Fix: [AEA-0000] - do blue green deployment

.github/scripts/package_code.sh

@@ -0,0 +1,43 @@
+#!/usr/bin/env bash
+set -e
+
+# make sure asdf will work
+cp .tool-versions ~/
+rm -rf .aws-sam
+export PATH=$PATH:$PWD/node_modules/.bin
+
+# compile api spec
+make compile-specification
+
+# build main sam stack
+make sam-build
+
+# copy files needed into target directory and rename it
+cp Makefile .aws-sam/build/
+cp samconfig_package_and_deploy.toml .aws-sam/build/
+mv .aws-sam/build .aws-sam/build.main
+
+# build api domain sam stack
+make sam-build-api-domain
+
+# copy files needed into target directory and rename it
+cp Makefile .aws-sam/build/
+cp samconfig_package_and_deploy.toml .aws-sam/build/
+mv .aws-sam/build .aws-sam/build.api_domain
+
+# build table sam stack
+make sam-build-tables
+
+# copy files needed into target directory and rename it
+cp Makefile .aws-sam/build/
+cp samconfig_package_and_deploy.toml .aws-sam/build/
+mv .aws-sam/build .aws-sam/build.tables
+
+# copy api spec
+mkdir -p .aws-sam/build/specification
+cp packages/specification/dist/eps-prescription-status-update-api.resolved.json .aws-sam/build/specification/
+cp packages/specification/dist/eps-custom-prescription-status-update-api.resolved.json .aws-sam/build/specification/
+
+# copy deployment scripts
+cp .github/scripts/release_code.sh .aws-sam/build/
+cp .github/scripts/deploy_api.sh .aws-sam/build/

.github/scripts/release_code.sh

@@ -1,17 +1,221 @@
 #!/usr/bin/env bash
+set -e
 
-echo "$COMMIT_ID"
+function check_required_vars() {
+    REQUIRED_VARS=$1
 
-artifact_bucket=$(aws cloudformation list-exports --output json | jq -r '.Exports[] | select(.Name == "account-resources:ArtifactsBucket") | .Value' | grep -o '[^:]*$')
-export artifact_bucket
+    for var in $REQUIRED_VARS; do
+        # Check if the variable is defined and not empty
+        if [ -z "${!var}" ]; then
+            echo "Error: $var is not defined or is empty."
+            exit 1
+        else
+            echo "$var: '${!var}'"
+        fi
+    done
+}
 
-cloud_formation_execution_role=$(aws cloudformation list-exports --output json | jq -r '.Exports[] | select(.Name == "ci-resources:CloudFormationExecutionRole") | .Value' )
-export cloud_formation_execution_role
+function get_exports() {
+    artifact_bucket=$(aws cloudformation list-exports --output json | jq -r '.Exports[] | select(.Name == "account-resources:ArtifactsBucket") | .Value' | grep -o '[^:]*$')
 
-TRUSTSTORE_BUCKET_ARN=$(aws cloudformation describe-stacks --stack-name account-resources --query "Stacks[0].Outputs[?OutputKey=='TrustStoreBucket'].OutputValue" --output text)
-TRUSTSTORE_BUCKET_NAME=$(echo "${TRUSTSTORE_BUCKET_ARN}" | cut -d ":" -f 6)
-LATEST_TRUSTSTORE_VERSION=$(aws s3api list-object-versions --bucket "${TRUSTSTORE_BUCKET_NAME}" --prefix "${TRUSTSTORE_FILE}" --query 'Versions[?IsLatest].[VersionId]' --output text)
-export LATEST_TRUSTSTORE_VERSION
+    cloud_formation_execution_role=$(aws cloudformation list-exports --output json | jq -r '.Exports[] | select(.Name == "ci-resources:CloudFormationExecutionRole") | .Value' )
 
-cd ../../.aws-sam/build || exit
-make sam-deploy-package
+    TRUSTSTORE_BUCKET_ARN=$(aws cloudformation describe-stacks --stack-name account-resources --query "Stacks[0].Outputs[?OutputKey=='TrustStoreBucket'].OutputValue" --output text)
+    TRUSTSTORE_BUCKET_NAME=$(echo "${TRUSTSTORE_BUCKET_ARN}" | cut -d ":" -f 6)
+    LATEST_TRUSTSTORE_VERSION=$(aws s3api list-object-versions --bucket "${TRUSTSTORE_BUCKET_NAME}" --prefix "${TRUSTSTORE_FILE}" --query 'Versions[?IsLatest].[VersionId]' --output text)
+}
+
+function deploy_sandbox_stack() {
+    echo "About to sandbox stack"
+    local stack_name=$1
+    check_required_vars "GITHUB_WORKSPACE \
+        stack_name \
+        artifact_bucket \
+        ARTIFACT_BUCKET_PREFIX \
+        cloud_formation_execution_role \
+        VERSION_NUMBER \
+        ENABLE_MUTUAL_TLS \
+        COMMIT_ID \
+        LOG_LEVEL \
+        LOG_RETENTION_DAYS"
+    sam deploy \
+		--template-file "${GITHUB_WORKSPACE}/.aws-sam/build/template.yaml" \
+		--stack-name "${stack_name}" \
+		--capabilities CAPABILITY_NAMED_IAM CAPABILITY_AUTO_EXPAND \
+		--region eu-west-2 \
+		--s3-bucket "${artifact_bucket}" \
+		--s3-prefix "${ARTIFACT_BUCKET_PREFIX}" \
+		--config-file "${GITHUB_WORKSPACE}/.aws-sam/build/samconfig_package_and_deploy.toml" \
+		--no-fail-on-empty-changeset \
+		--role-arn "${cloud_formation_execution_role}" \
+		--no-confirm-changeset \
+		--force-upload \
+		--tags \
+				version="${VERSION_NUMBER}" \
+		--parameter-overrides \
+				EnableMutualTLS="${ENABLE_MUTUAL_TLS}" \
+				EnableSplunk=true \
+				VersionNumber="${VERSION_NUMBER}" \
+				CommitId="${COMMIT_ID}" \
+				LogLevel="${LOG_LEVEL}" \
+				LogRetentionInDays="${LOG_RETENTION_DAYS}"
+}
+
+function deploy_main_stack() {
+    echo "About to main stack"
+    local stack_name=$1
+    local deployment_colour=$2
+    check_required_vars "GITHUB_WORKSPACE \
+        stack_name \
+        artifact_bucket \
+        ARTIFACT_BUCKET_PREFIX \
+        cloud_formation_execution_role \
+        VERSION_NUMBER \
+        deployment_colour \
+        ENABLE_MUTUAL_TLS \
+        DYNAMODB_AUTOSCALE \
+        COMMIT_ID \
+        LOG_LEVEL \
+        LOG_RETENTION_DAYS \
+        TARGET_ENVIRONMENT \
+        DEPLOY_CHECK_PRESCRIPTION_STATUS_UPDATE \
+        ENABLE_ALERTS"
+    sam deploy \
+		--template-file "${GITHUB_WORKSPACE}/.aws-sam/build.main/template.yaml" \
+		--stack-name "${stack_name}" \
+		--capabilities CAPABILITY_NAMED_IAM CAPABILITY_AUTO_EXPAND \
+		--region eu-west-2 \
+		--s3-bucket "${artifact_bucket}" \
+		--s3-prefix "${ARTIFACT_BUCKET_PREFIX}" \
+		--config-file "${GITHUB_WORKSPACE}/.aws-sam/build.main/samconfig_package_and_deploy.toml" \
+		--no-fail-on-empty-changeset \
+		--role-arn "${cloud_formation_execution_role}" \
+		--no-confirm-changeset \
+		--force-upload \
+		--tags \
+				version="${VERSION_NUMBER}" \
+				deployment_colour="${deployment_colour}" \
+		--parameter-overrides \
+				EnableMutualTLS="${ENABLE_MUTUAL_TLS}" \
+				EnableSplunk=true \
+				EnableDynamoDBAutoScaling="${DYNAMODB_AUTOSCALE}" \
+				VersionNumber="${VERSION_NUMBER}" \
+				CommitId="${COMMIT_ID}" \
+				LogLevel="${LOG_LEVEL}" \
+				LogRetentionInDays="${LOG_RETENTION_DAYS}" \
+				Environment="${TARGET_ENVIRONMENT}" \
+				DeployCheckPrescriptionStatusUpdate="${DEPLOY_CHECK_PRESCRIPTION_STATUS_UPDATE}" \
+				EnableAlerts="${ENABLE_ALERTS}" \
+                PrescriptionStatusUpdatesTableName="${PrescriptionStatusUpdatesTableName}"
+}
+
+function deploy_api_domain_stack() {
+    echo "About to api domain stack"
+    local stack_name=$1
+    local deployment_colour=$2
+    check_required_vars "GITHUB_WORKSPACE \
+        stack_name \
+        artifact_bucket \
+        ARTIFACT_BUCKET_PREFIX \
+        cloud_formation_execution_role \
+        VERSION_NUMBER \
+        deployment_colour \
+        LATEST_TRUSTSTORE_VERSION \
+        ENABLE_MUTUAL_TLS \
+        COMMIT_ID \
+        LOG_LEVEL \
+        LOG_RETENTION_DAYS \
+        RestApiGateway \
+        RestApiGatewayStage"
+    sam deploy \
+		--template-file "${GITHUB_WORKSPACE}/.aws-sam/build.api_domain/template.yaml" \
+		--stack-name "${stack_name}" \
+		--capabilities CAPABILITY_NAMED_IAM CAPABILITY_AUTO_EXPAND \
+		--region eu-west-2 \
+		--s3-bucket "${artifact_bucket}" \
+		--s3-prefix "${ARTIFACT_BUCKET_PREFIX}" \
+		--config-file "${GITHUB_WORKSPACE}/.aws-sam/build.api_domain/samconfig_package_and_deploy.toml" \
+		--no-fail-on-empty-changeset \
+		--role-arn "${cloud_formation_execution_role}" \
+		--no-confirm-changeset \
+		--force-upload \
+		--tags \
+				version="${VERSION_NUMBER}" \
+				deployment_colour="${deployment_colour}" \
+		--parameter-overrides \
+				TruststoreVersion="${LATEST_TRUSTSTORE_VERSION}" \
+				EnableMutualTLS="${ENABLE_MUTUAL_TLS}" \
+				LogLevel="${LOG_LEVEL}" \
+				LogRetentionInDays="${LOG_RETENTION_DAYS}" \
+   				RestApiGateway="${RestApiGateway}" \
+				RestApiGatewayStage="${RestApiGatewayStage}" \
+                GSUL_ARN="${GSUL_ARN}"
+}
+
+function deploy_table_stack() {
+    echo "About to table stack"
+    local stack_name=$1
+    check_required_vars "GITHUB_WORKSPACE \
+        stack_name \
+        artifact_bucket \
+        ARTIFACT_BUCKET_PREFIX \
+        cloud_formation_execution_role \
+        VERSION_NUMBER \
+        DYNAMODB_AUTOSCALE \
+        COMMIT_ID"
+    sam deploy \
+		--template-file "${GITHUB_WORKSPACE}/.aws-sam/build.tables/template.yaml" \
+		--stack-name "${stack_name}" \
+		--capabilities CAPABILITY_NAMED_IAM CAPABILITY_AUTO_EXPAND \
+		--region eu-west-2 \
+		--s3-bucket "${artifact_bucket}" \
+		--s3-prefix "${ARTIFACT_BUCKET_PREFIX}" \
+		--config-file "${GITHUB_WORKSPACE}/.aws-sam/build.tables/samconfig_package_and_deploy.toml" \
+		--no-fail-on-empty-changeset \
+		--role-arn "${cloud_formation_execution_role}" \
+		--no-confirm-changeset \
+		--force-upload \
+		--tags \
+				version="${VERSION_NUMBER}" \
+		--parameter-overrides \
+				EnableMutualTLS="${ENABLE_MUTUAL_TLS}" \
+				EnableSplunk=true \
+				EnableDynamoDBAutoScaling="${DYNAMODB_AUTOSCALE}" \
+				VersionNumber="${VERSION_NUMBER}" 
+}
+
+get_exports
+
+if [ "$DEPLOY_SANDBOX" == "true" ]; then
+    deploy_sandbox_stack "${stack_name}"
+    exit 0
+fi
+
+# get current deployed colour
+current_coluor=$(aws cloudformation  describe-stacks --stack-name "${stack_name}" --query "Stacks[].Tags[?Key=='deployment_colour'].Value" --output text)
+
+deploy_table_stack "${stack_name}-tables"
+
+PrescriptionStatusUpdatesTableName=$(aws cloudformation list-exports --query "Exports[?Name=='${stack_name}-tables:tables:PrescriptionStatusUpdatesTableName'].Value" --output text)
+
+if [ "$current_coluor" == "blue" ]; then
+    undeployed_colour="green"
+    deployed_colour="blue"
+    undeployed_stack_name="${stack_name}-green"
+    deployed_stack_name="${stack_name}-blue"
+else
+    undeployed_colour="blue"
+    deployed_colour="green"
+    undeployed_stack_name="${stack_name}-blue"
+    deployed_stack_name="${stack_name}-green"
+fi
+
+deploy_main_stack "${undeployed_stack_name}" "${undeployed_colour}"
+
+# get blue stack exports
+RestApiGateway=$(aws cloudformation list-exports --query "Exports[?Name=='${undeployed_stack_name}:RestApi:Gateway'].Value" --output text)
+RestApiGatewayStage=$(aws cloudformation list-exports --query "Exports[?Name=='${undeployed_stack_name}:RestApi:Gateway:Stage'].Value" --output text)
+GSUL_ARN=$(aws cloudformation list-exports --query "Exports[?Name=='${undeployed_stack_name}:functions:psu-GetStatusUpdates:FunctionArn'].Value" --output text)
+deploy_api_domain_stack "${stack_name}" "${undeployed_colour}"
+
+deploy_main_stack "${deployed_stack_name}" "${deployed_colour}"

.github/workflows/pull_request.yml

@@ -76,6 +76,7 @@ jobs:
       DEPLOY_APIGEE_CPSU: true
       DEPLOY_CHECK_PRESCRIPTION_STATUS_UPDATE: true
       ENABLE_ALERTS: false
+      DEPLOY_SANDBOX: false
     secrets:
       CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }}
       PROXYGEN_ROLE: ${{ secrets.PROXYGEN_PTL_ROLE }}
@@ -99,6 +100,7 @@ jobs:
       DYNAMODB_AUTOSCALE: false
       DEPLOY_APIGEE_CPSU: true
       DEPLOY_CHECK_PRESCRIPTION_STATUS_UPDATE: true
+      DEPLOY_SANDBOX: true
     secrets:
       CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }}
       PROXYGEN_ROLE: ${{ secrets.PROXYGEN_PTL_ROLE }}

.github/workflows/run_package_code_and_api.yml

@@ -51,24 +51,17 @@ jobs:
 
       - shell: bash
         name: Package code
-        run: |
-          cp .tool-versions ~/
-          rm -rf .aws-sam
-          export PATH=$PATH:$PWD/node_modules/.bin
-          make compile-specification
-          make sam-build
-          cp Makefile .aws-sam/build/
-          cp samconfig_package_and_deploy.toml .aws-sam/build/
-          mkdir -p .aws-sam/build/specification
-          cp packages/specification/dist/eps-prescription-status-update-api.resolved.json .aws-sam/build/specification/
-          cp packages/specification/dist/eps-custom-prescription-status-update-api.resolved.json .aws-sam/build/specification/
+        run: .github/scripts/package_code.sh
 
       - uses: actions/upload-artifact@v4
         name: Upload build artifact
         with:
           name: packaged_code
           path: |
             .aws-sam/build
+            .aws-sam/build.main
+            .aws-sam/build.api_domain
+            .aws-sam/build.tables
             SAMtemplates/state_machines/UpdatePrescriptionStatusStateMachine.asl.json
             SAMtemplates/state_machines/Format1UpdatePrescriptionsStatusStateMachine.asl.json
 

.github/workflows/run_release_code_and_api.yml

@@ -67,6 +67,9 @@ on:
       ENABLE_ALERTS:
         type: boolean
         default: true
+      DEPLOY_SANDBOX:
+        type: boolean
+        default: false
     secrets:
       CLOUD_FORMATION_DEPLOY_ROLE:
         required: true
@@ -137,19 +140,19 @@ jobs:
         shell: bash
         working-directory: .github/scripts
         env:
-          artifact_bucket_prefix: prescription_status_update/${{ inputs.ARTIFACT_BUCKET_PREFIX }}
+          ARTIFACT_BUCKET_PREFIX: prescription_status_update/${{ inputs.ARTIFACT_BUCKET_PREFIX }}
           COMMIT_ID: ${{ inputs.COMMIT_ID }}
-          enable_mutual_tls: ${{ inputs.ENABLE_MUTUAL_TLS }}
+          ENABLE_MUTUAL_TLS: ${{ inputs.ENABLE_MUTUAL_TLS }}
           LOG_LEVEL: ${{ inputs.LOG_LEVEL }}
           LOG_RETENTION_DAYS: ${{ inputs.LOG_RETENTION_DAYS }}
           stack_name: ${{ inputs.STACK_NAME }}
           TARGET_ENVIRONMENT: ${{ inputs.AWS_ENVIRONMENT }}
-          template_file: template.yaml
           TRUSTSTORE_FILE: ${{ inputs.TRUSTSTORE_FILE }}
           VERSION_NUMBER: ${{ inputs.VERSION_NUMBER }}
           DYNAMODB_AUTOSCALE: ${{ inputs.DYNAMODB_AUTOSCALE }}
           DEPLOY_CHECK_PRESCRIPTION_STATUS_UPDATE: ${{ inputs.DEPLOY_CHECK_PRESCRIPTION_STATUS_UPDATE }}
           ENABLE_ALERTS: ${{ inputs.ENABLE_ALERTS }}
+          DEPLOY_SANDBOX: ${{ inputs.DEPLOY_SANDBOX}}
         run: ./release_code.sh
 
       - name: get mtls secrets