feat: DTOSS-4810 function env vars plus nft and integration environments (#50)

Author: patrickmoore-nc

.azuredevops/pipelines/cd-infrastructure-dev-audit.yaml

@@ -2,13 +2,8 @@
 
 name: $(Build.SourceBranchName)-$(Date:yyyyMMdd)_$(Rev:r)
 
-trigger:
-  branches:
-    include:
-      - main
-  paths:
-    include:
-      - infrastructure/*
+trigger: none
+pr: none
 
 pool:
   # vmImage: ubuntu-latest
@@ -19,7 +14,7 @@ resources:
     - repository: dtos-devops-templates
       type: github
       name: NHSDigital/dtos-devops-templates
-      ref: 8eac5e6ffc4ebc704880128b64a1a716b923c44a
+      ref: 57e204e15509e40243551dccfe077f3452a31369
       endpoint: NHSDigital
 
 variables:
@@ -39,7 +34,7 @@ stages:
     displayName: Terraform Plan
     condition: eq(variables['Build.Reason'], 'Manual')
     variables:
-      tfvars: environments/$(ENVIRONMENT).tfvars
+      tfVarsFile: environments/$(ENVIRONMENT).tfvars
     jobs:
       - job: init_and_plan
         displayName: Init, plan, store artifact

.azuredevops/pipelines/cd-infrastructure-dev-core.yaml

@@ -2,30 +2,25 @@
 
 name: $(Build.SourceBranchName)-$(Date:yyyyMMdd)_$(Rev:r)
 
-trigger:
-  branches:
-    include:
-      - main
-  paths:
-    include:
-      - infrastructure/*
+trigger: none
+pr: none
 
 pool:
-  #vmImage: ubuntu-latest
+  # vmImage: ubuntu-latest
   name: private-pool-dev-uks
 
 resources:
   repositories:
     - repository: dtos-devops-templates
       type: github
       name: NHSDigital/dtos-devops-templates
-      ref: 8eac5e6ffc4ebc704880128b64a1a716b923c44a
+      ref: 57e204e15509e40243551dccfe077f3452a31369
       endpoint: NHSDigital
 
 variables:
   - group: DEV_core_backend
-  - group: DEV_hub_backend_remote_state
   - group: DEV_audit_backend_remote_state
+  - group: DEV_hub_backend_remote_state
   - name: TF_DIRECTORY
     value: $(System.DefaultWorkingDirectory)/$(System.TeamProject)/infrastructure/tf-core
   - name: TF_VERSION
@@ -40,7 +35,7 @@ stages:
     displayName: Terraform Plan
     condition: eq(variables['Build.Reason'], 'Manual')
     variables:
-      tfvars: environments/$(ENVIRONMENT).tfvars
+      tfVarsFile: environments/$(ENVIRONMENT).tfvars
     jobs:
       - job: init_and_plan
         displayName: Init, plan, store artifact

.azuredevops/pipelines/cd-infrastructure-int-audit.yaml

@@ -0,0 +1,60 @@
+---
+
+name: $(Build.SourceBranchName)-$(Date:yyyyMMdd)_$(Rev:r)
+
+trigger: none
+pr: none
+
+pool:
+  # vmImage: ubuntu-latest
+  name: private-pool-dev-uks
+
+resources:
+  repositories:
+    - repository: dtos-devops-templates
+      type: github
+      name: NHSDigital/dtos-devops-templates
+      ref: 57e204e15509e40243551dccfe077f3452a31369
+      endpoint: NHSDigital
+
+variables:
+  - group: INT_audit_backend
+  - group: DEV_hub_backend_remote_state
+  - name: TF_DIRECTORY
+    value: $(System.DefaultWorkingDirectory)/$(System.TeamProject)/infrastructure/tf-audit
+  - name: TF_VERSION
+    value: 1.9.2
+  - name: TF_PLAN_ARTIFACT
+    value: tf_plan_audit_INT
+  - name: ENVIRONMENT
+    value: integration
+
+stages:
+  - stage: terraform_plan
+    displayName: Terraform Plan
+    condition: eq(variables['Build.Reason'], 'Manual')
+    variables:
+      tfVarsFile: environments/$(ENVIRONMENT).tfvars
+    jobs:
+      - job: init_and_plan
+        displayName: Init, plan, store artifact
+        steps:
+          - checkout: self
+          - checkout: dtos-devops-templates
+          - template: .azuredevops/templates/steps/tf_plan.yaml@dtos-devops-templates
+
+  - stage: terraform_apply
+    displayName: Terraform Apply
+    dependsOn: [terraform_plan]
+    condition: and(eq(dependencies.terraform_plan.outputs['init_and_plan.TerraformPlan.changesPresent'], 'true'), eq(variables['Build.Reason'], 'Manual'))
+    jobs:
+      - deployment: terraform_apply
+        displayName: Init, get plan artifact, apply
+        environment: $(ENVIRONMENT)
+        strategy:
+          runOnce:
+            deploy:
+              steps:
+                - checkout: self
+                - checkout: dtos-devops-templates
+                - template: .azuredevops/templates/steps/tf_apply.yaml@dtos-devops-templates

.azuredevops/pipelines/cd-infrastructure-int-core.yaml

@@ -0,0 +1,61 @@
+---
+
+name: $(Build.SourceBranchName)-$(Date:yyyyMMdd)_$(Rev:r)
+
+trigger: none
+pr: none
+
+pool:
+  # vmImage: ubuntu-latest
+  name: private-pool-dev-uks
+
+resources:
+  repositories:
+    - repository: dtos-devops-templates
+      type: github
+      name: NHSDigital/dtos-devops-templates
+      ref: 57e204e15509e40243551dccfe077f3452a31369
+      endpoint: NHSDigital
+
+variables:
+  - group: INT_core_backend
+  - group: INT_audit_backend_remote_state
+  - group: DEV_hub_backend_remote_state
+  - name: TF_DIRECTORY
+    value: $(System.DefaultWorkingDirectory)/$(System.TeamProject)/infrastructure/tf-core
+  - name: TF_VERSION
+    value: 1.9.2
+  - name: TF_PLAN_ARTIFACT
+    value: tf_plan_core_INT
+  - name: ENVIRONMENT
+    value: integration
+
+stages:
+  - stage: terraform_plan
+    displayName: Terraform Plan
+    condition: eq(variables['Build.Reason'], 'Manual')
+    variables:
+      tfVarsFile: environments/$(ENVIRONMENT).tfvars
+    jobs:
+      - job: init_and_plan
+        displayName: Init, plan, store artifact
+        steps:
+          - checkout: self
+          - checkout: dtos-devops-templates
+          - template: .azuredevops/templates/steps/tf_plan.yaml@dtos-devops-templates
+
+  - stage: terraform_apply
+    displayName: Terraform Apply
+    dependsOn: [terraform_plan]
+    condition: and(eq(dependencies.terraform_plan.outputs['init_and_plan.TerraformPlan.changesPresent'], 'true'), eq(variables['Build.Reason'], 'Manual'))
+    jobs:
+      - deployment: terraform_apply
+        displayName: Init, get plan artifact, apply
+        environment: $(ENVIRONMENT)
+        strategy:
+          runOnce:
+            deploy:
+              steps:
+                - checkout: self
+                - checkout: dtos-devops-templates
+                - template: .azuredevops/templates/steps/tf_apply.yaml@dtos-devops-templates

.azuredevops/pipelines/cd-infrastructure-nft-audit.yaml

@@ -0,0 +1,60 @@
+---
+
+name: $(Build.SourceBranchName)-$(Date:yyyyMMdd)_$(Rev:r)
+
+trigger: none
+pr: none
+
+pool:
+  # vmImage: ubuntu-latest
+  name: private-pool-dev-uks
+
+resources:
+  repositories:
+    - repository: dtos-devops-templates
+      type: github
+      name: NHSDigital/dtos-devops-templates
+      ref: 57e204e15509e40243551dccfe077f3452a31369
+      endpoint: NHSDigital
+
+variables:
+  - group: NFT_audit_backend
+  - group: DEV_hub_backend_remote_state
+  - name: TF_DIRECTORY
+    value: $(System.DefaultWorkingDirectory)/$(System.TeamProject)/infrastructure/tf-audit
+  - name: TF_VERSION
+    value: 1.9.2
+  - name: TF_PLAN_ARTIFACT
+    value: tf_plan_audit_NFT
+  - name: ENVIRONMENT
+    value: nft
+
+stages:
+  - stage: terraform_plan
+    displayName: Terraform Plan
+    condition: eq(variables['Build.Reason'], 'Manual')
+    variables:
+      tfVarsFile: environments/$(ENVIRONMENT).tfvars
+    jobs:
+      - job: init_and_plan
+        displayName: Init, plan, store artifact
+        steps:
+          - checkout: self
+          - checkout: dtos-devops-templates
+          - template: .azuredevops/templates/steps/tf_plan.yaml@dtos-devops-templates
+
+  - stage: terraform_apply
+    displayName: Terraform Apply
+    dependsOn: [terraform_plan]
+    condition: and(eq(dependencies.terraform_plan.outputs['init_and_plan.TerraformPlan.changesPresent'], 'true'), eq(variables['Build.Reason'], 'Manual'))
+    jobs:
+      - deployment: terraform_apply
+        displayName: Init, get plan artifact, apply
+        environment: $(ENVIRONMENT)
+        strategy:
+          runOnce:
+            deploy:
+              steps:
+                - checkout: self
+                - checkout: dtos-devops-templates
+                - template: .azuredevops/templates/steps/tf_apply.yaml@dtos-devops-templates

.azuredevops/pipelines/cd-infrastructure-nft-core.yaml

@@ -0,0 +1,61 @@
+---
+
+name: $(Build.SourceBranchName)-$(Date:yyyyMMdd)_$(Rev:r)
+
+trigger: none
+pr: none
+
+pool:
+  # vmImage: ubuntu-latest
+  name: private-pool-dev-uks
+
+resources:
+  repositories:
+    - repository: dtos-devops-templates
+      type: github
+      name: NHSDigital/dtos-devops-templates
+      ref: 57e204e15509e40243551dccfe077f3452a31369
+      endpoint: NHSDigital
+
+variables:
+  - group: NFT_core_backend
+  - group: NFT_audit_backend_remote_state
+  - group: DEV_hub_backend_remote_state
+  - name: TF_DIRECTORY
+    value: $(System.DefaultWorkingDirectory)/$(System.TeamProject)/infrastructure/tf-core
+  - name: TF_VERSION
+    value: 1.9.2
+  - name: TF_PLAN_ARTIFACT
+    value: tf_plan_core_NFT
+  - name: ENVIRONMENT
+    value: nft
+
+stages:
+  - stage: terraform_plan
+    displayName: Terraform Plan
+    condition: eq(variables['Build.Reason'], 'Manual')
+    variables:
+      tfVarsFile: environments/$(ENVIRONMENT).tfvars
+    jobs:
+      - job: init_and_plan
+        displayName: Init, plan, store artifact
+        steps:
+          - checkout: self
+          - checkout: dtos-devops-templates
+          - template: .azuredevops/templates/steps/tf_plan.yaml@dtos-devops-templates
+
+  - stage: terraform_apply
+    displayName: Terraform Apply
+    dependsOn: [terraform_plan]
+    condition: and(eq(dependencies.terraform_plan.outputs['init_and_plan.TerraformPlan.changesPresent'], 'true'), eq(variables['Build.Reason'], 'Manual'))
+    jobs:
+      - deployment: terraform_apply
+        displayName: Init, get plan artifact, apply
+        environment: $(ENVIRONMENT)
+        strategy:
+          runOnce:
+            deploy:
+              steps:
+                - checkout: self
+                - checkout: dtos-devops-templates
+                - template: .azuredevops/templates/steps/tf_apply.yaml@dtos-devops-templates

.github/workflows/cicd-1-pull-request.yaml

@@ -92,20 +92,21 @@ jobs:
       terraform_version: "${{ needs.metadata.outputs.terraform_version }}"
       version: "${{ needs.metadata.outputs.version }}"
     secrets: inherit
-  build-stage: # Recommended maximum execution time is 3 minutes
+  build-image-stage: # Recommended maximum execution time is 3 minutes
     name: Image build stage
     needs: [metadata, commit-stage, test-stage]
     uses: NHSDigital/dtos-devops-templates/.github/workflows/stage-3-build-images.yaml@main
-    if: needs.metadata.outputs.does_pull_request_exist == 'true' || (github.event_name == 'pull_request' && (github.event.action == 'opened' || github.event.action == 'reopened'))
+    if: needs.metadata.outputs.does_pull_request_exist == 'true' || github.ref == 'refs/heads/main' || (github.event_name == 'pull_request' && (github.event.action == 'opened' || github.event.action == 'reopened'))
     with:
-      docker_compose_file_path: .
-      environment_tag: "${{ needs.metadata.outputs.environment_tag }}"
+      docker_compose_file: ./compose.yml
+      excluded_containers_csv_list: azurite,azurite-setup,db,end-to-end-tests
+      environment_tag: ${{ needs.metadata.outputs.environment_tag }}
       function_app_source_code_path: src
       project_name: communication-management
     secrets: inherit
   acceptance-stage: # Recommended maximum execution time is 10 minutes
     name: "Acceptance stage"
-    needs: [metadata, build-stage]
+    needs: [metadata, build-image-stage]
     uses: ./.github/workflows/stage-4-acceptance.yaml
     if: needs.metadata.outputs.does_pull_request_exist == 'true' || (github.event_name == 'pull_request' && (github.event.action == 'opened' || github.event.action == 'reopened'))
     with:

infrastructure/tf-audit/data.tf

@@ -6,7 +6,7 @@ data "terraform_remote_state" "hub" {
     subscription_id      = var.HUB_SUBSCRIPTION_ID
     storage_account_name = var.HUB_BACKEND_AZURE_STORAGE_ACCOUNT_NAME
     container_name       = var.HUB_BACKEND_AZURE_STORAGE_ACCOUNT_CONTAINER_NAME
-    key                  = var.HUB_BACKEND_AZURE_STORAGE_KEY
+    key                  = var.HUB_BACKEND_AZURE_STORAGE_ACCOUNT_KEY
     resource_group_name  = var.HUB_BACKEND_AZURE_RESOURCE_GROUP_NAME
   }
 }

infrastructure/tf-audit/environments/integration.tfvars

@@ -0,0 +1,36 @@
+application           = "commgt"
+application_full_name = "communication-management"
+environment           = "INT"
+
+features = {
+  private_endpoints_enabled            = true
+  private_service_connection_is_manual = false
+  public_network_access_enabled        = false
+}
+
+tags = {
+  Project = "Communication-Management"
+}
+
+regions = {
+  uksouth = {
+    is_primary_region = true
+    address_space     = "10.112.0.0/16"
+    connect_peering   = true
+    subnets = {
+      pep = {
+        cidr_newbits = 8
+        cidr_offset  = 1
+      }
+    }
+  }
+}
+
+app_insights = {
+  appinsights_type = "web"
+}
+
+law = {
+  law_sku        = "PerGB2018"
+  retention_days = 30
+}