Deploy Backend #4
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy Backend | |
| on: | |
| workflow_call: | |
| inputs: | |
| apigee_environment: | |
| required: true | |
| type: string | |
| create_mns_subscription: | |
| required: false | |
| type: boolean | |
| default: true | |
| environment: | |
| required: true | |
| type: string | |
| sub_environment: | |
| required: true | |
| type: string | |
| workflow_dispatch: | |
| inputs: | |
| apigee_environment: | |
| type: choice | |
| description: Select the Apigee proxy environment | |
| options: | |
| - internal-dev # Add rest later | |
| create_mns_subscription: | |
| description: Create an MNS Subscription. Only available in dev | |
| required: false | |
| type: boolean | |
| default: true | |
| environment: | |
| type: string | |
| description: Select the backend environment | |
| options: | |
| - dev | |
| - preprod | |
| sub_environment: | |
| type: string | |
| description: Set the sub environment name e.g. pr-xxx, or green/blue in higher environments | |
| jobs: | |
| terraform-plan: | |
| runs-on: ubuntu-latest | |
| environment: | |
| name: ${{ inputs.environment }} | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - name: Connect to AWS | |
| uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a | |
| with: | |
| aws-region: eu-west-2 | |
| role-to-assume: arn:aws:iam::${{ vars.AWS_ACCOUNT_ID }}:role/auto-ops | |
| role-session-name: github-actions | |
| - name: Whoami | |
| run: aws sts get-caller-identity | |
| - name: Checkout | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 | |
| - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd | |
| with: | |
| terraform_version: "1.12.2" | |
| - name: Terraform Init | |
| working-directory: ${{ vars.TERRAFORM_DIR_PATH }} | |
| run: make init apigee_environment=${{ inputs.apigee_environment }} environment=${{ inputs.environment }} sub_environment=${{ inputs.sub_environment }} | |
| - name: Terraform Plan | |
| working-directory: ${{ vars.TERRAFORM_DIR_PATH }} | |
| run: make plan apigee_environment=${{ inputs.apigee_environment }} environment=${{ inputs.environment }} sub_environment=${{ inputs.sub_environment }} | |
| # TODO - save the plan and use it in the apply step | |
| terraform-apply: | |
| needs: terraform-plan | |
| runs-on: ubuntu-latest | |
| environment: | |
| name: ${{ inputs.environment }} | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 | |
| - uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a | |
| with: | |
| aws-region: eu-west-2 | |
| role-to-assume: arn:aws:iam::${{ vars.AWS_ACCOUNT_ID }}:role/auto-ops | |
| role-session-name: github-actions | |
| - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd | |
| with: | |
| terraform_version: "1.12.2" | |
| - name: Terraform Init | |
| working-directory: ${{ vars.TERRAFORM_DIR_PATH }} | |
| run: make init apigee_environment=${{ inputs.apigee_environment }} environment=${{ inputs.environment }} sub_environment=${{ inputs.sub_environment }} | |
| - name: Terraform Apply | |
| working-directory: ${{ vars.TERRAFORM_DIR_PATH }} | |
| run: make apply apigee_environment=${{ inputs.apigee_environment }} environment=${{ inputs.environment }} sub_environment=${{ inputs.sub_environment }} | |
| - name: Install poetry | |
| if: ${{ inputs.environment == 'dev' && inputs.create_mns_subscription }} | |
| run: pip install poetry==2.1.4 | |
| - uses: actions/setup-python@v5 | |
| if: ${{ inputs.environment == 'dev' && inputs.create_mns_subscription }} | |
| with: | |
| python-version: 3.11 | |
| cache: 'poetry' | |
| - name: Create MNS Subscription | |
| if: ${{ inputs.environment == 'dev' && inputs.create_mns_subscription }} | |
| working-directory: './lambdas/mns_subscription' | |
| run: | | |
| poetry install --no-root | |
| echo "Subscribing SQS to MNS for notifications..." | |
| make subscribe | |
| # TODO - replace with modular e2e test workflow | |
| # e2e-tests: | |
| # if: ${{ vars.RUN_E2E == 'true' && inputs.sub_environment == vars.ACTIVE_ENVIRONMENT }} | |
| # needs: terraform-apply | |
| # runs-on: ubuntu-latest | |
| # permissions: | |
| # id-token: write | |
| # contents: read | |
| # steps: | |
| # - name: Checkout | |
| # uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 | |
| # - uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a | |
| # with: | |
| # aws-region: eu-west-2 | |
| # role-to-assume: arn:aws:iam::${{ vars.AWS_ACCOUNT_ID }}:role/auto-ops | |
| # role-session-name: github-actions | |
| # - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd | |
| # with: | |
| # terraform_version: "1.12.2" | |
| # - name: Terraform Init | |
| # working-directory: ${{ vars.TERRAFORM_DIR_PATH }} | |
| # run: make init apigee_environment=${{ inputs.apigee_environment }} environment=${{ inputs.environment }} sub_environment=${{ inputs.sub_environment }} | |
| # - name: Set up Python | |
| # uses: actions/setup-python@v5 | |
| # with: | |
| # python-version: "3.11" | |
| # - name: Install Poetry | |
| # run: | | |
| # curl -sSL https://install.python-poetry.org | python3 - --version 2.1.4 | |
| # echo "$HOME/.local/bin" >> $GITHUB_PATH | |
| # poetry --version | |
| # - name: Set Poetry to use Python 3.11 | |
| # working-directory: ${{ vars.E2E_DIR_PATH }} | |
| # run: | | |
| # poetry env use $(which python3.11) | |
| # - name: Install dependencies with Poetry | |
| # working-directory: ${{ vars.E2E_DIR_PATH }} | |
| # run: | | |
| # poetry install --no-root | |
| # - name: Install oathtool | |
| # run: sudo apt-get update && sudo apt-get install -y oathtool | |
| # - name: Get JWT token for apigee | |
| # env: | |
| # APIGEE_USERNAME: ${{ vars.APIGEE_USERNAME }} | |
| # APIGEE_PASSWORD: ${{ secrets.APIGEE_PASSWORD }} | |
| # APIGEE_OAUTH_TOKEN: ${{ secrets.APIGEE_BASIC_AUTH_TOKEN }} | |
| # APIGEE_OTP_SECRET: ${{ secrets.APIGEE_OTP_KEY }} | |
| # run: | | |
| # CODE=$(oathtool --totp -b "$APIGEE_OTP_SECRET") | |
| # echo "::add-mask::$CODE" | |
| # echo "Requesting access token from Apigee..." | |
| # response=$(curl -s -X POST "https://login.apigee.com/oauth/token" \ | |
| # -H "Content-Type: application/x-www-form-urlencoded" \ | |
| # -H "Accept: application/json;charset=utf-8" \ | |
| # -H "Authorization: Basic $APIGEE_BASIC_AUTH_TOKEN" \ | |
| # -d "username=$APIGEE_USERNAME&password=$APIGEE_PASSWORD&mfa_token=$CODE&grant_type=password") | |
| # token=$(echo "$response" | jq -e -r '.access_token') | |
| # if [[ -z "$token" ]]; then | |
| # echo "Failed to retrieve access token" | |
| # exit 1 | |
| # fi | |
| # echo "::add-mask::$token" | |
| # echo "APIGEE_ACCESS_TOKEN=$token" >> $GITHUB_ENV | |
| # - name: Run e2e tests | |
| # working-directory: ${{ vars.E2E_DIR_PATH }} | |
| # env: | |
| # APIGEE_ACCESS_TOKEN: ${{ env.APIGEE_ACCESS_TOKEN }} | |
| # APIGEE_USERNAME: [email protected] | |
| # run: | | |
| # export APIGEE_ENVIRONMENT=internal-dev | |
| # export PROXY_NAME=immunisation-fhir-api-${{ inputs.sub_environment }} | |
| # export SERVICE_BASE_PATH=immunisation-fhir-api/FHIR/R4-${{ inputs.sub_environment }} | |
| # make run-immunization |