Skip to content

Commit

Permalink
Merge branch 'main' into AB2D-6187-p15
Browse files Browse the repository at this point in the history
  • Loading branch information
smirnovaae authored Oct 22, 2024
2 parents 880f345 + dd9e9b5 commit ebea8b7
Show file tree
Hide file tree
Showing 63 changed files with 1,162 additions and 305 deletions.
91 changes: 91 additions & 0 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,91 @@
name: build

on:
workflow_call:
inputs:
environment:
required: true
type: string
module:
required: true
type: string
workflow_dispatch:
inputs:
environment:
required: true
type: choice
options:
- dev
- test
module:
required: true
type: choice
options:
- api
- worker

jobs:
build:
runs-on: self-hosted

env:
ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true
AWS_REGION: ${{ vars.AWS_REGION }}
DEPLOYMENT_ENV: ${{ vars[format('{0}_DEPLOYMENT_ENV', inputs.environment)] }}

steps:
- name: Checkout Code
uses: actions/checkout@v3

- name: Setup Java
uses: actions/setup-java@v3
with:
distribution: 'temurin'
java-version: '17'

- name: Install Maven 3.6.3
run: |
export PATH="$PATH:/opt/maven/bin"
echo "PATH=$PATH" >> $GITHUB_ENV
if mvn -v; then echo "Maven already installed" && exit 0; else echo "Installing Maven"; fi
tmpdir="$(mktemp -d)"
curl -LsS https://archive.apache.org/dist/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.tar.gz | tar xzf - -C "$tmpdir"
sudo rm -rf /opt/maven
sudo mv "$tmpdir/apache-maven-3.6.3" /opt/maven
- name: Set env vars from AWS params in BCDA management account
uses: cmsgov/ab2d-bcda-dpc-platform/actions/aws-params-env-action@main
with:
params: |
ARTIFACTORY_URL=/artifactory/url
ARTIFACTORY_USER=/artifactory/user
ARTIFACTORY_PASSWORD=/artifactory/password
- name: Build package
run: mvn -U clean package -s settings.xml -DskipTests -Dusername="${ARTIFACTORY_USER}" -Dpassword="${ARTIFACTORY_PASSWORD}" -Drepository_url="${ARTIFACTORY_URL}"

- name: Assume role in AB2D Management account
uses: aws-actions/configure-aws-credentials@v3
with:
aws-region: ${{ vars.AWS_REGION }}
role-to-assume: arn:aws:iam::${{ secrets.MGMT_ACCOUNT_ID }}:role/delegatedadmin/developer/ab2d-mgmt-github-actions

- name: Build image and push to ECR
working-directory: ./${{ inputs.module }}
run: |
ECR_REPO_DOMAIN="${{ secrets.MGMT_ACCOUNT_ID }}.dkr.ecr.$AWS_REGION.amazonaws.com"
aws ecr get-login-password | docker login --username AWS --password-stdin "$ECR_REPO_DOMAIN"
ECR_REPO_URI="$ECR_REPO_DOMAIN/ab2d_${{ inputs.module }}"
SHA_SHORT=$(git rev-parse --short HEAD)
echo "Building image for commit sha $SHA_SHORT"
docker build \
-t "${ECR_REPO_URI}:ab2d-${DEPLOYMENT_ENV}-$SHA_SHORT" \
-t "${ECR_REPO_URI}:ab2d-${DEPLOYMENT_ENV}-latest" .
# Push to special tag for promotion if this is run on a push to main
if [ "$GITHUB_REF" == "refs/heads/main" ]; then
docker tag $ECR_REPO_URI:ab2d-$DEPLOYMENT_ENV-$SHA_SHORT $ECR_REPO_URI:main-$SHA_SHORT
fi
echo "Pushing image"
docker push "${ECR_REPO_URI}" --all-tags
49 changes: 49 additions & 0 deletions .github/workflows/deploy.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
name: deploy

on:
workflow_call:
inputs:
environment:
required: true
type: string
module:
required: true
type: string
workflow_dispatch:
inputs:
environment:
required: true
type: choice
options:
- dev
- test
- sbx
- prod
- prod_test
module:
required: true
type: choice
options:
- api
- worker

jobs:
deploy:
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
steps:
- uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
env:
ACCOUNT: ${{ inputs.environment == 'prod_test' && 'prod' || inputs.environment }}
with:
aws-region: ${{ vars.AWS_REGION }}
role-to-assume: arn:aws:iam::${{ secrets[format('{0}_ACCOUNT_ID', env.ACCOUNT)] }}:role/delegatedadmin/developer/ab2d-${{ env.ACCOUNT }}-github-actions
- name: Deploy ECS service to run on latest image in ECR
env:
SERVICE_NAME: ab2d-${{ vars[format('{0}_DEPLOYMENT_ENV', inputs.environment)] }}-${{ inputs.module }}
run: |
echo "Deploying service $SERVICE_NAME"
aws ecs update-service --cluster "$SERVICE_NAME" --service "$SERVICE_NAME" --force-new-deployment > /dev/null
aws ecs wait services-stable --cluster "$SERVICE_NAME" --services "$SERVICE_NAME"
97 changes: 97 additions & 0 deletions .github/workflows/e2e-test.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,97 @@
name: end-to-end tests

on:
workflow_call:
inputs:
environment:
required: true
type: string
workflow_dispatch: # Allow manual trigger
inputs:
environment:
required: true
type: choice
options:
- dev
- test
- sbx
default: test

# Ensure we have only one e2e test running at a time in each environment
concurrency:
group: ${{ inputs.environment }}-e2e-test

jobs:
test:
runs-on: self-hosted

env:
# Keystore location must be full path for spring framework
AB2D_BFD_KEYSTORE_LOCATION: "${{ github.workspace }}/opt/ab2d/ab2d_bfd_keystore"
AB2D_V2_ENABLED: 'true'
ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true

steps:
- name: Checkout Code
uses: actions/checkout@v3

- name: Setup Java
uses: actions/setup-java@v3
with:
distribution: 'temurin'
java-version: '17'

- name: Install Maven 3.6.3
run: |
export PATH="$PATH:/opt/maven/bin"
echo "PATH=$PATH" >> $GITHUB_ENV
if mvn -v; then echo "Maven already installed" && exit 0; else echo "Installing Maven"; fi
tmpdir="$(mktemp -d)"
curl -LsS https://archive.apache.org/dist/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.tar.gz | tar xzf - -C "$tmpdir"
sudo rm -rf /opt/maven
sudo mv "$tmpdir/apache-maven-3.6.3" /opt/maven
- name: Set env vars from AWS params in BCDA management account
uses: cmsgov/ab2d-bcda-dpc-platform/actions/aws-params-env-action@main
env:
AWS_REGION: ${{ vars.AWS_REGION }}
with:
params: |
ARTIFACTORY_URL=/artifactory/url
ARTIFACTORY_USER=/artifactory/user
ARTIFACTORY_PASSWORD=/artifactory/password
- name: Assume role in AB2D account for this environment
uses: aws-actions/configure-aws-credentials@v3
with:
aws-region: ${{ vars.AWS_REGION }}
role-to-assume: arn:aws:iam::${{ secrets[format('{0}_ACCOUNT_ID', inputs.environment)] }}:role/delegatedadmin/developer/ab2d-${{ inputs.environment }}-github-actions

- name: Set env vars from AWS params in AB2D account
uses: cmsgov/ab2d-bcda-dpc-platform/actions/aws-params-env-action@main
env:
AWS_REGION: ${{ vars.AWS_REGION }}
with:
params: |
AB2D_BFD_KEYSTORE_PASSWORD=/bfd/keystore-password
OKTA_CLIENT_ID=/okta/test-pdp-100-id
OKTA_CLIENT_PASSWORD=/okta/test-pdp-100-secret
SECONDARY_USER_OKTA_CLIENT_ID=/okta/test-pdp-1000-id
SECONDARY_USER_OKTA_CLIENT_PASSWORD=/okta/test-pdp-1000-secret
- name: Create opt/ab2d directory and download keystore
run: |
mkdir -p opt/ab2d
KEYSTORE_FILE_NAME="ab2d_${{ inputs.environment == 'test' && 'imp' || inputs.environment }}_keystore"
aws s3 cp s3://ab2d-${{ vars[format('{0}_DEPLOYMENT_ENV', inputs.environment)] }}-main/$KEYSTORE_FILE_NAME $AB2D_BFD_KEYSTORE_LOCATION
test -f $AB2D_BFD_KEYSTORE_LOCATION && echo "created keystore file"
- name: Run e2e-bfd-test
run: |
mvn test -s settings.xml -pl e2e-bfd-test -am -Dtest=EndToEndBfdTests -DfailIfNoTests=false -Dusername=$ARTIFACTORY_USER -Dpassword=$ARTIFACTORY_PASSWORD -Drepository_url=$ARTIFACTORY_URL --no-transfer-progress
- name: Run e2e-test
env:
E2E_ENVIRONMENT: ${{ inputs.environment == 'dev' && 'DEV' || inputs.environment == 'test' && 'IMPL' || inputs.environment == 'sbx' && 'SANDBOX' }}
run: |
mvn test -s settings.xml -pl e2e-test -am -Dtest=TestRunner -DfailIfNoTests=false -Dusername=$ARTIFACTORY_USER -Dpassword=$ARTIFACTORY_PASSWORD -Drepository_url=$ARTIFACTORY_URL --no-transfer-progress
60 changes: 60 additions & 0 deletions .github/workflows/promote.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
name: promote

on:
workflow_call:
inputs:
environment:
required: true
type: string
module:
required: true
type: string
workflow_dispatch:
inputs:
environment:
required: true
type: choice
options:
- sbx
- prod
- prod_test
module:
required: true
type: choice
options:
- api
- worker

permissions:
contents: read
id-token: write

jobs:
promote:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with:
aws-region: ${{ vars.AWS_REGION }}
role-to-assume: arn:aws:iam::${{ secrets.MGMT_ACCOUNT_ID }}:role/delegatedadmin/developer/ab2d-mgmt-github-actions
- name: Retag images in ECR
env:
DEPLOYMENT_ENV: ${{ vars[format('{0}_DEPLOYMENT_ENV', inputs.environment)] }}
ECR_REPO_DOMAIN: ${{ secrets.MGMT_ACCOUNT_ID }}.dkr.ecr.${{ vars.AWS_REGION }}.amazonaws.com
ECR_REPO: ab2d_${{ inputs.module }}
run: |
SHA_SHORT="$(git rev-parse --short HEAD)"
TOKEN="$(aws ecr get-authorization-token --output text --query 'authorizationData[].authorizationToken')"
CONTENT_TYPE="application/vnd.docker.distribution.manifest.v2+json"
echo "Getting the manifest of the image tagged main-$SHA_SHORT"
MANIFEST="$(curl -sS -H "Authorization: Basic $TOKEN" -H "Accept: $CONTENT_TYPE" "https://$ECR_REPO_DOMAIN/v2/$ECR_REPO/manifests/main-$SHA_SHORT")"
SHA_TAG="ab2d-$DEPLOYMENT_ENV-$SHA_SHORT"
echo "Adding the $SHA_TAG tag to main-$SHA_SHORT image"
curl -sS -X PUT -H "Authorization: Basic $TOKEN" -H "Content-Type: $CONTENT_TYPE" -d "$MANIFEST" "https://$ECR_REPO_DOMAIN/v2/$ECR_REPO/manifests/$SHA_TAG"
LATEST_TAG="ab2d-$DEPLOYMENT_ENV-latest"
echo "Adding the $LATEST_TAG tag to main-$SHA_SHORT image"
curl -sS -X PUT -H "Authorization: Basic $TOKEN" -H "Content-Type: $CONTENT_TYPE" -d "$MANIFEST" "https://$ECR_REPO_DOMAIN/v2/$ECR_REPO/manifests/$LATEST_TAG"
47 changes: 47 additions & 0 deletions .github/workflows/pull-request.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
name: pull request jobs

on:
pull_request:

jobs:
unit-integration-test:
uses: ./.github/workflows/unit-integration-test.yml
secrets: inherit
build-api:
uses: ./.github/workflows/build.yml
with:
environment: test
module: api
secrets: inherit
build-worker:
uses: ./.github/workflows/build.yml
with:
environment: test
module: worker
secrets: inherit
deploy-api:
needs: build-api
permissions:
contents: read
id-token: write
uses: ./.github/workflows/deploy.yml
with:
environment: test
module: api
secrets: inherit
deploy-worker:
needs: build-worker
permissions:
contents: read
id-token: write
uses: ./.github/workflows/deploy.yml
with:
environment: test
module: worker
secrets: inherit
e2e-test:
needs: [deploy-api, deploy-worker]
uses: ./.github/workflows/e2e-test.yml
with:
environment: test
secrets: inherit
46 changes: 46 additions & 0 deletions .github/workflows/push-main.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
name: push to main

on:
push:
branches:
- main

jobs:
build-api:
uses: ./.github/workflows/build.yml
with:
environment: test
module: api
secrets: inherit
build-worker:
uses: ./.github/workflows/build.yml
with:
environment: test
module: worker
secrets: inherit
deploy-api:
needs: build-api
permissions:
contents: read
id-token: write
uses: ./.github/workflows/deploy.yml
with:
environment: test
module: api
secrets: inherit
deploy-worker:
needs: build-worker
permissions:
contents: read
id-token: write
uses: ./.github/workflows/deploy.yml
with:
environment: test
module: worker
secrets: inherit
e2e-test:
needs: [deploy-api, deploy-worker]
uses: ./.github/workflows/e2e-test.yml
with:
environment: test
secrets: inherit
Loading

0 comments on commit ebea8b7

Please sign in to comment.