diff --git a/.github/common_environment.yml b/.github/common_environment.yml index 4363fff500b..bacfedd3507 100644 --- a/.github/common_environment.yml +++ b/.github/common_environment.yml @@ -2,9 +2,9 @@ SLACK_SUCCESS: '#00ff00' SLACK_ICON: https://raw.githubusercontent.com/DFE-Digital/get-into-teaching-api/master/.github/image.png?size=48 SLACK_USERNAME: GiT Workflows - SLACK_FOOTER: Get Into Teaching Application and Content + SLACK_FOOTER: Get Into Teaching Application and Content DOCKER_REPOSITORY: ghcr.io/dfe-digital/get-into-teaching-frontend - DOMAIN: london.cloudapps.digital + DOMAIN: teacherservices.cloud APPLICATION: Get Into Teaching Application and Content - REVIEW_APPLICATION: review-get-into-teaching-app - PAAS_APPLICATION_NAME: get-into-teaching-app + REVIEW_APPLICATION: get-into-teaching-app-review + AKS_APPLICATION_NAME: get-into-teaching-app diff --git a/.github/common_environment_aks.yml b/.github/common_environment_aks.yml deleted file mode 100644 index bacfedd3507..00000000000 --- a/.github/common_environment_aks.yml +++ /dev/null @@ -1,10 +0,0 @@ - SLACK_FAILURE: '#ff0000' - SLACK_SUCCESS: '#00ff00' - SLACK_ICON: https://raw.githubusercontent.com/DFE-Digital/get-into-teaching-api/master/.github/image.png?size=48 - SLACK_USERNAME: GiT Workflows - SLACK_FOOTER: Get Into Teaching Application and Content - DOCKER_REPOSITORY: ghcr.io/dfe-digital/get-into-teaching-frontend - DOMAIN: teacherservices.cloud - APPLICATION: Get Into Teaching Application and Content - REVIEW_APPLICATION: get-into-teaching-app-review - AKS_APPLICATION_NAME: get-into-teaching-app diff --git a/.github/workflows/actions/deploy_v2/action.yml b/.github/workflows/actions/deploy/action.yml similarity index 85% rename from .github/workflows/actions/deploy_v2/action.yml rename to .github/workflows/actions/deploy/action.yml index 51ab0685406..41d05f15527 100644 --- a/.github/workflows/actions/deploy_v2/action.yml +++ b/.github/workflows/actions/deploy/action.yml @@ -2,7 +2,7 @@ name: Deploy to AKS inputs: environment: - description: The environment to deploy to Development/Test/Production/Review/Speed/UR etc + description: The environment to deploy to Development/Test/Production/Review etc required: true sha: description: Commit sha to be deployed @@ -14,8 +14,6 @@ inputs: required: true KEY_VAULT: required: true - ARM_ACCESS_KEY: - required: true runs: using: composite @@ -25,8 +23,10 @@ runs: - name: set-up-environment uses: DFE-Digital/github-actions/set-up-environment@master + + - uses: DFE-Digital/github-actions/set-arm-environment-variables@master with: - var_file: .github/common_environment_aks.yml + azure-credentials: ${{ inputs.AZURE_CREDENTIALS }} - uses: azure/login@v1 with: @@ -49,12 +49,12 @@ runs: echo "TERRAFORM_VERSION=$terraform_version" >> $GITHUB_ENV case ${{ inputs.environment }} in - review_aks) + review) pr_name="${{env.REVIEW_APPLICATION}}-${{inputs.pr}}" echo "pr_name=${pr_name}" >> $GITHUB_OUTPUT echo "healthcheck=${pr_name}${cluster_domain}" >> $GITHUB_OUTPUT ;; - production_aks) + production) echo "healthcheck=${{env.AKS_APPLICATION_NAME}}-${appenv}" >> $GITHUB_OUTPUT ;; *) @@ -80,18 +80,16 @@ runs: - name: Terraform init, plan & apply shell: bash - run: make ${{ inputs.environment }} ci terraform-apply-aks + run: make ${{ inputs.environment }} ci terraform-apply env: - ARM_ACCESS_KEY: ${{ inputs.ARM_ACCESS_KEY }} DOCKER_IMAGE_TAG: sha-${{ steps.sha.outputs.short}} PR_NUMBER: ${{ inputs.pr }} CONFIRM_PRODUCTION: true - name: Smoke tests shell: bash - if: ${{ inputs.environment != 'Speed' && inputs.environment != 'pagespeed' }} run: | - tests/confidence/healthcheck_aks.sh "${{steps.variables.outputs.healthcheck}}" "sha-${{ steps.sha.outputs.short }}" + tests/confidence/healthcheck.sh "${{steps.variables.outputs.healthcheck}}" "sha-${{ steps.sha.outputs.short }}" env: HTTPAUTH_PASSWORD: ${{ steps.fetch-secrets.outputs.HTTP_PASSWORD }} HTTPAUTH_USERNAME: ${{ steps.fetch-secrets.outputs.HTTP_USERNAME }} diff --git a/.github/workflows/actions/owasp_v2/action.yml b/.github/workflows/actions/owasp/action.yml similarity index 90% rename from .github/workflows/actions/owasp_v2/action.yml rename to .github/workflows/actions/owasp/action.yml index cfb9137315f..048d7eba9ba 100644 --- a/.github/workflows/actions/owasp_v2/action.yml +++ b/.github/workflows/actions/owasp/action.yml @@ -2,14 +2,12 @@ name: owasp inputs: environment: - description: The environment to deploy to Development/Test/Production/Review/Speed/UR etc + description: The environment to deploy to Development/Test/Production/Review etc required: true AZURE_CREDENTIALS: required: true KEY_VAULT: required: true - ARM_ACCESS_KEY: - required: true GITHUB_TOKEN: required: true @@ -41,18 +39,16 @@ runs: - name: set-up-environment uses: DFE-Digital/github-actions/set-up-environment@master - with: - var_file: .github/common_environment_aks.yml - name: Setup Application Name id: app_name shell: bash run: | - if [[ "${{ inputs.environment }}" == "production_aks" ]] ; then + if [[ "${{ inputs.environment }}" == "production" ]] ; then rval="${{env.AKS_APPLICATION_NAME}}-production.${{env.DOMAIN}}" - elif [[ "${{ inputs.environment }}" == "test_aks" ]] ; then + elif [[ "${{ inputs.environment }}" == "test" ]] ; then rval="${{env.AKS_APPLICATION_NAME}}-test.test.${{env.DOMAIN}}" - elif [[ "${{ inputs.environment }}" == "development_aks" ]] ; then + elif [[ "${{ inputs.environment }}" == "development" ]] ; then rval="${{env.AKS_APPLICATION_NAME}}-development.test.${{env.DOMAIN}}" fi echo "SCAN=${rval}" >> $GITHUB_OUTPUT diff --git a/.github/workflows/build-no-cache.yml b/.github/workflows/build-no-cache.yml index e59933244f1..13538450364 100644 --- a/.github/workflows/build-no-cache.yml +++ b/.github/workflows/build-no-cache.yml @@ -16,22 +16,20 @@ jobs: - name: set-up-environment uses: DFE-Digital/github-actions/set-up-environment@master - with: - var_file: .github/common_environment_aks.yml - uses: Azure/login@v1 with: - creds: ${{ secrets.AZURE_CREDENTIALS_AKS_REVIEW }} + creds: ${{ secrets.AZURE_CREDENTIALS_REVIEW }} - name: Fetch secrets from key vault uses: azure/CLI@v1 id: keyvault-yaml-secret with: inlineScript: | - SLACK_WEBHOOK=$(az keyvault secret show --name "SLACK-WEBHOOK" --vault-name "${{ secrets.KEY_VAULT_AKS_REVIEW }}" --query "value" -o tsv) + SLACK_WEBHOOK=$(az keyvault secret show --name "SLACK-WEBHOOK" --vault-name "${{ secrets.KEY_VAULT_REVIEW }}" --query "value" -o tsv) echo "::add-mask::$SLACK_WEBHOOK" echo "SLACK_WEBHOOK=$SLACK_WEBHOOK" >> $GITHUB_OUTPUT - SNYK_TOKEN=$(az keyvault secret show --name "SNYK-TOKEN" --vault-name "${{ secrets.KEY_VAULT_AKS_REVIEW }}" --query "value" -o tsv) + SNYK_TOKEN=$(az keyvault secret show --name "SNYK-TOKEN" --vault-name "${{ secrets.KEY_VAULT_REVIEW }}" --query "value" -o tsv) echo "::add-mask::$SNYK_TOKEN" echo "SNYK_TOKEN=$SNYK_TOKEN" >> $GITHUB_OUTPUT diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 0cead2f1da3..afd33ba9645 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -32,8 +32,6 @@ jobs: - name: set-up-environment uses: DFE-Digital/github-actions/set-up-environment@master - with: - var_file: .github/common_environment_aks.yml - name: Set up Docker Buildx id: buildx @@ -85,7 +83,7 @@ jobs: - uses: Azure/login@v1 if: failure() && github.ref == 'refs/heads/master' with: - creds: ${{ secrets.AZURE_CREDENTIALS_AKS_REVIEW }} + creds: ${{ secrets.AZURE_CREDENTIALS_REVIEW }} - name: Fetch secrets from key vault if: failure() && github.ref == 'refs/heads/master' @@ -93,7 +91,7 @@ jobs: id: keyvault-yaml-secret with: inlineScript: | - SLACK_WEBHOOK=$(az keyvault secret show --name "SLACK-WEBHOOK" --vault-name "${{ secrets.KEY_VAULT_AKS_REVIEW }}" --query "value" -o tsv) + SLACK_WEBHOOK=$(az keyvault secret show --name "SLACK-WEBHOOK" --vault-name "${{ secrets.KEY_VAULT_REVIEW }}" --query "value" -o tsv) echo "::add-mask::$SLACK_WEBHOOK" echo "SLACK_WEBHOOK=$SLACK_WEBHOOK" >> $GITHUB_OUTPUT @@ -119,8 +117,6 @@ jobs: - name: set-up-environment uses: DFE-Digital/github-actions/set-up-environment@master - with: - var_file: .github/common_environment_aks.yml - name: Set up Docker Buildx id: buildx @@ -195,7 +191,7 @@ jobs: - uses: Azure/login@v1 if: failure() && github.ref == 'refs/heads/master' with: - creds: ${{ secrets.AZURE_CREDENTIALS_AKS_REVIEW }} + creds: ${{ secrets.AZURE_CREDENTIALS_REVIEW }} - name: Fetch secrets from key vault if: failure() && github.ref == 'refs/heads/master' @@ -203,7 +199,7 @@ jobs: id: keyvault-yaml-secret with: inlineScript: | - SLACK_WEBHOOK=$(az keyvault secret show --name "SLACK-WEBHOOK" --vault-name "${{ secrets.KEY_VAULT_AKS_REVIEW }}" --query "value" -o tsv) + SLACK_WEBHOOK=$(az keyvault secret show --name "SLACK-WEBHOOK" --vault-name "${{ secrets.KEY_VAULT_REVIEW }}" --query "value" -o tsv) echo "::add-mask::$SLACK_WEBHOOK" echo "SLACK_WEBHOOK=$SLACK_WEBHOOK" >> $GITHUB_OUTPUT @@ -231,8 +227,6 @@ jobs: - name: set-up-environment uses: DFE-Digital/github-actions/set-up-environment@master - with: - var_file: .github/common_environment_aks.yml # - name: Lint SCSS # uses: actions-hub/stylelint@master @@ -276,8 +270,6 @@ jobs: - name: set-up-environment uses: DFE-Digital/github-actions/set-up-environment@master - with: - var_file: .github/common_environment_aks.yml - name: Run Javascript Tests run: |- @@ -314,19 +306,17 @@ jobs: - name: set-up-environment uses: DFE-Digital/github-actions/set-up-environment@master - with: - var_file: .github/common_environment_aks.yml - uses: Azure/login@v1 with: - creds: ${{ secrets.AZURE_CREDENTIALS_AKS_REVIEW }} + creds: ${{ secrets.AZURE_CREDENTIALS_REVIEW }} - name: Fetch secrets from key vault uses: azure/CLI@v1 id: keyvault-yaml-secret with: inlineScript: | - SLACK_WEBHOOK=$(az keyvault secret show --name "SLACK-WEBHOOK" --vault-name "${{ secrets.KEY_VAULT_AKS_REVIEW }}" --query "value" -o tsv) + SLACK_WEBHOOK=$(az keyvault secret show --name "SLACK-WEBHOOK" --vault-name "${{ secrets.KEY_VAULT_REVIEW }}" --query "value" -o tsv) echo "::add-mask::$SLACK_WEBHOOK" echo "SLACK_WEBHOOK=$SLACK_WEBHOOK" >> $GITHUB_OUTPUT @@ -372,19 +362,17 @@ jobs: - name: set-up-environment uses: DFE-Digital/github-actions/set-up-environment@master - with: - var_file: .github/common_environment_aks.yml - uses: Azure/login@v1 with: - creds: ${{ secrets.AZURE_CREDENTIALS_AKS_REVIEW }} + creds: ${{ secrets.AZURE_CREDENTIALS_REVIEW }} - name: Fetch secrets from key vault uses: azure/CLI@v1 id: keyvault-yaml-secret with: inlineScript: | - SONAR_TOKEN=$(az keyvault secret show --name "SONAR-TOKEN" --vault-name "${{ secrets.KEY_VAULT_AKS_REVIEW }}" --query "value" -o tsv) + SONAR_TOKEN=$(az keyvault secret show --name "SONAR-TOKEN" --vault-name "${{ secrets.KEY_VAULT_REVIEW }}" --query "value" -o tsv) echo "::add-mask::$SONAR_TOKEN" echo "SONAR_TOKEN=$SONAR_TOKEN" >> $GITHUB_OUTPUT @@ -426,30 +414,28 @@ jobs: -Dsonar.ruby.coverage.reportPaths=${{github.workspace}}/code_coverage/coverage.json -Dsonar.ruby.rubocop.reportPaths=${{github.workspace}}/${{env.rubocop-artifact-name}}/rubocop-result.json - review_aks: - name: Review AKS Deployment Process + review: + name: Review Deployment Process needs: [ build_release ] if: github.ref != 'refs/heads/master' runs-on: ubuntu-latest continue-on-error: true - concurrency: Review_aks_${{github.event.number}} + concurrency: Review_${{github.event.number}} environment: - name: review_aks + name: review steps: - name: Check out the repo uses: actions/checkout@v4 - name: set-up-environment uses: DFE-Digital/github-actions/set-up-environment@master - with: - var_file: .github/common_environment_aks.yml - name: Setup Environment Variables if: github.actor == 'dependabot[bot]' id: variables shell: bash run: | - secret_suffix="_AKS_REVIEW" + secret_suffix="_REVIEW" echo "SECRET_SUFFIX=$secret_suffix" >> $GITHUB_ENV - uses: Azure/login@v1 @@ -465,38 +451,37 @@ jobs: echo "::add-mask::$SLACK_WEBHOOK" echo "SLACK_WEBHOOK=$SLACK_WEBHOOK" >> $GITHUB_OUTPUT - - name: Deploy to Review AKS - uses: ./.github/workflows/actions/deploy_v2 - id: deploy_v2 + - name: Deploy to Review + uses: ./.github/workflows/actions/deploy + id: deploy with: - environment: review_aks + environment: review sha: ${{ github.sha }} pr: ${{github.event.number}} AZURE_CREDENTIALS: ${{ secrets[format('AZURE_CREDENTIALS{0}', env.SECRET_SUFFIX)] }} KEY_VAULT: ${{ secrets[format('KEY_VAULT{0}', env.SECRET_SUFFIX)] }} - ARM_ACCESS_KEY: ${{ secrets[format('ARM_ACCESS_KEY{0}', env.SECRET_SUFFIX)] }} - name: Post sticky pull request comment uses: marocchino/sticky-pull-request-comment@v2 with: recreate: true header: AKS - message: AKS Review app deployed to https://${{env.REVIEW_APPLICATION}}-${{github.event.number}}.test.${{env.DOMAIN}} + message: Review app deployed to https://${{env.REVIEW_APPLICATION}}-${{github.event.number}}.test.${{env.DOMAIN}} - - name: Add Review_v2 Label + - name: Add Review Label if: contains(github.event.pull_request.user.login, 'dependabot') == false uses: actions-ecosystem/action-add-labels@v1 with: - labels: Review_v2 + labels: Review - development_aks: - name: Development AKS Deployment + development: + name: Development Deployment needs: [ feature_tests, javascript_tests, build_release ] if: github.ref == 'refs/heads/master' - concurrency: Development_aks + concurrency: Development runs-on: ubuntu-latest environment: - name: development_aks + name: development outputs: release_tag: ${{steps.tag_version.outputs.pr_number}} release_sha: ${{github.sha }} @@ -506,8 +491,6 @@ jobs: - name: set-up-environment uses: DFE-Digital/github-actions/set-up-environment@master - with: - var_file: .github/common_environment_aks.yml - uses: Azure/login@v1 with: @@ -522,15 +505,14 @@ jobs: echo "::add-mask::$SLACK_WEBHOOK" echo "SLACK_WEBHOOK=$SLACK_WEBHOOK" >> $GITHUB_OUTPUT - - name: Deploy to Development AKS - uses: ./.github/workflows/actions/deploy_v2 - id: deploy_v2 + - name: Deploy to Development + uses: ./.github/workflows/actions/deploy + id: deploy with: - environment: development_aks + environment: development sha: ${{ github.sha }} AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} KEY_VAULT: ${{ secrets.KEY_VAULT }} - ARM_ACCESS_KEY: ${{ secrets.ARM_ACCESS_KEY }} - name: Generate Tag from PR Number id: tag_version @@ -559,43 +541,40 @@ jobs: RELEASE_ID: ${{ steps.release.outputs.id }} TOKEN: ${{secrets.GITHUB_TOKEN}} - owasp_aks: - name: OWASP AKS Checks - needs: [ development_aks ] + owasp: + name: OWASP Checks + needs: [ development ] runs-on: ubuntu-latest environment: - name: development_aks + name: development continue-on-error: true steps: - name: Check out the repo uses: actions/checkout@v4 - name: Vunerability Test - uses: ./.github/workflows/actions/owasp_v2 + uses: ./.github/workflows/actions/owasp id: deploy with: - environment: development_aks + environment: development AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} KEY_VAULT: ${{ secrets.KEY_VAULT }} - ARM_ACCESS_KEY: ${{ secrets.ARM_ACCESS_KEY }} GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} - test_aks: - name: Test AKS Deployment + test: + name: Test Deployment needs: [ feature_tests, javascript_tests, build_release ] if: github.ref == 'refs/heads/master' - concurrency: test_aks + concurrency: test runs-on: ubuntu-latest environment: - name: test_aks + name: test steps: - name: Check out the repo uses: actions/checkout@v4 - name: set-up-environment uses: DFE-Digital/github-actions/set-up-environment@master - with: - var_file: .github/common_environment_aks.yml - uses: Azure/login@v1 with: @@ -610,15 +589,14 @@ jobs: echo "::add-mask::$SLACK_WEBHOOK" echo "SLACK_WEBHOOK=$SLACK_WEBHOOK" >> $GITHUB_OUTPUT - - name: Deploy to Test AKS - uses: ./.github/workflows/actions/deploy_v2 - id: deploy_v2 + - name: Deploy to Test + uses: ./.github/workflows/actions/deploy + id: deploy with: - environment: test_aks + environment: test sha: ${{ github.sha }} AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} KEY_VAULT: ${{ secrets.KEY_VAULT }} - ARM_ACCESS_KEY: ${{ secrets.ARM_ACCESS_KEY }} - name: Slack Notification if: failure() @@ -626,15 +604,15 @@ jobs: env: SLACK_COLOR: ${{env.SLACK_ERROR}} SLACK_TITLE: Failure in Post-Development Deploy - SLACK_MESSAGE: Failure with initialising AKS Test deployment for ${{env.APPLICATION}} + SLACK_MESSAGE: Failure with initialising Test deployment for ${{env.APPLICATION}} SLACK_WEBHOOK: ${{ steps.keyvault-yaml-secret.outputs.SLACK-WEBHOOK }} - integration_aks: - name: Run Integration Tests on AKS test + integration: + name: Run Integration Tests on test runs-on: ubuntu-latest - needs: [ build_base, test_aks ] + needs: [ build_base, test ] environment: - name: test_aks + name: test services: postgres: image: postgres:13.10 @@ -656,8 +634,6 @@ jobs: - name: set-up-environment uses: DFE-Digital/github-actions/set-up-environment@master - with: - var_file: .github/common_environment_aks.yml - uses: Azure/login@v1 with: @@ -692,21 +668,19 @@ jobs: HTTP_PASSWORD: ${{ steps.keyvault-yaml-secret.outputs.HTTP_PASSWORD }} MAILSAC_API_KEY: ${{ steps.keyvault-yaml-secret.outputs.MAILSAC_API_KEY }} - production_aks: - name: Production AKS Deployment + production: + name: Production Deployment runs-on: ubuntu-latest - needs: [ integration_aks, development_aks ] - concurrency: production_aks + needs: [ integration, development ] + concurrency: production environment: - name: production_aks + name: production steps: - name: Check out the repo uses: actions/checkout@v4 - name: set-up-environment uses: DFE-Digital/github-actions/set-up-environment@master - with: - var_file: .github/common_environment_aks.yml - uses: Azure/login@v1 with: @@ -728,7 +702,7 @@ jobs: id: tag_id uses: DFE-Digital/github-actions/DraftReleaseByTag@master with: - TAG: ${{needs.development_aks.outputs.release_tag}} + TAG: ${{needs.development.outputs.release_tag}} TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Publish Release @@ -739,15 +713,14 @@ jobs: with: release_id: ${{steps.tag_id.outputs.release_id}} - - name: Deploy to Production AKS - uses: ./.github/workflows/actions/deploy_v2 - id: deploy_v2 + - name: Deploy to Production + uses: ./.github/workflows/actions/deploy + id: deploy with: - environment: production_aks + environment: production sha: ${{ github.sha }} AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} KEY_VAULT: ${{ secrets.KEY_VAULT }} - ARM_ACCESS_KEY: ${{ secrets.ARM_ACCESS_KEY }} - name: Slack Release Notification if: steps.tag_id.outputs.release_id @@ -765,5 +738,5 @@ jobs: env: SLACK_COLOR: ${{env.SLACK_FAILURE}} SLACK_TITLE: Production Release ${{github.event.title}} - SLACK_MESSAGE: Failure deploying Production AKS release + SLACK_MESSAGE: Failure deploying Production release SLACK_WEBHOOK: ${{ steps.keyvault-yaml-secret.outputs.SLACK_WEBHOOK }} diff --git a/.github/workflows/destroy_aks.yml b/.github/workflows/destroy_review.yml similarity index 81% rename from .github/workflows/destroy_aks.yml rename to .github/workflows/destroy_review.yml index 8ba914fa7a2..42883d097f5 100644 --- a/.github/workflows/destroy_aks.yml +++ b/.github/workflows/destroy_review.yml @@ -1,4 +1,4 @@ -name: Destroy AKS Review Instance +name: Destroy Review Instance on: pull_request: types: [closed] @@ -7,10 +7,10 @@ jobs: destroy: name: Destroy environment: - name: review_aks + name: review runs-on: ubuntu-latest - concurrency: Review_aks_${{github.event.number}} + concurrency: Review_${{github.event.number}} defaults: run: @@ -21,8 +21,6 @@ jobs: - name: set-up-environment uses: DFE-Digital/github-actions/set-up-environment@master - with: - var_file: .github/common_environment_aks.yml - name: Setup Environment Variables id: variables @@ -35,11 +33,14 @@ jobs: with: terraform_version: ${{ env.TERRAFORM_VERSION }} + - uses: DFE-Digital/github-actions/set-arm-environment-variables@master + with: + azure-credentials: ${{ secrets.AZURE_CREDENTIALS }} + - name: Terraform Destroy shell: bash - run: make review_aks ci terraform-destroy-aks + run: make review ci terraform-destroy env: - ARM_ACCESS_KEY: ${{ secrets.ARM_ACCESS_KEY }} TF_VAR_azure_credentials_json: ${{ secrets.AZURE_CREDENTIALS }} DOCKER_IMAGE_TAG: ${{ github.sha }} PR_NUMBER: ${{github.event.number}} diff --git a/.github/workflows/lychee.yml b/.github/workflows/lychee.yml index 8fe20ac2b45..bbdf519fc63 100644 --- a/.github/workflows/lychee.yml +++ b/.github/workflows/lychee.yml @@ -24,14 +24,14 @@ jobs: - uses: Azure/login@v1 with: - creds: ${{ secrets.AZURE_CREDENTIALS_AKS_REVIEW }} + creds: ${{ secrets.AZURE_CREDENTIALS_REVIEW }} - name: Fetch secrets from key vault uses: azure/CLI@v1 id: keyvault-yaml-secret with: inlineScript: | - SLACK_WEBHOOK=$(az keyvault secret show --name "SLACK-WEBHOOK" --vault-name "${{ secrets.KEY_VAULT_AKS_REVIEW }}" --query "value" -o tsv) + SLACK_WEBHOOK=$(az keyvault secret show --name "SLACK-WEBHOOK" --vault-name "${{ secrets.KEY_VAULT_REVIEW }}" --query "value" -o tsv) echo "::add-mask::$SLACK_WEBHOOK" echo "SLACK_WEBHOOK=$SLACK_WEBHOOK" >> $GITHUB_OUTPUT diff --git a/.github/workflows/pagespeed.yml b/.github/workflows/pagespeed.yml deleted file mode 100644 index 0d5f56adca7..00000000000 --- a/.github/workflows/pagespeed.yml +++ /dev/null @@ -1,15 +0,0 @@ -name: Run PageSpeed task -on: - workflow_dispatch: - -jobs: - pagespeed: - runs-on: ubuntu-latest - steps: - - name: Run Page Speed - uses: fjogeleit/http-request-action@fd5cf60c69049efb1397207cc8b442709a869685 - with: - url: https://get-into-teaching-app-pagespeed.london.cloudapps.digital/pagespeed/run - method: POST - timeout: 3600000 # 1hr in ms - preventFailureOnNoResponse: true diff --git a/.github/workflows/sha.yml b/.github/workflows/sha.yml index 9e450902440..21497831a59 100644 --- a/.github/workflows/sha.yml +++ b/.github/workflows/sha.yml @@ -27,19 +27,16 @@ jobs: - name: set-up-environment uses: DFE-Digital/github-actions/set-up-environment@master - with: - var_file: .github/common_environment_aks.yml - uses: Azure/login@v1 with: - creds: ${{ secrets.AZURE_CREDENTIALS_AKS_REVIEW }} + creds: ${{ secrets.AZURE_CREDENTIALS }} - name: Deploy to ${{github.event.inputs.environment}} - uses: ./.github/workflows/actions/deploy_v2 + uses: ./.github/workflows/actions/deploy id: deploy with: environment: ${{ github.event.inputs.environment }} sha: ${{ github.event.inputs.sha }} AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} KEY_VAULT: ${{ secrets.KEY_VAULT }} - ARM_ACCESS_KEY: ${{ secrets.ARM_ACCESS_KEY }} diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml index cda4042e268..855634d23a0 100644 --- a/.github/workflows/snyk.yml +++ b/.github/workflows/snyk.yml @@ -14,22 +14,20 @@ jobs: - name: set-up-environment uses: DFE-Digital/github-actions/set-up-environment@master - with: - var_file: .github/common_environment_aks.yml - uses: Azure/login@v1 with: - creds: ${{ secrets.AZURE_CREDENTIALS_AKS_REVIEW }} + creds: ${{ secrets.AZURE_CREDENTIALS_REVIEW }} - name: Fetch secrets from key vault uses: azure/CLI@v1 id: keyvault-yaml-secret with: inlineScript: | - SLACK_WEBHOOK=$(az keyvault secret show --name "SLACK-WEBHOOK" --vault-name "${{ secrets.KEY_VAULT_AKS_REVIEW }}" --query "value" -o tsv) + SLACK_WEBHOOK=$(az keyvault secret show --name "SLACK-WEBHOOK" --vault-name "${{ secrets.KEY_VAULT_REVIEW }}" --query "value" -o tsv) echo "::add-mask::$SLACK_WEBHOOK" echo "SLACK_WEBHOOK=$SLACK_WEBHOOK" >> $GITHUB_OUTPUT - SNYK_TOKEN=$(az keyvault secret show --name "SNYK-TOKEN" --vault-name "${{ secrets.KEY_VAULT_AKS_REVIEW }}" --query "value" -o tsv) + SNYK_TOKEN=$(az keyvault secret show --name "SNYK-TOKEN" --vault-name "${{ secrets.KEY_VAULT_REVIEW }}" --query "value" -o tsv) echo "::add-mask::$SNYK_TOKEN" echo "SNYK_TOKEN=$SNYK_TOKEN" >> $GITHUB_OUTPUT diff --git a/.github/workflows/trello.yml b/.github/workflows/trello.yml index 38275702aff..ebfd836e0d1 100644 --- a/.github/workflows/trello.yml +++ b/.github/workflows/trello.yml @@ -12,17 +12,17 @@ jobs: steps: - uses: Azure/login@v1 with: - creds: ${{ secrets.AZURE_CREDENTIALS_AKS_REVIEW }} + creds: ${{ secrets.AZURE_CREDENTIALS_REVIEW }} - name: Fetch secrets from key vault uses: azure/CLI@v1 id: keyvault-yaml-secret with: inlineScript: | - TRELLO_KEY=$(az keyvault secret show --name "TRELLO-KEY" --vault-name "${{ secrets.KEY_VAULT_AKS_REVIEW }}" --query "value" -o tsv) + TRELLO_KEY=$(az keyvault secret show --name "TRELLO-KEY" --vault-name "${{ secrets.KEY_VAULT_REVIEW }}" --query "value" -o tsv) echo "::add-mask::$TRELLO_KEY" echo "TRELLO_KEY=$TRELLO_KEY" >> $GITHUB_OUTPUT - TRELLO_TOKEN=$(az keyvault secret show --name "TRELLO-TOKEN" --vault-name "${{ secrets.KEY_VAULT_AKS_REVIEW }}" --query "value" -o tsv) + TRELLO_TOKEN=$(az keyvault secret show --name "TRELLO-TOKEN" --vault-name "${{ secrets.KEY_VAULT_REVIEW }}" --query "value" -o tsv) echo "::add-mask::$TRELLO_TOKEN" echo "TRELLO_TOKEN=$TRELLO_TOKEN" >> $GITHUB_OUTPUT diff --git a/Makefile b/Makefile index d31dfe84928..0230a2a8490 100644 --- a/Makefile +++ b/Makefile @@ -37,28 +37,28 @@ local: $(eval export KEY_VAULT=s189t01-git-local-app-kv) $(eval export AZURE_SUBSCRIPTION=s189-teacher-services-cloud-test) -.PHONY: review_aks -review_aks: test-cluster +.PHONY: review +review: test-cluster $(if $(PR_NUMBER), , $(error Missing environment variable "PR_NUMBER", Please specify a pr number for your review app)) - $(eval include global_config/review_aks.sh) + $(eval include global_config/review.sh) $(eval export DEPLOY_ENV=review) $(eval export TF_VAR_pr_number=-${PR_NUMBER}) -.PHONY: development_aks -development_aks: test-cluster - $(eval include global_config/development_aks.sh) +.PHONY: development +development: test-cluster + $(eval include global_config/development.sh) -.PHONY: test_aks -test_aks: test-cluster - $(eval include global_config/test_aks.sh) +.PHONY: test +test: test-cluster + $(eval include global_config/test.sh) -.PHONY: production_aks -production_aks: production-cluster - $(eval include global_config/production_aks.sh) +.PHONY: production +production: production-cluster + $(eval include global_config/production.sh) -.PHONY: beta_aks -beta_aks: production-cluster - $(eval include global_config/beta_aks.sh) +.PHONY: beta +beta: production-cluster + $(eval include global_config/beta.sh) clean: [ ! -f fetch_config.rb ] \ @@ -99,7 +99,7 @@ bin/konduit.sh: curl -s https://raw.githubusercontent.com/DFE-Digital/teacher-services-cloud/main/scripts/konduit.sh -o bin/konduit.sh \ && chmod +x bin/konduit.sh -terraform-init-aks: composed-variables bin/terrafile set-azure-account +terraform-init: composed-variables bin/terrafile set-azure-account $(if ${DOCKER_IMAGE_TAG}, , $(eval DOCKER_IMAGE_TAG=master)) $(if $(PR_NUMBER), $(eval KEY_PREFIX=$(PR_NUMBER)), $(eval KEY_PREFIX=$(ENVIRONMENT))) @@ -115,13 +115,13 @@ terraform-init-aks: composed-variables bin/terrafile set-azure-account $(eval export TF_VAR_service_short=${SERVICE_SHORT}) $(eval export TF_VAR_docker_image=${DOCKER_REPOSITORY}:${DOCKER_IMAGE_TAG}) -terraform-plan-aks: terraform-init-aks +terraform-plan: terraform-init terraform -chdir=terraform/aks plan -var-file "config/${CONFIG}.tfvars.json" -terraform-apply-aks: terraform-init-aks +terraform-apply: terraform-init terraform -chdir=terraform/aks apply -var-file "config/${CONFIG}.tfvars.json" ${AUTO_APPROVE} -terraform-destroy-aks: terraform-init-aks +terraform-destroy: terraform-init terraform -chdir=terraform/aks destroy -var-file "config/${CONFIG}.tfvars.json" ${AUTO_APPROVE} domains: @@ -181,10 +181,10 @@ domains-init: bin/terrafile domains-composed-variables set-azure-account -backend-config=storage_account_name=${STORAGE_ACCOUNT_NAME} \ -backend-config=key=${ENVIRONMENT}.tfstate -domains-plan: domains domains-init ## Terraform plan for DNS environment domains. Usage: make development_aks domains-plan +domains-plan: domains domains-init ## Terraform plan for DNS environment domains. Usage: make development domains-plan terraform -chdir=terraform/domains/environment_domains plan -var-file config/${ENVIRONMENT}.tfvars.json -domains-apply: domains domains-init ## Terraform apply for DNS environment domains. Usage: make development_aks domains-apply +domains-apply: domains domains-init ## Terraform apply for DNS environment domains. Usage: make development domains-apply terraform -chdir=terraform/domains/environment_domains apply -var-file config/${ENVIRONMENT}.tfvars.json ${AUTO_APPROVE} test-cluster: @@ -204,7 +204,7 @@ edit-local-secrets-aks: install-fetch-config set-azure-account print-local-secrets-aks: install-fetch-config set-azure-account ./fetch_config.rb -s azure-key-vault-secret:s189t01-git-local-app-kv/${APPLICATION_SECRETS} -f yaml -action-group-resources: set-azure-account # make env_aks action-group-resources ACTION_GROUP_EMAIL=notificationemail@domain.com . Must be run before setting enable_monitoring=true for each subscription +action-group-resources: set-azure-account # make env action-group-resources ACTION_GROUP_EMAIL=notificationemail@domain.com . Must be run before setting enable_monitoring=true for each subscription $(if $(ACTION_GROUP_EMAIL), , $(error Please specify a notification email for the action group)) echo ${AZURE_RESOURCE_PREFIX}-${SERVICE_SHORT}-mn-rg az group create -l uksouth -g ${AZURE_RESOURCE_PREFIX}-${SERVICE_SHORT}-mn-rg --tags "Product=Get into teaching website" "Environment=Test" "Service Offering=Teacher services cloud" diff --git a/global_config/beta_aks.sh b/global_config/beta.sh similarity index 90% rename from global_config/beta_aks.sh rename to global_config/beta.sh index c065af809d8..057c9a0f787 100644 --- a/global_config/beta_aks.sh +++ b/global_config/beta.sh @@ -1,4 +1,4 @@ -CONFIG=beta_aks +CONFIG=beta ENVIRONMENT=beta CONFIG_SHORT=bt AZURE_SUBSCRIPTION=s189-teacher-services-cloud-production diff --git a/global_config/development_aks.sh b/global_config/development.sh similarity index 86% rename from global_config/development_aks.sh rename to global_config/development.sh index 73bad81b011..e9ab4b6c679 100644 --- a/global_config/development_aks.sh +++ b/global_config/development.sh @@ -1,4 +1,4 @@ -CONFIG=development_aks +CONFIG=development ENVIRONMENT=development CONFIG_SHORT=dv AZURE_SUBSCRIPTION=s189-teacher-services-cloud-test diff --git a/global_config/production_aks.sh b/global_config/production.sh similarity index 87% rename from global_config/production_aks.sh rename to global_config/production.sh index 64d26022b76..0a122077b3a 100644 --- a/global_config/production_aks.sh +++ b/global_config/production.sh @@ -1,4 +1,4 @@ -CONFIG=production_aks +CONFIG=production ENVIRONMENT=production CONFIG_SHORT=pd AZURE_SUBSCRIPTION=s189-teacher-services-cloud-production diff --git a/global_config/review_aks.sh b/global_config/review.sh similarity index 88% rename from global_config/review_aks.sh rename to global_config/review.sh index a41362ca867..564bdd2caf9 100644 --- a/global_config/review_aks.sh +++ b/global_config/review.sh @@ -1,4 +1,4 @@ -CONFIG=review_aks +CONFIG=review ENVIRONMENT=review CONFIG_SHORT=rv AZURE_SUBSCRIPTION=s189-teacher-services-cloud-test diff --git a/global_config/test_aks.sh b/global_config/test.sh similarity index 89% rename from global_config/test_aks.sh rename to global_config/test.sh index 7726e7cd2fd..ad8eae48076 100644 --- a/global_config/test_aks.sh +++ b/global_config/test.sh @@ -1,4 +1,4 @@ -CONFIG=test_aks +CONFIG=test ENVIRONMENT=test CONFIG_SHORT=ts AZURE_SUBSCRIPTION=s189-teacher-services-cloud-test diff --git a/terraform/aks/config/development_aks.tfvars.json b/terraform/aks/config/development.tfvars.json similarity index 100% rename from terraform/aks/config/development_aks.tfvars.json rename to terraform/aks/config/development.tfvars.json diff --git a/terraform/aks/config/development_aks_Terrafile b/terraform/aks/config/development_Terrafile similarity index 100% rename from terraform/aks/config/development_aks_Terrafile rename to terraform/aks/config/development_Terrafile diff --git a/terraform/aks/config/production_aks.tfvars.json b/terraform/aks/config/production.tfvars.json similarity index 100% rename from terraform/aks/config/production_aks.tfvars.json rename to terraform/aks/config/production.tfvars.json diff --git a/terraform/aks/config/production_aks_Terrafile b/terraform/aks/config/production_Terrafile similarity index 100% rename from terraform/aks/config/production_aks_Terrafile rename to terraform/aks/config/production_Terrafile diff --git a/terraform/aks/config/review_aks.tfvars.json b/terraform/aks/config/review.tfvars.json similarity index 100% rename from terraform/aks/config/review_aks.tfvars.json rename to terraform/aks/config/review.tfvars.json diff --git a/terraform/aks/config/review_aks_Terrafile b/terraform/aks/config/review_Terrafile similarity index 100% rename from terraform/aks/config/review_aks_Terrafile rename to terraform/aks/config/review_Terrafile diff --git a/terraform/aks/config/test_aks.tfvars.json b/terraform/aks/config/test.tfvars.json similarity index 100% rename from terraform/aks/config/test_aks.tfvars.json rename to terraform/aks/config/test.tfvars.json diff --git a/terraform/aks/config/test_aks_Terrafile b/terraform/aks/config/test_Terrafile similarity index 100% rename from terraform/aks/config/test_aks_Terrafile rename to terraform/aks/config/test_Terrafile diff --git a/tests/confidence/healthcheck.sh b/tests/confidence/healthcheck.sh index e5572bad852..4b3b636c8a2 100755 --- a/tests/confidence/healthcheck.sh +++ b/tests/confidence/healthcheck.sh @@ -23,14 +23,14 @@ APP_SHA=${2} if [ -z "${HTTPAUTH_USERNAME}" ] then AUTHORITY="" -else +else AUTHORITY="--user ${HTTPAUTH_USERNAME}:${HTTPAUTH_PASSWORD}" fi rval=0 -FULL_URL="https://${URL}.london.cloudapps.digital/healthcheck.json" -http_status=$(curl ${AUTHORITY} -o /dev/null -s -w "%{http_code}" ${FULL_URL}) -if [ "${http_status}" != "200" ] +FULL_URL="https://${URL}.teacherservices.cloud/healthcheck.json" +http_status=$(curl ${AUTHORITY} -o /dev/null -s -w "%{http_code}" ${FULL_URL}) +if [ "${http_status}" != "200" ] then echo "HTTP Status ${http_status}" rval=1 @@ -40,7 +40,7 @@ else json=$(curl ${AUTHORITY} -s -X GET ${FULL_URL}) sha=$( echo ${json} | jq -r .app_sha) - if [ "${sha}" != "${APP_SHA}" ] + if [ "${sha}" != "${APP_SHA}" ] then echo "APP SHA (${sha}) is not ${APP_SHA}" rval=1 @@ -49,4 +49,3 @@ else fi fi exit ${rval} - diff --git a/tests/confidence/healthcheck_aks.sh b/tests/confidence/healthcheck_aks.sh deleted file mode 100755 index 4b3b636c8a2..00000000000 --- a/tests/confidence/healthcheck_aks.sh +++ /dev/null @@ -1,51 +0,0 @@ -################################################################################################# -### -### CURL the deployed containers healthcheck and return the status and SHA. -### check the SHA against a passed in parameter -### -### Input parameters ( not validated ) -### 1 URL -### 2 APP SHA -### -### Returns -### 1 on failure -### 0 on sucess -### -################################################################################################# -URL=${1} -APP_SHA=${2} - -#URL="get-into-teaching-app-dev" -#APP_SHA="de1bb0b" -#APP_SHA="de1bb0b" - - -if [ -z "${HTTPAUTH_USERNAME}" ] -then - AUTHORITY="" -else - AUTHORITY="--user ${HTTPAUTH_USERNAME}:${HTTPAUTH_PASSWORD}" -fi - -rval=0 -FULL_URL="https://${URL}.teacherservices.cloud/healthcheck.json" -http_status=$(curl ${AUTHORITY} -o /dev/null -s -w "%{http_code}" ${FULL_URL}) -if [ "${http_status}" != "200" ] -then - echo "HTTP Status ${http_status}" - rval=1 -else - echo "HTTP Status is Healthy" - - json=$(curl ${AUTHORITY} -s -X GET ${FULL_URL}) - - sha=$( echo ${json} | jq -r .app_sha) - if [ "${sha}" != "${APP_SHA}" ] - then - echo "APP SHA (${sha}) is not ${APP_SHA}" - rval=1 - else - echo "APP SHA is correct" - fi -fi -exit ${rval}