Release psu to ref #31
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 'Release psu to ref' | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| psuWorkflowRunID: | |
| description: 'The github workflow run id of a psu build and deployment to release to REF environment' | |
| required: true | |
| jobs: | |
| release_to_ref: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - name: Show input params | |
| shell: bash | |
| run: | | |
| echo "## psuWorkflowRunID : ${{ github.event.inputs.psuWorkflowRunID }}" >> "$GITHUB_STEP_SUMMARY" | |
| - name: Checkout local github actions | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ env.BRANCH_NAME }} | |
| fetch-depth: 0 | |
| sparse-checkout: | | |
| .github | |
| .tool-versions | |
| poetry.lock | |
| poetry.toml | |
| pyproject.toml | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: eu-west-2 | |
| role-to-assume: ${{ secrets.REF_CLOUD_FORMATION_DEPLOY_ROLE }} | |
| role-session-name: github-actions | |
| - name: download build artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: packaged_code | |
| path: . | |
| github-token: ${{ secrets.GH_PAT }} | |
| repository: NHSDigital/eps-prescription-status-update-api | |
| run-id: ${{ inputs.psuWorkflowRunID }} | |
| # using git commit sha for version of action to ensure we have stable version | |
| - name: Install asdf | |
| uses: asdf-vm/actions/setup@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 | |
| with: | |
| asdf_branch: v0.11.3 | |
| - name: Cache asdf | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.asdf | |
| key: ${{ runner.os }}-asdf-${{ hashFiles('**/.tool-versions') }} | |
| restore-keys: | | |
| ${{ runner.os }}-asdf- | |
| - name: Install asdf dependencies in .tool-versions | |
| uses: asdf-vm/actions/install@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 | |
| with: | |
| asdf_branch: v0.11.3 | |
| env: | |
| PYTHON_CONFIGURE_OPTS: --enable-shared | |
| - name: Run make install-python | |
| run: | | |
| make install-python | |
| - name: Export specification paths | |
| run: | | |
| SPEC_PATH="$(pwd)/.aws-sam/build/specification/eps-prescription-status-update-api.resolved.json" | |
| echo "Specification location: $SPEC_PATH" | |
| echo "SPEC_PATH=${SPEC_PATH}" >> "$GITHUB_ENV" | |
| CPSU_SPEC_PATH="$(pwd)/.aws-sam/build/specification/eps-custom-prescription-status-update-api.resolved.json" | |
| echo "CPSU Specification location: $CPSU_SPEC_PATH" | |
| echo "CPSU_SPEC_PATH=${CPSU_SPEC_PATH}" >> "$GITHUB_ENV" | |
| - name: release code | |
| shell: bash | |
| working-directory: .github/scripts | |
| env: | |
| artifact_bucket_prefix: prescription_status_update/load_test/${{ github.run_id }} | |
| COMMIT_ID: load_test_${{ github.run_id }} | |
| enable_mutual_tls: true | |
| LOG_LEVEL: DEBUG | |
| LOG_RETENTION_DAYS: 30 | |
| stack_name: psu | |
| TARGET_ENVIRONMENT: ref | |
| template_file: template.yaml | |
| TRUSTSTORE_FILE: psu-truststore.pem | |
| VERSION_NUMBER: load_test_${{ github.run_id }} | |
| DYNAMODB_AUTOSCALE: true | |
| DEPLOY_CHECK_PRESCRIPTION_STATUS_UPDATE: true | |
| ENABLE_ALERTS: true | |
| run: ./release_code.sh | |
| - name: get mtls secrets | |
| shell: bash | |
| run: | | |
| mkdir -p ~/.proxygen/tmp | |
| client_private_key_arn=$(aws cloudformation list-exports --query "Exports[?Name=='account-resources:PsuClientKeySecret'].Value" --output text) | |
| client_cert_arn=$(aws cloudformation list-exports --query "Exports[?Name=='account-resources:PsuClientCertSecret'].Value" --output text) | |
| aws secretsmanager get-secret-value --secret-id "${client_private_key_arn}" --query SecretString --output text > ~/.proxygen/tmp/client_private_key | |
| aws secretsmanager get-secret-value --secret-id "${client_cert_arn}" --query SecretString --output text > ~/.proxygen/tmp/client_cert | |
| - name: Configure AWS Credentials for api release | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: eu-west-2 | |
| role-to-assume: ${{ secrets.PROXYGEN_PTL_ROLE }} | |
| role-session-name: proxygen-ptl | |
| - name: Deploy PSU API | |
| shell: bash | |
| working-directory: .github/scripts | |
| env: | |
| API_TYPE: standard | |
| VERSION_NUMBER: load_test_${{ github.run_id }} | |
| PROXYGEN_PATH: ${{ env.PROXYGEN_PATH }} | |
| SPEC_PATH: ${{ env.SPEC_PATH }} | |
| STACK_NAME: psu | |
| AWS_ENVIRONMENT: ref | |
| APIGEE_ENVIRONMENT: ref | |
| PROXYGEN_PRIVATE_KEY_NAME: PSUProxygenPrivateKey | |
| PROXYGEN_KID: "eps-cli-key-1" | |
| DRY_RUN: false | |
| DEPLOY_CHECK_PRESCRIPTION_STATUS_UPDATE: true | |
| run: poetry run ./deploy_api.sh | |
| - name: Deploy CPSU API | |
| shell: bash | |
| working-directory: .github/scripts | |
| env: | |
| API_TYPE: custom | |
| VERSION_NUMBER: load_test_${{ github.run_id }} | |
| PROXYGEN_PATH: ${{ env.PROXYGEN_PATH }} | |
| SPEC_PATH: ${{ env.CPSU_SPEC_PATH }} | |
| STACK_NAME: psu | |
| AWS_ENVIRONMENT: ref | |
| APIGEE_ENVIRONMENT: ref | |
| PROXYGEN_PRIVATE_KEY_NAME: CPSUProxygenPrivateKey | |
| PROXYGEN_KID: eps-cli-key-cpsu-1 | |
| DRY_RUN: false | |
| DEPLOY_CHECK_PRESCRIPTION_STATUS_UPDATE: true | |
| run: poetry run ./deploy_api.sh |