diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index a03b4d655f..3ebed0e0e3 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -21,7 +21,8 @@ "version": "latest", "moby": "true", "installDockerBuildx": "true" - } + }, + "ghcr.io/devcontainers/features/github-cli:1": {} }, "customizations": { "vscode": { diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 073147fa44..20457ccff0 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -129,7 +129,7 @@ jobs: mockOidClientSecret: ${{ secrets.PTL_MOCK_CLIENT_SECRET }} CIS2_PRIVATE_KEY: ${{ secrets.PTL_CIS2_PRIVATE_KEY }} REGRESSION_TESTS_PEM: ${{ secrets.REGRESSION_TESTS_PEM }} - APIGEE_API_KEY: ${{ secrets.APIGEE_API_KEY }} + APIGEE_API_KEY: ${{ secrets.APIGEE_DEV_API_KEY }} create_release_notes: needs: [tag_release, package_code, get_commit_id, release_dev] @@ -182,4 +182,4 @@ jobs: mockOidClientSecret: ${{ secrets.PTL_MOCK_CLIENT_SECRET }} CIS2_PRIVATE_KEY: ${{ secrets.PTL_CIS2_PRIVATE_KEY }} REGRESSION_TESTS_PEM: ${{ secrets.REGRESSION_TESTS_PEM }} - APIGEE_API_KEY: ${{ secrets.APIGEE_API_KEY }} + APIGEE_API_KEY: ${{ secrets.APIGEE_QA_API_KEY }} diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index 5e2779e4f7..a615a783e7 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -94,7 +94,7 @@ jobs: mockOidClientSecret: ${{ secrets.PTL_MOCK_CLIENT_SECRET }} CIS2_PRIVATE_KEY: ${{ secrets.PTL_CIS2_PRIVATE_KEY }} REGRESSION_TESTS_PEM: ${{ secrets.REGRESSION_TESTS_PEM }} - APIGEE_API_KEY: ${{ secrets.APIGEE_API_KEY }} + APIGEE_API_KEY: ${{ secrets.APIGEE_DEV_API_KEY }} report_deployed_url: needs: [release_code, get_issue_number] diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 0556cc3dc6..a908807e93 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -148,7 +148,7 @@ jobs: mockOidClientSecret: ${{ secrets.PTL_MOCK_CLIENT_SECRET }} CIS2_PRIVATE_KEY: ${{ secrets.PTL_CIS2_PRIVATE_KEY }} REGRESSION_TESTS_PEM: ${{ secrets.REGRESSION_TESTS_PEM }} - APIGEE_API_KEY: ${{ secrets.APIGEE_API_KEY }} + APIGEE_API_KEY: ${{ secrets.APIGEE_DEV_API_KEY }} create_release_notes: needs: [tag_release, package_code, get_commit_id, release_dev] @@ -200,7 +200,7 @@ jobs: mockOidClientSecret: ${{ secrets.PTL_MOCK_CLIENT_SECRET }} CIS2_PRIVATE_KEY: ${{ secrets.PTL_CIS2_PRIVATE_KEY }} REGRESSION_TESTS_PEM: ${{ secrets.REGRESSION_TESTS_PEM }} - APIGEE_API_KEY: ${{ secrets.APIGEE_API_KEY }} + APIGEE_API_KEY: ${{ secrets.APIGEE_REF_API_KEY }} release_qa: needs: [tag_release, package_code, get_commit_id, release_dev] @@ -237,7 +237,7 @@ jobs: mockOidClientSecret: ${{ secrets.PTL_MOCK_CLIENT_SECRET }} CIS2_PRIVATE_KEY: ${{ secrets.PTL_CIS2_PRIVATE_KEY }} REGRESSION_TESTS_PEM: ${{ secrets.REGRESSION_TESTS_PEM }} - APIGEE_API_KEY: ${{ secrets.APIGEE_API_KEY }} + APIGEE_API_KEY: ${{ secrets.APIGEE_QA_API_KEY }} release_int: needs: [tag_release, package_code, get_commit_id, release_qa] @@ -274,7 +274,7 @@ jobs: mockOidClientSecret: ${{ secrets.PTL_MOCK_CLIENT_SECRET }} CIS2_PRIVATE_KEY: ${{ secrets.PTL_CIS2_PRIVATE_KEY }} REGRESSION_TESTS_PEM: ${{ secrets.REGRESSION_TESTS_PEM }} - APIGEE_API_KEY: ${{ secrets.APIGEE_API_KEY }} + APIGEE_API_KEY: ${{ secrets.APIGEE_INT_API_KEY }} # release_prod: # needs: [tag_release, package_code, get_commit_id, release_int] diff --git a/scripts/set_secrets.sh b/scripts/set_secrets.sh index 5f82b11aa6..01ea2a4973 100755 --- a/scripts/set_secrets.sh +++ b/scripts/set_secrets.sh @@ -7,77 +7,29 @@ check_gh_logged_in() { fi } -set_secrets() { - gh secret set PTL_PRIMARY_OIDC_CLIENT_ID \ - --repo NHSDigital/eps-prescription-tracker-ui \ - --app actions \ - --body "${Cis2PTLClientID}" - - gh secret set PTL_PRIMARY_OIDC_CLIENT_SECRET \ - --repo NHSDigital/eps-prescription-tracker-ui \ - --app actions \ - --body "$Cis2PTLClientSecret" - - gh secret set PTL_CIS2_PRIVATE_KEY \ - --repo NHSDigital/eps-prescription-tracker-ui \ - --app actions \ - --body "$private_key" - - gh secret set PTL_PRIMARY_OIDC_CLIENT_ID \ - --repo NHSDigital/eps-prescription-tracker-ui \ - --app dependabot \ - --body "${Cis2PTLClientID}" - - gh secret set PTL_PRIMARY_OIDC_CLIENT_SECRET \ - --repo NHSDigital/eps-prescription-tracker-ui \ - --app dependabot \ - --body "$Cis2PTLClientSecret" - - gh secret set PTL_CIS2_PRIVATE_KEY \ - --repo NHSDigital/eps-prescription-tracker-ui \ - --app dependabot \ - --body "$private_key" - - # mock secrets - - gh secret set PTL_MOCK_CLIENT_ID \ - --repo NHSDigital/eps-prescription-tracker-ui \ - --app actions \ - --body "$mockClientID" - - gh secret set PTL_MOCK_CLIENT_SECRET \ - --repo NHSDigital/eps-prescription-tracker-ui \ - --app actions \ - --body "$mockClientSecret" - - gh secret set PTL_MOCK_CLIENT_ID \ - --repo NHSDigital/eps-prescription-tracker-ui \ - --app dependabot \ - --body "$mockClientID" - - gh secret set PTL_MOCK_CLIENT_SECRET \ +set_repository_secret() { + secret_name=$1 + secret_value=$2 + app=$3 + if [ -z "${secret_value}" ]; then + echo "value passed for secret ${secret_name} is unset or set to the empty string. Not setting" + return 0 + fi + echo + echo "*****************************************" + echo + echo "setting value for ${secret_name}" + echo "secret_value: ${secret_value}" + read -r -p "Press Enter to set secret or ctrl+c to exit" + gh secret set "${secret_name}" \ --repo NHSDigital/eps-prescription-tracker-ui \ - --app dependabot \ - --body "$mockClientSecret" + --app "${app}" \ + --body "${secret_value}" } -if [ -z "${Cis2PTLClientID}" ]; then - echo "Cis2PTLClientID is unset or set to the empty string" - exit 1 -fi -if [ -z "${Cis2PTLClientSecret}" ]; then - echo "Cis2PTLClientSecret is unset or set to the empty string" - exit 1 -fi -if [ -z "${mockClientID}" ]; then - echo "mockClientID is unset or set to the empty string" - exit 1 -fi -if [ -z "${mockClientSecret}" ]; then - echo "mockClientSecret is unset or set to the empty string" - exit 1 -fi +# this is a locally generated private key +# the public part of this keypair should be put in packages/staticContent/jwks/jwks.json private_key=$(cat .secrets/eps-cpt-ui-test.pem) if [ -z "${private_key}" ]; then echo "private_key is unset or set to the empty string" @@ -85,3 +37,29 @@ if [ -z "${private_key}" ]; then fi check_gh_logged_in set_secrets + +# these are from cis2 client set up +set_repository_secret PTL_PRIMARY_OIDC_CLIENT_ID "${PTL_PRIMARY_OIDC_CLIENT_ID}" "actions" +set_repository_secret PTL_PRIMARY_OIDC_CLIENT_SECRET "${PTL_PRIMARY_OIDC_CLIENT_SECRET}" "actions" + +# this is a locally generated private key +# the public part of this keypair should be put in packages/staticContent/jwks/jwks.json +set_repository_secret PTL_CIS2_PRIVATE_KEY "${private_key}" "actions" + +# need to set these for dependabot as well +set_repository_secret PTL_PRIMARY_OIDC_CLIENT_ID "${PTL_PRIMARY_OIDC_CLIENT_ID}" "dependabot" +set_repository_secret PTL_PRIMARY_OIDC_CLIENT_SECRET "${PTL_PRIMARY_OIDC_CLIENT_SECRET}" "dependabot" +set_repository_secret PTL_CIS2_PRIVATE_KEY "${private_key}" "dependabot" + +# these are from the keycloak setup of the mock client +set_repository_secret PTL_MOCK_CLIENT_ID "${PTL_MOCK_CLIENT_ID}" "actions" +set_repository_secret PTL_MOCK_CLIENT_SECRET "${PTL_MOCK_CLIENT_SECRET}" "actions" +set_repository_secret PTL_MOCK_CLIENT_ID "${PTL_MOCK_CLIENT_ID}" "dependabot" +set_repository_secret PTL_MOCK_CLIENT_SECRET "${PTL_MOCK_CLIENT_SECRET}" "dependabot" + +# these are from the apigee client set up +set_repository_secret APIGEE_DEV_API_KEY "${APIGEE_DEV_API_KEY}" "actions" +set_repository_secret APIGEE_DEV_API_KEY "${APIGEE_DEV_API_KEY}" "dependabot" +set_repository_secret APIGEE_REF_API_KEY "${APIGEE_REF_API_KEY}" "actions" +set_repository_secret APIGEE_QA_API_KEY "${APIGEE_QA_API_KEY}" "actions" +set_repository_secret APIGEE_INT_API_KEY "${APIGEE_INT_API_KEY}" "actions"