-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'main' into snyk-upgrade-c172c94c99d023257905b427d164cb03
- Loading branch information
Showing
17 changed files
with
328 additions
and
24 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,85 @@ | ||
name: build | ||
|
||
on: | ||
workflow_call: | ||
inputs: | ||
environment: | ||
required: true | ||
type: string | ||
module: | ||
required: true | ||
type: string | ||
workflow_dispatch: | ||
inputs: | ||
environment: | ||
required: true | ||
type: choice | ||
options: | ||
- dev | ||
- test | ||
module: | ||
required: true | ||
type: choice | ||
options: | ||
- api | ||
- worker | ||
|
||
jobs: | ||
build: | ||
runs-on: self-hosted | ||
|
||
env: | ||
ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true | ||
AWS_REGION: ${{ vars.AWS_REGION }} | ||
DEPLOYMENT_ENV: ${{ vars[format('{0}_DEPLOYMENT_ENV', inputs.environment)] }} | ||
|
||
steps: | ||
- name: Checkout Code | ||
uses: actions/checkout@v3 | ||
|
||
- name: Setup Java | ||
uses: actions/setup-java@v3 | ||
with: | ||
distribution: 'temurin' | ||
java-version: '17' | ||
|
||
- name: Install Maven 3.6.3 | ||
run: | | ||
export PATH="$PATH:/opt/maven/bin" | ||
echo "PATH=$PATH" >> $GITHUB_ENV | ||
if mvn -v; then echo "Maven already installed" && exit 0; else echo "Installing Maven"; fi | ||
tmpdir="$(mktemp -d)" | ||
curl -LsS https://archive.apache.org/dist/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.tar.gz | tar xzf - -C "$tmpdir" | ||
sudo rm -rf /opt/maven | ||
sudo mv "$tmpdir/apache-maven-3.6.3" /opt/maven | ||
- name: Set env vars from AWS params in BCDA management account | ||
uses: cmsgov/ab2d-bcda-dpc-platform/actions/aws-params-env-action@main | ||
with: | ||
params: | | ||
ARTIFACTORY_URL=/artifactory/url | ||
ARTIFACTORY_USER=/artifactory/user | ||
ARTIFACTORY_PASSWORD=/artifactory/password | ||
- name: Build package | ||
run: mvn -U clean package -s settings.xml -DskipTests -Dusername="${ARTIFACTORY_USER}" -Dpassword="${ARTIFACTORY_PASSWORD}" -Drepository_url="${ARTIFACTORY_URL}" | ||
|
||
- name: Assume role in AB2D Management account | ||
uses: aws-actions/configure-aws-credentials@v3 | ||
with: | ||
aws-region: ${{ vars.AWS_REGION }} | ||
role-to-assume: arn:aws:iam::${{ secrets.MGMT_ACCOUNT_ID }}:role/delegatedadmin/developer/ab2d-mgmt-github-actions | ||
|
||
- name: Build image and push to ECR | ||
working-directory: ./${{ inputs.module }} | ||
run: | | ||
ECR_REPO_DOMAIN="${{ secrets.MGMT_ACCOUNT_ID }}.dkr.ecr.$AWS_REGION.amazonaws.com" | ||
aws ecr get-login-password | docker login --username AWS --password-stdin "$ECR_REPO_DOMAIN" | ||
ECR_REPO_URI="$ECR_REPO_DOMAIN/ab2d_${{ inputs.module }}" | ||
SHA_SHORT=$(git rev-parse --short HEAD) | ||
echo "Building image for commit sha $SHA_SHORT" | ||
docker build \ | ||
-t "${ECR_REPO_URI}:ab2d-${DEPLOYMENT_ENV}-$SHA_SHORT" \ | ||
-t "${ECR_REPO_URI}:ab2d-${DEPLOYMENT_ENV}-latest" . | ||
echo "Pushing image" | ||
docker push "${ECR_REPO_URI}" --all-tags |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
name: deploy | ||
|
||
on: | ||
workflow_call: | ||
inputs: | ||
environment: | ||
required: true | ||
type: string | ||
module: | ||
required: true | ||
type: string | ||
workflow_dispatch: | ||
inputs: | ||
environment: | ||
required: true | ||
type: choice | ||
options: | ||
- dev | ||
- test | ||
- sbx | ||
- prod | ||
- prod-test | ||
module: | ||
required: true | ||
type: choice | ||
options: | ||
- api | ||
- worker | ||
|
||
jobs: | ||
deploy: | ||
runs-on: ubuntu-latest | ||
permissions: | ||
contents: read | ||
id-token: write | ||
env: | ||
DEPLOYMENT_ENV: ${{ vars[format('{0}_DEPLOYMENT_ENV', inputs.environment)] }} | ||
ACCOUNT: ${{ inputs.environment == 'prod-test' && 'prod' || inputs.environment }} | ||
|
||
steps: | ||
- name: Assume role in AB2D ${{ env.ACCOUNT }} account | ||
uses: aws-actions/configure-aws-credentials@v3 | ||
with: | ||
aws-region: ${{ vars.AWS_REGION }} | ||
role-to-assume: arn:aws:iam::${{ secrets[format('{0}_ACCOUNT_ID', env.ACCOUNT)] }}:role/delegatedadmin/developer/ab2d-${{ env.ACCOUNT }}-github-actions | ||
|
||
- name: Deploy latest image in ECR to ECS | ||
run: aws ecs update-service --cluster ab2d-${DEPLOYMENT_ENV}-${{ inputs.module }} --service ab2d-${DEPLOYMENT_ENV}-${{ inputs.module }} --force-new-deployment |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,97 @@ | ||
name: end-to-end tests | ||
|
||
on: | ||
workflow_call: | ||
inputs: | ||
environment: | ||
required: true | ||
type: string | ||
workflow_dispatch: # Allow manual trigger | ||
inputs: | ||
environment: | ||
required: true | ||
type: choice | ||
options: | ||
- dev | ||
- test | ||
- sbx | ||
default: test | ||
|
||
# Ensure we have only one e2e test running at a time in each environment | ||
concurrency: | ||
group: ${{ inputs.environment }}-e2e-test | ||
|
||
jobs: | ||
test: | ||
runs-on: self-hosted | ||
|
||
env: | ||
# Keystore location must be full path for spring framework | ||
AB2D_BFD_KEYSTORE_LOCATION: "${{ github.workspace }}/opt/ab2d/ab2d_bfd_keystore" | ||
AB2D_V2_ENABLED: 'true' | ||
ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true | ||
|
||
steps: | ||
- name: Checkout Code | ||
uses: actions/checkout@v3 | ||
|
||
- name: Setup Java | ||
uses: actions/setup-java@v3 | ||
with: | ||
distribution: 'temurin' | ||
java-version: '17' | ||
|
||
- name: Install Maven 3.6.3 | ||
run: | | ||
export PATH="$PATH:/opt/maven/bin" | ||
echo "PATH=$PATH" >> $GITHUB_ENV | ||
if mvn -v; then echo "Maven already installed" && exit 0; else echo "Installing Maven"; fi | ||
tmpdir="$(mktemp -d)" | ||
curl -LsS https://archive.apache.org/dist/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.tar.gz | tar xzf - -C "$tmpdir" | ||
sudo rm -rf /opt/maven | ||
sudo mv "$tmpdir/apache-maven-3.6.3" /opt/maven | ||
- name: Set env vars from AWS params in BCDA management account | ||
uses: cmsgov/ab2d-bcda-dpc-platform/actions/aws-params-env-action@main | ||
env: | ||
AWS_REGION: ${{ vars.AWS_REGION }} | ||
with: | ||
params: | | ||
ARTIFACTORY_URL=/artifactory/url | ||
ARTIFACTORY_USER=/artifactory/user | ||
ARTIFACTORY_PASSWORD=/artifactory/password | ||
- name: Assume role in AB2D account for this environment | ||
uses: aws-actions/configure-aws-credentials@v3 | ||
with: | ||
aws-region: ${{ vars.AWS_REGION }} | ||
role-to-assume: arn:aws:iam::${{ secrets[format('{0}_ACCOUNT_ID', inputs.environment)] }}:role/delegatedadmin/developer/ab2d-${{ inputs.environment }}-github-actions | ||
|
||
- name: Set env vars from AWS params in AB2D account | ||
uses: cmsgov/ab2d-bcda-dpc-platform/actions/aws-params-env-action@main | ||
env: | ||
AWS_REGION: ${{ vars.AWS_REGION }} | ||
with: | ||
params: | | ||
AB2D_BFD_KEYSTORE_PASSWORD=/bfd/keystore-password | ||
OKTA_CLIENT_ID=/okta/test-pdp-100-id | ||
OKTA_CLIENT_PASSWORD=/okta/test-pdp-100-secret | ||
SECONDARY_USER_OKTA_CLIENT_ID=/okta/test-pdp-1000-id | ||
SECONDARY_USER_OKTA_CLIENT_PASSWORD=/okta/test-pdp-1000-secret | ||
- name: Create opt/ab2d directory and download keystore | ||
run: | | ||
mkdir -p opt/ab2d | ||
KEYSTORE_FILE_NAME="ab2d_${{ inputs.environment == 'test' && 'imp' || inputs.environment }}_keystore" | ||
aws s3 cp s3://ab2d-${{ vars[format('{0}_DEPLOYMENT_ENV', inputs.environment)] }}-main/$KEYSTORE_FILE_NAME $AB2D_BFD_KEYSTORE_LOCATION | ||
test -f $AB2D_BFD_KEYSTORE_LOCATION && echo "created keystore file" | ||
- name: Run e2e-bfd-test | ||
run: | | ||
mvn test -s settings.xml -pl e2e-bfd-test -am -Dtest=EndToEndBfdTests -DfailIfNoTests=false -Dusername=$ARTIFACTORY_USER -Dpassword=$ARTIFACTORY_PASSWORD -Drepository_url=$ARTIFACTORY_URL --no-transfer-progress | ||
- name: Run e2e-test | ||
env: | ||
E2E_ENVIRONMENT: ${{ inputs.environment == 'dev' && 'DEV' || inputs.environment == 'test' && 'IMPL' || inputs.environment == 'sbx' && 'SANDBOX' }} | ||
run: | | ||
mvn test -s settings.xml -pl e2e-test -am -Dtest=TestRunner -DfailIfNoTests=false -Dusername=$ARTIFACTORY_USER -Dpassword=$ARTIFACTORY_PASSWORD -Drepository_url=$ARTIFACTORY_URL --no-transfer-progress |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
name: pull request jobs | ||
|
||
on: | ||
pull_request: | ||
|
||
jobs: | ||
unit-integration-test: | ||
uses: ./.github/workflows/unit-integration-test.yml | ||
secrets: inherit | ||
build-api: | ||
uses: ./.github/workflows/build.yml | ||
with: | ||
environment: test | ||
module: api | ||
secrets: inherit | ||
build-worker: | ||
uses: ./.github/workflows/build.yml | ||
with: | ||
environment: test | ||
module: worker | ||
secrets: inherit | ||
deploy-api: | ||
needs: build-api | ||
permissions: | ||
contents: read | ||
id-token: write | ||
uses: ./.github/workflows/deploy.yml | ||
with: | ||
environment: test | ||
module: api | ||
secrets: inherit | ||
deploy-worker: | ||
needs: build-worker | ||
permissions: | ||
contents: read | ||
id-token: write | ||
uses: ./.github/workflows/deploy.yml | ||
with: | ||
environment: test | ||
module: worker | ||
secrets: inherit | ||
e2e-test: | ||
needs: [deploy-api, deploy-worker] | ||
uses: ./.github/workflows/e2e-test.yml | ||
with: | ||
environment: test | ||
secrets: inherit |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
title = "DASG Standard" | ||
|
||
[extend] | ||
useDefault = true | ||
|
||
[[rules]] | ||
id = "mbi-detection" | ||
description = "Detects a potential MBI pattern based on https://www.cms.gov/medicare/new-medicare-card/understanding-the-mbi.pdf" | ||
regex = '''\b((?i)[1-9][ACDEFGHJKMNPQRTUVWXY][ACDEFGHJKMNPQRTUVWXY\d]-?\d[ACDEFGHJKMNPQRTUVWXY][ACDEFGHJKMNPQRTUVWXY\d]\d-?[ACDEFGHJKMNPQRTUVWXY]{2}\d{2})\b''' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,5 @@ | ||
repos: | ||
- repo: https://github.com/gitleaks/gitleaks | ||
rev: v8.16.1 | ||
rev: v8.19.2 | ||
hooks: | ||
- id: gitleaks |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
11 changes: 11 additions & 0 deletions
11
common/src/main/resources/db/changelog/v2024/ab2d_6151_rename_column.sql
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
DO $$ | ||
BEGIN | ||
IF EXISTS (SELECT 1 | ||
FROM information_schema.columns | ||
WHERE table_schema = 'public' AND table_name = 'current_mbi' AND | ||
column_name = 'opt_out_flag') | ||
THEN | ||
ALTER TABLE public.current_mbi RENAME opt_out_flag TO share_data; | ||
END IF; | ||
END | ||
$$; |
Oops, something went wrong.