diff --git a/.github/README.md b/.github/README.md new file mode 100644 index 00000000..f4a4ea3e --- /dev/null +++ b/.github/README.md @@ -0,0 +1,63 @@ +# Current Github Workflows for building and deploying ReportVision in Dev or Demo + +## Prerequisites + +There are secrets for Azure authentication from Github Action's located within the Github Settings. At the time of reading this, you may need to create new federated secrets and Resource Groups in your Azure account, while also updating the existing `AZURE_CLIENT_ID`, `AZURE_TENANT_ID`, `AZURE_SUBSCRIPTION_ID`, `AZURE_OBJECT_ID` secrets in each Github Environment. + +**NOTE**: Resource Groups were never created from Terraform on purpose to better replicate CDC's Azure setup and requirements for potential future migrations from Skylight's Azure. CDC would manually create Resource Groups for us. + +Azure Resource Group Naming: + +- `reportvision-rg-dev` +- `reportvision-rg-demo` + +## Complete e2e build and deploy for ReportVision + +To build and deploy all of ReportVision's services at once, `deploy-dev.yml` will do the trick specifically for dev environments within Azure only. + +Required Inputs: + +- `branch`: Any +- `deploy-env`: Drop down of available environments to chose from. + +Optional Inputs: + +- `ocr-docker-tag`: The OCR Docker Tag. This input is optional because if it is left blank, the workflow will build and publish a new docker image each time. If you would like to deploy a previously built docker image, you can add the tag here. +- `middleware-docker-tag`: The Middleware Docker Tag. This input is optional because if it is left blank, the workflow will build and publish a new docker image each time. If you would like to deploy a previously built docker image, you can add the tag here. + + +## Build and deploy the ReportVision's frontend only + +We made a separate workflow that builds and deploys the frontend files only, `build-deploy-frontend.yml`. Having to wait for the end-to-end deploy, along with the Terraform setup job to complete, just to refresh the frontend can be a giant waste of time. Just make sure the Azure environment is already up from the `deploy-dev.yml` workflow or at the very least a Storage Account in is created. + +Required Inputs: + +- `branch`: Any +- `deploy-env`: Drop down of available environments to chose from. + +## Build and deploy the ReportVision's OCR-API and Middleware-API separately + +Just like with the frontend, we needed a way to refresh the OCR-API and/or Middleware-API without having to re-apply Terraform and deploying the frontend. With `build-deploy-ocr.yml` or `build-deploy-ocr.yml` we can either build and publish a new docker image or we can use an already registered docker image. Both the OCR-API and Middleware-API docker images are published here: +- https://github.com/CDCgov/ReportVision/pkgs/container/reportvision-ocr +- https://github.com/CDCgov/ReportVision/pkgs/container/reportvision-middleware. + +Once the workflow builds and publishes the images, it will deploy it to the selected environments Azure App-Service Webapp. + +**Note**: Using an already registered docker image will be a bit faster than waiting for a new one to be built. Also, this is how we quickly rollback versions. + +Required Inputs: + +- `branch`: Any +- `deploy-env`: Drop down of available environments to chose from. + +Optional Inputs: + +- `ocr-docker-tag`: The OCR Docker Tag. This input is optional because if it is left blank, the workflow will build and publish a new docker image each time. If you would like to deploy a previously built docker image, you can add the tag here. + +# Github Workflows for building and deploying ReportVision in Staging or Production + +Unfortunately we never had the opportunity to pilot our amazing product to actual users which kept us from deploying to any type of Staging or Production environments. We also weren't entirely sure if we'd even be able to deploy to a centrally hosted Azure account like our current one either. + +If we were able to deploy to a centrally hosted system. Our thought would have been to create a `deploy-stage.yml` workflow that is structured and functions very similarly to `deploy-dev.yml`, except it would be triggered off of the `main` branch or Github `tags`. If all staging jobs and tests pass, a `deploy-prod.yml` workflow would then get triggered. + +If we were required to deploy to STLT-hosted environments, our plan was going to ensure that all services are containerized and deployed as a container orchestrated system with tooling like Kubernetes. This would make it easier for us to be cloud-agnostic and have the ability to quickly "lift-and-shift" our product into different organizations. If this were to happen, we would had to paradigm shift completely. \ No newline at end of file diff --git a/.github/workflows/build-deploy-frontend.yml b/.github/workflows/build-deploy-frontend.yml index 9640ad66..14cb3d8f 100644 --- a/.github/workflows/build-deploy-frontend.yml +++ b/.github/workflows/build-deploy-frontend.yml @@ -28,7 +28,7 @@ jobs: frontend-build-path: ./frontend/dist/ node-version: 20 - deploy-with-blob-name-optional: + deploy-frontend: name: Deploy runs-on: ubuntu-latest environment: ${{ inputs.deploy-env }} diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml index f1dba2d5..d93e4bed 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-dev.yml @@ -10,10 +10,10 @@ on: options: - dev ocr-docker-tag: - description: 'This is optional if you would like to deploy an already published OCR-API image' + description: 'OCR Docker Tag (This is optional. If you would like to deploy an already published OCR-API image):' required: false middleware-docker-tag: - description: 'This is optional if you would like to deploy an already published Middleware-API image' + description: 'Middleware Docker Tag (This is optional. If you would like to deploy an already published Middleware-API image):' required: false permissions: diff --git a/ops/terraform/README.md b/ops/terraform/README.md new file mode 100644 index 00000000..3743ec66 --- /dev/null +++ b/ops/terraform/README.md @@ -0,0 +1,14 @@ +# ReportVision's Terraform Setup + +Currently, our infrastructure is built specifically for Azure, with a traditional cloud architecture hosting our frontend code from blob storage and our OCR-API running in an App Service. Both the frontend and the OCR-API are behind a Virtual Network and load balanced by an App Gateway. + + +## Prerequisites + +When using Terraform, you will need to created a `terraform.tfvars` file in the `ops/terraform` directory with variables: + +``` bash + resource_group_name = "reportvision-rg-" + name = "reportvision" + sku_name = "S2" +``` \ No newline at end of file