CI-CD for domains

DFE-Digital · Jan 31, 2025 · a2bea11 · a2bea11
1 parent 5500e44
commit a2bea11
Show file tree

Hide file tree

Showing 4 changed files with 72 additions and 1 deletion.
diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml
@@ -140,3 +140,63 @@ jobs:
           environment: production
           image-tag: ${{ needs.build_image.outputs.docker-image-tag }}
           azure-credentials: ${{ secrets.AZURE_CREDENTIALS }}
+
+  deploy_domains_infra:
+    name: Deploy Domains Infrastructure
+    runs-on: ubuntu-latest
+    if: github.ref == 'refs/heads/main' && github.event_name == 'push'
+    concurrency: deploy_production
+    needs: [deploy_production]
+    environment:
+      name: production
+    permissions:
+      id-token: write
+
+    steps:
+      - uses: azure/login@v2
+        with:
+          client-id: ${{ secrets.AZURE_CLIENT_ID  }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID   }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID   }}
+
+      - name: Deploy Domains Infrastructure
+        id: deploy_domains_infra
+        uses: DFE-Digital/github-actions/deploy-domains-infra@master
+        with:
+          azure-client-id: ${{ secrets.AZURE_CLIENT_ID  }}
+          azure-tenant-id: ${{ secrets.AZURE_TENANT_ID   }}
+          azure-subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID   }}
+          slack-webhook: ${{ secrets.SLACK_WEBHOOK }}
+
+  deploy_domains_env:
+    name: Deploy Domains to ${{ matrix.domain_environment }} environment
+    runs-on: ubuntu-latest
+    if: github.ref == 'refs/heads/main' && github.event_name == 'push'
+    concurrency: deploy_${{ matrix.domain_environment }}
+    needs: [deploy_domains_infra]
+    strategy:
+      max-parallel: 1
+      matrix:
+        domain_environment: [test, preprod, production]
+    environment:
+      name: production
+    permissions:
+      id-token: write
+
+    steps:
+      - uses: azure/login@v2
+        with:
+          client-id: ${{ secrets.AZURE_CLIENT_ID  }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID   }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID   }}
+
+      - name: Deploy Domains Environment
+        id: deploy_domains_env
+        uses: DFE-Digital/github-actions/deploy-domains-env@master
+        with:
+          azure-client-id: ${{ secrets.AZURE_CLIENT_ID  }}
+          azure-tenant-id: ${{ secrets.AZURE_TENANT_ID   }}
+          azure-subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID   }}
+          environment: ${{ matrix.domain_environment }}
+          healthcheck: health
+          slack-webhook: ${{ secrets.SLACK_WEBHOOK }}
diff --git a/Makefile b/Makefile
@@ -132,7 +132,7 @@ get-cluster-credentials: set-azure-account ## Get AKS cluster credentials
 .PHONY: vendor-domain-infra-modules
 vendor-domain-infra-modules:
 	rm -rf terraform/domains/infrastructure/vendor/modules/domains
-	TERRAFORM_MODULES_TAG=stable
+	$(eval include global_config/domains.sh)
 	git -c advice.detachedHead=false clone --depth=1 --single-branch --branch ${TERRAFORM_MODULES_TAG} https://github.com/DFE-Digital/terraform-modules.git terraform/domains/infrastructure/vendor/modules/domains
 
 domains-infra-init: domains composed-variables vendor-domain-infra-modules set-azure-account

diff --git a/global_config/domains.sh b/global_config/domains.sh
@@ -2,3 +2,4 @@ AZURE_SUBSCRIPTION=s189-teacher-services-cloud-production
 AZURE_RESOURCE_PREFIX=s189p01
 CONFIG_SHORT=dom
 DISABLE_KEYVAULTS=true
+TERRAFORM_MODULES_TAG=stable
diff --git a/terraform/domains/environment_domains/output.tf b/terraform/domains/environment_domains/output.tf
@@ -0,0 +1,10 @@
+output "external_urls" {
+  value = flatten([
+    for zone_name, zone_values in var.hosted_zone : [
+      for domain in zone_values["domains"] : (domain == "apex" ?
+        "https://${zone_name}" :
+        "https://${domain}.${zone_name}"
+      )
+    ]
+  ])
+}