Automated deployment pipeline

Automated Dev deployment capability
heremaps · Nov 24, 2023 · 9410bf4 · 9410bf4
2 parents 621fadd + 5250078
commit 9410bf4
Show file tree

Hide file tree

Showing 75 changed files with 1,685 additions and 355 deletions.
diff --git a/.github/workflows/main-ci-only.yml b/.github/workflows/main-ci-only.yml
@@ -0,0 +1,24 @@
+name: CI-Only Workflow
+
+# Trigger for specified criteria (specifically for PRs against stable branches)
+on:
+  workflow_dispatch:
+  pull_request:
+    types:
+      - opened
+      - reopened
+      - synchronize
+    branches:
+      - master
+      - int
+      - develop
+      - Naksha_maintenance
+
+permissions:
+  checks: write         # for junit reporting
+  pull-requests: write  # for jacoco PR comments
+
+jobs:
+  ### Job to Build and Publish artifacts
+  Build-and-Publish:
+    uses: ./.github/workflows/reusable-build-and-publish.yml
diff --git a/.github/workflows/main-dev-deploy.yml b/.github/workflows/main-dev-deploy.yml
@@ -0,0 +1,62 @@
+name: Dev Workflow
+
+# Trigger Dev deployment pipeline for commit on specific branch(es)
+on:
+  push:
+    branches:
+      - develop
+      - Naksha_maintenance
+      - MCPODS-6260_dev_deployment
+
+permissions:
+  checks: write         # for junit reporting
+  pull-requests: write  # for jacoco PR comments
+
+
+# let the run-name get picked up dynamically from most recent commit
+#run-name: '[${{ github.event_name }}] event on ${{ github.ref_type }}/PR# [${{ github.ref_name }}]'
+
+jobs:
+  ### Job to Build and Publish artifacts
+  # Output
+  #   - pipeline-artifact-name = Name of the pipeline artifact to be used in release step (e.g. codedeploy-artifact)
+  #   - app-version = Application version to be used in release step as S3 bucket directory (e.g. 1.1.1-SNAPSHOT, 1.2.0)
+  #   - codedeploy-artifact-version = CodeDeploy artifact version to be used in uniquely naming deployment bundle (e.g. 20230528-144100_d63fd762704ef242d9827662b872b305744f753e)
+  Build-and-Publish:
+    uses: ./.github/workflows/reusable-build-and-publish.yml
+
+
+
+  ### Job to Release CodeDeploy artifact to S3 bucket
+  # Output
+  #   - s3-artifact-path = s3 bucket artifact path to be used for codedeploy (e.g. 1.1.1/deployment.tar.gz)
+  S3-CodeDeploy-Release:
+    needs: Build-and-Publish
+    uses: ./.github/workflows/reusable-s3-codedeploy-release.yml
+    with:
+      aws-region: ${{ vars.AWS_REGION }}
+      pipeline-artifact-name: ${{ needs.Build-and-Publish.outputs.pipeline-artifact-name }}
+      s3-bucket-name: ${{ vars.RELEASE_S3_BUCKET_NAME }}
+      s3-bucket-dir-path: ${{ needs.Build-and-Publish.outputs.app-version }}
+      s3-artifact-version: ${{ needs.Build-and-Publish.outputs.codedeploy-artifact-version }}
+    secrets:
+      aws-key: ${{ secrets.AWS_KEY }}
+      aws-secret: ${{ secrets.AWS_SECRET }}
+
+
+
+  ### Job to Deploy CodeDeploy artifact to Dev environment
+  Dev-Deploy:
+    needs: S3-CodeDeploy-Release
+    uses: ./.github/workflows/reusable-codedeploy-deployment.yml
+    with:
+      aws-region: ${{ vars.AWS_REGION }}
+      codedeploy-app-name: ${{ vars.CODEDEPLOY_APP_NAME }}
+      codedeploy-group-name: ${{ vars.CODEDEPLOY_DEV_GROUP_NAME }}
+      deployment-description: 'Deployment triggered by ${{ github.triggering_actor }} from Github repo [${{ github.repository }}], ${{ github.ref_type }} [${{ github.ref_name }}], commit sha [${{ github.sha }}]'
+      s3-bucket-name: ${{ vars.RELEASE_S3_BUCKET_NAME }}
+      s3-artifact-path: ${{ needs.S3-CodeDeploy-Release.outputs.s3-artifact-path }}
+      s3-artifact-type: tgz
+    secrets:
+      aws-key: ${{ secrets.AWS_KEY }}
+      aws-secret: ${{ secrets.AWS_SECRET }}
diff --git a/.github/workflows/main-e2e-deploy.yml b/.github/workflows/main-e2e-deploy.yml
@@ -0,0 +1,56 @@
+name: E2E Workflow
+
+# Trigger E2E Deployment for commit on int branch (i.e. integration)
+on:
+  push:
+    branches:
+      - int
+
+permissions:
+  checks: write         # for junit reporting
+  pull-requests: write  # for jacoco PR comments
+
+jobs:
+  ### Job to Build and Publish artifacts
+  # Output
+  #   - pipeline-artifact-name = Name of the pipeline artifact to be used in release step (e.g. codedeploy-artifact)
+  #   - app-version = Application version to be used in release step as S3 bucket directory (e.g. 1.1.1-SNAPSHOT, 1.2.0)
+  #   - codedeploy-artifact-version = CodeDeploy artifact version to be used in uniquely naming deployment bundle (e.g. 20230528-144100_d63fd762704ef242d9827662b872b305744f753e)
+  Build-and-Publish:
+    uses: ./.github/workflows/reusable-build-and-publish.yml
+
+
+
+  ### Job to Release CodeDeploy artifact to S3 bucket
+  # Output
+  #   - s3-artifact-path = s3 bucket artifact path to be used for codedeploy (e.g. 1.1.1/deployment.tar.gz)
+  S3-CodeDeploy-Release:
+    needs: Build-and-Publish
+    uses: ./.github/workflows/reusable-s3-codedeploy-release.yml
+    with:
+      aws-region: ${{ vars.AWS_REGION }}
+      pipeline-artifact-name: ${{ needs.Build-and-Publish.outputs.pipeline-artifact-name }}
+      s3-bucket-name: ${{ vars.RELEASE_S3_BUCKET_NAME }}
+      s3-bucket-dir-path: ${{ needs.Build-and-Publish.outputs.app-version }}
+      s3-artifact-version: ${{ needs.Build-and-Publish.outputs.codedeploy-artifact-version }}
+    secrets:
+      aws-key: ${{ secrets.AWS_KEY }}
+      aws-secret: ${{ secrets.AWS_SECRET }}
+
+
+
+  ### Job to Deploy CodeDeploy artifact to E2E environment
+  E2E-Deploy:
+    needs: S3-CodeDeploy-Release
+    uses: ./.github/workflows/reusable-codedeploy-deployment.yml
+    with:
+      aws-region: ${{ vars.AWS_REGION }}
+      codedeploy-app-name: ${{ vars.CODEDEPLOY_APP_NAME }}
+      codedeploy-group-name: ${{ vars.CODEDEPLOY_E2E_GROUP_NAME }}
+      deployment-description: 'Deployment triggered by ${{ github.triggering_actor }} from Github repo [${{ github.repository }}], ${{ github.ref_type }} [${{ github.ref_name }}], commit sha [${{ github.sha }}]'
+      s3-bucket-name: ${{ vars.RELEASE_S3_BUCKET_NAME }}
+      s3-artifact-path: ${{ needs.S3-CodeDeploy-Release.outputs.s3-artifact-path }}
+      s3-artifact-type: tgz
+    secrets:
+      aws-key: ${{ secrets.AWS_KEY }}
+      aws-secret: ${{ secrets.AWS_SECRET }}
diff --git a/.github/workflows/main-prd-deploy.yml b/.github/workflows/main-prd-deploy.yml
@@ -0,0 +1,57 @@
+name: Prod Workflow
+
+# Trigger Prod deployment pipeline for push of a tag Naksha_*
+on:
+  push:
+    tags:
+      - Naksha_*
+
+permissions:
+  checks: write         # for junit reporting
+  pull-requests: write  # for jacoco PR comments
+
+jobs:
+  ### Job to Build and Publish artifacts
+  # Output
+  #   - pipeline-artifact-name = Name of the pipeline artifact to be used in release step (e.g. codedeploy-artifact)
+  #   - app-version = Application version to be used in release step as S3 bucket directory (e.g. 1.1.1-SNAPSHOT, 1.2.0)
+  #   - codedeploy-artifact-version = CodeDeploy artifact version to be used in uniquely naming deployment bundle (e.g. 20230528-144100_d63fd762704ef242d9827662b872b305744f753e)
+  Build-and-Publish:
+    uses: ./.github/workflows/reusable-build-and-publish.yml
+
+
+
+  ### Job to Release CodeDeploy artifact to S3 bucket
+  # Output
+  #   - s3-artifact-path = s3 bucket artifact path to be used for codedeploy (e.g. 1.1.1/deployment.tar.gz)
+  S3-CodeDeploy-Release:
+    needs: Build-and-Publish
+    uses: ./.github/workflows/reusable-s3-codedeploy-release.yml
+    with:
+      aws-region: ${{ vars.AWS_REGION }}
+      pipeline-artifact-name: ${{ needs.Build-and-Publish.outputs.pipeline-artifact-name }}
+      s3-bucket-name: ${{ vars.RELEASE_S3_BUCKET_NAME }}
+      s3-bucket-dir-path: ${{ needs.Build-and-Publish.outputs.app-version }}
+      s3-artifact-version: ${{ needs.Build-and-Publish.outputs.codedeploy-artifact-version }}
+    secrets:
+      aws-key: ${{ secrets.AWS_KEY }}
+      aws-secret: ${{ secrets.AWS_SECRET }}
+
+
+
+  ### Job to Deploy CodeDeploy artifact to Production environment
+  Prd-Deploy:
+    needs: S3-CodeDeploy-Release
+    uses: ./.github/workflows/reusable-codedeploy-deployment.yml
+    with:
+      aws-region: ${{ vars.PRD_AWS_REGION }}
+      codedeploy-app-name: ${{ vars.CODEDEPLOY_APP_NAME }}
+      codedeploy-group-name: ${{ vars.CODEDEPLOY_PRD_GROUP_NAME }}
+      deployment-description: 'Deployment triggered by ${{ github.triggering_actor }} from Github repo [${{ github.repository }}], ${{ github.ref_type }} [${{ github.ref_name }}], commit sha [${{ github.sha }}]'
+      # we use Prod access point (eu-west-1) to fetch deployment artifacts from E2E S3 bucket (us-east-1)
+      s3-bucket-name: ${{ vars.PRD_RELEASE_S3_BUCKET_NAME }}
+      s3-artifact-path: ${{ needs.S3-CodeDeploy-Release.outputs.s3-artifact-path }}
+      s3-artifact-type: tgz
+    secrets:
+      aws-key: ${{ secrets.PRD_AWS_KEY }}
+      aws-secret: ${{ secrets.PRD_AWS_SECRET }}
diff --git a/.github/workflows/reusable-build-and-publish.yml b/.github/workflows/reusable-build-and-publish.yml
@@ -0,0 +1,112 @@
+on:
+  workflow_call:
+    outputs:
+      pipeline-artifact-name:
+        description: 'Name of the uploaded artifact which can be downloaded using actions/download-artifact within the same pipeline (e.g. codedeploy-artifact)'
+        value: ${{ jobs.main.outputs.pipeline-artifact-name }}
+      app-version:
+        description: 'Application version identified using maven (e.g. 1.1.1-SNAPSHOT, 1.2.0)'
+        value: ${{ jobs.main.outputs.app-version }}
+      codedeploy-artifact-version:
+        description: 'Unique version which should be used in next step(s) for CodeDeploy artifact (e.g. 20230528-144100_d63fd762704ef242d9827662b872b305744f753e)'
+        value: ${{ jobs.main.outputs.codedeploy-artifact-version }}
+
+
+env:
+  MIN_COVERAGE_OVERALL: 0
+  MIN_COVERAGE_CHANGED_FILES: 0
+  SERVICE_JAR_DIR: ${{ github.workspace }}/build/libs
+  CODEDEPLOY_DIR: ${{ github.workspace }}/deployment/codedeploy
+  GITHUB_CODEDEPLOY_ARTIFACT_NAME: codedeploy-artifact
+
+jobs:
+  main:
+    runs-on: ubuntu-latest
+    outputs:
+      pipeline-artifact-name: ${{ steps.save-artifact-name.outputs.name }}
+      app-version: ${{ steps.save-app-version.outputs.version }}
+      codedeploy-artifact-version: ${{ steps.save-artifact-version.outputs.version }}
+    services:
+      postgres:
+        image: postgis/postgis # Postgres with PostGIS extension
+        env:
+          POSTGRES_PASSWORD: password
+          POSTGRES_USER: postgres
+          POSTGRES_DB: postgres
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+        ports:
+          - 5432:5432
+    steps:
+      - run: echo "[${{ github.triggering_actor }}] triggered [${{ github.event_name }}] event on ${{ github.ref_type }}/PR# [${{ github.ref_name }}]"
+      - run: echo "🎉 This job is running on a ${{ runner.os }} server hosted by GitHub!"
+      - name: Check out repository code
+        uses: actions/checkout@v4
+      - name: Setup Java
+        uses: actions/setup-java@v3
+        with:
+          distribution: 'temurin'
+          java-version: '17'
+          java-package: 'jdk'
+          cache: 'gradle'
+      - name: Setup Gradle
+        uses: gradle/gradle-build-action@v2
+        with:
+          gradle-version: 8.2
+      ### Build, Test, Coverage Verification
+      - name: Build fat jar, Run Unit tests, Verify code coverage
+        run: gradle shadowJar jacocoTestReport jacocoTestCoverageVerification
+      - name: Publish Test Report
+        uses: mikepenz/action-junit-report@v4
+        if: success() || failure() # always run even if the previous step fails
+        with:
+          report_paths: '**/build/test-results/test/TEST-*.xml'
+      - name: Publish code coverage report as PR comment
+        id: jacoco
+        uses: madrapps/[email protected]
+        with:
+          paths: '**/build/reports/jacoco/test/jacocoTestReport.xml'
+          token: ${{ secrets.GITHUB_TOKEN }}
+          min-coverage-overall: $MIN_COVERAGE_OVERALL
+          min-coverage-changed-files: $MIN_COVERAGE_CHANGED_FILES
+          title: Code Coverage
+      - name: Fail when coverage of changed files is too low
+        run: |
+          CHANGED_FILES_FAILED=$(echo '${{ steps.jacoco.outputs.coverage-changed-files }} < ${{ env.MIN_COVERAGE_CHANGED_FILES }}' | bc)
+          [[ $CHANGED_FILES_FAILED -ne 0 ]] && echo 'Changed files coverage ${{ steps.jacoco.outputs.coverage-changed-files }}% is smaller than required ${{ env.MIN_COVERAGE_CHANGED_FILES }}%'
+          [[ $CHANGED_FILES_FAILED -ne 0 ]] && exit 1 || exit 0
+      - name: List generated artifacts
+        run: |
+          ls -l $SERVICE_JAR_DIR/*
+      ### TODO : Publish to central repository
+      - name: Prepare CodeDeploy artifact content
+        run: |
+          cp -p $SERVICE_JAR_DIR/naksha-*-all.jar $CODEDEPLOY_DIR/contents/naksha-hub/
+      - name: List CodeDeploy artifact content
+        run: |
+          ls -lR $CODEDEPLOY_DIR
+      - name: Save pipeline artifact name
+        id: save-artifact-name
+        run: echo "name=${{ env.GITHUB_CODEDEPLOY_ARTIFACT_NAME }}" >> "$GITHUB_OUTPUT"
+      - name: Save CodeDeploy artifact content
+        uses: actions/upload-artifact@v3
+        with:
+          name: ${{ env.GITHUB_CODEDEPLOY_ARTIFACT_NAME }}
+          path: ${{ env.CODEDEPLOY_DIR }}
+          if-no-files-found: error
+      - name: Identify and save Application version
+        id: save-app-version
+        run: |
+          APP_VERSION=`gradle -q printAppVersion`
+          echo $APP_VERSION
+          echo "version=$APP_VERSION" >> "$GITHUB_OUTPUT"
+      - name: Identify and save CodeDeploy artifact version
+        id: save-artifact-version
+        run: |
+          ARTIFACT_VERSION=`date +"%Y%m%d-%H%M%S"`_${{ github.sha }}
+          echo $ARTIFACT_VERSION
+          echo "version=$ARTIFACT_VERSION" >> "$GITHUB_OUTPUT"
+      - run: echo "🍏 This job's status is ${{ job.status }}."