Merge pull request alphagov#1442 from alphagov/deploy-github-actions

Switch from Travis to Github Actions

.github/workflows/ci.yaml

@@ -0,0 +1,96 @@
+name: CI Workflow
+
+on: [push, pull_request]
+
+# Separate build and deploy jobs so we can build all branches and pull requests
+# but only deploy from master
+jobs:
+  build:
+    name: Build & Test
+    runs-on: ubuntu-latest
+    env:
+      ENVIRONMENT: production
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Read node version from .nvmrc
+        id: nvm
+        run: echo "##[set-output name=NVMRC;]$(cat .nvmrc)"
+
+      - name: Setup node
+        uses: actions/setup-node@v1
+        with:
+          node-version: "${{ steps.nvm.outputs.NVMRC }}"
+
+      - name: Install dependencies
+        run: npm install --no-optional
+
+      - name: Build
+        run: npm run build
+
+      - name: Lint and test
+        run: npm test -- --runInBand
+
+      # Share data between the build and deploy jobs so we don't need to run `npm run build` again on deploy
+      # Upload the deploy folder as an artifact so it can be downloaded and used in the deploy job
+      - name: Upload artifact
+        uses: actions/upload-artifact@v2
+        with:
+            name: build
+            path: deploy/**
+            retention-days: 1
+
+  # Deploy the Design System to production when the master branch is changed
+  # Github Actions is not involved in deploying PR or branch previews – these are handled by Netlify
+  deploy:
+    name: Deploy
+    runs-on: ubuntu-latest
+    needs: build
+    if: ${{ github.ref == 'refs/heads/master' }}
+    env:
+      CF_API: "https://api.cloud.service.gov.uk"
+      CF_ORG: "govuk-design-system"
+      CF_SPACE: "design-system"
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Download build artifact
+        uses: actions/download-artifact@v2
+        with:
+          name: build
+
+      - name: Install the CF CLI
+        run: |
+          wget https://s3-us-west-1.amazonaws.com/v7-cf-cli-releases/releases/v7.2.0/cf7-cli-installer_7.2.0_x86-64.deb
+          sudo dpkg -i cf7-cli-installer_7.2.0_x86-64.deb
+
+      - name: Authenticate
+        env:
+          # CF_USERNAME and CF_PASSWORD are used by the `cf auth` command to login
+          # We use an environment variable instead of passing the details as options using -u / -p to reduce the risk of them being recorded in logs
+          # https://cli.cloudfoundry.org/en-US/v6/auth.html
+          CF_USERNAME: "[email protected]"
+          CF_PASSWORD: ${{ secrets.CF_PASSWORD }}
+        run: |
+          echo "Logging into $CF_ORG/$CF_SPACE..."
+          cf api "${CF_API}"
+          cf auth
+          cf target -o "${CF_ORG}" -s "${CF_SPACE}"
+
+      # Parse app name from manifest to ensure it matches up
+      - name: Fetch app name from manifest
+        run: echo "APP_NAME=$(ruby -e "require 'yaml'; config = YAML.load_file('manifest.yml'); puts config['applications'][0]['name']")" >> $GITHUB_ENV
+
+      - name: Cancel any existing running deploys to avoid conflict
+        run:  |
+          echo "Cancelling any previous deployments in progress"
+          cf cancel-deployment $APP_NAME || true
+
+      - name: Deploy to PaaS
+        # Deploy app and set up app healthcheck https://docs.cloudfoundry.org/devguide/deploy-apps/healthchecks.html
+        run: |
+          echo "Deploying $APP_NAME to $CF_ORG/$CF_SPACE..."
+          cf push $APP_NAME --strategy rolling
+          cf logout

README.md

@@ -64,7 +64,7 @@ This is defined in the [package.json](package.json) file.
 
 ## Continuous integration
 
-When changes are pushed to GitHub [Travis][travis] will:
+When changes are pushed to GitHub, [Github Actions][github-actions] will:
 
 - run the tests
 - lint the Sass stylesheets in `source/stylesheets`
@@ -73,7 +73,7 @@ When changes are pushed to GitHub [Travis][travis] will:
 If any of these fail, this will be reported in the GitHub status checks
 interface.
 
-[travis]: https://travis-ci.org/alphagov/govuk-design-system
+[github-actions]: https://github.com/alphagov/govuk-design-system/actions
 
 ## Deployment
 

deploy/nginx.conf

@@ -26,7 +26,7 @@ http {
 
   default_type application/octet-stream;
   include nginx/mime.types;
-  charset_types text/html text/xml text/plain application/javascript application/rss+xml text/css;
+  charset_types text/xml text/plain application/javascript application/rss+xml text/css;
 
   # Enabling sendfile eliminates copying file data into buffer and sends it
   # directly
@@ -56,7 +56,7 @@ http {
   # The index directive (1) used in the nginx config within the buildpack means
   # that we send a 301 redirect when visiting a directory without a trailing
   # slash (e.g. /design-system will redirect to /design-system/).
-  # 
+  #
   # However by default nginx will use absolute URLs – including the hostname –
   # when redirecting, which means that users going to
   # design-system.service.gov.uk/components will end up being redirected to our
@@ -83,7 +83,7 @@ http {
   #
   # Because images and videos are not fingerprinted we only cache them for 30
   # minutes.
-  # 
+  #
   # The epoch parameter corresponds to the absolute time
   # 'Thu, 01 Jan 1970 00:00:01 GMT'.
 
@@ -161,7 +161,7 @@ http {
 
       # Allow smoke tests without authentication
 
-      location /__canary__/ {
+      location /__canary__ {
         auth_basic off;
       }
     }

docs/deployment/production.md

@@ -5,34 +5,33 @@
 The Design System is a static site which is generated by
 [Metalsmith](http://www.metalsmith.io/).
 
-When the master branch changes, [Travis][travis] will build the static site by
+When the master branch changes, [Github Actions][github-actions] will build the static site by
 running `npm run build`. As long as that succeeds, the contents of the deploy
 directory will then by uploaded to our application on
 [GOV.UK Platform as a Service][paas] (PaaS). GOV.UK PaaS uses the open source Cloud Foundry project and exposes parts of their API.
 
 We use nginx as a simple web server.
 
-## Travis
+## Github Actions
 
 ### Configuration
 
-Travis is configured using the [.travis.yml](../../.travis.yml) config file. Travis
-will attempt to build the Design System, run the linter and run tests for every
-branch, but will only run the deploy step when on the master branch.
+The Github Actions CI workflow is configured in [.github/workflows/ci.yaml](../../.github/workflows/ci.yaml).
+It will attempt to build the Design System, run the linter and run tests for every branch,
+but will only run the deploy step when on the master branch.
 
-Configuration is done using [environment variables][travis-env]. Configuration
-which needs to remain secure is encrypted using `travis encrypt`.
+Most of the environment variables needed are set within each Github Action script. Any secrets can be viewed and changed within the Github UI (requires admin access).
 
 ### Deployment
 
-Travis is deployed using [deploy-travis](bin/deploy-travis).
+The Github Actions deployment script is detailed in [.github/workflows/ci.yaml](../../.github/workflows/ci.yaml)
 
-We log into CloudFoundry using the configured environment variables. We then run a smoke test to make sure that the app built correctly.
+We log into CloudFoundry using the configured environment variables. Before deploying, we cancel any existing deployments to prevent conflicts. When deploying, we use healthchecks to check that the /__canary__ path returns
+a 200 response, which indicates that the app has been built successfully.
 
 ## Hosting on GOV.UK Platform as a Service (PaaS)
 
-We deploy to the `govuk-design-system-origin` app using the
-[blue-green-deploy][bgd] plugin.
+We deploy to the `govuk-design-system-origin` app.
 
 This app exists within the `govuk-design-system` organisation and the
 `production` space, and is deployed by the `[email protected]` user, the
@@ -115,10 +114,8 @@ trailing-slashed URLs, but decided against it because:
 - other parts of GOV.UK's infrastructure (such as their mirroring) make
   assumptions based on the lack of a trailing slash and relative URLs.
 
-[travis]: https://travis-ci.org/alphagov/govuk-design-system
-[travis-env]: https://docs.travis-ci.com/user/environment-variables/
+[github-actions]: https://github.com/alphagov/govuk-design-system/actions
 [paas]: https://www.cloud.service.gov.uk/
-[bgd]: https://github.com/bluemixgaragelondon/cf-blue-green-deploy
 [nginx-bp]: https://github.com/cloudfoundry/nginx-buildpack
 [govuk-dns-config]: https://github.com/alphagov/govuk-dns-config/blob/master/service.gov.uk.yaml
 [govuk-dns]: https://github.com/alphagov/govuk-dns

manifest.yml

@@ -11,8 +11,9 @@ applications:
   # NGINX requires 20 MB of RAM to serve static assets. Reduce RAM allocation
   # from the default 1 GB allocated to containers by default to 64M.
   memory: 64M
-  path: ./deploy
   buildpack: nginx_buildpack
   # Run two instances to ensure availability
   # https://docs.cloud.service.gov.uk/managing_apps.html#scaling
   instances: 2
+  health-check-http-endpoint: /__canary__/
+  health-check-type: http

views/layouts/_generic.njk

@@ -6,7 +6,7 @@
 {% block pageTitle %}{{ title }} – GOV.UK Design System{% endblock %}
 
 {% block head %}
-  {% if not TRAVIS_BRANCH or TRAVIS_BRANCH != 'master' %}
+  {% if not ENVIRONMENT or ENVIRONMENT != 'production' %}
     <meta name="robots" content="noindex, nofollow">
   {% endif %}
   <meta name="og:title" content="{{title}}">