New: [AEA-4684] - VPC resources (#9)

Author: Orkastrated

.devcontainer/devcontainer.json

@@ -57,8 +57,13 @@
         "editor.formatOnSave": true, // optional
         "editor.formatOnSaveMode": "file",
         "cSpell.words": ["fhir", "Formik", "pino", "serialisation"],
-        "editor.defaultFormatter": "dbaeumer.vscode-eslint"
-
+        "editor.defaultFormatter": "dbaeumer.vscode-eslint",
+        "[typescript]": {
+          "editor.defaultFormatter": "dbaeumer.vscode-eslint"
+        },
+        "editor.codeActionsOnSave": {
+          "source.fixAll.eslint": "always"
+        }
       }
     }
   },

.github/scripts/call_mark_jira_released.sh

@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+
+echo "calling mark jira released"
+
+cat <<EOF > payload.json
+{ 
+  "releaseVersion": "EPS-VPC-Resources-$RELEASE_TAG"
+}
+EOF
+cat payload.json
+
+function_arn=$(aws cloudformation list-exports --query "Exports[?Name=='release-notes:MarkJiraReleasedLambdaArn'].Value" --output text)
+aws lambda invoke --function-name "${function_arn}" --cli-binary-format raw-in-base64-out --payload file://payload.json out.txt
+cat out.txt

.github/scripts/create_env_release_notes.sh

@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+
+cat <<EOF > payload.json
+{ 
+  "currentTag": "$CURRENT_DEPLOYED_TAG",
+  "targetTag": "$DEV_TAG",
+  "repoName": "eps-vpc-resources",
+  "targetEnvironment": "$ENV",
+  "productName": "EPS VPC Resources",
+  "releaseNotesPageId": "$PAGE_ID",
+  "releaseNotesPageTitle": "Current EPS VPC Resources release notes - $ENV"
+}
+EOF
+cat payload.json
+
+function_arn=$(aws cloudformation list-exports --query "Exports[?Name=='release-notes:CreateReleaseNotesLambdaArn'].Value" --output text)
+aws lambda invoke --function-name "${function_arn}" --cli-binary-format raw-in-base64-out --payload file://payload.json out.txt
+cat out.txt

.github/scripts/create_int_rc_release_notes.sh

@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+
+cat <<EOF > payload.json
+{ 
+  "currentTag": "$CURRENT_DEPLOYED_TAG",
+  "targetTag": "$RELEASE_TAG",
+  "repoName": "eps-vpc-resources",
+  "targetEnvironment": "INT",
+  "productName": "EPS VPC Resources",
+  "releaseNotesPageId": "$PAGE_ID",
+  "releaseNotesPageTitle": "EPS-VPC-Resources-$RELEASE_TAG - Deployed to [INT] on $(date +'%d-%m-%y')",
+  "createReleaseCandidate": "true",
+  "releasePrefix": "EPS-VPC-Resources-"
+}
+EOF
+cat payload.json
+
+function_arn=$(aws cloudformation list-exports --query "Exports[?Name=='release-notes:CreateReleaseNotesLambdaArn'].Value" --output text)
+aws lambda invoke --function-name "${function_arn}" --cli-binary-format raw-in-base64-out --payload file://payload.json out.txt
+cat out.txt

.github/scripts/get_current_dev_tag.sh

@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+
+dev_tag=$(aws cloudformation describe-stacks --stack-name vpc-resources --query "Stacks[0].Tags[?Key=='version'].Value" --output text)
+
+echo "DEV_TAG=${dev_tag}" >> "$GITHUB_ENV"

.github/scripts/get_target_deployed_tag.sh

@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+
+current_deployed_tag=$(aws cloudformation describe-stacks --stack-name vpc-resources --query "Stacks[0].Tags[?Key=='version'].Value" --output text)
+
+if [ -z "$current_deployed_tag" ]
+then
+     current_deployed_tag=v1.0.0-beta
+fi
+
+echo "CURRENT_DEPLOYED_TAG=${current_deployed_tag}" >> "$GITHUB_ENV"

.github/workflows/cdk_package_code.yml

@@ -0,0 +1,70 @@
+name: cdk package code
+
+on:
+  workflow_call:
+    inputs:
+      VERSION_NUMBER:
+        required: true
+        type: string
+      COMMIT_ID:
+        required: true
+        type: string
+
+
+jobs:
+  package_code:
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+      packages: read
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ env.BRANCH_NAME }}
+
+      # using git commit sha for version of action to ensure we have stable version
+      - name: Install asdf
+        uses: asdf-vm/actions/setup@05e0d2ed97b598bfce82fd30daf324ae0c4570e6
+        with:
+          asdf_branch: v0.14.1
+  
+      - name: Cache asdf
+        uses: actions/cache@v4
+        with:
+          path: |
+            ~/.asdf
+          key: ${{ runner.os }}-asdf-${{ hashFiles('**/.tool-versions') }}
+          restore-keys: |
+            ${{ runner.os }}-asdf-${{ hashFiles('**/.tool-versions') }}
+
+      - name: Install asdf dependencies in .tool-versions
+        uses: asdf-vm/actions/install@05e0d2ed97b598bfce82fd30daf324ae0c4570e6
+        with:
+          asdf_branch: v0.14.1
+        env:
+          PYTHON_CONFIGURE_OPTS: --enable-shared
+
+      - name: make install
+        run: |
+          make install
+          make compile-node
+
+      - name: 'Tar files'
+        run: |
+          tar -rf artifact.tar \
+            .tool-versions \
+            packages \
+            node_modules \
+            package.json \
+            package-lock.json \
+            tsconfig.defaults.json \
+            Makefile \
+            cdk.json
+
+      - uses: actions/upload-artifact@v4
+        name: upload build artifact
+        with:
+          name: build_artifact
+          path: artifact.tar

.github/workflows/cdk_release_code.yml

@@ -0,0 +1,150 @@
+name: cdk release code
+
+on:
+  workflow_call:
+    inputs:
+      TARGET_ENVIRONMENT:
+        required: true
+        type: string
+      VERSION_NUMBER:
+        required: true
+        type: string
+      COMMIT_ID:
+        required: true
+        type: string
+      LOG_RETENTION_IN_DAYS:
+        required: true
+        type: string
+    secrets:
+      CLOUD_FORMATION_DEPLOY_ROLE:
+        required: true
+      CDK_PULL_IMAGE_ROLE:
+        required: true
+jobs:
+  release_code:
+    runs-on: ubuntu-latest
+    environment: ${{ inputs.TARGET_ENVIRONMENT }}
+    name: deploy cdk app
+    permissions:
+      id-token: write
+      contents: write
+
+    steps:
+      - name: Checkout local github actions
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ env.BRANCH_NAME }}
+          fetch-depth: 0
+          sparse-checkout: |
+            .github
+
+      - name: Configure AWS Credentials
+        id: connect-aws-pull-image
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: eu-west-2
+          role-to-assume: ${{ secrets.CDK_PULL_IMAGE_ROLE }}
+          role-session-name: eps-vpc-resources-pull-image
+
+      - name: build_artifact download
+        uses: actions/download-artifact@v4
+        with:
+          name: build_artifact
+
+      - name: extract build_artifact
+        run: |
+          mkdir -p .build
+          tar -xf artifact.tar -C .build
+
+      - name: Retrieve AWS Account ID
+        id: retrieve-account-id
+        run: echo "ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)" >> "$GITHUB_ENV"
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        run: |
+          aws ecr get-login-password --region eu-west-2 | docker login --username AWS --password-stdin ${{ env.ACCOUNT_ID }}.dkr.ecr.eu-west-2.amazonaws.com
+
+      - name: Pull cdk-utils-build from Amazon ECR
+        run: |
+          docker pull "${{ env.ACCOUNT_ID }}.dkr.ecr.eu-west-2.amazonaws.com/cdk-utils-build-repo:latest"
+          docker tag "${{ env.ACCOUNT_ID }}.dkr.ecr.eu-west-2.amazonaws.com/cdk-utils-build-repo:latest" cdk-utils-build-repo:latest
+
+      - name: Configure AWS Credentials
+        id: connect-aws
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: eu-west-2
+          role-to-assume: ${{ secrets.CLOUD_FORMATION_DEPLOY_ROLE }}
+          role-session-name: eps-vpc-resources-deployment
+          output-credentials: true
+  
+      - name: fix cdk.json for deployment
+        run: |
+          jq \
+          --arg VERSION_NUMBER "${{ inputs.VERSION_NUMBER }}" \
+          --arg COMMIT_ID "${{ inputs.COMMIT_ID }}" \
+          --arg logRetentionInDays "${{ inputs.LOG_RETENTION_IN_DAYS }}" \
+          '.context += {
+            "VERSION_NUMBER": $VERSION_NUMBER,
+            "COMMIT_ID": $COMMIT_ID,
+            "logRetentionInDays": $logRetentionInDays}' \
+          .build/cdk.json > .build/cdk.new.json
+          mv .build/cdk.new.json .build/cdk.json
+
+      - name: Show diff
+        run: |
+          docker run \
+          -v "$(pwd)/.build":/home/cdkuser/workspace/ \
+          -e AWS_ACCESS_KEY_ID=${{ steps.connect-aws.outputs.aws-access-key-id }} \
+          -e AWS_SECRET_ACCESS_KEY=${{ steps.connect-aws.outputs.aws-secret-access-key }} \
+          -e AWS_SESSION_TOKEN=${{ steps.connect-aws.outputs.aws-session-token }} \
+          -e AWS_REGION="eu-west-2" \
+          -e SHOW_DIFF="true" \
+          -e DEPLOY_CODE="false" \
+          -e CDK_APP_PATH="packages/cdk/bin/VpcResourcesApp.ts" \
+          cdk-utils-build-repo:latest
+        shell: bash
+
+      - name: Deploy code
+        run: |
+          docker run \
+          -v "$(pwd)/.build":/home/cdkuser/workspace/ \
+          -e AWS_ACCESS_KEY_ID=${{ steps.connect-aws.outputs.aws-access-key-id }} \
+          -e AWS_SECRET_ACCESS_KEY=${{ steps.connect-aws.outputs.aws-secret-access-key }} \
+          -e AWS_SESSION_TOKEN=${{ steps.connect-aws.outputs.aws-session-token }} \
+          -e AWS_REGION="eu-west-2" \
+          -e SHOW_DIFF="false" \
+          -e DEPLOY_CODE="true" \
+          -e CDK_APP_PATH="packages/cdk/bin/VpcResourcesApp.ts" \
+          cdk-utils-build-repo:latest
+        shell: bash
+
+  update_github_pages:
+    runs-on: ubuntu-latest
+    environment: ${{ inputs.TARGET_ENVIRONMENT }}
+    if: ${{ always() && !failure() && !cancelled() }}
+    needs: [release_code]
+    permissions:
+      id-token: write
+      contents: write
+    steps:
+      - name: Checkout gh-pages
+        uses: actions/checkout@v4
+        with:
+          ref: gh-pages
+          path: gh-pages
+
+      - name: update release tag in github pages
+        run: |
+          cd gh-pages
+          NOW=$(date +'%Y-%m-%dT%H:%M:%S')
+          echo "tag,release_datetime" > _data/${{ inputs.TARGET_ENVIRONMENT }}_latest.csv
+          echo "${{ inputs.VERSION_NUMBER }},${NOW}" >> _data/${{ inputs.TARGET_ENVIRONMENT }}_latest.csv
+          echo "${{ inputs.VERSION_NUMBER }},${NOW}" >> _data/${{ inputs.TARGET_ENVIRONMENT }}_deployments.csv
+          git config user.name github-actions
+          git config user.email [email protected]
+          git add _data/${{ inputs.TARGET_ENVIRONMENT }}_latest.csv
+          git add _data/${{ inputs.TARGET_ENVIRONMENT }}_deployments.csv
+          git commit -m 'update releases for ${{ inputs.TARGET_ENVIRONMENT }}'
+          parallel --retries 10 --delay 3 ::: "git pull --rebase && git push"