New: [AEA-4587] - Added option for second run against SHA1 app (#198)

MatthewPopat-NHS · anthony-nhs · web-flow · commit a489481b9a2a · 2024-12-16T17:21:06.000Z
## Summary

- ✨ New Feature

### Details

Feature under test: Enable prescribing systems to toggle to SHA-256
unilaterally

---------

Co-authored-by: Anthony Brown &lt;121869075+anthony-nhs@users.noreply.github.com&gt;
diff --git a/.github/workflows/regression_tests.yml b/.github/workflows/regression_tests.yml
@@ -37,6 +37,11 @@ on:
         description: 'The github tag to run the test pack from'
         required: false
         default: "main"
+      run_sha1_tests:
+        description: whether to also run against a sha1 enabled apigee app
+        required: false
+        type: boolean
+        default: false
 
 jobs:
   regression_tests:
@@ -115,6 +120,32 @@ jobs:
             echo Pull request ID = "$PULL_REQUEST_ID"
             poetry run python ./runner.py --env="$ENVIRONMENT" --product="$PRODUCT" --tags="$TAGS"
 
+      - name: SHA1 Regression Tests
+        id: sha1_tests
+        continue-on-error: true
+        if: inputs.run_sha1_tests == true
+        env:
+          PRODUCT: ${{ inputs.product }}
+          ENVIRONMENT: ${{ inputs.environment }}
+          PULL_REQUEST_ID: ${{ inputs.pull_request_id }}
+          TAGS: ${{ inputs.tags }}
+          CLIENT_ID: ${{ secrets.SHA1_CLIENT_ID }}
+          CLIENT_SECRET: ${{ secrets.SHA1_CLIENT_SECRET }}
+          CERTIFICATE: ${{ secrets.CERTIFICATE }}
+          PRIVATE_KEY: ${{ secrets.PRIVATE_KEY }}
+          JWT_KID: ${{ secrets.JWT_KID }}
+          JWT_PRIVATE_KEY: ${{ secrets.JWT_PRIVATE_KEY }}
+        run: |
+            export CLIENT_ID="$CLIENT_ID"
+            export CLIENT_SECRET="$CLIENT_SECRET"
+            export CERTIFICATE="$CERTIFICATE"
+            export PRIVATE_KEY="$PRIVATE_KEY"
+            export JWT_KID="$JWT_KID"
+            export JWT_PRIVATE_KEY="$JWT_PRIVATE_KEY"
+            export PULL_REQUEST_ID="$PULL_REQUEST_ID"
+            echo Pull request ID = "$PULL_REQUEST_ID"
+            poetry run python ./runner.py --env="$ENVIRONMENT" --product="$PRODUCT" --tags="$TAGS"
+
       - name: Upload Artifact
         uses: actions/upload-artifact@v4
         with:
@@ -132,7 +163,7 @@ jobs:
           repositories: "electronic-prescription-service-api-regression-tests,eps-test-reports"
 
       - name: Report failure on test failure
-        if: steps.tests.outcome != 'success'
+        if: steps.tests.outcome != 'success' || steps.sha1_tests.outcome != 'success'
         run: |
           poetry run python scripts/send_test_results.py --token=${{ steps.generate-token.outputs.token }} --run_id ${{GITHUB.RUN_ID}}
           echo The regression tests step failed, this likely means there are test failures.
diff --git a/scripts/set_secrets.sh b/scripts/set_secrets.sh
@@ -0,0 +1,92 @@
+#!/usr/bin/env bash
+
+check_gh_logged_in() {
+    if ! gh auth status >/dev/null 2>&1; then
+        echo "You need to login using gh auth login"
+        exit 1
+    fi
+}
+
+set_environment_secret() {
+    secret_name=$1
+    secret_value=$2
+    environment=$3
+    if [ -z "${secret_value}" ]; then
+        echo "value passed for secret ${secret_name} is unset or set to the empty string. Not setting"
+        return 0
+    fi
+    echo
+    echo "*****************************************"
+    echo
+    echo "setting value for ${secret_name} in environment ${environment}"
+    echo "secret_value: ${secret_value}"
+    read -r -p "Press Enter to set secret or ctrl+c to exit"
+    gh secret set "${secret_name}" \
+        --repo NHSDigital/electronic-prescription-service-api-regression-tests \
+        --app actions \
+        --env "${environment}" \
+        --body "${secret_value}"
+}
+
+set_repository_secret() {
+    secret_name=$1
+    secret_value=$2
+    if [ -z "${secret_value}" ]; then
+        echo "value passed for secret ${secret_name} is unset or set to the empty string. Not setting"
+        return 0
+    fi
+    echo
+    echo "*****************************************"
+    echo
+    echo "setting value for ${secret_name}"
+    echo "secret_value: ${secret_value}"
+    read -r -p "Press Enter to set secret or ctrl+c to exit"
+    gh secret set "${secret_name}" \
+        --repo NHSDigital/electronic-prescription-service-api-regression-tests \
+        --app actions \
+        --body "${secret_value}"
+}
+
+check_gh_logged_in
+set_environment_secret CLIENT_ID "${REF_CLIENT_ID}" REF
+set_environment_secret CLIENT_ID "${INTERNAL_DEV_SANDBOX_CLIENT_ID}" INTERNAL-DEV-SANDBOX
+set_environment_secret CLIENT_ID "${INTERNAL_DEV_CLIENT_ID}" INTERNAL-DEV
+set_environment_secret CLIENT_ID "${INT_CLIENT_ID}" INT
+set_environment_secret CLIENT_ID "${INTERNAL_QA_CLIENT_ID}" INTERNAL-QA
+
+set_environment_secret CLIENT_SECRET "${REF_CLIENT_SECRET}" REF
+set_environment_secret CLIENT_SECRET "${INTERNAL_DEV_SANDBOX_CLIENT_SECRET}" INTERNAL-DEV-SANDBOX
+set_environment_secret CLIENT_SECRET "${INTERNAL_DEV_CLIENT_SECRET}" INTERNAL-DEV
+set_environment_secret CLIENT_SECRET "${INT_CLIENT_SECRET}" INT
+set_environment_secret CLIENT_SECRET "${INTERNAL_QA_CLIENT_SECRET}" INTERNAL-QA
+
+set_environment_secret JWT_KID "${REF_JWT_KID}" REF
+set_environment_secret JWT_KID "${INTERNAL_DEV_SANDBOX_JWT_KID}" INTERNAL-DEV-SANDBOX
+set_environment_secret JWT_KID "${INTERNAL_DEV_JWT_KID}" INTERNAL-DEV
+set_environment_secret JWT_KID "${INT_JWT_KID}" INT
+set_environment_secret JWT_KID "${INTERNAL_QA_JWT_KID}" INTERNAL-QA
+
+set_environment_secret JWT_PRIVATE_KEY "${REF_JWT_PRIVATE_KEY}" REF
+set_environment_secret JWT_PRIVATE_KEY "${INTERNAL_DEV_SANDBOX_JWT_PRIVATE_KEY}" INTERNAL-DEV-SANDBOX
+set_environment_secret JWT_PRIVATE_KEY "${INTERNAL_DEV_JWT_PRIVATE_KEY}" INTERNAL-DEV
+set_environment_secret JWT_PRIVATE_KEY "${INT_JWT_PRIVATE_KEY}" INT
+set_environment_secret JWT_PRIVATE_KEY "${INTERNAL_QA_JWT_PRIVATE_KEY}" INTERNAL-QA
+
+set_environment_secret SHA1_CLIENT_ID "${REF_SHA1_CLIENT_ID}" REF
+set_environment_secret SHA1_CLIENT_ID "${INTERNAL_DEV_SANDBOX_SHA1_CLIENT_ID}" INTERNAL-DEV-SANDBOX
+set_environment_secret SHA1_CLIENT_ID "${INTERNAL_DEV_SHA1_CLIENT_ID}" INTERNAL-DEV
+set_environment_secret SHA1_CLIENT_ID "${INT_SHA1_CLIENT_ID}" INT
+set_environment_secret SHA1_CLIENT_ID "${INTERNAL_QA_SHA1_CLIENT_ID}" INTERNAL-QA
+
+set_environment_secret SHA1_CLIENT_SECRET "${REF_SHA1_CLIENT_SECRET}" REF
+set_environment_secret SHA1_CLIENT_SECRET "${INTERNAL_DEV_SANDBOX_SHA1_CLIENT_SECRET}" INTERNAL-DEV-SANDBOX
+set_environment_secret SHA1_CLIENT_SECRET "${INTERNAL_DEV_SHA1_CLIENT_SECRET}" INTERNAL-DEV
+set_environment_secret SHA1_CLIENT_SECRET "${INT_SHA1_CLIENT_SECRET}" INT
+set_environment_secret SHA1_CLIENT_SECRET "${INTERNAL_QA_SHA1_CLIENT_SECRET}" INTERNAL-QA
+
+set_repository_secret AUTOMERGE_APP_ID "${AUTOMERGE_APP_ID}"
+set_repository_secret AUTOMERGE_PEM "${AUTOMERGE_PEM}"
+set_repository_secret CERTIFICATE "${CERTIFICATE}"
+set_repository_secret PRIVATE_KEY "${PRIVATE_KEY}"
+set_repository_secret REGRESSION_TESTS_PEM "${REGRESSION_TESTS_PEM}"
+set_repository_secret SONAR_TOKEN "${SONAR_TOKEN}"
