Skip to content

Commit 8052ef8

Browse files
jdettmannnavajdettmannnava
committed
Merge branch 'main' into jd/dpc-5222-pace-smoke-tests
2 parents df467ca + 272c87b commit 8052ef8

File tree

4 files changed

+198
-0
lines changed

4 files changed

+198
-0
lines changed

.github/workflows/create-portal-invite.yml

Lines changed: 86 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,86 @@
1+
name: Create DPC Portal Invite
2+
3+
on:
4+
workflow_dispatch:
5+
inputs:
6+
env:
7+
description: AWS environment to check
8+
required: true
9+
type: 'string'
10+
default: 'test'
11+
org_npi:
12+
description: Organization NPI
13+
required: true
14+
type: 'string'
15+
given_name:
16+
description: Given name
17+
required: true
18+
type: 'string'
19+
family_name:
20+
description: Family name
21+
required: true
22+
type: 'string'
23+
email:
24+
description: Email address
25+
required: true
26+
type: 'string'
27+
28+
permissions:
29+
id-token: write
30+
contents: read
31+
32+
jobs:
33+
create-portal-invite:
34+
name: Create DPC Portal Invite
35+
runs-on: codebuild-dpc-app-${{github.run_id}}-${{github.run_attempt}}
36+
steps:
37+
- name: Assert Ownership
38+
run: sudo chmod -R 777 .
39+
- name: Checkout code
40+
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
41+
with:
42+
path: dpc-app
43+
- name: AWS Credentials (non-prod)
44+
if: ${{ inputs.env == 'dev' || inputs.env == 'test' }}
45+
uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1
46+
with:
47+
aws-region: ${{ vars.AWS_REGION }}
48+
role-to-assume: arn:aws:iam::${{ secrets.NON_PROD_ACCOUNT_ID }}:role/delegatedadmin/developer/dpc-${{ inputs.env }}-github-actions
49+
- name: AWS Credentials (prod)
50+
if: ${{ inputs.env == 'sandbox' || inputs.env == 'prod' }}
51+
uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1
52+
with:
53+
aws-region: ${{ vars.AWS_REGION }}
54+
role-to-assume: arn:aws:iam::${{ secrets.PROD_ACCOUNT_ID }}:role/delegatedadmin/developer/dpc-${{ inputs.env }}-github-actions
55+
- name: Install AWS Session Manager Plugin
56+
run: |
57+
sudo dnf install -y https://s3.amazonaws.com/session-manager-downloads/plugin/latest/linux_64bit/session-manager-plugin.rpm
58+
- name: Set cluster and service names
59+
run: |
60+
echo "CLUSTER_NAME=dpc-${{ inputs.env }}-frontend" >> $GITHUB_ENV
61+
echo "SERVICE_NAME=dpc-${{ inputs.env }}-web-portal-v9" >> $GITHUB_ENV
62+
- name: Start temp service
63+
run: ./dpc-app/scripts/start_temp_service.sh $CLUSTER_NAME $SERVICE_NAME
64+
- name: Generate invite link
65+
env:
66+
RAILS_CMD: rails dpc:invite_ao INVITE=${{ inputs.given_name }},${{ inputs.family_name }},${{ inputs.email }},${{ inputs.org_npi }}
67+
run: |
68+
aws ecs execute-command \
69+
--region ${{ vars.AWS_REGION }} \
70+
--cluster $CLUSTER_NAME \
71+
--task $NEW_TASK_ID \
72+
--container $NEW_CONTAINER_NAME \
73+
--command "$RAILS_CMD " \
74+
--interactive
75+
- name: Delete temp service
76+
if: always()
77+
run: |
78+
aws ecs delete-service \
79+
--force \
80+
--cluster $CLUSTER_NAME \
81+
--service $NEW_SERVICE_NAME
82+
- name: Deregister the task definition
83+
if: always()
84+
run: |
85+
TASK_DEF_ARN=$(aws ecs describe-tasks --cluster "$CLUSTER_NAME" --tasks "$NEW_TASK_ARN" | jq -r '.tasks[].taskDefinitionArn')
86+
aws ecs deregister-task-definition --task-definition $TASK_DEF_ARN

scripts/get_task_def_for_service.sh

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
#!/bin/bash
2+
3+
# Requires AWS CLI and session manager plugin.
4+
# Returns the task definition of the currently running service
5+
6+
CLUSTER_NAME=$1
7+
SERVICE_NAME=$2
8+
9+
TASK_ARN=$(aws ecs list-tasks --cluster "$CLUSTER_NAME" --service-name "$SERVICE_NAME" | jq .'taskArns')
10+
TASK_DEFINITION_ARN=$(aws ecs describe-tasks --cluster "$CLUSTER_NAME" --tasks "$TASK_ARN" | jq -r '.tasks[].taskDefinitionArn')
11+
TASK_DEFINITION=$(aws ecs describe-task-definition --task-definition "$TASK_DEFINITION_ARN")
12+
13+
echo "$TASK_DEFINITION" | jq

scripts/get_writeable_task_def_for_service.sh

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,33 @@
1+
#!/bin/bash
2+
3+
# Requires AWS CLI and session manager plugin.
4+
# Gets the current task definition ARN for the service and checks if it's file system is writeable. If it is, the ARN
5+
# is returned. If it isn't, a new writeable task definition is created in ECS and its ARN is returned.
6+
7+
CLUSTER_NAME=$1
8+
SERVICE_NAME=$2
9+
10+
# Get the task def of the currently running service
11+
TASK_DEFINITION=$(./dpc-app/scripts/get_task_def_for_service.sh "$CLUSTER_NAME" "$SERVICE_NAME")
12+
READ_ONLY_ROOT_FILE_SYSTEM=$(echo "$TASK_DEFINITION" | jq '.taskDefinition.containerDefinitions[0].readonlyRootFilesystem' )
13+
14+
# Check if the task def already has a writeable file system. If so, we can use it.
15+
if [ "$READ_ONLY_ROOT_FILE_SYSTEM" == "false" ]; then
16+
echo "$TASK_DEFINITION" | jq -r '.taskDefinition.taskDefinitionArn'
17+
exit 0
18+
fi
19+
20+
# Task wasn't writeable, so we need to register a new task def that is.
21+
NEW_TASK_DEFINITION=$(echo "$TASK_DEFINITION" | jq '.taskDefinition')
22+
NEW_TASK_DEFINITION=$(echo "$NEW_TASK_DEFINITION" | jq '.containerDefinitions[0].readonlyRootFilesystem = false')
23+
NEW_TASK_DEFINITION=$(echo "$NEW_TASK_DEFINITION" | jq 'del(.taskDefinitionArn)')
24+
NEW_TASK_DEFINITION=$(echo "$NEW_TASK_DEFINITION" | jq 'del(.revision)')
25+
NEW_TASK_DEFINITION=$(echo "$NEW_TASK_DEFINITION" | jq 'del(.status)')
26+
NEW_TASK_DEFINITION=$(echo "$NEW_TASK_DEFINITION" | jq 'del(.requiresAttributes)')
27+
NEW_TASK_DEFINITION=$(echo "$NEW_TASK_DEFINITION" | jq 'del(.compatibilities)')
28+
NEW_TASK_DEFINITION=$(echo "$NEW_TASK_DEFINITION" | jq 'del(.registeredAt)')
29+
NEW_TASK_DEFINITION=$(echo "$NEW_TASK_DEFINITION" | jq 'del(.registeredBy)')
30+
NEW_TASK_DEFINITION=$(echo "$NEW_TASK_DEFINITION" | jq 'del(.deregisteredAt)')
31+
32+
CREATED_TASK_DEFINITION=$(aws ecs register-task-definition --cli-input-json "$NEW_TASK_DEFINITION" )
33+
echo "$CREATED_TASK_DEFINITION" | jq -r '.taskDefinition.taskDefinitionArn'

scripts/start_temp_service.sh

Lines changed: 66 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,66 @@
1+
#!/bin/bash
2+
3+
set -euxo pipefail
4+
5+
# Requires AWS CLI and session manager plugin.
6+
# Starts a temporary copy of a service that supports shell access. Remember to delete it manually when you're done
7+
# with it!
8+
9+
# Run with: ~/scripts/start_temp_service.sh <CLUSTER> <SERVICE>
10+
11+
CLUSTER_NAME=$1
12+
SERVICE_NAME=$2
13+
14+
NEW_SERVICE_NAME="temp_${SERVICE_NAME}"
15+
16+
# Check if the temp service is already up from a previous run, and if not start it.
17+
NEW_SERVICE_COUNT=$(aws ecs describe-services --cluster "$CLUSTER_NAME" --services "$NEW_SERVICE_NAME" | jq -r '.services[].runningCount')
18+
if [[ -z "$NEW_SERVICE_COUNT" || "$NEW_SERVICE_COUNT" -eq 0 ]]; then
19+
20+
echo "Getting task definition."
21+
TASK_DEF_ARN=$(./dpc-app/scripts/get_writeable_task_def_for_service.sh "$CLUSTER_NAME" "$SERVICE_NAME")
22+
TASK_DEF=${TASK_DEF_ARN#*/}
23+
24+
echo "Getting network config." # Gets security groups and subnets
25+
NETWORK_CONFIG=$(aws ecs describe-services --cluster "$CLUSTER_NAME" --services "$SERVICE_NAME" --query "services[0].networkConfiguration")
26+
27+
echo "Starting new service $NEW_SERVICE_NAME"
28+
aws ecs create-service \
29+
--cluster "$CLUSTER_NAME" \
30+
--task-definition "$TASK_DEF" \
31+
--enable-execute-command \
32+
--service-name "$NEW_SERVICE_NAME" \
33+
--desired-count 1 \
34+
--launch-type FARGATE \
35+
--network-configuration "$NETWORK_CONFIG" > /dev/null
36+
37+
echo "Waiting for $NEW_SERVICE_NAME to start."
38+
aws ecs wait services-stable --cluster "$CLUSTER_NAME" --services "$NEW_SERVICE_NAME"
39+
else
40+
echo "$NEW_SERVICE_NAME is already running."
41+
fi
42+
43+
echo "$NEW_SERVICE_NAME started, building login command."
44+
45+
echo "Getting running task for $NEW_SERVICE_NAME."
46+
NEW_TASK_ARN=$(aws ecs list-tasks --cluster "$CLUSTER_NAME" --service-name "$NEW_SERVICE_NAME" --launch-type FARGATE | jq .'taskArns')
47+
48+
echo "Getting container info for $NEW_SERVICE_NAME."
49+
# Filter out the aws-guardduty container from the list.
50+
NEW_CONTAINER_INFO=$(aws ecs describe-tasks --cluster "$CLUSTER_NAME" --tasks "$NEW_TASK_ARN" --query "tasks[].containers[?!contains(name, 'aws-guardduty')]" | jq '.[][]')
51+
NEW_CONTAINER_NAME=$(echo "$NEW_CONTAINER_INFO" | jq -r '.name')
52+
NEW_TASK_ARN=$(echo "$NEW_CONTAINER_INFO" | jq -r '.taskArn')
53+
NEW_TASK_ID=${NEW_TASK_ARN#*/*/}
54+
echo "New task id: $NEW_TASK_ID"
55+
echo "New container name: $NEW_CONTAINER_NAME"
56+
57+
# Set env vars for Github
58+
if [ -n "$GITHUB_ACTIONS" ]
59+
then
60+
{
61+
echo "NEW_TASK_ID=$NEW_TASK_ID";
62+
echo "NEW_TASK_ARN=$NEW_TASK_ARN"
63+
echo "NEW_SERVICE_NAME=$NEW_SERVICE_NAME"
64+
echo "NEW_CONTAINER_NAME=$NEW_CONTAINER_NAME"
65+
} >> "$GITHUB_ENV"
66+
fi

0 commit comments

Comments
 (0)