Deployments
On OTT, all applications are set up for continuous deployment to integration, with the majority also having continuous deployment configured for staging and production. Additionally, you can manually deploy a git reference (tag, branch, or commit SHA) of an application to any environment.
Continuous integration (CI) is run on new commits on the main branch, usually from merging a pull request. If the commits pass CI, they are automatically deployed to integration. After deployment, a set of smoke tests run in integration to verify that the application still works as expected.
If the smoke tests pass and the application has continuous deployment enabled, the deployment is promoted to staging. In staging another set of smoke tests run, and if they pass, the deployment will be promoted to production.
For applications without continuous deployment enabled, they will need to be manually deployed to staging and production.
The Release app shows the currently deployed versions of each app and whether an app requires manual deployment to later environments.
Manual deployments
You can manually deploy an application by triggering the “Deploy” GitHub Action workflow for that application’s repository.
This can be done in GitHub’s web interface:
- Go to the “Actions” page in the application repository
- Select the “Deploy” workflow from the list of workflows on the left hand side
- Click “Run workflow”
- Input the git reference and environment (ignore the “Use workflow from” option)
- Click “Run workflow”
Or using GitHub’s CLI:
gh workflow run -R "trade-tariff/${REPO}" deploy.yml -F environment=${ENVIRONMENT} -F gitRef=${GIT_REF}
Manual deployments are never promoted to other environments.
Overview of the deployment process
This is an example deploying an application to integration:
- Developer merges a PR into main branch and it passes CI
- Triggers the “Deploy” workflow in GitHub Actions
- Builds and pushes an image to AWS Elastic Container Registery (ECR) in production
- Sends a webhook to Argo Workflows in production
- Triggers the “deploy-image” workflow in Argo Workflows in production
- Updates the image tag reference for integration in govuk-helm-charts with a new commit
- Adds a “deployed-to-
” tag on the image in ECR - Notifies the Release application of the deployment
- Argo CD in integration polls govuk-helm-charts and detects updated image tag reference
- Triggers sync of the
app-config
(app-of-apps) application in Argo CD - Updates the Helm values for the deployed app’s Argo CD application resource
- Updates the Kubernetes deployment resource with the new image tag
- Triggers sync of the
- Kubernetes does a rolling update of the pods
- Argo CD triggers the “post-sync” workflow in Argo Workflows in integration
- Runs smoke tests for the app
- Checks if deployment should be promoted
- If so, sends a webhook to Argo Workflows (in production) to trigger deploy-image for the next environment.
Troubleshooting
If your release does not make it to production:
- Updates on status of Argo workflows are posted in #govuk-deploy-alerts.
- Click on View workflow for your failed deployment.
- You may be presented with am ugly login error, in which case try logging out, logging in and then clicking the view workflow button again.
- The argo workflow will display a list of steps. To investigate the reason for failure, click on the failed job, and from the summary panel click on LOGS.
- If the failure is due to a flakey smokey test, you can hit the RESUBMIT button for the full workflow.