[Release 2024-04-16] (#179)

* [feature/PI-292-plop_prod_bulk_rebase] changes required for prod

* [release/2024-04-10] create release

* feature/PI-307-local_deploy_qa updated command and readme

* feature/PI-307-local_deploy_qa fixed destroy

* feature/PI-307-local_deploy_qa added readme extras

* [release/2024-04-10] get apigee env from aws env, not workspace

* [release/2024-04-10] use environment to retrieve apigee secret

* feature/PI-213-connect_to_ldap squash commits

* [feature/PI-311-account_wide_smoke_tests] smoke tests account wide

* [feature/PI-311-account_wide_smoke_tests] rename ldap to hscn

* feature/PI-311-account_wide_smoke_tests updated permissions

* feature/PI-311-account_wide_smoke_tests added ref hscn endpoint & ldap connection infrastructure

* release/2024-04-16 New release

* release/2024-04-16 upgraded broken proxygen-cli version

---------

Co-authored-by: Joel Klinger <[email protected]>
Co-authored-by: megan-bower4 <[email protected]>

Author: 3 people

.github/actions/components/caching/action.yml

@@ -18,21 +18,13 @@ inputs:
     default: |
       .venv
       .timestamp
-      **/.terraform
-      **/dist/*zip
-      **/tfplan
-      **/swagger.yaml
-      **/infrastructure/terraform/**/output.json
       .downloads
-      **/fhir/r4/*models.py
       .tool-versions
       pyproject.toml
       poetry.lock
-      **/make.py
-      **/infrastructure/swagger/*.yaml
-      **/infrastructure/swagger/**/*.yaml
-      **/fhir-base/*json
-      **/.proxygen/*
+      src
+      infrastructure
+      !**/.terraform/modules/**/*
 
 runs:
   using: "composite"
@@ -50,6 +42,11 @@ runs:
         restore-keys: |
           ${{ env.GITHUB_SHA_SHORT }}-${{ inputs.cache-suffix == '' && 'head' || inputs.cache-suffix }}
 
+    # # For debugging, uncomment the following:
+    # - id: tree
+    #   shell: bash
+    #   run: tree -D -I '__pycache__|.git|.venv|.hypothesis|.pytest_cache'
+
     - if: ${{ inputs.save-or-restore == 'save' }}
       id: save-cache
       uses: actions/cache/save@v3

.github/workflows/_deploy.yml

@@ -55,26 +55,23 @@ jobs:
       - uses: actions/checkout@v4
         with:
           ref: ${{ needs.get-branch-from-workflow-file.outputs.branch_name }}
-      - uses: ./.github/actions/make/
+      - if: ${{ env.SCOPE == 'per_workspace'}}
+        uses: ./.github/actions/make/
         with:
           command: build
           save-to-cache: "true"
           restore-from-cache: "false"
           cache-suffix: ${{ env.CACHE_NAME }}
-
-  helpers--truststore-pull:
-    needs: [get-branch-from-workflow-file, build]
-    runs-on: [self-hosted, ci]
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          ref: ${{ needs.get-branch-from-workflow-file.outputs.branch_name }}
-      - uses: ./.github/actions/make/
+      - if: ${{ env.SCOPE != 'per_workspace'}}
+        uses: ./.github/actions/make/
         with:
-          command: helpers--truststore-pull WORKSPACE=${{ env.WORKSPACE }}
+          command: poetry--update
+          save-to-cache: "true"
+          restore-from-cache: "false"
+          cache-suffix: ${{ env.CACHE_NAME }}
 
   terraform--init:
-    needs: [get-branch-from-workflow-file, helpers--truststore-pull]
+    needs: [get-branch-from-workflow-file, build]
     runs-on: [self-hosted, ci]
     steps:
       - uses: actions/checkout@v4
@@ -161,6 +158,7 @@ jobs:
           command: test--smoke
           workspace: ${{ env.WORKSPACE }}
           requires-aws: true
+          restore-from-cache: "true"
           cache-suffix: ${{ env.CACHE_NAME }}
 
   set-success:

.github/workflows/pull-requests.yml

@@ -112,25 +112,8 @@ jobs:
         with:
           command: test--feature--local
 
-  helpers--truststore-pull:
-    runs-on: [self-hosted, ci]
-    needs: [workflow--check--branch-name]
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          ref: ${{ env.BRANCH_NAME }}
-      - uses: ./.github/actions/make/
-        with:
-          command: helpers--truststore-pull WORKSPACE=ref
-
   terraform-base-build:
-    needs:
-      [
-        create-workspace-name,
-        build-base,
-        helpers--truststore-pull,
-        parse-secrets,
-      ]
+    needs: [create-workspace-name, build-base, parse-secrets]
     runs-on: [self-hosted, ci]
     steps:
       - uses: actions/checkout@v4
@@ -157,7 +140,6 @@ jobs:
         workflow--codebase-checks,
         test--unit,
         test--feature--local,
-        helpers--truststore-pull,
         parse-secrets,
         terraform-base-build,
       ]
@@ -233,6 +215,26 @@ jobs:
           command: test--feature--integration
           requires-aws: true
 
+  test--smoke:
+    needs:
+      [
+        build-head,
+        workflow--codebase-checks,
+        test--unit,
+        test--feature--local,
+        terraform-head-build,
+        apigee--deploy,
+      ]
+    runs-on: [self-hosted, ci]
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ env.BRANCH_NAME }}
+      - uses: ./.github/actions/make/
+        with:
+          command: test--smoke
+          requires-aws: true
+
   destroy-redundant-workspaces:
     runs-on: [self-hosted, ci]
     needs: [build-head]

.vscode/settings.json

@@ -9,14 +9,21 @@
   "editor.formatOnSave": true,
   "black-formatter.args": ["--line-length=88"],
   "cSpell.words": [
+    "attrlist",
     "changetype",
+    "filterstr",
+    "firstchangenumber",
     "getbuffer",
+    "hscn",
     "ldif",
+    "ldifs",
+    "NEWCTX",
     "nhsexternalchangelogentry",
     "NOSONAR",
     "objectclass",
     "popleft",
     "stepfunctions",
+    "TRUSTSTORE",
     "unmarshall"
   ],
   "sonarlint.connectedMode.project": {

CHANGELOG.md

@@ -1,5 +1,10 @@
 # Changelog
 
+## 2024-04-16
+- [PI-311] Smoke tests
+- [PI-213] Connect to LDAP
+- [PI-222] Connect to LDAP via VPC endpoint
+
 ## 2024-04-10
 - [PI-307] Deploy user workspaces to qa environment
 - [PI-292] Prod bulk data (SDS ETL)

VERSION

@@ -1 +1 @@
-2024.04.10
+2024.04.16

changelog/2024-04-16.md

@@ -0,0 +1,3 @@
+- [PI-311] Smoke tests
+- [PI-213] Connect to LDAP
+- [PI-222] Connect to LDAP via VPC endpoint

infrastructure/terraform/per_account/dev/main.tf

@@ -45,6 +45,26 @@ module "bucket" {
   }
 }
 
+module "truststore_bucket" {
+  source        = "terraform-aws-modules/s3-bucket/aws"
+  version       = "3.15.2"
+  bucket        = "${local.project}--${replace(terraform.workspace, "_", "-")}--truststore"
+  force_destroy = true
+  versioning = {
+    enabled = true
+  }
+  tags = {
+    Name = "${local.project}--${replace(terraform.workspace, "_", "-")}--truststore"
+  }
+}
+
+module "vpc" {
+  source      = "../modules/vpc"
+  environment = terraform.workspace
+  prefix      = local.project
+}
+
+
 # -------- ROUTE 53 ---------
 
 resource "aws_route53_zone" "dev-ns" {

infrastructure/terraform/per_account/dev/parameters/main.tf

@@ -38,3 +38,10 @@ resource "aws_secretsmanager_secret" "apigee-cpm-apikey" {
 resource "aws_secretsmanager_secret" "apigee-app-key" {
   name = "${terraform.workspace}-apigee-app-key"
 }
+resource "aws_secretsmanager_secret" "sds-hscn-endpoint" {
+  name = "${terraform.workspace}-sds-hscn-endpoint"
+}
+
+resource "aws_secretsmanager_secret" "ldap-host" {
+  name = "${terraform.workspace}-ldap-host"
+}

infrastructure/terraform/per_account/mgmt/modules/route53/main.tf

@@ -54,10 +54,10 @@ resource "aws_route53_record" "dev_zone" {
   zone_id = module.zones.route53_zone_zone_id["cpm.dev.national.nhs.uk"]
   name    = "api.cpm.dev.national.nhs.uk"
   records = [
-    "ns-81.awsdns-10.com.",
-    "ns-1238.awsdns-26.org.",
-    "ns-776.awsdns-33.net.",
-    "ns-1540.awsdns-00.co.uk."
+    "ns-821.awsdns-38.net.",
+    "ns-1945.awsdns-51.co.uk.",
+    "ns-366.awsdns-45.com.",
+    "ns-1311.awsdns-35.org.",
   ]
   ttl  = 300
   type = "NS"