-
Notifications
You must be signed in to change notification settings - Fork 0
153 lines (137 loc) · 5.46 KB
/
release_psu_to_ref.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
name: 'Release psu to ref'
on:
workflow_dispatch:
inputs:
psuWorkflowRunID:
description: 'The github workflow run id of a psu build and deployment to release to REF environment'
required: true
jobs:
release_to_ref:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
steps:
- name: Show input params
shell: bash
run: |
echo "## psuWorkflowRunID : ${{ github.event.inputs.psuWorkflowRunID }}" >> "$GITHUB_STEP_SUMMARY"
- name: Checkout local github actions
uses: actions/checkout@v4
with:
ref: ${{ env.BRANCH_NAME }}
fetch-depth: 0
sparse-checkout: |
.github
.tool-versions
poetry.lock
poetry.toml
pyproject.toml
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: eu-west-2
role-to-assume: ${{ secrets.REF_CLOUD_FORMATION_DEPLOY_ROLE }}
role-session-name: github-actions
- name: download build artifact
uses: actions/download-artifact@v4
with:
name: packaged_code
path: .
github-token: ${{ secrets.GH_PAT }}
repository: NHSDigital/eps-prescription-status-update-api
run-id: ${{ inputs.psuWorkflowRunID }}
# using git commit sha for version of action to ensure we have stable version
- name: Install asdf
uses: asdf-vm/actions/setup@05e0d2ed97b598bfce82fd30daf324ae0c4570e6
with:
asdf_branch: v0.11.3
- name: Cache asdf
uses: actions/cache@v4
with:
path: |
~/.asdf
key: ${{ runner.os }}-asdf-${{ hashFiles('**/.tool-versions') }}
restore-keys: |
${{ runner.os }}-asdf-
- name: Install asdf dependencies in .tool-versions
uses: asdf-vm/actions/install@05e0d2ed97b598bfce82fd30daf324ae0c4570e6
with:
asdf_branch: v0.11.3
env:
PYTHON_CONFIGURE_OPTS: --enable-shared
- name: Run make install-python
run: |
make install-python
- name: Export specification paths
run: |
SPEC_PATH="$(pwd)/.aws-sam/build/specification/eps-prescription-status-update-api.resolved.json"
echo "Specification location: $SPEC_PATH"
echo "SPEC_PATH=${SPEC_PATH}" >> "$GITHUB_ENV"
CPSU_SPEC_PATH="$(pwd)/.aws-sam/build/specification/eps-custom-prescription-status-update-api.resolved.json"
echo "CPSU Specification location: $CPSU_SPEC_PATH"
echo "CPSU_SPEC_PATH=${CPSU_SPEC_PATH}" >> "$GITHUB_ENV"
- name: release code
shell: bash
working-directory: .github/scripts
env:
artifact_bucket_prefix: prescription_status_update/load_test/${{ github.run_id }}
COMMIT_ID: load_test_${{ github.run_id }}
enable_mutual_tls: true
LOG_LEVEL: DEBUG
LOG_RETENTION_DAYS: 30
stack_name: psu
TARGET_ENVIRONMENT: ref
template_file: template.yaml
TRUSTSTORE_FILE: psu-truststore.pem
VERSION_NUMBER: load_test_${{ github.run_id }}
DYNAMODB_AUTOSCALE: true
DEPLOY_CHECK_PRESCRIPTION_STATUS_UPDATE: true
ENABLE_ALERTS: true
run: ./release_code.sh
- name: get mtls secrets
shell: bash
run: |
mkdir -p ~/.proxygen/tmp
client_private_key_arn=$(aws cloudformation list-exports --query "Exports[?Name=='account-resources:PsuClientKeySecret'].Value" --output text)
client_cert_arn=$(aws cloudformation list-exports --query "Exports[?Name=='account-resources:PsuClientCertSecret'].Value" --output text)
aws secretsmanager get-secret-value --secret-id "${client_private_key_arn}" --query SecretString --output text > ~/.proxygen/tmp/client_private_key
aws secretsmanager get-secret-value --secret-id "${client_cert_arn}" --query SecretString --output text > ~/.proxygen/tmp/client_cert
- name: Configure AWS Credentials for api release
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: eu-west-2
role-to-assume: ${{ secrets.PROXYGEN_PTL_ROLE }}
role-session-name: proxygen-ptl
- name: Deploy PSU API
shell: bash
working-directory: .github/scripts
env:
API_TYPE: standard
VERSION_NUMBER: load_test_${{ github.run_id }}
PROXYGEN_PATH: ${{ env.PROXYGEN_PATH }}
SPEC_PATH: ${{ env.SPEC_PATH }}
STACK_NAME: psu
AWS_ENVIRONMENT: ref
APIGEE_ENVIRONMENT: ref
PROXYGEN_PRIVATE_KEY_NAME: PSUProxygenPrivateKey
PROXYGEN_KID: "eps-cli-key-1"
DRY_RUN: false
DEPLOY_CHECK_PRESCRIPTION_STATUS_UPDATE: true
run: poetry run ./deploy_api.sh
- name: Deploy CPSU API
shell: bash
working-directory: .github/scripts
env:
API_TYPE: custom
VERSION_NUMBER: load_test_${{ github.run_id }}
PROXYGEN_PATH: ${{ env.PROXYGEN_PATH }}
SPEC_PATH: ${{ env.CPSU_SPEC_PATH }}
STACK_NAME: psu
AWS_ENVIRONMENT: ref
APIGEE_ENVIRONMENT: ref
PROXYGEN_PRIVATE_KEY_NAME: CPSUProxygenPrivateKey
PROXYGEN_KID: eps-cli-key-cpsu-1
DRY_RUN: false
DEPLOY_CHECK_PRESCRIPTION_STATUS_UPDATE: true
run: poetry run ./deploy_api.sh