[NRL-762] Add specific rollback pipeline. Add general activate-stack pipeline. Fix env config scripts to return non-zero on errors

Author: mattdean3-nhs

.github/workflows/activate-stack.yml

@@ -0,0 +1,67 @@
+name: Switch Active Stack
+run-name: Switch active stack to ${{ inputs.stack_name }} in ${{ inputs.environment }} by ${{ github.actor }}
+
+on:
+  workflow_dispatch:
+    inputs:
+      environment:
+        description: "Environment to activate the stack in"
+        required: true
+        default: "dev"
+        type: environment
+
+      stack_name:
+        description: Name of stack to activate
+        required: true
+        type: string
+
+permissions:
+  id-token: write
+  contents: read
+  actions: write
+
+jobs:
+  activate-stack:
+    name: Activate ${{ inputs.stack_name }} for ${{ inputs.environment }}
+    runs-on: [self-hosted, ci]
+    environment: ${{ inputs.environment }}
+
+    steps:
+      - name: Git clone - ${{ github.ref }}
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.ref }}
+
+      - name: Setup asdf cache
+        uses: actions/cache@v4
+        with:
+          path: ~/.asdf
+          key: ${{ runner.os }}-asdf-${{ hashFiles('**/.tool-versions') }}
+          restore-keys: |
+            ${{ runner.os }}-asdf-
+
+      - name: Install asdf
+        uses: asdf-vm/actions/[email protected]
+
+      - name: Configure Management Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: eu-west-2
+          role-to-assume: ${{ secrets.MGMT_ROLE_ARN }}
+          role-session-name: github-actions-ci-${{ inputs.environment }}-${{ github.run_id}}
+
+      - name: Install zip
+        run: sudo apt-get install zip
+
+      - name: Setup Python environment
+        run: |
+          poetry install --no-root
+          source $(poetry env info --path)/bin/activate
+
+      - name: Get current environment config
+        run: |
+          poetry run python ./scripts/get_env_config.py all ${{ inputs.environment }}
+
+      - name: Activate Stack
+        run: |
+          poetry run python ./scripts/activate-stack.py ${{ inputs.stack_name }} ${{ inputs.environment }}

.github/workflows/rollback-stack.yml

@@ -0,0 +1,67 @@
+name: Rollback Stack
+run-name: Rollback to inactive stack in ${{ inputs.environment }} by ${{ github.actor }}
+
+on:
+  workflow_dispatch:
+    inputs:
+      environment:
+        description: "Environment to rollback the stack in"
+        required: true
+        default: "dev"
+        type: environment
+
+permissions:
+  id-token: write
+  contents: read
+  actions: write
+
+jobs:
+  rollback-stack:
+    name: Rollback to inactive stack for ${{ inputs.environment }}
+    runs-on: [self-hosted, ci]
+    environment: ${{ inputs.environment }}
+
+    steps:
+      - name: Git clone - ${{ github.ref }}
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.ref }}
+
+      - name: Setup asdf cache
+        uses: actions/cache@v4
+        with:
+          path: ~/.asdf
+          key: ${{ runner.os }}-asdf-${{ hashFiles('**/.tool-versions') }}
+          restore-keys: |
+            ${{ runner.os }}-asdf-
+
+      - name: Install asdf
+        uses: asdf-vm/actions/[email protected]
+
+      - name: Configure Management Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: eu-west-2
+          role-to-assume: ${{ secrets.MGMT_ROLE_ARN }}
+          role-session-name: github-actions-ci-${{ inputs.environment }}-${{ github.run_id}}
+
+      - name: Install zip
+        run: sudo apt-get install zip
+
+      - name: Setup Python environment
+        run: |
+          poetry install --no-root
+          source $(poetry env info --path)/bin/activate
+
+      - name: Get current environment config
+        run: |
+          poetry run python ./scripts/get_env_config.py all ${{ inputs.environment }}
+
+      - name: Rollback
+        run: |
+          inactive_stack_name=$(poetry run python ./scripts/get_env_config.py inactive-stack ${{ inputs.environment }})
+          poetry run python ./scripts/activate-stack.py ${inactive_stack_name} ${{ inputs.environment }}
+
+      - name: "Smoke Test"
+        run: |
+          make ENV=${{ inputs.environment }} test-smoke-external

scripts/activate_stack.py

@@ -131,7 +131,7 @@ def activate_stack(stack_name: str, env: str, session: any):
         )
         print(f"Failed to activate stack: {err}", file=sys.stderr)
         print(f"Stack trace: {traceback.format_exc()}", file=sys.stderr)
-        return
+        sys.exit(1)
 
     print("Updating environment config and unlocking....")
     environment_config[CONFIG_INACTIVE_STACK] = current_active_stack

scripts/get_env_config.py

@@ -14,13 +14,16 @@ def main(parameter_name: str, env: str):
     response = sm.get_secret_value(SecretId=secret_key)
     parameters = json.loads(response["SecretString"])
 
-    if parameter_name in parameters:
+    if parameter_name == "all":
+        print(parameters)
+    elif parameter_name in parameters:
         print(parameters[parameter_name])
     else:
         print(
             f"Parameter {parameter_name} not found in environment config",
             file=sys.stderr,
         )
+        sys.exit(1)
 
 
 if __name__ == "__main__":