Skip to content

Use AWS credentials to deploy review apps#2507

Merged
whi-tw merged 3 commits intomainfrom
whi-tw/allow-github-hosted-runner-deploy-review-apps
Mar 19, 2026
Merged

Use AWS credentials to deploy review apps#2507
whi-tw merged 3 commits intomainfrom
whi-tw/allow-github-hosted-runner-deploy-review-apps

Conversation

@whi-tw
Copy link
Member

@whi-tw whi-tw commented Jan 22, 2026

What problem does this pull request solve?

Trello card: https://trello.com/c/UIEQ97bl/792-stop-using-self-hosted-runners-on-github

Rather than using a codebuild runner to deploy the review apps, instead authenticate to AWS with OIDC and deploy them directly.

This depends on alphagov/forms-deploy#1958 being merged first.

Things to consider when reviewing

  • Ensure that you consider the wider context.
  • Does it work when run on your machine?
  • Is it clear what the code is doing?
  • Do the commit messages explain why the changes were made?
  • Are there all the unit tests needed?
  • Do the end to end tests need updating before these changes will pass?
  • Has all relevant documentation been updated?

@whi-tw whi-tw marked this pull request as draft January 22, 2026 12:21
@whi-tw whi-tw force-pushed the whi-tw/allow-github-hosted-runner-deploy-review-apps branch from 48cdf60 to eb6a7a0 Compare January 23, 2026 16:17
@sonarqubecloud
Copy link

sonarqubecloud bot commented Jan 23, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

sarahseewhy
sarahseewhy reviewed Mar 11, 2026
View reviewed changes
sarahseewhy
sarahseewhy previously approved these changes Mar 11, 2026
View reviewed changes
Copy link
Contributor

@sarahseewhy sarahseewhy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This makes sense, I think.

I only had one curiosity question but it's non-blocking.

@whi-tw whi-tw marked this pull request as ready for review March 16, 2026 09:33
@whi-tw whi-tw force-pushed the whi-tw/allow-github-hosted-runner-deploy-review-apps branch 2 times, most recently from b36906b to e868b6d Compare March 19, 2026 13:19
whi-tw added 3 commits March 19, 2026 14:22
@whi-tw
Only run one review-apps workflow at a time
f0af24d 
This prevents us attempting to run multiple instance of terraform at
the same time. Instead, the current running workflow will complete
before the next one starts.

Only 1 running and 1 pending workflow is allowed - any further
workflows will supercede the pending one.
@whi-tw
Deploy / destroy review apps with CodeBuild
83cb6be 
Instead of running Terraform directly in the GitHub Actions runners, we
now trigger AWS CodeBuild projects to handle the deployment and
destruction of review apps. This means that the repository no longer
needs extensive AWS permissions in GitHub Actions, and the actual available
AWS operations are limited.
@whi-tw
BAU: add missing fields to the review app task definition
10c1646 
These fields are automatically added by AWS when creating a task
definition. If we don't include them in our task definition, Terraform
tries to remove them on every apply, which causes unnecessary changes
to the task definition (and thus noise in our Terraform plan output).
@whi-tw whi-tw force-pushed the whi-tw/allow-github-hosted-runner-deploy-review-apps branch from 1cf2195 to 10c1646 Compare March 19, 2026 14:22
@whi-tw whi-tw requested a review from cadmiumcat March 19, 2026 14:22
@github-actions
Copy link

github-actions bot commented Mar 19, 2026

🎉 A review copy of this PR has been deployed! You can reach it at: https://pr-2507.admin.review.forms.service.gov.uk/

It may take 5 minutes or so for the application to be fully deployed and working. If it still isn't ready
after 5 minutes, there may be something wrong with the ECS task. You will need to go to the integration AWS account
to debug, or otherwise ask an infrastructure person.

For the sign in details and more information, see the review apps wiki page.

@sonarqubecloud
Copy link

sonarqubecloud bot commented Mar 19, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
2 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@whi-tw whi-tw added this pull request to the merge queue Mar 19, 2026
Merged via the queue into main with commit 39fcbe7 Mar 19, 2026
8 checks passed
@whi-tw whi-tw deleted the whi-tw/allow-github-hosted-runner-deploy-review-apps branch March 19, 2026 15:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cadmiumcat cadmiumcat cadmiumcat approved these changes

@sarahseewhy sarahseewhy sarahseewhy left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@whi-tw @sarahseewhy @cadmiumcat