Merge branch 'main' of https://github.com/NHSDigital/eps-assist-me into AEA-5507-code-tidy-up

Author: kris-szlapa

.devcontainer/Dockerfile

@@ -6,7 +6,7 @@ RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
      curl git build-essential libssl-dev zlib1g-dev \
      libbz2-dev libreadline-dev libsqlite3-dev wget llvm \
      libncurses5-dev libncursesw5-dev xz-utils tk-dev \
-     liblzma-dev python3-pip libffi-dev
+     liblzma-dev python3-pip libffi-dev libyaml-dev
 
 # Set user to vscode
 USER vscode

.github/scripts/create_env_release_notes.sh

@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+
+cat <<EOF > payload.json
+{ 
+  "currentTag": "$CURRENT_DEPLOYED_TAG",
+  "targetTag": "$DEV_TAG",
+  "repoName": "eps-assist-me",
+  "targetEnvironment": "$ENV",
+  "productName": "EPS Assist Me",
+  "releaseNotesPageId": "$PAGE_ID",
+  "releaseNotesPageTitle": "Current EPS Assist Me release notes - $ENV"
+}
+EOF
+cat payload.json
+
+function_arn=$(aws cloudformation list-exports --query "Exports[?Name=='release-notes:CreateReleaseNotesLambdaArn'].Value" --output text)
+aws lambda invoke --function-name "${function_arn}" --cli-binary-format raw-in-base64-out --payload file://payload.json out.txt
+cat out.txt

.github/scripts/delete_stacks.sh

@@ -0,0 +1,83 @@
+#!/usr/bin/env bash
+
+# generic script for removing cloudformation stacks and proxygen deployed apis where the pull request is closed
+
+# set the repo name to be the name of the repo this is running in
+REPO_NAME=eps-assist-me
+
+# this should be a regex used in jq command that parses the output from aws cloudformation list-stacks and just captures stacks we are interested in
+CAPTURE_REGEX="^epsam-pr-(\\d+)(-sandbox)?$"
+
+# this should be a regex that is used to get the pull request id from the cloud formation stack name
+# this is used in a replace command to replace the stack name so what is left is just the pull request id
+PULL_REQUEST_STACK_REGEX=epsam-pr-
+
+CNAME_QUERY=epsam-pr-
+
+main() {
+  delete_cloudformation_stacks
+  delete_cname_records
+}
+
+delete_cloudformation_stacks() {
+  echo "checking cloudformation stacks"
+  echo
+  ACTIVE_STACKS=$(aws cloudformation list-stacks | jq -r --arg CAPTURE_REGEX "${CAPTURE_REGEX}" '.StackSummaries[] | select ( .StackStatus != "DELETE_COMPLETE" ) | select( .StackName | capture($CAPTURE_REGEX) ) | .StackName ')
+
+  mapfile -t ACTIVE_STACKS_ARRAY <<< "$ACTIVE_STACKS"
+
+  for i in "${ACTIVE_STACKS_ARRAY[@]}"
+  do 
+    echo "Checking if stack $i has open pull request"
+    PULL_REQUEST=${i//${PULL_REQUEST_STACK_REGEX}/}
+    PULL_REQUEST=${PULL_REQUEST//-sandbox/}
+    echo "Checking pull request id ${PULL_REQUEST}"
+    URL="https://api.github.com/repos/NHSDigital/${REPO_NAME}/pulls/${PULL_REQUEST}"
+    RESPONSE=$(curl "${URL}" 2>/dev/null)
+    STATE=$(echo "${RESPONSE}" | jq -r .state)
+    if [ "$STATE" == "closed" ]; then
+      echo "** going to delete stack $i as state is ${STATE} **"
+      aws cloudformation delete-stack --stack-name "${i}"
+      echo "** Sleeping for 60 seconds to avoid 429 on delete stack **"
+      sleep 60
+    else
+      echo "not going to delete stack $i as state is ${STATE}"
+    fi
+  done
+}
+
+delete_cname_records() {
+  HOSTED_ZONE_ID=$(aws route53 list-hosted-zones-by-name --dns-name dev.eps.national.nhs.uk. | jq -r ".HostedZones[0] | .Id")
+  CNAME_RECORDS=$(aws route53 list-resource-record-sets --hosted-zone-id "${HOSTED_ZONE_ID}" \
+    --query "ResourceRecordSets[?Type == 'CNAME' && contains(Name, '${CNAME_QUERY}')]" \
+    | jq -r " .[] | .Name")
+
+  mapfile -t CNAME_RECORDS_ARRAY <<< "$CNAME_RECORDS"
+
+  for i in "${CNAME_RECORDS_ARRAY[@]}"
+  do
+    echo "Checking if CNAME record $i has open pull request"
+
+    PULL_REQUEST=$(echo "$i" | grep -Po '(?<=-pr-)\d+')
+    echo "Checking pull request id ${PULL_REQUEST}"
+    URL="https://api.github.com/repos/NHSDigital/${REPO_NAME}/pulls/${PULL_REQUEST}"
+    RESPONSE=$(curl --url "${URL}" --header "Authorization: Bearer ${GITHUB_TOKEN}" 2>/dev/null)
+    STATE=$(echo "${RESPONSE}" | jq -r .state)
+    if [ "$STATE" == "closed" ]; then
+      echo "** going to delete CNAME record $i as state is ${STATE} **"
+      record_set=$(aws route53 list-resource-record-sets --hosted-zone-id "${HOSTED_ZONE_ID}" \
+        --query "ResourceRecordSets[?Name == '$i']" --output json | jq .[0])
+
+      jq -n --argjson record_set "${record_set}" \
+          '{Changes: [{Action: "DELETE", ResourceRecordSet: $record_set}]}' > /tmp/payload.json
+
+      aws route53 change-resource-record-sets --hosted-zone-id "${HOSTED_ZONE_ID}" --change-batch file:///tmp/payload.json
+
+      echo "CNAME record $i deleted"
+      else
+        echo "not going to delete CNAME record $i as state is ${STATE} **"
+      fi
+  done
+}
+
+main

.github/scripts/fix_cdk_json.sh

@@ -0,0 +1,44 @@
+#!/usr/bin/env bash
+set -e
+
+# script used to set context key values in cdk.json pre deployment from environment variables
+
+# helper function to set string values
+fix_string_key() {
+    KEY_NAME=$1
+    KEY_VALUE=$2
+    if [ -z "${KEY_VALUE}" ]; then
+        echo "${KEY_NAME} value is unset or set to the empty string"
+        exit 1
+    fi
+    echo "Setting ${KEY_NAME}"
+    jq \
+        --arg key_value "${KEY_VALUE}" \
+        --arg key_name "${KEY_NAME}" \
+        '.context += {($key_name): $key_value}' .build/cdk.json > .build/cdk.new.json
+    mv .build/cdk.new.json .build/cdk.json
+}
+
+# helper function to set boolean and number values (without quotes)
+fix_boolean_number_key() {
+    KEY_NAME=$1
+    KEY_VALUE=$2
+    if [ -z "${KEY_VALUE}" ]; then
+        echo "${KEY_NAME} value is unset or set to the empty string"
+        exit 1
+    fi
+    echo "Setting ${KEY_NAME}"
+    jq \
+        --argjson key_value "${KEY_VALUE}" \
+        --arg key_name "${KEY_NAME}" \
+        '.context += {($key_name): $key_value}' .build/cdk.json > .build/cdk.new.json
+    mv .build/cdk.new.json .build/cdk.json
+}
+
+# go through all the key values we need to set
+fix_string_key accountId "${ACCOUNT_ID}"
+fix_string_key stackName "${STACK_NAME}"
+fix_string_key versionNumber "${VERSION_NUMBER}"
+fix_string_key commitId "${COMMIT_ID}"
+fix_string_key logRetentionInDays "${LOG_RETENTION_IN_DAYS}"
+fix_string_key logLevel "${LOG_LEVEL}"

.github/scripts/get_current_dev_tag

@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+
+dev_tag=$(aws cloudformation describe-stacks --stack-name cpt --query "Stacks[0].Tags[?Key=='version'].Value" --output text)
+
+echo "DEV_TAG=${dev_tag}" >> "$GITHUB_ENV"

.github/scripts/get_target_deployed_tag.sh

@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+
+current_deployed_tag=$(aws cloudformation describe-stacks --stack-name epsam --query "Stacks[0].Tags[?Key=='version'].Value" --output text)
+
+echo "CURRENT_DEPLOYED_TAG=${current_deployed_tag}" >> "$GITHUB_ENV"

.github/workflows/cdk_package_code.yml

@@ -0,0 +1,74 @@
+name: cdk package code
+
+on:
+  workflow_call:
+    inputs:
+      VERSION_NUMBER:
+        required: true
+        type: string
+      COMMIT_ID:
+        required: true
+        type: string
+
+jobs:
+  package_code:
+    runs-on: ubuntu-22.04
+    permissions:
+      id-token: write
+      contents: read
+      packages: read
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ env.BRANCH_NAME }}
+
+      # using git commit sha for version of action to ensure we have stable version
+      - name: Install asdf
+        uses: asdf-vm/actions/setup@1902764435ca0dd2f3388eea723a4f92a4eb8302
+        with:
+          asdf_branch: v0.14.1
+  
+      - name: Cache asdf
+        uses: actions/cache@v4
+        with:
+          path: |
+            ~/.asdf
+          key: ${{ runner.os }}-asdf-${{ hashFiles('**/.tool-versions') }}
+          restore-keys: |
+            ${{ runner.os }}-asdf-
+
+      - name: Install asdf dependencies in .tool-versions
+        uses: asdf-vm/actions/install@1902764435ca0dd2f3388eea723a4f92a4eb8302
+        with:
+          asdf_branch: v0.14.1
+        env:
+          PYTHON_CONFIGURE_OPTS: --enable-shared
+
+      - name: Setting up .npmrc
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          echo "//npm.pkg.github.com/:_authToken=${NODE_AUTH_TOKEN}" >> ~/.npmrc
+          echo "@nhsdigital:registry=https://npm.pkg.github.com" >> ~/.npmrc
+
+      - name: make install
+        run: |
+          make install
+
+      - name: 'Tar files'
+        run: |
+          tar -rf artifact.tar \
+            .tool-versions \
+            packages \
+            node_modules \
+            package.json \
+            package-lock.json \
+            tsconfig.defaults.json \
+            cdk.json
+
+      - uses: actions/upload-artifact@v4
+        name: upload build artifact
+        with:
+          name: build_artifact
+          path: artifact.tar