You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
-[Storing the Container on AWS Elastic Container Registry (ECR)](#storing-the-container-on-aws-elastic-container-registry-ecr)
27
+
-[Deploying the Lambda](#deploying-the-lambda)
28
+
-[Destroying / Removing the Lambda](#destroying--removing-the-lambda)
26
29
-[Linting and Testing](#linting-and-testing)
27
30
-[GitHub Actions](#github-actions)
28
31
-[Running Tests Locally](#running-tests-locally)
@@ -217,7 +220,68 @@ To run the Lambda function outside of a container, we need to execute the `handl
217
220
218
221
## Deployment
219
222
220
-
### Overview
223
+
### Deployments with Concourse
224
+
225
+
#### Allowlisting your IP
226
+
227
+
To setup the deployment pipeline with concourse, you must first allowlist your IP address on the Concourse
228
+
server. IP addresses are flushed everyday at 00:00 so this must be done at the beginning of every working day
229
+
whenever the deployment pipeline needs to be used. Follow the instructions on the Confluence page (SDP Homepage > SDP Concourse > Concourse Login) to
230
+
login. All our pipelines run on sdp-pipeline-prod, whereas sdp-pipeline-dev is the account used for
231
+
changes to Concourse instance itself. Make sure to export all necessary environment variables from sdp-pipeline-prod (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN).
232
+
233
+
#### Setting up a pipeline
234
+
235
+
When setting up our pipelines, we use ecs-infra-user on sdp-dev to be able to interact with our infrastructure on AWS. The credentials for this are stored on
236
+
AWS Secrets Manager so you do not need to set up anything yourself.
237
+
238
+
To set the pipeline, run the following script:
239
+
240
+
```bash
241
+
chmod u+x ./concourse/scripts/set_pipeline.sh
242
+
./concourse/scripts/set_pipeline.sh
243
+
```
244
+
245
+
Note that you only have to run chmod the first time running the script in order to give permissions.
246
+
This script will set the branch and pipeline name to whatever branch you are currently on. It will also set the image tag on ECR to 7 characters of the current branch name if running on a branch other than main. For main, the ECR tag will be the latest release tag on the repository that has semantic versioning(vX.Y.Z).
247
+
248
+
The pipeline name itself will usually follow a pattern as follows: `repository-archive-script-<branch-name>`for any non-main branch and `repository-archive-script`for the main/master branch.
249
+
250
+
#### Prod deployment
251
+
252
+
To deploy to prod, it is required that a Github Release is made on Github. The release is required to follow semantic versioning of vX.Y.Z.
253
+
254
+
A manual trigger is to be made on the pipeline name `repository-archive-script > deploy-after-github-release` job through the Concourse CI UI. This will create a github-create-tag resource that is required on the `repository-archive-script > build-and-push-prod` job. Then the prod deployment job is also through a manual trigger ensuring that prod is only deployed using the latest GitHub release tag in the form of vX.Y.Z and is manually controlled.
255
+
256
+
#### Triggering a pipeline
257
+
258
+
Once the pipeline has been set, you can manually trigger a dev build on the Concourse UI, or run the following commandfor non-main branch deployment:
**It is unlikely that you will need to destroy a pipeline, but the command is here if needed.**
279
+
280
+
**Note:** This will not destroy any resources created by Terraform. You must manually destroy these resources using Terraform.
281
+
282
+
### Manual Deployment
283
+
284
+
#### Overview
221
285
222
286
This repository is designed to be hosted on AWS Lambda using a container image as the Lambda's definition.
223
287
@@ -226,7 +290,7 @@ There are 2 parts to deployment:
226
290
1. Updating the ECR Image.
227
291
2. Updating the Lambda.
228
292
229
-
### Deployment Prerequisites
293
+
#### Deployment Prerequisites
230
294
231
295
Before following the instructions below, we assume that:
232
296
@@ -236,7 +300,7 @@ Before following the instructions below, we assume that:
236
300
237
301
Additionally, we recommend that you keep the container versioning in sync with GitHub releases. Internal documentation for this is available on Confluence ([GitHub Releases and AWS ECR Versions](https://confluence.ons.gov.uk/display/KEH/GitHub+Releases+and+AWS+ECR+Versions)). We follow Semantic Versioning ([Learn More](https://semver.org/spec/v2.0.0.html)).
238
302
239
-
### Storing the Container on AWS Elastic Container Registry (ECR)
303
+
#### Storing the Container on AWS Elastic Container Registry (ECR)
240
304
241
305
When changes are made to the repository's source code, the code must be containerised and pushed to AWS for the lambda to use.
242
306
@@ -281,7 +345,7 @@ All of the commands (steps 2-5) are available for your environment within the AW
281
345
282
346
Once pushed, you should be able to see your new image version within the ECR repository.
283
347
284
-
### Deploying the Lambda
348
+
#### Deploying the Lambda
285
349
286
350
Once AWS ECR has the new container image, we need to update the Lambda's configuration to use it. To do this, use the repository's provided [Terraform](./terraform/).
287
351
@@ -338,7 +402,7 @@ Within the terraform directory, there is a [service](./terraform/service/) subdi
338
402
339
403
Once applied successfully, the Lambda and EventBridge Schedule will be created.
340
404
341
-
### Destroying / Removing the Lambda
405
+
#### Destroying / Removing the Lambda
342
406
343
407
To delete the service resources, run the following:
**Please Note:** Make sure to use the correct `.tfbackend` and `.tfvars` files for your environment.
353
417
354
-
### Deployments with Concourse
355
-
356
-
#### Allowlisting your IP
357
-
358
-
To setup the deployment pipeline with concourse, you must first allowlist your IP address on the Concourse
359
-
server. IP addresses are flushed everyday at 00:00 so this must be done at the beginning of every working day
360
-
whenever the deployment pipeline needs to be used. Follow the instructions on the Confluence page (SDP Homepage > SDP Concourse > Concourse Login) to
361
-
login. All our pipelines run on sdp-pipeline-prod, whereas sdp-pipeline-dev is the account used for
362
-
changes to Concourse instance itself. Make sure to export all necessary environment variables from sdp-pipeline-prod (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN).
363
-
364
-
#### Setting up a pipeline
365
-
366
-
When setting up our pipelines, we use ecs-infra-user on sdp-dev to be able to interact with our infrastructure on AWS. The credentials for this are stored on
367
-
AWS Secrets Manager so you do not need to set up anything yourself.
Note that you only have to run chmod the first time running the script in order to give permissions.
377
-
This script will set the branch and pipeline name to whatever branch you are currently on. It will also set the image tag on ECR to the current commit hash at the time of setting the pipeline.
378
-
379
-
The pipeline name itself will usually follow a pattern as follows: `<repo-name>-<branch-name>`
380
-
If you wish to set a pipeline for another branch without checking out, you can run the following:
If the branch you are deploying is "main" or "master", it will trigger a deployment to the sdp-prod environment. To set the ECR image tag, you must draft a Github release pointing to the latest release of the main/master branch that has a tag in the form of vX.Y.Z. Drafting up a release will automatically deploy the latest version of the main/master branch with the associated release tag, but you can also manually trigger a build through the Concourse UI or the terminal prompt.
387
-
388
-
#### Triggering a pipeline
389
-
390
-
Once the pipeline has been set, you can manually trigger a build on the Concourse UI, or run the following command:
0 commit comments