[AEA-4684] add ci workflows

NHSDigital · Nov 28, 2024 · 4e68bb5 · 4e68bb5
1 parent 5feb73e
commit 4e68bb5
Show file tree

Hide file tree

Showing 12 changed files with 544 additions and 207 deletions.
diff --git a/.github/scripts/call_mark_jira_released.sh b/.github/scripts/call_mark_jira_released.sh
@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+
+echo "calling mark jira released"
+
+cat <<EOF > payload.json
+{ 
+  "releaseVersion": "EPS-VPC-Resources-$RELEASE_TAG"
+}
+EOF
+cat payload.json
+
+function_arn=$(aws cloudformation list-exports --query "Exports[?Name=='release-notes:MarkJiraReleasedLambdaArn'].Value" --output text)
+aws lambda invoke --function-name "${function_arn}" --cli-binary-format raw-in-base64-out --payload file://payload.json out.txt
+cat out.txt
diff --git a/.github/scripts/create_env_release_notes.sh b/.github/scripts/create_env_release_notes.sh
@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+
+cat <<EOF > payload.json
+{ 
+  "currentTag": "$CURRENT_DEPLOYED_TAG",
+  "targetTag": "$DEV_TAG",
+  "repoName": "eps-vpc-resources",
+  "targetEnvironment": "$ENV",
+  "productName": "EPS VPC Resources",
+  "releaseNotesPageId": "$PAGE_ID",
+  "releaseNotesPageTitle": "Current EPS VPC Resources release notes - $ENV"
+}
+EOF
+cat payload.json
+
+function_arn=$(aws cloudformation list-exports --query "Exports[?Name=='release-notes:CreateReleaseNotesLambdaArn'].Value" --output text)
+aws lambda invoke --function-name "${function_arn}" --cli-binary-format raw-in-base64-out --payload file://payload.json out.txt
+cat out.txt
diff --git a/.github/scripts/create_int_rc_release_notes.sh b/.github/scripts/create_int_rc_release_notes.sh
@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+
+cat <<EOF > payload.json
+{ 
+  "currentTag": "$CURRENT_DEPLOYED_TAG",
+  "targetTag": "$RELEASE_TAG",
+  "repoName": "eps-vpc-resources",
+  "targetEnvironment": "INT",
+  "productName": "EPS VPC Resources",
+  "releaseNotesPageId": "$PAGE_ID",
+  "releaseNotesPageTitle": "EPS-VPC-Resources-$RELEASE_TAG - Deployed to [INT] on $(date +'%d-%m-%y')",
+  "createReleaseCandidate": "true",
+  "releasePrefix": "EPS-VPC-Resources-"
+}
+EOF
+cat payload.json
+
+function_arn=$(aws cloudformation list-exports --query "Exports[?Name=='release-notes:CreateReleaseNotesLambdaArn'].Value" --output text)
+aws lambda invoke --function-name "${function_arn}" --cli-binary-format raw-in-base64-out --payload file://payload.json out.txt
+cat out.txt
diff --git a/.github/scripts/get_current_dev_tag.sh b/.github/scripts/get_current_dev_tag.sh
@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+
+dev_tag=$(aws cloudformation describe-stacks --stack-name vpc-resources --query "Stacks[0].Tags[?Key=='version'].Value" --output text)
+
+echo "DEV_TAG=${dev_tag}" >> "$GITHUB_ENV"
diff --git a/.github/scripts/get_target_deployed_tag.sh b/.github/scripts/get_target_deployed_tag.sh
@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+
+current_deployed_tag=$(aws cloudformation describe-stacks --stack-name vpc-resources --query "Stacks[0].Tags[?Key=='version'].Value" --output text)
+
+if [ -z "$current_deployed_tag" ]
+then
+     current_deployed_tag=v1.0.0-beta
+fi
+
+echo "CURRENT_DEPLOYED_TAG=${current_deployed_tag}" >> "$GITHUB_ENV"
diff --git a/.github/workflows/cdk_package_code.yml b/.github/workflows/cdk_package_code.yml
@@ -0,0 +1,70 @@
+name: cdk package code
+
+on:
+  workflow_call:
+    inputs:
+      VERSION_NUMBER:
+        required: true
+        type: string
+      COMMIT_ID:
+        required: true
+        type: string
+
+
+jobs:
+  package_code:
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+      packages: read
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ env.BRANCH_NAME }}
+
+      # using git commit sha for version of action to ensure we have stable version
+      - name: Install asdf
+        uses: asdf-vm/actions/setup@05e0d2ed97b598bfce82fd30daf324ae0c4570e6
+        with:
+          asdf_branch: v0.14.1
+
+      - name: Cache asdf
+        uses: actions/cache@v4
+        with:
+          path: |
+            ~/.asdf
+          key: ${{ runner.os }}-asdf-${{ hashFiles('**/.tool-versions') }}
+          restore-keys: |
+            ${{ runner.os }}-asdf-${{ hashFiles('**/.tool-versions') }}
+
+      - name: Install asdf dependencies in .tool-versions
+        uses: asdf-vm/actions/install@05e0d2ed97b598bfce82fd30daf324ae0c4570e6
+        with:
+          asdf_branch: v0.14.1
+        env:
+          PYTHON_CONFIGURE_OPTS: --enable-shared
+
+      - name: make install
+        run: |
+          make install
+          make compile-node
+
+      - name: 'Tar files'
+        run: |
+          tar -rf artifact.tar \
+            .tool-versions \
+            packages \
+            node_modules \
+            package.json \
+            package-lock.json \
+            tsconfig.defaults.json \
+            Makefile \
+            cdk.json
+
+      - uses: actions/upload-artifact@v4
+        name: upload build artifact
+        with:
+          name: build_artifact
+          path: artifact.tar
diff --git a/.github/workflows/cdk_release_code.yml b/.github/workflows/cdk_release_code.yml
@@ -0,0 +1,152 @@
+name: cdk release code
+
+on:
+  workflow_call:
+    inputs:
+      TARGET_ENVIRONMENT:
+        required: true
+        type: string
+      VERSION_NUMBER:
+        required: true
+        type: string
+      COMMIT_ID:
+        required: true
+        type: string
+      LOG_RETENTION_IN_DAYS:
+        required: true
+        type: string
+    secrets:
+      CLOUD_FORMATION_DEPLOY_ROLE:
+        required: true
+      CDK_PULL_IMAGE_ROLE:
+        required: true
+jobs:
+  release_code:
+    runs-on: ubuntu-latest
+    environment: ${{ inputs.TARGET_ENVIRONMENT }}
+    name: deploy cdk app
+    permissions:
+      id-token: write
+      contents: write
+
+    steps:
+      - name: Checkout local github actions
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ env.BRANCH_NAME }}
+          fetch-depth: 0
+          sparse-checkout: |
+            .github
+
+      - name: Configure AWS Credentials
+        id: connect-aws-pull-image
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: eu-west-2
+          role-to-assume: ${{ secrets.CDK_PULL_IMAGE_ROLE }}
+          role-session-name: eps-vpc-resources-pull-image
+
+      - name: build_artifact download
+        uses: actions/download-artifact@v4
+        with:
+          name: build_artifact
+
+      - name: extract build_artifact
+        run: |
+          mkdir -p .build
+          tar -xf artifact.tar -C .build
+
+      - name: Retrieve AWS Account ID
+        id: retrieve-account-id
+        run: echo "ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)" >> "$GITHUB_ENV"
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        run: |
+          aws ecr get-login-password --region eu-west-2 | docker login --username AWS --password-stdin ${{ env.ACCOUNT_ID }}.dkr.ecr.eu-west-2.amazonaws.com
+
+      - name: Pull cdk-utils-build from Amazon ECR
+        run: |
+          docker pull "${{ env.ACCOUNT_ID }}.dkr.ecr.eu-west-2.amazonaws.com/cdk-utils-build-repo:latest"
+          docker tag "${{ env.ACCOUNT_ID }}.dkr.ecr.eu-west-2.amazonaws.com/cdk-utils-build-repo:latest" cdk-utils-build-repo:latest
+
+      - name: Configure AWS Credentials
+        id: connect-aws
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: eu-west-2
+          role-to-assume: ${{ secrets.CLOUD_FORMATION_DEPLOY_ROLE }}
+          role-session-name: eps-vpc-resources-deployment
+          output-credentials: true
+
+      - name: fix cdk.json for deployment
+        run: |
+          jq \
+          --arg VERSION_NUMBER "${{ inputs.VERSION_NUMBER }}" \
+          --arg COMMIT_ID "${{ inputs.COMMIT_ID }}" \
+          --arg logRetentionInDays "${{ inputs.LOG_RETENTION_IN_DAYS }}" \
+          --argjson allowAutoDeleteObjects "true" \
+          '.context += {
+            "VERSION_NUMBER": $VERSION_NUMBER,
+            "COMMIT_ID": $COMMIT_ID,
+            "logRetentionInDays": $logRetentionInDays,
+            "allowAutoDeleteObjects": $allowAutoDeleteObjects}' \
+          .build/cdk.json > .build/cdk.new.json
+          mv .build/cdk.new.json .build/cdk.json
+
+      - name: Show diff
+        run: |
+          docker run \
+          -v "$(pwd)/.build":/home/cdkuser/workspace/ \
+          -e AWS_ACCESS_KEY_ID=${{ steps.connect-aws.outputs.aws-access-key-id }} \
+          -e AWS_SECRET_ACCESS_KEY=${{ steps.connect-aws.outputs.aws-secret-access-key }} \
+          -e AWS_SESSION_TOKEN=${{ steps.connect-aws.outputs.aws-session-token }} \
+          -e AWS_REGION="eu-west-2" \
+          -e SHOW_DIFF="true" \
+          -e DEPLOY_CODE="false" \
+          -e CDK_APP_PATH="packages/cdk/bin/VpcResourcesApp.ts" \
+          cdk-utils-build-repo:latest
+        shell: bash
+
+      - name: Deploy code
+        run: |
+          docker run \
+          -v "$(pwd)/.build":/home/cdkuser/workspace/ \
+          -e AWS_ACCESS_KEY_ID=${{ steps.connect-aws.outputs.aws-access-key-id }} \
+          -e AWS_SECRET_ACCESS_KEY=${{ steps.connect-aws.outputs.aws-secret-access-key }} \
+          -e AWS_SESSION_TOKEN=${{ steps.connect-aws.outputs.aws-session-token }} \
+          -e AWS_REGION="eu-west-2" \
+          -e SHOW_DIFF="false" \
+          -e DEPLOY_CODE="true" \
+          -e CDK_APP_PATH="packages/cdk/bin/VpcResourcesApp.ts" \
+          cdk-utils-build-repo:latest
+        shell: bash
+
+  # update_github_pages:
+  #   runs-on: ubuntu-latest
+  #   environment: ${{ inputs.TARGET_ENVIRONMENT }}
+  #   if: ${{ always() && !failure() && !cancelled() }}
+  #   needs: [release_code]
+  #   permissions:
+  #     id-token: write
+  #     contents: write
+  #   steps:
+  #     - name: Checkout gh-pages
+  #       uses: actions/checkout@v4
+  #       with:
+  #         ref: gh-pages
+  #         path: gh-pages
+
+  #     - name: update release tag in github pages
+  #       run: |
+  #         cd gh-pages
+  #         NOW=$(date +'%Y-%m-%dT%H:%M:%S')
+  #         echo "tag,release_datetime" > _data/${{ inputs.TARGET_ENVIRONMENT }}_latest.csv
+  #         echo "${{ inputs.VERSION_NUMBER }},${NOW}" >> _data/${{ inputs.TARGET_ENVIRONMENT }}_latest.csv
+  #         echo "${{ inputs.VERSION_NUMBER }},${NOW}" >> _data/${{ inputs.TARGET_ENVIRONMENT }}_deployments.csv
+  #         git config user.name github-actions
+  #         git config user.email [email protected]
+  #         git add _data/${{ inputs.TARGET_ENVIRONMENT }}_latest.csv
+  #         git add _data/${{ inputs.TARGET_ENVIRONMENT }}_deployments.csv
+  #         git commit -m 'update releases for ${{ inputs.TARGET_ENVIRONMENT }}'
+  #         parallel --retries 10 --delay 3 ::: "git pull --rebase && git push"
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -87,49 +87,49 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ github.token }}
 
-  # package_code:
-  #   needs: [tag_release, get_commit_id]
-  #   uses: ./.github/workflows/cdk_package_code.yml
-  #   with:
-  #     VERSION_NUMBER: ${{needs.tag_release.outputs.version_tag}}
-  #     COMMIT_ID: ${{needs.get_commit_id.outputs.commit_id}}
+  package_code:
+    needs: [tag_release, get_commit_id]
+    uses: ./.github/workflows/cdk_package_code.yml
+    with:
+      VERSION_NUMBER: ${{needs.tag_release.outputs.version_tag}}
+      COMMIT_ID: ${{needs.get_commit_id.outputs.commit_id}}
 
-  # release_dev:
-  #   needs: [tag_release, package_code, get_commit_id]
-  #   uses: ./.github/workflows/release_all_stacks.yml
-  #   with:
-  #     SERVICE_NAME: cpt-ui
-  #     TARGET_ENVIRONMENT: dev
-  #     VERSION_NUMBER: ${{needs.tag_release.outputs.version_tag}}
-  #     COMMIT_ID: ${{needs.get_commit_id.outputs.commit_id}}
-  #   secrets:
-  #     CDK_PULL_IMAGE_ROLE: ${{ secrets.DEV_CDK_PULL_IMAGE_ROLE }}
-  #     CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }}
+  release_dev:
+    needs: [tag_release, package_code, get_commit_id]
+    uses: ./.github/workflows/cdk_release_code.yml
+    with:
+      TARGET_ENVIRONMENT: dev
+      VERSION_NUMBER: ${{needs.tag_release.outputs.version_tag}}
+      COMMIT_ID: ${{needs.get_commit_id.outputs.commit_id}}
+      LOG_RETENTION_IN_DAYS: 30
+    secrets:
+      CDK_PULL_IMAGE_ROLE: ${{ secrets.DEV_CDK_PULL_IMAGE_ROLE }}
+      CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }}
 
-  # create_release_notes:
-  #   needs: [tag_release, package_code, get_commit_id, release_dev]
-  #   uses: ./.github/workflows/create_release_notes.yml
-  #   with:
-  #     VERSION_NUMBER: ${{needs.tag_release.outputs.version_tag}}
-  #     CREATE_INT_RELEASE_NOTES: true
-  #     CREATE_INT_RC_RELEASE_NOTES: false
-  #     CREATE_PROD_RELEASE_NOTES: true
-  #     MARK_JIRA_RELEASED: false
-  #   secrets:
-  #     DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE }}
-  #     DEV_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_CHECK_VERSION_ROLE }}
-  #     INT_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.INT_CLOUD_FORMATION_CHECK_VERSION_ROLE }}
-  #     PROD_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.PROD_CLOUD_FORMATION_CHECK_VERSION_ROLE }}
+  create_release_notes:
+    needs: [tag_release, package_code, get_commit_id, release_dev]
+    uses: ./.github/workflows/create_release_notes.yml
+    with:
+      VERSION_NUMBER: ${{needs.tag_release.outputs.version_tag}}
+      CREATE_INT_RELEASE_NOTES: true
+      CREATE_INT_RC_RELEASE_NOTES: false
+      CREATE_PROD_RELEASE_NOTES: true
+      MARK_JIRA_RELEASED: false
+    secrets:
+      DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE }}
+      DEV_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_CHECK_VERSION_ROLE }}
+      INT_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.INT_CLOUD_FORMATION_CHECK_VERSION_ROLE }}
+      PROD_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.PROD_CLOUD_FORMATION_CHECK_VERSION_ROLE }}
 
 
-  # release_qa:
-  #   needs: [tag_release, release_dev, package_code, get_commit_id]
-  #   uses: ./.github/workflows/release_all_stacks.yml
-  #   with:
-  #     SERVICE_NAME: cpt-ui
-  #     TARGET_ENVIRONMENT: qa
-  #     VERSION_NUMBER: ${{needs.tag_release.outputs.version_tag}}
-  #     COMMIT_ID: ${{needs.get_commit_id.outputs.commit_id}}
-  #   secrets:
-  #     CDK_PULL_IMAGE_ROLE: ${{ secrets.QA_CDK_PULL_IMAGE_ROLE }}
-  #     CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.QA_CLOUD_FORMATION_DEPLOY_ROLE }}
+  release_qa:
+    needs: [tag_release, release_dev, package_code, get_commit_id]
+    uses: ./.github/workflows/cdk_release_code.yml
+    with:
+      TARGET_ENVIRONMENT: qa
+      VERSION_NUMBER: ${{needs.tag_release.outputs.version_tag}}
+      COMMIT_ID: ${{needs.get_commit_id.outputs.commit_id}}
+      LOG_RETENTION_IN_DAYS: 30
+    secrets:
+      CDK_PULL_IMAGE_ROLE: ${{ secrets.QA_CDK_PULL_IMAGE_ROLE }}
+      CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.QA_CLOUD_FORMATION_DEPLOY_ROLE }}