From 8b4f409d51dbff0f6d35bc8267cbb2431bd85c9b Mon Sep 17 00:00:00 2001 From: Anthony Brown <121869075+anthony-nhs@users.noreply.github.com> Date: Mon, 23 Sep 2024 23:04:18 +0000 Subject: [PATCH 01/22] do blue/green deployment --- .github/scripts/release_code.sh | 24 ++++- .../workflows/run_package_code_and_api.yml | 6 ++ Makefile | 9 +- SAMtemplates/apis/api_domain.yaml | 92 +++++++++++++++++++ SAMtemplates/apis/main.yaml | 83 +++-------------- SAMtemplates/main_template.yaml | 1 - 6 files changed, 143 insertions(+), 72 deletions(-) create mode 100644 SAMtemplates/apis/api_domain.yaml diff --git a/.github/scripts/release_code.sh b/.github/scripts/release_code.sh index bc0b70ac1..1e56b3999 100755 --- a/.github/scripts/release_code.sh +++ b/.github/scripts/release_code.sh @@ -13,5 +13,27 @@ TRUSTSTORE_BUCKET_NAME=$(echo "${TRUSTSTORE_BUCKET_ARN}" | cut -d ":" -f 6) LATEST_TRUSTSTORE_VERSION=$(aws s3api list-object-versions --bucket "${TRUSTSTORE_BUCKET_NAME}" --prefix "${TRUSTSTORE_FILE}" --query 'Versions[?IsLatest].[VersionId]' --output text) export LATEST_TRUSTSTORE_VERSION -cd ../../.aws-sam/build || exit +# deploy blue stack +original_stack_name=${stack_name} +stack_name="${original_stack_name}-blue" +export stack_name +cd ../../.aws-sam/build.main || exit +make sam-deploy-package + +# get blue stack exports +RestApiGateway=$(aws cloudformation list-exports --output json | jq -r '.Exports[] | select(.Name == "${StackName}:RestApi:Gateway") | .Value' | grep -o '[^:]*$') +export RestApiGateway +RestApiGatewayStage=$(aws cloudformation list-exports --output json | jq -r '.Exports[] | select(.Name == "${StackName}:RestApi:Gateway:Stage") | .Value' | grep -o '[^:]*$') +export RestApiGatewayStage + +# deploy api-domain stack +stack_name="${original_stack_name}" +export stack_name +cd ../build.api_domain || exit +make sam-deploy-package + +# deploy green stack +stack_name="${original_stack_name}-green" +export stack_name +cd ../../.aws-sam/build.main || exit make sam-deploy-package diff --git a/.github/workflows/run_package_code_and_api.yml b/.github/workflows/run_package_code_and_api.yml index ea3ba7c61..ecbd89ef4 100644 --- a/.github/workflows/run_package_code_and_api.yml +++ b/.github/workflows/run_package_code_and_api.yml @@ -59,6 +59,12 @@ jobs: make sam-build cp Makefile .aws-sam/build/ cp samconfig_package_and_deploy.toml .aws-sam/build/ + mv .aws-sam/build .aws-sam/build.main + rm -rf .aws-sam + make sam-build-api-domain + cp Makefile .aws-sam/build/ + cp samconfig_package_and_deploy.toml .aws-sam/build/ + mv .aws-sam/build .aws-sam/build.api_domain mkdir -p .aws-sam/build/specification cp packages/specification/dist/eps-prescription-status-update-api.resolved.json .aws-sam/build/specification/ cp packages/specification/dist/eps-custom-prescription-status-update-api.resolved.json .aws-sam/build/specification/ diff --git a/Makefile b/Makefile index dc995bcbb..546781bf6 100644 --- a/Makefile +++ b/Makefile @@ -20,6 +20,9 @@ install-hooks: install-python sam-build: sam-validate compile sam build --template-file SAMtemplates/main_template.yaml --region eu-west-2 +sam-build-api-domain: sam-validate compile + sam build --template-file SAMtemplates/apis/api_domain.yaml --region eu-west-2 + sam-build-sandbox: sam-validate-sandbox compile sam build --template-file SAMtemplates/sandbox_template.yaml --region eu-west-2 @@ -60,6 +63,7 @@ sam-validate: sam validate --template-file SAMtemplates/main_template.yaml --region eu-west-2 sam validate --template-file SAMtemplates/apis/main.yaml --region eu-west-2 sam validate --template-file SAMtemplates/apis/api_resources.yaml --region eu-west-2 + sam validate --template-file SAMtemplates/apis/api_domain.yaml --region eu-west-2 sam validate --template-file SAMtemplates/functions/main.yaml --region eu-west-2 sam validate --template-file SAMtemplates/functions/lambda_resources.yaml --region eu-west-2 sam validate --template-file SAMtemplates/tables/main.yaml --region eu-west-2 @@ -67,6 +71,7 @@ sam-validate: sam validate --template-file SAMtemplates/state_machines/main.yaml --region eu-west-2 sam validate --template-file SAMtemplates/state_machines/state_machine_resources.yaml --region eu-west-2 sam validate --template-file SAMtemplates/alarms/main.yaml --region eu-west-2 + sam validate --template-file SAMtemplates/apis/api_domain.yaml --region eu-west-2 sam-validate-sandbox: sam validate --template-file SAMtemplates/sandbox_template.yaml --region eu-west-2 @@ -96,7 +101,9 @@ sam-deploy-package: guard-artifact_bucket guard-artifact_bucket_prefix guard-sta LogRetentionInDays=$$LOG_RETENTION_DAYS \ Environment=$$TARGET_ENVIRONMENT \ DeployCheckPrescriptionStatusUpdate=$$DEPLOY_CHECK_PRESCRIPTION_STATUS_UPDATE \ - EnableAlerts=$$ENABLE_ALERTS + EnableAlerts=$$ENABLE_ALERTS \ + RestApiGateway=$$RestApiGateway \ + RestApiGatewayStage=$$RestApiGatewayStage compile-node: npx tsc --build tsconfig.build.json diff --git a/SAMtemplates/apis/api_domain.yaml b/SAMtemplates/apis/api_domain.yaml new file mode 100644 index 000000000..67f6c6230 --- /dev/null +++ b/SAMtemplates/apis/api_domain.yaml @@ -0,0 +1,92 @@ +AWSTemplateFormatVersion: "2010-09-09" +Transform: AWS::Serverless-2016-10-31 +Description: | + PSU API's and related resources + +Parameters: + StackName: + Type: String + Default: none + + EnableMutualTLS: + Type: String + + TruststoreVersion: + Type: String + + RestApiGateway: + Type: String + + RestApiGatewayStage: + Type: String + +Conditions: + ShouldUseMutualTLS: !Equals + - true + - !Ref EnableMutualTLS + +Resources: + GenerateCertificate: + Type: AWS::CertificateManager::Certificate + Properties: + ValidationMethod: DNS + DomainName: !Join + - . + - - !Ref StackName + - !ImportValue eps-route53-resources:EPS-domain + DomainValidationOptions: + - DomainName: !Join + - . + - - !Ref StackName + - !ImportValue eps-route53-resources:EPS-domain + HostedZoneId: !ImportValue eps-route53-resources:EPS-ZoneID + + RestApiDomain: + Type: AWS::ApiGateway::DomainName + Properties: + DomainName: !Join + - . + - - !Ref StackName + - !ImportValue eps-route53-resources:EPS-domain + RegionalCertificateArn: !Ref GenerateCertificate + EndpointConfiguration: + Types: + - REGIONAL + SecurityPolicy: TLS_1_2 + MutualTlsAuthentication: + TruststoreUri: !If + - ShouldUseMutualTLS + - !Join + - / + - - s3:/ + - !Select + - 5 + - !Split + - ":" + - !ImportValue account-resources:TrustStoreBucket + - psu-truststore.pem + - !Ref AWS::NoValue + TruststoreVersion: !If + - ShouldUseMutualTLS + - !Ref TruststoreVersion + - !Ref AWS::NoValue + + RestApiRecordSet: + Type: AWS::Route53::RecordSet + Properties: + Name: !Join + - . + - - !Ref StackName + - !ImportValue eps-route53-resources:EPS-domain + Type: A + HostedZoneId: !ImportValue eps-route53-resources:EPS-ZoneID + AliasTarget: + DNSName: !GetAtt RestApiDomain.RegionalDomainName + HostedZoneId: !GetAtt RestApiDomain.RegionalHostedZoneId + + RestApiDomainMapping: + Type: AWS::ApiGateway::BasePathMapping + Properties: + DomainName: !Ref RestApiDomain + RestApiId: !Ref RestApiGateway + Stage: !Ref RestApiGatewayStage diff --git a/SAMtemplates/apis/main.yaml b/SAMtemplates/apis/main.yaml index 696400ef0..e0efc4957 100644 --- a/SAMtemplates/apis/main.yaml +++ b/SAMtemplates/apis/main.yaml @@ -11,9 +11,6 @@ Parameters: EnableMutualTLS: Type: String - TruststoreVersion: - Type: String - UpdatePrescriptionStatusStateMachineName: Type: String Default: none @@ -72,21 +69,6 @@ Conditions: - !Ref DeployCheckPrescriptionStatusUpdate Resources: - GenerateCertificate: - Type: AWS::CertificateManager::Certificate - Properties: - ValidationMethod: DNS - DomainName: !Join - - . - - - !Ref StackName - - !ImportValue eps-route53-resources:EPS-domain - DomainValidationOptions: - - DomainName: !Join - - . - - - !Ref StackName - - !ImportValue eps-route53-resources:EPS-domain - HostedZoneId: !ImportValue eps-route53-resources:EPS-ZoneID - RestApiGateway: Type: AWS::ApiGateway::RestApi Properties: @@ -99,49 +81,6 @@ Resources: Types: - REGIONAL - RestApiDomain: - Type: AWS::ApiGateway::DomainName - Properties: - DomainName: !Join - - . - - - !Ref StackName - - !ImportValue eps-route53-resources:EPS-domain - RegionalCertificateArn: !Ref GenerateCertificate - EndpointConfiguration: - Types: - - REGIONAL - SecurityPolicy: TLS_1_2 - MutualTlsAuthentication: - TruststoreUri: !If - - ShouldUseMutualTLS - - !Join - - / - - - s3:/ - - !Select - - 5 - - !Split - - ":" - - !ImportValue account-resources:TrustStoreBucket - - psu-truststore.pem - - !Ref AWS::NoValue - TruststoreVersion: !If - - ShouldUseMutualTLS - - !Ref TruststoreVersion - - !Ref AWS::NoValue - - RestApiRecordSet: - Type: AWS::Route53::RecordSet - Properties: - Name: !Join - - . - - - !Ref StackName - - !ImportValue eps-route53-resources:EPS-domain - Type: A - HostedZoneId: !ImportValue eps-route53-resources:EPS-ZoneID - AliasTarget: - DNSName: !GetAtt RestApiDomain.RegionalDomainName - HostedZoneId: !GetAtt RestApiDomain.RegionalHostedZoneId - UpdatePrescriptionStatusMethod: Type: AWS::ApiGateway::Method Properties: @@ -507,7 +446,7 @@ Resources: !If [ ShouldDeployCheckPrescriptionStatusUpdate, !Ref CheckPrescriptionStatusUpdatesHandle, - !Ref CheckPrescriptionStatusUpdatesWaitHandle + !Ref CheckPrescriptionStatusUpdatesWaitHandle, ] Timeout: "1" Count: 0 @@ -540,13 +479,6 @@ Resources: DestinationArn: !GetAtt RestApiGatewayResources.Outputs.ApiGwAccessLogsArn Format: '{ "requestTime": "$context.requestTime", "apiId": "$context.apiId", "accountId": "$context.accountId", "resourcePath": "$context.resourcePath", "stage": "$context.stage", "requestId": "$context.requestId", "extendedRequestId": "$context.extendedRequestId", "status": "$context.status", "httpMethod": "$context.httpMethod", "protocol": "$context.protocol", "path": "$context.path", "responseLatency": "$context.responseLatency", "responseLength": "$context.responseLength", "domainName": "$context.domainName", "identity": { "sourceIp": "$context.identity.sourceIp", "userAgent": "$context.identity.userAgent", "clientCert":{ "subjectDN": "$context.identity.clientCert.subjectDN", "issuerDN": "$context.identity.clientCert.issuerDN", "serialNumber": "$context.identity.clientCert.serialNumber", "validityNotBefore": "$context.identity.clientCert.validity.notBefore", "validityNotAfter": "$context.identity.clientCert.validity.notAfter" }}, "integration":{ "error": "$context.integration.error", "integrationStatus": "$context.integration.integrationStatus", "latency": "$context.integration.latency", "requestId": "$context.integration.requestId", "status": "$context.integration.status" }}' - RestApiDomainMapping: - Type: AWS::ApiGateway::BasePathMapping - Properties: - DomainName: !Ref RestApiDomain - RestApiId: !Ref RestApiGateway - Stage: !Ref RestApiGatewayStage - RestApiGatewayResources: Type: AWS::Serverless::Application Properties: @@ -566,3 +498,16 @@ Resources: ApiName: !Sub ${StackName}-apigw LogRetentionInDays: !Ref LogRetentionInDays EnableSplunk: !Ref EnableSplunk + +Outputs: + RestApiGateway: + Description: The Rest API gateway + Value: !Ref RestApiGateway + Export: + Name: !Sub ${StackName}:RestApi:Gateway + + RestApiGatewayStage: + Description: The Rest API gateway stage + Value: !Ref RestApiGatewayStage + Export: + Name: !Sub ${StackName}:RestApi:Gateway:Stage diff --git a/SAMtemplates/main_template.yaml b/SAMtemplates/main_template.yaml index 4d6b5db3b..d23743703 100644 --- a/SAMtemplates/main_template.yaml +++ b/SAMtemplates/main_template.yaml @@ -97,7 +97,6 @@ Resources: Parameters: StackName: !Ref AWS::StackName EnableMutualTLS: !Ref EnableMutualTLS - TruststoreVersion: !Ref TruststoreVersion UpdatePrescriptionStatusStateMachineName: !GetAtt StateMachines.Outputs.UpdatePrescriptionStatusStateMachineName UpdatePrescriptionStatusStateMachineArn: !GetAtt StateMachines.Outputs.UpdatePrescriptionStatusStateMachineArn Format1UpdatePrescriptionsStatusStateMachineName: !GetAtt StateMachines.Outputs.Format1UpdatePrescriptionsStatusStateMachineName From 0b899650d464e9e78ad7a2faec3a37f3ac81c56f Mon Sep 17 00:00:00 2001 From: Anthony Brown <121869075+anthony-nhs@users.noreply.github.com> Date: Mon, 23 Sep 2024 23:13:36 +0000 Subject: [PATCH 02/22] make package work --- .github/scripts/package_code.sh | 30 +++++++++++++++++++ .../workflows/run_package_code_and_api.yml | 18 +---------- 2 files changed, 31 insertions(+), 17 deletions(-) create mode 100755 .github/scripts/package_code.sh diff --git a/.github/scripts/package_code.sh b/.github/scripts/package_code.sh new file mode 100755 index 000000000..88b0f58a7 --- /dev/null +++ b/.github/scripts/package_code.sh @@ -0,0 +1,30 @@ +#!/usr/bin/env bash + +# make sure asdf will work +cp .tool-versions ~/ +rm -rf .aws-sam +export PATH=$PATH:$PWD/node_modules/.bin + +# compile api spec +make compile-specification + +# build main sam stack +make sam-build + +# copy files needed into target directory and rename it +cp Makefile .aws-sam/build/ +cp samconfig_package_and_deploy.toml .aws-sam/build/ +mv .aws-sam/build .aws-sam/build.main + +# build api domain sam stack +make sam-build-api-domain + +# copy files needed into target directory and rename it +cp Makefile .aws-sam/build/ +cp samconfig_package_and_deploy.toml .aws-sam/build/ +mv .aws-sam/build .aws-sam/build.api_domain + +# copy api spec +mkdir -p .aws-sam/build/specification +cp packages/specification/dist/eps-prescription-status-update-api.resolved.json .aws-sam/build/specification/ +cp packages/specification/dist/eps-custom-prescription-status-update-api.resolved.json .aws-sam/build/specification/ diff --git a/.github/workflows/run_package_code_and_api.yml b/.github/workflows/run_package_code_and_api.yml index ecbd89ef4..d01401de0 100644 --- a/.github/workflows/run_package_code_and_api.yml +++ b/.github/workflows/run_package_code_and_api.yml @@ -51,23 +51,7 @@ jobs: - shell: bash name: Package code - run: | - cp .tool-versions ~/ - rm -rf .aws-sam - export PATH=$PATH:$PWD/node_modules/.bin - make compile-specification - make sam-build - cp Makefile .aws-sam/build/ - cp samconfig_package_and_deploy.toml .aws-sam/build/ - mv .aws-sam/build .aws-sam/build.main - rm -rf .aws-sam - make sam-build-api-domain - cp Makefile .aws-sam/build/ - cp samconfig_package_and_deploy.toml .aws-sam/build/ - mv .aws-sam/build .aws-sam/build.api_domain - mkdir -p .aws-sam/build/specification - cp packages/specification/dist/eps-prescription-status-update-api.resolved.json .aws-sam/build/specification/ - cp packages/specification/dist/eps-custom-prescription-status-update-api.resolved.json .aws-sam/build/specification/ + run: .github/scripts/package_code.sh - uses: actions/upload-artifact@v4 name: Upload build artifact From 62482c8a767cba504f614ef0f30066e8ac69982e Mon Sep 17 00:00:00 2001 From: Anthony Brown <121869075+anthony-nhs@users.noreply.github.com> Date: Mon, 23 Sep 2024 23:22:28 +0000 Subject: [PATCH 03/22] correct artifact --- .github/workflows/run_package_code_and_api.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/run_package_code_and_api.yml b/.github/workflows/run_package_code_and_api.yml index d01401de0..de32b607f 100644 --- a/.github/workflows/run_package_code_and_api.yml +++ b/.github/workflows/run_package_code_and_api.yml @@ -59,6 +59,8 @@ jobs: name: packaged_code path: | .aws-sam/build + .aws-sam/build.main + .aws-sam/build.api_domain SAMtemplates/state_machines/UpdatePrescriptionStatusStateMachine.asl.json SAMtemplates/state_machines/Format1UpdatePrescriptionsStatusStateMachine.asl.json From e6c82c9a938248540da854ab325d379cd3727aaf Mon Sep 17 00:00:00 2001 From: Anthony Brown <121869075+anthony-nhs@users.noreply.github.com> Date: Mon, 23 Sep 2024 23:29:08 +0000 Subject: [PATCH 04/22] fix sandbox --- .github/workflows/run_package_code_and_api.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/run_package_code_and_api.yml b/.github/workflows/run_package_code_and_api.yml index de32b607f..d25f11b94 100644 --- a/.github/workflows/run_package_code_and_api.yml +++ b/.github/workflows/run_package_code_and_api.yml @@ -74,6 +74,7 @@ jobs: make sam-build-sandbox cp Makefile .aws-sam/build/ cp samconfig_package_and_deploy.toml .aws-sam/build/ + mv .aws-sam/build .aws-sam/build.main mkdir -p .aws-sam/build/specification cp packages/specification/dist/eps-prescription-status-update-api.resolved.json .aws-sam/build/specification/ cp packages/specification/dist/eps-custom-prescription-status-update-api.resolved.json .aws-sam/build/specification/ @@ -85,4 +86,5 @@ jobs: name: packaged_sandbox_code path: | .aws-sam/build + .aws-sam/build.main README.md From 1bc15ac3c668b9891b3545f0d077f0ca03d03f4b Mon Sep 17 00:00:00 2001 From: Anthony Brown <121869075+anthony-nhs@users.noreply.github.com> Date: Mon, 23 Sep 2024 23:32:03 +0000 Subject: [PATCH 05/22] fix deployment --- .github/scripts/release_code.sh | 14 ++++++++++++-- Makefile | 3 ++- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/.github/scripts/release_code.sh b/.github/scripts/release_code.sh index 1e56b3999..024676406 100755 --- a/.github/scripts/release_code.sh +++ b/.github/scripts/release_code.sh @@ -13,17 +13,24 @@ TRUSTSTORE_BUCKET_NAME=$(echo "${TRUSTSTORE_BUCKET_ARN}" | cut -d ":" -f 6) LATEST_TRUSTSTORE_VERSION=$(aws s3api list-object-versions --bucket "${TRUSTSTORE_BUCKET_NAME}" --prefix "${TRUSTSTORE_FILE}" --query 'Versions[?IsLatest].[VersionId]' --output text) export LATEST_TRUSTSTORE_VERSION +# get current deployed colour +a +#ws cloudformation describe-stacks --stack-name "${stack_name}" + # deploy blue stack original_stack_name=${stack_name} stack_name="${original_stack_name}-blue" export stack_name +export deployment_colour="blue" +export RestApiGateway="n/a" +export RestApiGatewayStage="n/a" cd ../../.aws-sam/build.main || exit make sam-deploy-package # get blue stack exports -RestApiGateway=$(aws cloudformation list-exports --output json | jq -r '.Exports[] | select(.Name == "${StackName}:RestApi:Gateway") | .Value' | grep -o '[^:]*$') +RestApiGateway=$(aws cloudformation list-exports --output json | jq -r '.Exports[] | select(.Name == "${stack_name}:RestApi:Gateway") | .Value' | grep -o '[^:]*$') export RestApiGateway -RestApiGatewayStage=$(aws cloudformation list-exports --output json | jq -r '.Exports[] | select(.Name == "${StackName}:RestApi:Gateway:Stage") | .Value' | grep -o '[^:]*$') +RestApiGatewayStage=$(aws cloudformation list-exports --output json | jq -r '.Exports[] | select(.Name == "${stack_name}:RestApi:Gateway:Stage") | .Value' | grep -o '[^:]*$') export RestApiGatewayStage # deploy api-domain stack @@ -35,5 +42,8 @@ make sam-deploy-package # deploy green stack stack_name="${original_stack_name}-green" export stack_name +export deployment_colour="green" +export RestApiGateway="n/a" +export RestApiGatewayStage="n/a" cd ../../.aws-sam/build.main || exit make sam-deploy-package diff --git a/Makefile b/Makefile index 546781bf6..b31d8fd97 100644 --- a/Makefile +++ b/Makefile @@ -89,7 +89,8 @@ sam-deploy-package: guard-artifact_bucket guard-artifact_bucket_prefix guard-sta --role-arn $$cloud_formation_execution_role \ --no-confirm-changeset \ --force-upload \ - --tags "version=$$VERSION_NUMBER" \ + --tags Key=version,Value=$$VERSION_NUMBER \ + Key=deployment_colour,Value=$$deployment_colour \ --parameter-overrides \ TruststoreVersion=$$LATEST_TRUSTSTORE_VERSION \ EnableMutualTLS=$$enable_mutual_tls \ From 4007d62f6e86220d3539085da0b1f255f925ec59 Mon Sep 17 00:00:00 2001 From: Anthony Brown <121869075+anthony-nhs@users.noreply.github.com> Date: Mon, 23 Sep 2024 23:45:04 +0000 Subject: [PATCH 06/22] correct tag --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index b31d8fd97..d7f4aef76 100644 --- a/Makefile +++ b/Makefile @@ -89,8 +89,8 @@ sam-deploy-package: guard-artifact_bucket guard-artifact_bucket_prefix guard-sta --role-arn $$cloud_formation_execution_role \ --no-confirm-changeset \ --force-upload \ - --tags Key=version,Value=$$VERSION_NUMBER \ - Key=deployment_colour,Value=$$deployment_colour \ + --tags version=$$VERSION_NUMBER \ + deployment_colour=$$deployment_colour \ --parameter-overrides \ TruststoreVersion=$$LATEST_TRUSTSTORE_VERSION \ EnableMutualTLS=$$enable_mutual_tls \ From d9eabe05cdeb029af8fa8f79ece9ca061d006e9d Mon Sep 17 00:00:00 2001 From: Anthony Brown <121869075+anthony-nhs@users.noreply.github.com> Date: Mon, 23 Sep 2024 23:51:48 +0000 Subject: [PATCH 07/22] exit on deploy error --- .github/scripts/release_code.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/scripts/release_code.sh b/.github/scripts/release_code.sh index 024676406..cc8e0816a 100755 --- a/.github/scripts/release_code.sh +++ b/.github/scripts/release_code.sh @@ -1,6 +1,5 @@ #!/usr/bin/env bash - -echo "$COMMIT_ID" +set -e artifact_bucket=$(aws cloudformation list-exports --output json | jq -r '.Exports[] | select(.Name == "account-resources:ArtifactsBucket") | .Value' | grep -o '[^:]*$') export artifact_bucket From ba8d904c473d641c5bf16d8afbcf4fd7749d115f Mon Sep 17 00:00:00 2001 From: Anthony Brown <121869075+anthony-nhs@users.noreply.github.com> Date: Tue, 24 Sep 2024 00:02:54 +0000 Subject: [PATCH 08/22] really fix deployment --- .github/scripts/release_code.sh | 7 +++---- Makefile | 3 ++- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/scripts/release_code.sh b/.github/scripts/release_code.sh index cc8e0816a..4e3826371 100755 --- a/.github/scripts/release_code.sh +++ b/.github/scripts/release_code.sh @@ -13,8 +13,7 @@ LATEST_TRUSTSTORE_VERSION=$(aws s3api list-object-versions --bucket "${TRUSTSTOR export LATEST_TRUSTSTORE_VERSION # get current deployed colour -a -#ws cloudformation describe-stacks --stack-name "${stack_name}" +# aws cloudformation describe-stacks --stack-name "${stack_name}" # deploy blue stack original_stack_name=${stack_name} @@ -27,9 +26,9 @@ cd ../../.aws-sam/build.main || exit make sam-deploy-package # get blue stack exports -RestApiGateway=$(aws cloudformation list-exports --output json | jq -r '.Exports[] | select(.Name == "${stack_name}:RestApi:Gateway") | .Value' | grep -o '[^:]*$') +RestApiGateway=$(aws cloudformation list-exports --query "Exports[?Name=='${stack_name}:RestApi:Gateway'].Value" --output text) export RestApiGateway -RestApiGatewayStage=$(aws cloudformation list-exports --output json | jq -r '.Exports[] | select(.Name == "${stack_name}:RestApi:Gateway:Stage") | .Value' | grep -o '[^:]*$') +RestApiGatewayStage=$(aws cloudformation list-exports --query "Exports[?Name=='${stack_name}:RestApi:Gateway:Stage'].Value" --output text) export RestApiGatewayStage # deploy api-domain stack diff --git a/Makefile b/Makefile index d7f4aef76..11f13a075 100644 --- a/Makefile +++ b/Makefile @@ -89,7 +89,8 @@ sam-deploy-package: guard-artifact_bucket guard-artifact_bucket_prefix guard-sta --role-arn $$cloud_formation_execution_role \ --no-confirm-changeset \ --force-upload \ - --tags version=$$VERSION_NUMBER \ + --tags \ + version=$$VERSION_NUMBER \ deployment_colour=$$deployment_colour \ --parameter-overrides \ TruststoreVersion=$$LATEST_TRUSTSTORE_VERSION \ From 8f3e1b11f9be5255db98ba063f91321404a6b060 Mon Sep 17 00:00:00 2001 From: Anthony Brown <121869075+anthony-nhs@users.noreply.github.com> Date: Tue, 24 Sep 2024 06:23:45 +0000 Subject: [PATCH 09/22] correct domain name --- SAMtemplates/apis/api_domain.yaml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/SAMtemplates/apis/api_domain.yaml b/SAMtemplates/apis/api_domain.yaml index 67f6c6230..ec55de9ff 100644 --- a/SAMtemplates/apis/api_domain.yaml +++ b/SAMtemplates/apis/api_domain.yaml @@ -4,10 +4,6 @@ Description: | PSU API's and related resources Parameters: - StackName: - Type: String - Default: none - EnableMutualTLS: Type: String From 932b78c3160cea9103a62898044ab759cb2e865d Mon Sep 17 00:00:00 2001 From: Anthony Brown <121869075+anthony-nhs@users.noreply.github.com> Date: Tue, 24 Sep 2024 06:38:33 +0000 Subject: [PATCH 10/22] correct domain --- SAMtemplates/apis/api_domain.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/SAMtemplates/apis/api_domain.yaml b/SAMtemplates/apis/api_domain.yaml index ec55de9ff..f76661d3f 100644 --- a/SAMtemplates/apis/api_domain.yaml +++ b/SAMtemplates/apis/api_domain.yaml @@ -28,12 +28,12 @@ Resources: ValidationMethod: DNS DomainName: !Join - . - - - !Ref StackName + - - !Ref AWS::StackName - !ImportValue eps-route53-resources:EPS-domain DomainValidationOptions: - DomainName: !Join - . - - - !Ref StackName + - - !Ref AWS::StackName - !ImportValue eps-route53-resources:EPS-domain HostedZoneId: !ImportValue eps-route53-resources:EPS-ZoneID @@ -42,7 +42,7 @@ Resources: Properties: DomainName: !Join - . - - - !Ref StackName + - - !Ref AWS::StackName - !ImportValue eps-route53-resources:EPS-domain RegionalCertificateArn: !Ref GenerateCertificate EndpointConfiguration: @@ -72,7 +72,7 @@ Resources: Properties: Name: !Join - . - - - !Ref StackName + - - !Ref AWS::StackName - !ImportValue eps-route53-resources:EPS-domain Type: A HostedZoneId: !ImportValue eps-route53-resources:EPS-ZoneID From 1943411c99df59ad00b103caa9311c48b1c0e83b Mon Sep 17 00:00:00 2001 From: Anthony Brown <121869075+anthony-nhs@users.noreply.github.com> Date: Tue, 24 Sep 2024 07:59:46 +0000 Subject: [PATCH 11/22] more deploy --- .github/scripts/package_code.sh | 5 + .github/scripts/release_code.sh | 212 +++++++++++++++--- .github/workflows/pull_request.yml | 2 + .../workflows/run_release_code_and_api.yml | 9 +- Makefile | 26 +-- SAMtemplates/main_template.yaml | 4 - 6 files changed, 201 insertions(+), 57 deletions(-) diff --git a/.github/scripts/package_code.sh b/.github/scripts/package_code.sh index 88b0f58a7..cd60e755d 100755 --- a/.github/scripts/package_code.sh +++ b/.github/scripts/package_code.sh @@ -1,4 +1,5 @@ #!/usr/bin/env bash +set -e # make sure asdf will work cp .tool-versions ~/ @@ -28,3 +29,7 @@ mv .aws-sam/build .aws-sam/build.api_domain mkdir -p .aws-sam/build/specification cp packages/specification/dist/eps-prescription-status-update-api.resolved.json .aws-sam/build/specification/ cp packages/specification/dist/eps-custom-prescription-status-update-api.resolved.json .aws-sam/build/specification/ + +# copy deployment scripts +cp .github/scripts/release_code.sh .aws-sam/build/ +cp .github/scripts/deploy_api.sh .aws-sam/build/ diff --git a/.github/scripts/release_code.sh b/.github/scripts/release_code.sh index 4e3826371..c68b0b957 100755 --- a/.github/scripts/release_code.sh +++ b/.github/scripts/release_code.sh @@ -1,47 +1,185 @@ #!/usr/bin/env bash set -e -artifact_bucket=$(aws cloudformation list-exports --output json | jq -r '.Exports[] | select(.Name == "account-resources:ArtifactsBucket") | .Value' | grep -o '[^:]*$') -export artifact_bucket - -cloud_formation_execution_role=$(aws cloudformation list-exports --output json | jq -r '.Exports[] | select(.Name == "ci-resources:CloudFormationExecutionRole") | .Value' ) -export cloud_formation_execution_role - -TRUSTSTORE_BUCKET_ARN=$(aws cloudformation describe-stacks --stack-name account-resources --query "Stacks[0].Outputs[?OutputKey=='TrustStoreBucket'].OutputValue" --output text) -TRUSTSTORE_BUCKET_NAME=$(echo "${TRUSTSTORE_BUCKET_ARN}" | cut -d ":" -f 6) -LATEST_TRUSTSTORE_VERSION=$(aws s3api list-object-versions --bucket "${TRUSTSTORE_BUCKET_NAME}" --prefix "${TRUSTSTORE_FILE}" --query 'Versions[?IsLatest].[VersionId]' --output text) -export LATEST_TRUSTSTORE_VERSION - -# get current deployed colour -# aws cloudformation describe-stacks --stack-name "${stack_name}" - -# deploy blue stack -original_stack_name=${stack_name} -stack_name="${original_stack_name}-blue" -export stack_name -export deployment_colour="blue" -export RestApiGateway="n/a" -export RestApiGatewayStage="n/a" -cd ../../.aws-sam/build.main || exit -make sam-deploy-package +function check_required_vars() { + REQUIRED_VARS=$1 + + for var in $REQUIRED_VARS; do + # Check if the variable is defined and not empty + if [ -z "${!var}" ]; then + echo "Error: $var is not defined or is empty." + exit 1 + else + echo "$var: '${!var}'" + fi + done +} + +function get_exports() { + artifact_bucket=$(aws cloudformation list-exports --output json | jq -r '.Exports[] | select(.Name == "account-resources:ArtifactsBucket") | .Value' | grep -o '[^:]*$') + + cloud_formation_execution_role=$(aws cloudformation list-exports --output json | jq -r '.Exports[] | select(.Name == "ci-resources:CloudFormationExecutionRole") | .Value' ) + + TRUSTSTORE_BUCKET_ARN=$(aws cloudformation describe-stacks --stack-name account-resources --query "Stacks[0].Outputs[?OutputKey=='TrustStoreBucket'].OutputValue" --output text) + TRUSTSTORE_BUCKET_NAME=$(echo "${TRUSTSTORE_BUCKET_ARN}" | cut -d ":" -f 6) + LATEST_TRUSTSTORE_VERSION=$(aws s3api list-object-versions --bucket "${TRUSTSTORE_BUCKET_NAME}" --prefix "${TRUSTSTORE_FILE}" --query 'Versions[?IsLatest].[VersionId]' --output text) + + # get current deployed colour + current_coluor=$(aws cloudformation describe-stacks --stack-name "${stack_name}" --query "Stacks[].Tags[?Key=='deployment_colour'].Value" --output text) +} + +function deploy_sandbox_stack() { + echo "About to sandbox stack" + local stack_name=$1 + check_required_vars "GITHUB_WORKSPACE \ + stack_name \ + artifact_bucket \ + artifact_bucket_prefix \ + cloud_formation_execution_role \ + VERSION_NUMBER \ + ENABLE_MUTUAL_TLS \ + COMMIT_ID \ + LOG_LEVEL \ + LOG_RETENTION_DAYS" + sam deploy \ + --template-file "${GITHUB_WORKSPACE}/.aws-sam/build/template.yaml" \ + --stack-name "${stack_name}" \ + --capabilities CAPABILITY_NAMED_IAM CAPABILITY_AUTO_EXPAND \ + --region eu-west-2 \ + --s3-bucket "${artifact_bucket}" \ + --s3-prefix "${ARTIFACT_BUCKET_PREFIX}" \ + --config-file "${GITHUB_WORKSPACE}/.aws-sam/build/samconfig_package_and_deploy.toml" \ + --no-fail-on-empty-changeset \ + --role-arn "${cloud_formation_execution_role}" \ + --no-confirm-changeset \ + --force-upload \ + --tags \ + version="${VERSION_NUMBER}" \ + --parameter-overrides \ + EnableMutualTLS="${ENABLE_MUTUAL_TLS}" \ + EnableSplunk=true \ + VersionNumber="${VERSION_NUMBER}" \ + CommitId="${COMMIT_ID}" \ + LogLevel="${LOG_LEVEL}" \ + LogRetentionInDays="${LOG_RETENTION_DAYS}" +} + +function deploy_main_stack() { + echo "About to main stack" + local stack_name=$1 + local deployment_colour=$2 + check_required_vars "GITHUB_WORKSPACE \ + stack_name \ + artifact_bucket \ + artifact_bucket_prefix \ + cloud_formation_execution_role \ + VERSION_NUMBER \ + deployment_colour \ + ENABLE_MUTUAL_TLS \ + DYNAMODB_AUTOSCALE \ + COMMIT_ID \ + LOG_LEVEL \ + LOG_RETENTION_DAYS \ + TARGET_ENVIRONMENT \ + DEPLOY_CHECK_PRESCRIPTION_STATUS_UPDATE \ + ENABLE_ALERTS" + sam deploy \ + --template-file "${GITHUB_WORKSPACE}/.aws-sam/build.main/template.yaml" \ + --stack-name "${stack_name}" \ + --capabilities CAPABILITY_NAMED_IAM CAPABILITY_AUTO_EXPAND \ + --region eu-west-2 \ + --s3-bucket "${artifact_bucket}" \ + --s3-prefix "${ARTIFACT_BUCKET_PREFIX}" \ + --config-file "${GITHUB_WORKSPACE}/.aws-sam/build.main/samconfig_package_and_deploy.toml" \ + --no-fail-on-empty-changeset \ + --role-arn "${cloud_formation_execution_role}" \ + --no-confirm-changeset \ + --force-upload \ + --tags \ + version="${VERSION_NUMBER}" \ + deployment_colour="${deployment_colour}" \ + --parameter-overrides \ + EnableMutualTLS="${ENABLE_MUTUAL_TLS}" \ + EnableSplunk=true \ + EnableDynamoDBAutoScaling="${DYNAMODB_AUTOSCALE}" \ + VersionNumber="${VERSION_NUMBER}" \ + CommitId="${COMMIT_ID}" \ + LogLevel="${LOG_LEVEL}" \ + LogRetentionInDays="${LOG_RETENTION_DAYS}" \ + Environment="${TARGET_ENVIRONMENT}" \ + DeployCheckPrescriptionStatusUpdate="${DEPLOY_CHECK_PRESCRIPTION_STATUS_UPDATE}" \ + EnableAlerts="${ENABLE_ALERTS}" +} + +function deploy_api_domain_stack() { + echo "About to api domain stack" + local stack_name=$1 + local deployment_colour=$2 + check_required_vars "GITHUB_WORKSPACE \ + stack_name \ + artifact_bucket \ + artifact_bucket_prefix \ + cloud_formation_execution_role \ + VERSION_NUMBER \ + deployment_colour \ + LATEST_TRUSTSTORE_VERSION \ + ENABLE_MUTUAL_TLS \ + COMMIT_ID \ + LOG_LEVEL \ + LOG_RETENTION_DAYS \ + RestApiGateway \ + RestApiGatewayStage" + sam deploy \ + --template-file "${GITHUB_WORKSPACE}/.aws-sam/build.api_domain/template.yaml" \ + --stack-name "${stack_name}" \ + --capabilities CAPABILITY_NAMED_IAM CAPABILITY_AUTO_EXPAND \ + --region eu-west-2 \ + --s3-bucket "${artifact_bucket}" \ + --s3-prefix "${ARTIFACT_BUCKET_PREFIX}" \ + --config-file "${GITHUB_WORKSPACE}/.aws-sam/build.api_domain/samconfig_package_and_deploy.toml" \ + --no-fail-on-empty-changeset \ + --role-arn "${cloud_formation_execution_role}" \ + --no-confirm-changeset \ + --force-upload \ + --tags \ + version="${VERSION_NUMBER}" \ + deployment_colour="${deployment_colour}" \ + --parameter-overrides \ + TruststoreVersion="${LATEST_TRUSTSTORE_VERSION}" \ + EnableMutualTLS="${ENABLE_MUTUAL_TLS}" \ + LogLevel="${LOG_LEVEL}" \ + LogRetentionInDays="${LOG_RETENTION_DAYS}" \ + RestApiGateway="${RestApiGateway}" \ + RestApiGatewayStage="${RestApiGatewayStage}" +} + +get_exports + +if [ "$DEPLOY_SANDBOX" == "true" ]; then + deploy_sandbox_stack "${stack_name}" + exit 0 +fi + + +if [ "$current_coluor" == "blue" ]; then + undeployed_colour="green" + deployed_colour="blue" + undeployed_stack_name="${stack_name}-grenn" + deployed_stack_name="${stack_name}-blue" +else + undeployed_colour="blue" + deployed_colour="green" + undeployed_stack_name="${stack_name}-blue" + deployed_stack_name="${stack_name}-green" +fi + +deploy_main_stack "${undeployed_stack_name}" "${undeployed_colour}" # get blue stack exports RestApiGateway=$(aws cloudformation list-exports --query "Exports[?Name=='${stack_name}:RestApi:Gateway'].Value" --output text) export RestApiGateway RestApiGatewayStage=$(aws cloudformation list-exports --query "Exports[?Name=='${stack_name}:RestApi:Gateway:Stage'].Value" --output text) export RestApiGatewayStage +deploy_api_domain_stack "${stack_name}" "${undeployed_colour}" -# deploy api-domain stack -stack_name="${original_stack_name}" -export stack_name -cd ../build.api_domain || exit -make sam-deploy-package - -# deploy green stack -stack_name="${original_stack_name}-green" -export stack_name -export deployment_colour="green" -export RestApiGateway="n/a" -export RestApiGatewayStage="n/a" -cd ../../.aws-sam/build.main || exit -make sam-deploy-package +deploy_main_stack "${deployed_stack_name}" "${deployed_colour}" diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index 4da68d9c4..44cb6cc9a 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -76,6 +76,7 @@ jobs: DEPLOY_APIGEE_CPSU: true DEPLOY_CHECK_PRESCRIPTION_STATUS_UPDATE: true ENABLE_ALERTS: false + DEPLOY_SANDBOX: false secrets: CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }} PROXYGEN_ROLE: ${{ secrets.PROXYGEN_PTL_ROLE }} @@ -99,6 +100,7 @@ jobs: DYNAMODB_AUTOSCALE: false DEPLOY_APIGEE_CPSU: true DEPLOY_CHECK_PRESCRIPTION_STATUS_UPDATE: true + DEPLOY_SANDBOX: true secrets: CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }} PROXYGEN_ROLE: ${{ secrets.PROXYGEN_PTL_ROLE }} diff --git a/.github/workflows/run_release_code_and_api.yml b/.github/workflows/run_release_code_and_api.yml index e4f3e8d69..6c9635601 100644 --- a/.github/workflows/run_release_code_and_api.yml +++ b/.github/workflows/run_release_code_and_api.yml @@ -67,6 +67,9 @@ on: ENABLE_ALERTS: type: boolean default: true + DEPLOY_SANDBOX: + type: boolean + default: false secrets: CLOUD_FORMATION_DEPLOY_ROLE: required: true @@ -137,19 +140,19 @@ jobs: shell: bash working-directory: .github/scripts env: - artifact_bucket_prefix: prescription_status_update/${{ inputs.ARTIFACT_BUCKET_PREFIX }} + ARTIFACT_BUCKET_PREFIX: prescription_status_update/${{ inputs.ARTIFACT_BUCKET_PREFIX }} COMMIT_ID: ${{ inputs.COMMIT_ID }} - enable_mutual_tls: ${{ inputs.ENABLE_MUTUAL_TLS }} + ENABLE_MUTUAL_TLS: ${{ inputs.ENABLE_MUTUAL_TLS }} LOG_LEVEL: ${{ inputs.LOG_LEVEL }} LOG_RETENTION_DAYS: ${{ inputs.LOG_RETENTION_DAYS }} stack_name: ${{ inputs.STACK_NAME }} TARGET_ENVIRONMENT: ${{ inputs.AWS_ENVIRONMENT }} - template_file: template.yaml TRUSTSTORE_FILE: ${{ inputs.TRUSTSTORE_FILE }} VERSION_NUMBER: ${{ inputs.VERSION_NUMBER }} DYNAMODB_AUTOSCALE: ${{ inputs.DYNAMODB_AUTOSCALE }} DEPLOY_CHECK_PRESCRIPTION_STATUS_UPDATE: ${{ inputs.DEPLOY_CHECK_PRESCRIPTION_STATUS_UPDATE }} ENABLE_ALERTS: ${{ inputs.ENABLE_ALERTS }} + DEPLOY_SANDBOX: ${{ inputs.DEPLOY_SANDBOX}} run: ./release_code.sh - name: get mtls secrets diff --git a/Makefile b/Makefile index 11f13a075..925ae56ed 100644 --- a/Makefile +++ b/Makefile @@ -93,19 +93,19 @@ sam-deploy-package: guard-artifact_bucket guard-artifact_bucket_prefix guard-sta version=$$VERSION_NUMBER \ deployment_colour=$$deployment_colour \ --parameter-overrides \ - TruststoreVersion=$$LATEST_TRUSTSTORE_VERSION \ - EnableMutualTLS=$$enable_mutual_tls \ - EnableSplunk=true \ - EnableDynamoDBAutoScaling=$$DYNAMODB_AUTOSCALE \ - VersionNumber=$$VERSION_NUMBER \ - CommitId=$$COMMIT_ID \ - LogLevel=$$LOG_LEVEL \ - LogRetentionInDays=$$LOG_RETENTION_DAYS \ - Environment=$$TARGET_ENVIRONMENT \ - DeployCheckPrescriptionStatusUpdate=$$DEPLOY_CHECK_PRESCRIPTION_STATUS_UPDATE \ - EnableAlerts=$$ENABLE_ALERTS \ - RestApiGateway=$$RestApiGateway \ - RestApiGatewayStage=$$RestApiGatewayStage + TruststoreVersion=$$LATEST_TRUSTSTORE_VERSION \ + EnableMutualTLS=$$enable_mutual_tls \ + EnableSplunk=true \ + EnableDynamoDBAutoScaling=$$DYNAMODB_AUTOSCALE \ + VersionNumber=$$VERSION_NUMBER \ + CommitId=$$COMMIT_ID \ + LogLevel=$$LOG_LEVEL \ + LogRetentionInDays=$$LOG_RETENTION_DAYS \ + Environment=$$TARGET_ENVIRONMENT \ + DeployCheckPrescriptionStatusUpdate=$$DEPLOY_CHECK_PRESCRIPTION_STATUS_UPDATE \ + EnableAlerts=$$ENABLE_ALERTS \ + RestApiGateway=$$RestApiGateway \ + RestApiGatewayStage=$$RestApiGatewayStage compile-node: npx tsc --build tsconfig.build.json diff --git a/SAMtemplates/main_template.yaml b/SAMtemplates/main_template.yaml index d23743703..b0112aced 100644 --- a/SAMtemplates/main_template.yaml +++ b/SAMtemplates/main_template.yaml @@ -11,10 +11,6 @@ Parameters: - true - false - TruststoreVersion: - Type: String - Default: none - LogLevel: Type: String Default: INFO From b26c77fd2dd1f6d2896a71df9b87e5a70d0318a6 Mon Sep 17 00:00:00 2001 From: Anthony Brown <121869075+anthony-nhs@users.noreply.github.com> Date: Tue, 24 Sep 2024 08:19:00 +0000 Subject: [PATCH 12/22] different table stack --- .github/scripts/package_code.sh | 8 +++ .github/scripts/release_code.sh | 50 ++++++++++++++++--- .../workflows/run_package_code_and_api.yml | 1 + Makefile | 3 ++ SAMtemplates/functions/main.yaml | 14 +++--- SAMtemplates/main_template.yaml | 13 ++--- SAMtemplates/tables/main.yaml | 14 +++--- 7 files changed, 72 insertions(+), 31 deletions(-) diff --git a/.github/scripts/package_code.sh b/.github/scripts/package_code.sh index cd60e755d..106155a13 100755 --- a/.github/scripts/package_code.sh +++ b/.github/scripts/package_code.sh @@ -25,6 +25,14 @@ cp Makefile .aws-sam/build/ cp samconfig_package_and_deploy.toml .aws-sam/build/ mv .aws-sam/build .aws-sam/build.api_domain +# build api domain sam stack +make sam-build-tables + +# copy files needed into target directory and rename it +cp Makefile .aws-sam/build/ +cp samconfig_package_and_deploy.toml .aws-sam/build/ +mv .aws-sam/build .aws-sam/build.tables + # copy api spec mkdir -p .aws-sam/build/specification cp packages/specification/dist/eps-prescription-status-update-api.resolved.json .aws-sam/build/specification/ diff --git a/.github/scripts/release_code.sh b/.github/scripts/release_code.sh index c68b0b957..ee4abaae6 100755 --- a/.github/scripts/release_code.sh +++ b/.github/scripts/release_code.sh @@ -23,9 +23,6 @@ function get_exports() { TRUSTSTORE_BUCKET_ARN=$(aws cloudformation describe-stacks --stack-name account-resources --query "Stacks[0].Outputs[?OutputKey=='TrustStoreBucket'].OutputValue" --output text) TRUSTSTORE_BUCKET_NAME=$(echo "${TRUSTSTORE_BUCKET_ARN}" | cut -d ":" -f 6) LATEST_TRUSTSTORE_VERSION=$(aws s3api list-object-versions --bucket "${TRUSTSTORE_BUCKET_NAME}" --prefix "${TRUSTSTORE_FILE}" --query 'Versions[?IsLatest].[VersionId]' --output text) - - # get current deployed colour - current_coluor=$(aws cloudformation describe-stacks --stack-name "${stack_name}" --query "Stacks[].Tags[?Key=='deployment_colour'].Value" --output text) } function deploy_sandbox_stack() { @@ -34,7 +31,7 @@ function deploy_sandbox_stack() { check_required_vars "GITHUB_WORKSPACE \ stack_name \ artifact_bucket \ - artifact_bucket_prefix \ + ARTIFACT_BUCKET_PREFIX \ cloud_formation_execution_role \ VERSION_NUMBER \ ENABLE_MUTUAL_TLS \ @@ -71,7 +68,7 @@ function deploy_main_stack() { check_required_vars "GITHUB_WORKSPACE \ stack_name \ artifact_bucket \ - artifact_bucket_prefix \ + ARTIFACT_BUCKET_PREFIX \ cloud_formation_execution_role \ VERSION_NUMBER \ deployment_colour \ @@ -108,7 +105,8 @@ function deploy_main_stack() { LogRetentionInDays="${LOG_RETENTION_DAYS}" \ Environment="${TARGET_ENVIRONMENT}" \ DeployCheckPrescriptionStatusUpdate="${DEPLOY_CHECK_PRESCRIPTION_STATUS_UPDATE}" \ - EnableAlerts="${ENABLE_ALERTS}" + EnableAlerts="${ENABLE_ALERTS}" \ + PrescriptionStatusUpdatesTableName="${PrescriptionStatusUpdatesTableName}" } function deploy_api_domain_stack() { @@ -118,7 +116,7 @@ function deploy_api_domain_stack() { check_required_vars "GITHUB_WORKSPACE \ stack_name \ artifact_bucket \ - artifact_bucket_prefix \ + ARTIFACT_BUCKET_PREFIX \ cloud_formation_execution_role \ VERSION_NUMBER \ deployment_colour \ @@ -153,6 +151,38 @@ function deploy_api_domain_stack() { RestApiGatewayStage="${RestApiGatewayStage}" } +function deploy_table_stack() { + echo "About to table stack" + local stack_name=$1 + check_required_vars "GITHUB_WORKSPACE \ + stack_name \ + artifact_bucket \ + ARTIFACT_BUCKET_PREFIX \ + cloud_formation_execution_role \ + VERSION_NUMBER \ + DYNAMODB_AUTOSCALE \ + COMMIT_ID" + sam deploy \ + --template-file "${GITHUB_WORKSPACE}/.aws-sam/build.tables/template.yaml" \ + --stack-name "${stack_name}" \ + --capabilities CAPABILITY_NAMED_IAM CAPABILITY_AUTO_EXPAND \ + --region eu-west-2 \ + --s3-bucket "${artifact_bucket}" \ + --s3-prefix "${ARTIFACT_BUCKET_PREFIX}" \ + --config-file "${GITHUB_WORKSPACE}/.aws-sam/build.tables/samconfig_package_and_deploy.toml" \ + --no-fail-on-empty-changeset \ + --role-arn "${cloud_formation_execution_role}" \ + --no-confirm-changeset \ + --force-upload \ + --tags \ + version="${VERSION_NUMBER}" \ + --parameter-overrides \ + EnableMutualTLS="${ENABLE_MUTUAL_TLS}" \ + EnableSplunk=true \ + EnableDynamoDBAutoScaling="${DYNAMODB_AUTOSCALE}" \ + VersionNumber="${VERSION_NUMBER}" +} + get_exports if [ "$DEPLOY_SANDBOX" == "true" ]; then @@ -160,6 +190,12 @@ if [ "$DEPLOY_SANDBOX" == "true" ]; then exit 0 fi +# get current deployed colour +current_coluor=$(aws cloudformation describe-stacks --stack-name "${stack_name}" --query "Stacks[].Tags[?Key=='deployment_colour'].Value" --output text) + +deploy_table_stack "${stack_name}-tables" + +PrescriptionStatusUpdatesTableName=$(aws cloudformation list-exports --query "Exports[?Name=='${stack_name}-tables:tables:PrescriptionStatusUpdatesTableName'].Value" --output text) if [ "$current_coluor" == "blue" ]; then undeployed_colour="green" diff --git a/.github/workflows/run_package_code_and_api.yml b/.github/workflows/run_package_code_and_api.yml index d25f11b94..ef493aee8 100644 --- a/.github/workflows/run_package_code_and_api.yml +++ b/.github/workflows/run_package_code_and_api.yml @@ -61,6 +61,7 @@ jobs: .aws-sam/build .aws-sam/build.main .aws-sam/build.api_domain + .aws-sam/build.tables SAMtemplates/state_machines/UpdatePrescriptionStatusStateMachine.asl.json SAMtemplates/state_machines/Format1UpdatePrescriptionsStatusStateMachine.asl.json diff --git a/Makefile b/Makefile index 925ae56ed..a731d4db9 100644 --- a/Makefile +++ b/Makefile @@ -23,6 +23,9 @@ sam-build: sam-validate compile sam-build-api-domain: sam-validate compile sam build --template-file SAMtemplates/apis/api_domain.yaml --region eu-west-2 +sam-build-tables: sam-validate compile + sam build --template-file SAMtemplates/tables/main.yaml --region eu-west-2 + sam-build-sandbox: sam-validate-sandbox compile sam build --template-file SAMtemplates/sandbox_template.yaml --region eu-west-2 diff --git a/SAMtemplates/functions/main.yaml b/SAMtemplates/functions/main.yaml index 65abd581a..7865fe505 100644 --- a/SAMtemplates/functions/main.yaml +++ b/SAMtemplates/functions/main.yaml @@ -93,9 +93,9 @@ Resources: IncludeAdditionalPolicies: true AdditionalPolicies: !Join - "," - - - Fn::ImportValue: !Sub ${StackName}:tables:${PrescriptionStatusUpdatesTableName}:TableWritePolicyArn - - Fn::ImportValue: !Sub ${StackName}:tables:${PrescriptionStatusUpdatesTableName}:TableReadPolicyArn - - Fn::ImportValue: !Sub ${StackName}:tables:UsePrescriptionStatusUpdatesKMSKeyPolicyArn + - - Fn::ImportValue: !Sub ${StackName}-tables:tables:${PrescriptionStatusUpdatesTableName}:TableWritePolicyArn + - Fn::ImportValue: !Sub ${StackName}-tables:tables:${PrescriptionStatusUpdatesTableName}:TableReadPolicyArn + - Fn::ImportValue: !Sub ${StackName}-tables:tables:UsePrescriptionStatusUpdatesKMSKeyPolicyArn LogRetentionInDays: !Ref LogRetentionInDays CloudWatchKMSKeyId: !ImportValue account-resources:CloudwatchLogsKmsKeyArn EnableSplunk: !Ref EnableSplunk @@ -181,8 +181,8 @@ Resources: IncludeAdditionalPolicies: true AdditionalPolicies: !Join - "," - - - Fn::ImportValue: !Sub ${StackName}:tables:${PrescriptionStatusUpdatesTableName}:TableReadPolicyArn - - Fn::ImportValue: !Sub ${StackName}:tables:UsePrescriptionStatusUpdatesKMSKeyPolicyArn + - - Fn::ImportValue: !Sub ${StackName}-tables:tables:${PrescriptionStatusUpdatesTableName}:TableReadPolicyArn + - Fn::ImportValue: !Sub ${StackName}-tables:tables:UsePrescriptionStatusUpdatesKMSKeyPolicyArn LogRetentionInDays: !Ref LogRetentionInDays CloudWatchKMSKeyId: !ImportValue account-resources:CloudwatchLogsKmsKeyArn EnableSplunk: !Ref EnableSplunk @@ -312,8 +312,8 @@ Resources: IncludeAdditionalPolicies: true AdditionalPolicies: !Join - "," - - - Fn::ImportValue: !Sub ${StackName}:tables:${PrescriptionStatusUpdatesTableName}:TableReadPolicyArn - - Fn::ImportValue: !Sub ${StackName}:tables:UsePrescriptionStatusUpdatesKMSKeyPolicyArn + - - Fn::ImportValue: !Sub ${StackName}-tables:tables:${PrescriptionStatusUpdatesTableName}:TableReadPolicyArn + - Fn::ImportValue: !Sub ${StackName}-tables:tables:UsePrescriptionStatusUpdatesKMSKeyPolicyArn LogRetentionInDays: !Ref LogRetentionInDays CloudWatchKMSKeyId: !ImportValue account-resources:CloudwatchLogsKmsKeyArn EnableSplunk: !Ref EnableSplunk diff --git a/SAMtemplates/main_template.yaml b/SAMtemplates/main_template.yaml index b0112aced..be57db4c2 100644 --- a/SAMtemplates/main_template.yaml +++ b/SAMtemplates/main_template.yaml @@ -77,15 +77,10 @@ Parameters: - true - false -Resources: - Tables: - Type: AWS::Serverless::Application - Properties: - Location: tables/main.yaml - Parameters: - StackName: !Ref AWS::StackName - EnableDynamoDBAutoScaling: !Ref EnableDynamoDBAutoScaling + PrescriptionStatusUpdatesTableName: + Type: String +Resources: Apis: Type: AWS::Serverless::Application Properties: @@ -113,7 +108,7 @@ Resources: Location: functions/main.yaml Parameters: StackName: !Ref AWS::StackName - PrescriptionStatusUpdatesTableName: !GetAtt Tables.Outputs.PrescriptionStatusUpdatesTableName + PrescriptionStatusUpdatesTableName: !Ref PrescriptionStatusUpdatesTableName LogLevel: !Ref LogLevel LogRetentionInDays: !Ref LogRetentionInDays EnableSplunk: !Ref EnableSplunk diff --git a/SAMtemplates/tables/main.yaml b/SAMtemplates/tables/main.yaml index 0230bf004..b4d72cfaf 100644 --- a/SAMtemplates/tables/main.yaml +++ b/SAMtemplates/tables/main.yaml @@ -4,10 +4,6 @@ Description: | PSU DynamoDB tables and related resources Parameters: - StackName: - Type: String - Default: none - EnableDynamoDBAutoScaling: Type: String @@ -55,7 +51,7 @@ Resources: PrescriptionStatusUpdatesKMSKeyAlias: Type: AWS::KMS::Alias Properties: - AliasName: !Sub alias/${StackName}-PrescriptionStatusUpdatesKMSKeyAlias + AliasName: !Sub alias/${AWS::StackName}-PrescriptionStatusUpdatesKMSKeyAlias TargetKeyId: !Ref PrescriptionStatusUpdatesKMSKey UsePrescriptionStatusUpdatesKMSKeyPolicy: @@ -76,7 +72,7 @@ Resources: PrescriptionStatusUpdatesTable: Type: AWS::DynamoDB::Table Properties: - TableName: !Sub ${StackName}-PrescriptionStatusUpdates + TableName: !Sub ${AWS::StackName}-PrescriptionStatusUpdates PointInTimeRecoverySpecification: PointInTimeRecoveryEnabled: true AttributeDefinitions: @@ -146,7 +142,7 @@ Resources: Properties: Location: dynamodb_resources.yaml Parameters: - StackName: !Ref StackName + StackName: !Ref AWS::StackName TableName: !Ref PrescriptionStatusUpdatesTable TableArn: !GetAtt PrescriptionStatusUpdatesTable.Arn @@ -352,6 +348,8 @@ Outputs: PrescriptionStatusUpdatesTableName: Description: PrescriptionStatusUpdates table name Value: !Ref PrescriptionStatusUpdatesTable + Export: + Name: !Sub ${AWS::StackName}:tables:PrescriptionStatusUpdatesTableName PrescriptionStatusUpdatesTableArn: Description: PrescriptionStatusUpdates table arn @@ -361,4 +359,4 @@ Outputs: Description: Use kms key policy arn Value: !GetAtt UsePrescriptionStatusUpdatesKMSKeyPolicy.PolicyArn Export: - Name: !Sub ${StackName}:tables:UsePrescriptionStatusUpdatesKMSKeyPolicyArn + Name: !Sub ${AWS::StackName}:tables:UsePrescriptionStatusUpdatesKMSKeyPolicyArn From d2a532a48711b493b129f2d6c81c75f1d60b16f1 Mon Sep 17 00:00:00 2001 From: Anthony Brown <121869075+anthony-nhs@users.noreply.github.com> Date: Tue, 24 Sep 2024 08:35:19 +0000 Subject: [PATCH 13/22] function to get gsul arn --- .github/scripts/release_code.sh | 10 ++--- .../workflows/run_package_code_and_api.yml | 2 - SAMtemplates/apis/api_domain.yaml | 39 +++++++++++++++++++ 3 files changed, 44 insertions(+), 7 deletions(-) diff --git a/.github/scripts/release_code.sh b/.github/scripts/release_code.sh index ee4abaae6..1c233343b 100755 --- a/.github/scripts/release_code.sh +++ b/.github/scripts/release_code.sh @@ -148,7 +148,8 @@ function deploy_api_domain_stack() { LogLevel="${LOG_LEVEL}" \ LogRetentionInDays="${LOG_RETENTION_DAYS}" \ RestApiGateway="${RestApiGateway}" \ - RestApiGatewayStage="${RestApiGatewayStage}" + RestApiGatewayStage="${RestApiGatewayStage}" \ + GSUL_ARN="${GSUL_ARN}" } function deploy_table_stack() { @@ -212,10 +213,9 @@ fi deploy_main_stack "${undeployed_stack_name}" "${undeployed_colour}" # get blue stack exports -RestApiGateway=$(aws cloudformation list-exports --query "Exports[?Name=='${stack_name}:RestApi:Gateway'].Value" --output text) -export RestApiGateway -RestApiGatewayStage=$(aws cloudformation list-exports --query "Exports[?Name=='${stack_name}:RestApi:Gateway:Stage'].Value" --output text) -export RestApiGatewayStage +RestApiGateway=$(aws cloudformation list-exports --query "Exports[?Name=='${undeployed_stack_name}:RestApi:Gateway'].Value" --output text) +RestApiGatewayStage=$(aws cloudformation list-exports --query "Exports[?Name=='${undeployed_stack_name}:RestApi:Gateway:Stage'].Value" --output text) +GSUL_ARN=$(aws cloudformation list-exports --query "Exports[?Name=='${undeployed_stack_name}:functions:psu-GetStatusUpdates:FunctionArn'].Value" --output text) deploy_api_domain_stack "${stack_name}" "${undeployed_colour}" deploy_main_stack "${deployed_stack_name}" "${deployed_colour}" diff --git a/.github/workflows/run_package_code_and_api.yml b/.github/workflows/run_package_code_and_api.yml index ef493aee8..6b77dffa1 100644 --- a/.github/workflows/run_package_code_and_api.yml +++ b/.github/workflows/run_package_code_and_api.yml @@ -75,7 +75,6 @@ jobs: make sam-build-sandbox cp Makefile .aws-sam/build/ cp samconfig_package_and_deploy.toml .aws-sam/build/ - mv .aws-sam/build .aws-sam/build.main mkdir -p .aws-sam/build/specification cp packages/specification/dist/eps-prescription-status-update-api.resolved.json .aws-sam/build/specification/ cp packages/specification/dist/eps-custom-prescription-status-update-api.resolved.json .aws-sam/build/specification/ @@ -87,5 +86,4 @@ jobs: name: packaged_sandbox_code path: | .aws-sam/build - .aws-sam/build.main README.md diff --git a/SAMtemplates/apis/api_domain.yaml b/SAMtemplates/apis/api_domain.yaml index f76661d3f..eadf8476b 100644 --- a/SAMtemplates/apis/api_domain.yaml +++ b/SAMtemplates/apis/api_domain.yaml @@ -16,6 +16,9 @@ Parameters: RestApiGatewayStage: Type: String + GSUL_ARN: + Type: String + Conditions: ShouldUseMutualTLS: !Equals - true @@ -86,3 +89,39 @@ Resources: DomainName: !Ref RestApiDomain RestApiId: !Ref RestApiGateway Stage: !Ref RestApiGatewayStage + + GetGSULArn: + Type: AWS::Serverless::Function + Properties: + FunctionName: !Sub ${AWS::StackName}-GetGSULArn + InlineCode: | + const GSUL_ARN = process.env["GSUL_ARN"] + exports.handler = async function(event) { + return GSUL_ARN + }; + Handler: index.handler + Role: !GetAtt GetGSULArnResources.Outputs.LambdaRoleArn + Environment: + Variables: + GSUL_ARN: !Ref GSUL_ARN + Metadata: + guard: + SuppressedRules: + - LAMBDA_DLQ_CHECK + - LAMBDA_INSIDE_VPC + - LAMBDA_CONCURRENCY_CHECK + + GetGSULArnResources: + Type: AWS::Serverless::Application + Properties: + Location: ../functions/lambda_resources.yaml + Parameters: + StackName: !Ref AWS::StackName + LambdaName: !Sub ${AWS::StackName}-GetGSULArn + LambdaArn: !Sub arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:${AWS::StackName}-UpdatePrescriptionStatus + IncludeAdditionalPolicies: false + LogRetentionInDays: !Ref LogRetentionInDays + CloudWatchKMSKeyId: !ImportValue account-resources:CloudwatchLogsKmsKeyArn + EnableSplunk: !Ref EnableSplunk + SplunkSubscriptionFilterRole: !ImportValue lambda-resources:SplunkSubscriptionFilterRole + SplunkDeliveryStreamArn: !ImportValue lambda-resources:SplunkDeliveryStream From c03595c5c06cf6505c70eef21a44543123688ef9 Mon Sep 17 00:00:00 2001 From: Anthony Brown <121869075+anthony-nhs@users.noreply.github.com> Date: Tue, 24 Sep 2024 08:37:25 +0000 Subject: [PATCH 14/22] typo --- .github/scripts/release_code.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/scripts/release_code.sh b/.github/scripts/release_code.sh index 1c233343b..4af5334e9 100755 --- a/.github/scripts/release_code.sh +++ b/.github/scripts/release_code.sh @@ -201,7 +201,7 @@ PrescriptionStatusUpdatesTableName=$(aws cloudformation list-exports --query "Ex if [ "$current_coluor" == "blue" ]; then undeployed_colour="green" deployed_colour="blue" - undeployed_stack_name="${stack_name}-grenn" + undeployed_stack_name="${stack_name}-green" deployed_stack_name="${stack_name}-blue" else undeployed_colour="blue" From 46bf47ea1deb0838a49293e6d611157c5418160a Mon Sep 17 00:00:00 2001 From: Anthony Brown <121869075+anthony-nhs@users.noreply.github.com> Date: Tue, 24 Sep 2024 08:52:11 +0000 Subject: [PATCH 15/22] fix --- .github/scripts/package_code.sh | 2 +- SAMtemplates/apis/api_domain.yaml | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/scripts/package_code.sh b/.github/scripts/package_code.sh index 106155a13..b3b2e0a47 100755 --- a/.github/scripts/package_code.sh +++ b/.github/scripts/package_code.sh @@ -25,7 +25,7 @@ cp Makefile .aws-sam/build/ cp samconfig_package_and_deploy.toml .aws-sam/build/ mv .aws-sam/build .aws-sam/build.api_domain -# build api domain sam stack +# build table sam stack make sam-build-tables # copy files needed into target directory and rename it diff --git a/SAMtemplates/apis/api_domain.yaml b/SAMtemplates/apis/api_domain.yaml index eadf8476b..08198cb0a 100644 --- a/SAMtemplates/apis/api_domain.yaml +++ b/SAMtemplates/apis/api_domain.yaml @@ -94,6 +94,11 @@ Resources: Type: AWS::Serverless::Function Properties: FunctionName: !Sub ${AWS::StackName}-GetGSULArn + Timeout: 50 + MemorySize: 256 + Architectures: + - x86_64 + Runtime: nodejs20.x InlineCode: | const GSUL_ARN = process.env["GSUL_ARN"] exports.handler = async function(event) { From 78b832629c6d9e77207d28cf0e368946abda44dd Mon Sep 17 00:00:00 2001 From: Anthony Brown <121869075+anthony-nhs@users.noreply.github.com> Date: Tue, 24 Sep 2024 09:18:52 +0000 Subject: [PATCH 16/22] fix deployment --- .github/scripts/release_code.sh | 11 +++++++---- SAMtemplates/functions/main.yaml | 17 ++++++++++------- SAMtemplates/main_template.yaml | 3 +++ 3 files changed, 20 insertions(+), 11 deletions(-) diff --git a/.github/scripts/release_code.sh b/.github/scripts/release_code.sh index 4af5334e9..74a1f5785 100755 --- a/.github/scripts/release_code.sh +++ b/.github/scripts/release_code.sh @@ -65,6 +65,7 @@ function deploy_main_stack() { echo "About to main stack" local stack_name=$1 local deployment_colour=$2 + local TablesStackName=$3 check_required_vars "GITHUB_WORKSPACE \ stack_name \ artifact_bucket \ @@ -79,7 +80,8 @@ function deploy_main_stack() { LOG_RETENTION_DAYS \ TARGET_ENVIRONMENT \ DEPLOY_CHECK_PRESCRIPTION_STATUS_UPDATE \ - ENABLE_ALERTS" + ENABLE_ALERTS \ + TablesStackName" sam deploy \ --template-file "${GITHUB_WORKSPACE}/.aws-sam/build.main/template.yaml" \ --stack-name "${stack_name}" \ @@ -106,7 +108,8 @@ function deploy_main_stack() { Environment="${TARGET_ENVIRONMENT}" \ DeployCheckPrescriptionStatusUpdate="${DEPLOY_CHECK_PRESCRIPTION_STATUS_UPDATE}" \ EnableAlerts="${ENABLE_ALERTS}" \ - PrescriptionStatusUpdatesTableName="${PrescriptionStatusUpdatesTableName}" + PrescriptionStatusUpdatesTableName="${PrescriptionStatusUpdatesTableName}" \ + TablesStackName="${TablesStackName}" } function deploy_api_domain_stack() { @@ -210,7 +213,7 @@ else deployed_stack_name="${stack_name}-green" fi -deploy_main_stack "${undeployed_stack_name}" "${undeployed_colour}" +deploy_main_stack "${undeployed_stack_name}" "${undeployed_colour}" "${stack_name}-tables" # get blue stack exports RestApiGateway=$(aws cloudformation list-exports --query "Exports[?Name=='${undeployed_stack_name}:RestApi:Gateway'].Value" --output text) @@ -218,4 +221,4 @@ RestApiGatewayStage=$(aws cloudformation list-exports --query "Exports[?Name=='$ GSUL_ARN=$(aws cloudformation list-exports --query "Exports[?Name=='${undeployed_stack_name}:functions:psu-GetStatusUpdates:FunctionArn'].Value" --output text) deploy_api_domain_stack "${stack_name}" "${undeployed_colour}" -deploy_main_stack "${deployed_stack_name}" "${deployed_colour}" +deploy_main_stack "${deployed_stack_name}" "${deployed_colour}" "${stack_name}-tables" diff --git a/SAMtemplates/functions/main.yaml b/SAMtemplates/functions/main.yaml index 7865fe505..da0f5cf01 100644 --- a/SAMtemplates/functions/main.yaml +++ b/SAMtemplates/functions/main.yaml @@ -46,6 +46,9 @@ Parameters: Environment: Type: String + TablesStackName: + Type: String + Conditions: ShouldDeployCheckPrescriptionStatusUpdate: !Equals - true @@ -93,9 +96,9 @@ Resources: IncludeAdditionalPolicies: true AdditionalPolicies: !Join - "," - - - Fn::ImportValue: !Sub ${StackName}-tables:tables:${PrescriptionStatusUpdatesTableName}:TableWritePolicyArn - - Fn::ImportValue: !Sub ${StackName}-tables:tables:${PrescriptionStatusUpdatesTableName}:TableReadPolicyArn - - Fn::ImportValue: !Sub ${StackName}-tables:tables:UsePrescriptionStatusUpdatesKMSKeyPolicyArn + - - Fn::ImportValue: !Sub ${TablesStackName}:tables:${PrescriptionStatusUpdatesTableName}:TableWritePolicyArn + - Fn::ImportValue: !Sub ${TablesStackName}:tables:${PrescriptionStatusUpdatesTableName}:TableReadPolicyArn + - Fn::ImportValue: !Sub ${TablesStackName}:tables:UsePrescriptionStatusUpdatesKMSKeyPolicyArn LogRetentionInDays: !Ref LogRetentionInDays CloudWatchKMSKeyId: !ImportValue account-resources:CloudwatchLogsKmsKeyArn EnableSplunk: !Ref EnableSplunk @@ -181,8 +184,8 @@ Resources: IncludeAdditionalPolicies: true AdditionalPolicies: !Join - "," - - - Fn::ImportValue: !Sub ${StackName}-tables:tables:${PrescriptionStatusUpdatesTableName}:TableReadPolicyArn - - Fn::ImportValue: !Sub ${StackName}-tables:tables:UsePrescriptionStatusUpdatesKMSKeyPolicyArn + - - Fn::ImportValue: !Sub ${TablesStackName}:tables:${PrescriptionStatusUpdatesTableName}:TableReadPolicyArn + - Fn::ImportValue: !Sub ${TablesStackName}:tables:UsePrescriptionStatusUpdatesKMSKeyPolicyArn LogRetentionInDays: !Ref LogRetentionInDays CloudWatchKMSKeyId: !ImportValue account-resources:CloudwatchLogsKmsKeyArn EnableSplunk: !Ref EnableSplunk @@ -312,8 +315,8 @@ Resources: IncludeAdditionalPolicies: true AdditionalPolicies: !Join - "," - - - Fn::ImportValue: !Sub ${StackName}-tables:tables:${PrescriptionStatusUpdatesTableName}:TableReadPolicyArn - - Fn::ImportValue: !Sub ${StackName}-tables:tables:UsePrescriptionStatusUpdatesKMSKeyPolicyArn + - - Fn::ImportValue: !Sub ${TablesStackName}:tables:${PrescriptionStatusUpdatesTableName}:TableReadPolicyArn + - Fn::ImportValue: !Sub ${TablesStackName}:tables:UsePrescriptionStatusUpdatesKMSKeyPolicyArn LogRetentionInDays: !Ref LogRetentionInDays CloudWatchKMSKeyId: !ImportValue account-resources:CloudwatchLogsKmsKeyArn EnableSplunk: !Ref EnableSplunk diff --git a/SAMtemplates/main_template.yaml b/SAMtemplates/main_template.yaml index be57db4c2..375c36cea 100644 --- a/SAMtemplates/main_template.yaml +++ b/SAMtemplates/main_template.yaml @@ -80,6 +80,8 @@ Parameters: PrescriptionStatusUpdatesTableName: Type: String + TablesStackName: + Type: String Resources: Apis: Type: AWS::Serverless::Application @@ -101,6 +103,7 @@ Resources: LogRetentionInDays: !Ref LogRetentionInDays EnableSplunk: !Ref EnableSplunk DeployCheckPrescriptionStatusUpdate: !Ref DeployCheckPrescriptionStatusUpdate + TablesStackName: !Ref TablesStackName Functions: Type: AWS::Serverless::Application From 93f8ac3ee412d4c2717e63dd564cedd1abeb64c7 Mon Sep 17 00:00:00 2001 From: Anthony Brown <121869075+anthony-nhs@users.noreply.github.com> Date: Tue, 24 Sep 2024 09:29:15 +0000 Subject: [PATCH 17/22] correct var --- SAMtemplates/main_template.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SAMtemplates/main_template.yaml b/SAMtemplates/main_template.yaml index 375c36cea..947eba9ba 100644 --- a/SAMtemplates/main_template.yaml +++ b/SAMtemplates/main_template.yaml @@ -103,7 +103,6 @@ Resources: LogRetentionInDays: !Ref LogRetentionInDays EnableSplunk: !Ref EnableSplunk DeployCheckPrescriptionStatusUpdate: !Ref DeployCheckPrescriptionStatusUpdate - TablesStackName: !Ref TablesStackName Functions: Type: AWS::Serverless::Application @@ -119,6 +118,7 @@ Resources: CommitId: !Ref CommitId DeployCheckPrescriptionStatusUpdate: !Ref DeployCheckPrescriptionStatusUpdate Environment: !Ref Environment + TablesStackName: !Ref TablesStackName StateMachines: Type: AWS::Serverless::Application From 7fa3073da5ec7d971aa05290dc092ccce60e2775 Mon Sep 17 00:00:00 2001 From: Anthony Brown <121869075+anthony-nhs@users.noreply.github.com> Date: Tue, 24 Sep 2024 09:48:08 +0000 Subject: [PATCH 18/22] fix getting export --- .github/scripts/release_code.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/scripts/release_code.sh b/.github/scripts/release_code.sh index 74a1f5785..672d69fca 100755 --- a/.github/scripts/release_code.sh +++ b/.github/scripts/release_code.sh @@ -218,7 +218,7 @@ deploy_main_stack "${undeployed_stack_name}" "${undeployed_colour}" "${stack_nam # get blue stack exports RestApiGateway=$(aws cloudformation list-exports --query "Exports[?Name=='${undeployed_stack_name}:RestApi:Gateway'].Value" --output text) RestApiGatewayStage=$(aws cloudformation list-exports --query "Exports[?Name=='${undeployed_stack_name}:RestApi:Gateway:Stage'].Value" --output text) -GSUL_ARN=$(aws cloudformation list-exports --query "Exports[?Name=='${undeployed_stack_name}:functions:psu-GetStatusUpdates:FunctionArn'].Value" --output text) +GSUL_ARN=$(aws cloudformation list-exports --query "Exports[?Name=='${undeployed_stack_name}:functions:GetStatusUpdates:FunctionArn'].Value" --output text) deploy_api_domain_stack "${stack_name}" "${undeployed_colour}" deploy_main_stack "${deployed_stack_name}" "${deployed_colour}" "${stack_name}-tables" From c376ab3501026f477eee71546ea5377368bf7938 Mon Sep 17 00:00:00 2001 From: Anthony Brown <121869075+anthony-nhs@users.noreply.github.com> Date: Tue, 24 Sep 2024 10:29:22 +0000 Subject: [PATCH 19/22] temp disable sonar --- .github/workflows/quality_checks.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/quality_checks.yml b/.github/workflows/quality_checks.yml index 268b5423e..6eb0b13fb 100644 --- a/.github/workflows/quality_checks.yml +++ b/.github/workflows/quality_checks.yml @@ -72,8 +72,8 @@ jobs: name: cfn_guard_output path: cfn_guard_output - - name: SonarCloud Scan - uses: SonarSource/sonarcloud-github-action@master - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + # - name: SonarCloud Scan + # uses: SonarSource/sonarcloud-github-action@master + # env: + # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} From c6182c937c5e1688b6f65a138d7162d24188e451 Mon Sep 17 00:00:00 2001 From: Anthony Brown <121869075+anthony-nhs@users.noreply.github.com> Date: Tue, 24 Sep 2024 10:46:12 +0000 Subject: [PATCH 20/22] correct passing var --- .github/scripts/release_code.sh | 40 ++++++++++++++++++++++++++++----- 1 file changed, 35 insertions(+), 5 deletions(-) diff --git a/.github/scripts/release_code.sh b/.github/scripts/release_code.sh index 672d69fca..b690502c2 100755 --- a/.github/scripts/release_code.sh +++ b/.github/scripts/release_code.sh @@ -26,7 +26,12 @@ function get_exports() { } function deploy_sandbox_stack() { - echo "About to sandbox stack" + echo "********************************************" + echo + echo "Deploying sandbox stack" + echo + echo "********************************************" + echo local stack_name=$1 check_required_vars "GITHUB_WORKSPACE \ stack_name \ @@ -62,10 +67,15 @@ function deploy_sandbox_stack() { } function deploy_main_stack() { - echo "About to main stack" local stack_name=$1 local deployment_colour=$2 local TablesStackName=$3 + echo "********************************************" + echo + echo "Deploying main stack pointing to stack ${stack_name}" + echo + echo "********************************************" + echo check_required_vars "GITHUB_WORKSPACE \ stack_name \ artifact_bucket \ @@ -113,7 +123,12 @@ function deploy_main_stack() { } function deploy_api_domain_stack() { - echo "About to api domain stack" + echo "********************************************" + echo + echo "Deploying api_domain stack pointing to ${deployment_colour}" + echo + echo "********************************************" + echo local stack_name=$1 local deployment_colour=$2 check_required_vars "GITHUB_WORKSPACE \ @@ -152,11 +167,16 @@ function deploy_api_domain_stack() { LogRetentionInDays="${LOG_RETENTION_DAYS}" \ RestApiGateway="${RestApiGateway}" \ RestApiGatewayStage="${RestApiGatewayStage}" \ - GSUL_ARN="${GSUL_ARN}" + GSUL_ARN="'""${GSUL_ARN}""'" } function deploy_table_stack() { - echo "About to table stack" + echo "********************************************" + echo + echo "Deploying table stack" + echo + echo "********************************************" + echo local stack_name=$1 check_required_vars "GITHUB_WORKSPACE \ stack_name \ @@ -202,11 +222,21 @@ deploy_table_stack "${stack_name}-tables" PrescriptionStatusUpdatesTableName=$(aws cloudformation list-exports --query "Exports[?Name=='${stack_name}-tables:tables:PrescriptionStatusUpdatesTableName'].Value" --output text) if [ "$current_coluor" == "blue" ]; then + echo "********************************************" + echo + echo "Current live stack is blue - going to deploy green first" + echo + echo "********************************************" undeployed_colour="green" deployed_colour="blue" undeployed_stack_name="${stack_name}-green" deployed_stack_name="${stack_name}-blue" else + echo "********************************************" + echo + echo "Current live stack is green - going to deploy blue first" + echo + echo "********************************************" undeployed_colour="blue" deployed_colour="green" undeployed_stack_name="${stack_name}-blue" From 533d5a6db081e0268dd3bf7af301be7ea24da992 Mon Sep 17 00:00:00 2001 From: Anthony Brown <121869075+anthony-nhs@users.noreply.github.com> Date: Tue, 24 Sep 2024 11:05:22 +0000 Subject: [PATCH 21/22] fix --- .github/scripts/release_code.sh | 7 ++++--- SAMtemplates/apis/api_domain.yaml | 4 ++-- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/.github/scripts/release_code.sh b/.github/scripts/release_code.sh index b690502c2..3ee8fca42 100755 --- a/.github/scripts/release_code.sh +++ b/.github/scripts/release_code.sh @@ -72,7 +72,7 @@ function deploy_main_stack() { local TablesStackName=$3 echo "********************************************" echo - echo "Deploying main stack pointing to stack ${stack_name}" + echo "Deploying main stack with stack name ${stack_name}" echo echo "********************************************" echo @@ -144,7 +144,8 @@ function deploy_api_domain_stack() { LOG_LEVEL \ LOG_RETENTION_DAYS \ RestApiGateway \ - RestApiGatewayStage" + RestApiGatewayStage \ + GSUL_ARN" sam deploy \ --template-file "${GITHUB_WORKSPACE}/.aws-sam/build.api_domain/template.yaml" \ --stack-name "${stack_name}" \ @@ -167,7 +168,7 @@ function deploy_api_domain_stack() { LogRetentionInDays="${LOG_RETENTION_DAYS}" \ RestApiGateway="${RestApiGateway}" \ RestApiGatewayStage="${RestApiGatewayStage}" \ - GSUL_ARN="'""${GSUL_ARN}""'" + GSULARN="${GSUL_ARN}" } function deploy_table_stack() { diff --git a/SAMtemplates/apis/api_domain.yaml b/SAMtemplates/apis/api_domain.yaml index 08198cb0a..08d00bc53 100644 --- a/SAMtemplates/apis/api_domain.yaml +++ b/SAMtemplates/apis/api_domain.yaml @@ -16,7 +16,7 @@ Parameters: RestApiGatewayStage: Type: String - GSUL_ARN: + GSULARN: Type: String Conditions: @@ -108,7 +108,7 @@ Resources: Role: !GetAtt GetGSULArnResources.Outputs.LambdaRoleArn Environment: Variables: - GSUL_ARN: !Ref GSUL_ARN + GSUL_ARN: !Ref GSULARN Metadata: guard: SuppressedRules: From 253bbcad171af9c42c1a1fb5d0489626ef8485de Mon Sep 17 00:00:00 2001 From: Anthony Brown <121869075+anthony-nhs@users.noreply.github.com> Date: Tue, 24 Sep 2024 11:12:33 +0000 Subject: [PATCH 22/22] fix params --- .github/scripts/release_code.sh | 1 + SAMtemplates/apis/api_domain.yaml | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/.github/scripts/release_code.sh b/.github/scripts/release_code.sh index 3ee8fca42..302fe5afb 100755 --- a/.github/scripts/release_code.sh +++ b/.github/scripts/release_code.sh @@ -165,6 +165,7 @@ function deploy_api_domain_stack() { TruststoreVersion="${LATEST_TRUSTSTORE_VERSION}" \ EnableMutualTLS="${ENABLE_MUTUAL_TLS}" \ LogLevel="${LOG_LEVEL}" \ + EnableSplunk=true \ LogRetentionInDays="${LOG_RETENTION_DAYS}" \ RestApiGateway="${RestApiGateway}" \ RestApiGatewayStage="${RestApiGatewayStage}" \ diff --git a/SAMtemplates/apis/api_domain.yaml b/SAMtemplates/apis/api_domain.yaml index 08d00bc53..f19f0deb2 100644 --- a/SAMtemplates/apis/api_domain.yaml +++ b/SAMtemplates/apis/api_domain.yaml @@ -19,6 +19,12 @@ Parameters: GSULARN: Type: String + LogRetentionInDays: + Type: String + + EnableSplunk: + Type: String + Conditions: ShouldUseMutualTLS: !Equals - true