - release-please
+      - get-version
+      - test_dev
+      - terraform_env_int
+    uses: ./.github/workflows/run-liquibase.yaml
+    with:
+      version: ${{ needs.get-version.outputs.api }}
+      push: false
+      submit_job: true
+      account: nonprod
+      environment: int
+      dry_run: false
+      etl_ref: ${{ needs.release-please.outputs.release_created && needs.release-please.outputs.tag_name || 'main' }}
+    permissions:
+      contents: read
+      id-token: write
+    secrets:
+      VOL_GITHUB_APP_PRIVATE_KEY: ${{ secrets.VOL_GITHUB_APP_PRIVATE_KEY }}
+
   test_int_smoke:
     name: Run Smoke Tests on INT
     if: ${{ always() && !cancelled() && !failure() && needs.terraform_env_int.result == 'success' }}
     needs:
       - terraform_env_int
+      - liquibase-int
     uses: dvsa/vol-functional-tests/.github/workflows/e2eSmoke.yaml@main
     with:
       platform_env: int
@@ -534,47 +534,20 @@ jobs:
       pull-requests: write
     secrets: inherit
 
-  liquibase-prep:
-    name: Database Migrations (prep)
-    if: ${{ needs.release-please.outputs.release_created }}
-    needs:
-      - release-please
-      - get-version
-      - terraform_env_int
-      - test_int_smoke
-      - test_int_internal
-      - test_int_selfserve
-    uses: ./.github/workflows/run-liquibase.yaml
-    with:
-      version: ${{ needs.get-version.outputs.api }}
-      push: true
-      account: prod
-      environment: prep
-      dry_run: false
-      etl_ref: ${{ needs.release-please.outputs.tag_name }}
-    permissions:
-      contents: read
-      id-token: write
-    secrets:
-      VOL_GITHUB_APP_PRIVATE_KEY: ${{ secrets.VOL_GITHUB_APP_PRIVATE_KEY }}
-
   terraform_env_prep:
     name: Environment (prep)
     if: |
       always() &&
       !cancelled() &&
       !failure() &&
-      needs.release-please.outputs.release_created &&
-      needs.liquibase-prep.result == 'success' &&
-      needs.liquibase-prep.outputs.job_status == 'SUCCEEDED'
+      needs.release-please.outputs.release_created
     concurrency:
       group: terraform-environment-prep
     needs:
       - release-please
       - get-version
       - orchestrator
       - terraform-account-prod
-      - liquibase-prep
     uses: ./.github/workflows/deploy-environment.yaml
     with:
       environment: prep
@@ -591,11 +564,38 @@ jobs:
       pull-requests: write
     secrets: inherit
 
+  liquibase-prep:
+    name: Database Migrations (prep)
+    if: ${{ needs.release-please.outputs.release_created }}
+    needs:
+      - release-please
+      - get-version
+      - terraform_env_int
+      - test_int_smoke
+      - test_int_internal
+      - test_int_selfserve
+      - terraform_env_prep
+    uses: ./.github/workflows/run-liquibase.yaml
+    with:
+      version: ${{ needs.get-version.outputs.api }}
+      push: false
+      submit_job: true
+      account: prod
+      environment: prep
+      dry_run: false
+      etl_ref: ${{ needs.release-please.outputs.tag_name }}
+    permissions:
+      contents: read
+      id-token: write
+    secrets:
+      VOL_GITHUB_APP_PRIVATE_KEY: ${{ secrets.VOL_GITHUB_APP_PRIVATE_KEY }}
+
   test_prep_smoke:
     name: Run Smoke Tests on PREP
     if: ${{ always() && !cancelled() && !failure() && needs.terraform_env_prep.result == 'success' }}
     needs:
       - terraform_env_prep
+      - liquibase-dev
     uses: dvsa/vol-functional-tests/.github/workflows/e2ePrepSmoke.yaml@main
     with:
       platform_env: prep
@@ -635,33 +635,6 @@ jobs:
       pull-requests: write
     secrets: inherit
 
-  liquibase-prod:
-    name: Database Migrations (prod)
-    if: |
-      always() &&
-      !cancelled() &&
-      !failure() &&
-      needs.release-please.outputs.release_created &&
-      !contains(needs.get-version.outputs.api, '-')
-    needs:
-      - release-please
-      - get-version
-      - terraform_env_prep
-      - test_prep_smoke
-    uses: ./.github/workflows/run-liquibase.yaml
-    with:
-      version: ${{ needs.get-version.outputs.api }}
-      push: true
-      account: prod
-      environment: prod
-      dry_run: false
-      etl_ref: ${{ needs.release-please.outputs.tag_name }}
-    permissions:
-      contents: read
-      id-token: write
-    secrets:
-      VOL_GITHUB_APP_PRIVATE_KEY: ${{ secrets.VOL_GITHUB_APP_PRIVATE_KEY }}
-
   terraform_env_prod:
     name: Environment (prod)
     if: |
@@ -673,9 +646,7 @@ jobs:
       !contains(needs.get-version.outputs.cli, '-') &&
       !contains(needs.get-version.outputs.selfserve, '-') &&
       !contains(needs.get-version.outputs.internal, '-') &&
-      !contains(needs.get-version.outputs.assets, '-') &&
-      needs.liquibase-prod.result == 'success' &&
-      needs.liquibase-prod.outputs.job_status == 'SUCCEEDED'
+      !contains(needs.get-version.outputs.assets, '-')
     concurrency:
       group: terraform-environment-prod
     needs:
@@ -684,7 +655,6 @@ jobs:
       - orchestrator
       - terraform_env_prep
       - test_prep_smoke
-      - liquibase-prod
     uses: ./.github/workflows/deploy-environment.yaml
     with:
       environment: prod
@@ -700,3 +670,31 @@ jobs:
       id-token: write
       pull-requests: write
     secrets: inherit
+
+  liquibase-prod:
+    name: Database Migrations (prod)
+    if: |
+      always() &&
+      !cancelled() &&
+      !failure() &&
+      needs.release-please.outputs.release_created &&
+      !contains(needs.get-version.outputs.api, '-')
+    needs:
+      - release-please
+      - get-version
+      - terraform_env_prod
+      - terraform_env_prod
+    uses: ./.github/workflows/run-liquibase.yaml
+    with:
+      version: ${{ needs.get-version.outputs.api }}
+      push: false
+      submit_job: true
+      account: prod
+      environment: prod
+      dry_run: false
+      etl_ref: ${{ needs.release-please.outputs.tag_name }}
+    permissions:
+      contents: read
+      id-token: write
+    secrets:
+      VOL_GITHUB_APP_PRIVATE_KEY: ${{ secrets.VOL_GITHUB_APP_PRIVATE_KEY }}
diff --git a/.github/workflows/run-liquibase.yaml b/.github/workflows/run-liquibase.yaml
@@ -73,6 +73,10 @@ on:
         type: boolean
         required: false
         default: false
+      submit_job:
+        type: boolean
+        required: false
+        default: false
     secrets:
       VOL_GITHUB_APP_PRIVATE_KEY:
         required: true
@@ -154,7 +158,7 @@ jobs:
       job_status: ${{ steps.check-status.outputs.status }}
     needs: build
     if: |
-      (inputs.push || (github.event_name == 'workflow_dispatch' && inputs.submit_job == 'true'))
+      (inputs.push || inputs.submit_job || (github.event_name == 'workflow_dispatch' && inputs.submit_job == 'true'))
     runs-on: ubuntu-latest
     steps:
       - name: Configure AWS credentials

diff --git a/app/api/.gitignore b/app/api/.gitignore
@@ -26,4 +26,4 @@ phpcs.xml
 phpstan.neon
 phpunit.xml
 psalm.xml
-# Trigger CD - 2025-01-23-1536
+# Trigger CD - 2025-01-28-09:46
diff --git a/infra/terraform/modules/service/README.md b/infra/terraform/modules/service/README.md
@@ -49,7 +49,7 @@
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_assets_version"></a> [assets\_version](#input\_assets\_version) | The version of the assets | `string` | n/a | yes |
-| <a name="input_batch"></a> [batch](#input\_batch) | Configuration for the batch process | <pre>object({<br/>    cli_version          = string<br/>    cli_repository       = string<br/>    search_repository    = string<br/>    liquibase_repository = string<br/>    api_secret_file      = string<br/>    subnet_ids           = list(string)<br/>    task_iam_role_statements = list(object({<br/>      effect    = string<br/>      actions   = list(string)<br/>      resources = list(string)<br/>    }))<br/>    jobs = list(object({<br/>      name     = string<br/>      type     = optional(string)<br/>      queue    = optional(string)<br/>      commands = optional(list(string))<br/>      cpu      = optional(number, 1)<br/>      memory   = optional(number, 2048)<br/>      timeout  = optional(number, 300)<br/>      schedule = optional(string, "")<br/>    }))<br/>  })</pre> | n/a | yes |
+| <a name="input_batch"></a> [batch](#input\_batch) | Configuration for the batch process | <pre>object({<br/>    cli_version          = string<br/>    cli_repository       = string<br/>    search_repository    = string<br/>    liquibase_repository = string<br/>    api_secret_file      = string<br/>    subnet_ids           = list(string)<br/>    task_iam_role_statements = list(object({<br/>      effect    = string<br/>      actions   = list(string)<br/>      resources = list(string)<br/>    }))<br/>    jobs = list(object({<br/>      name     = string<br/>      type     = optional(string, "default")<br/>      queue    = optional(string, "default")<br/>      commands = optional(list(string))<br/>      cpu      = optional(number, 1)<br/>      memory   = optional(number, 2048)<br/>      timeout  = optional(number, 300)<br/>      schedule = optional(string, "")<br/>    }))<br/>  })</pre> | n/a | yes |
 | <a name="input_domain_name"></a> [domain\_name](#input\_domain\_name) | The domain name for the environment | `string` | n/a | yes |
 | <a name="input_elasticache_url"></a> [elasticache\_url](#input\_elasticache\_url) | The URL of the Elasticache cluster | `string` | n/a | yes |
 | <a name="input_environment"></a> [environment](#input\_environment) | The environment to deploy to | `string` | n/a | yes |