NHSDigital
diff --git a/‎.github/workflows/deploy-backend.yml‎
Lines changed: 179 additions & 0 deletions b/‎.github/workflows/deploy-backend.yml‎
Lines changed: 179 additions & 0 deletions
diff --git a/‎.github/workflows/deploy-blue-green.yml‎
Lines changed: 0 additions & 20 deletions b/‎.github/workflows/deploy-blue-green.yml‎
Lines changed: 0 additions & 20 deletions
diff --git a/‎.github/workflows/deploy-template.yml‎
Lines changed: 0 additions & 162 deletions b/‎.github/workflows/deploy-template.yml‎
Lines changed: 0 additions & 162 deletions
@@ -0,0 +1,179 @@
+name: Deploy Backend
+
+on:
+  workflow_call:
+    inputs:
+      apigee_environment:
+        required: true
+        type: string
+      environment:
+        required: true
+        type: string
+      sub_environment:
+        required: true
+        type: string
+  workflow_dispatch:
+    inputs:
+      apigee_environment:
+        type: choice
+        description: Select the Apigee proxy environment
+        options:
+          - internal-dev # Add rest later
+      environment:
+        type: string
+        description: Select the backend environment
+        options:
+          - dev
+          - preprod
+      sub_environment:
+        type: string
+        description: Set the sub environment name e.g. pr-xxx, or green/blue in higher environments
+
+jobs:
+  terraform-plan:
+    runs-on: ubuntu-latest
+    environment:
+      name: ${{ inputs.environment }}
+    permissions:
+      id-token: write
+      contents: read
+    steps:
+      - name: Connect to AWS
+        uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a
+        with:
+          aws-region: eu-west-2
+          role-to-assume: arn:aws:iam::${{ vars.AWS_ACCOUNT_ID }}:role/auto-ops
+          role-session-name: github-actions
+
+      - name: Whoami
+        run: aws sts get-caller-identity
+
+      - name: Checkout
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
+
+      - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd
+        with:
+          terraform_version: "1.12.2"
+
+      - name: Terraform Init
+        working-directory: ${{ vars.TERRAFORM_DIR_PATH }}
+        run: make init apigee_environment=${{ inputs.apigee_environment }} environment=${{ inputs.environment }} sub_environment=${{ inputs.sub_environment }}
+
+      - name: Terraform Plan
+        working-directory: ${{ vars.TERRAFORM_DIR_PATH }}
+        run: make plan apigee_environment=${{ inputs.apigee_environment }} environment=${{ inputs.environment }} sub_environment=${{ inputs.sub_environment }}
+        # TODO - save the plan and use it in the apply step
+
+  terraform-apply:
+    needs: terraform-plan
+    runs-on: ubuntu-latest
+    environment:
+      name: ${{ inputs.environment }}
+    permissions:
+      id-token: write
+      contents: read
+    steps:
+      - name: Checkout
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
+
+      - uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a
+        with:
+          aws-region: eu-west-2
+          role-to-assume: arn:aws:iam::${{ vars.AWS_ACCOUNT_ID }}:role/auto-ops
+          role-session-name: github-actions
+
+      - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd
+        with:
+          terraform_version: "1.12.2"
+
+      - name: Terraform Init
+        working-directory: ${{ vars.TERRAFORM_DIR_PATH }}
+        run: make init apigee_environment=${{ inputs.apigee_environment }} environment=${{ inputs.environment }} sub_environment=${{ inputs.sub_environment }}
+
+      - name: Terraform Apply
+        working-directory: ${{ vars.TERRAFORM_DIR_PATH }}
+        run: make apply apigee_environment=${{ inputs.apigee_environment }} environment=${{ inputs.environment }} sub_environment=${{ inputs.sub_environment }}
+        # TODO - use a saved plan from the plan step
+  # TODO - replace with modular e2e test workflow
+  # e2e-tests:
+  #   if: ${{ vars.RUN_E2E == 'true' && inputs.sub_environment == vars.ACTIVE_ENVIRONMENT }}
+  #   needs: terraform-apply
+  #   runs-on: ubuntu-latest
+  #   permissions:
+  #     id-token: write
+  #     contents: read
+  #   steps:
+  #     - name: Checkout
+  #       uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
+
+  #     - uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a
+  #       with:
+  #         aws-region: eu-west-2
+  #         role-to-assume: arn:aws:iam::${{ vars.AWS_ACCOUNT_ID }}:role/auto-ops
+  #         role-session-name: github-actions
+
+  #     - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd
+  #       with:
+  #         terraform_version: "1.12.2"
+
+  #     - name: Terraform Init
+  #       working-directory: ${{ vars.TERRAFORM_DIR_PATH }}
+  #       run: make init apigee_environment=${{ inputs.apigee_environment }} environment=${{ inputs.environment }} sub_environment=${{ inputs.sub_environment }}
+
+  #     - name: Set up Python
+  #       uses: actions/setup-python@v5
+  #       with:
+  #         python-version: "3.11"
+
+  #     - name: Install Poetry
+  #       run: |
+  #         curl -sSL https://install.python-poetry.org | python3 - --version 2.1.4
+  #         echo "$HOME/.local/bin" >> $GITHUB_PATH
+  #         poetry --version
+
+  #     - name: Set Poetry to use Python 3.11
+  #       working-directory: ${{ vars.E2E_DIR_PATH }}
+  #       run: |
+  #         poetry env use $(which python3.11)
+
+  #     - name: Install dependencies with Poetry
+  #       working-directory: ${{ vars.E2E_DIR_PATH }}
+  #       run: |
+  #         poetry install --no-root
+
+  #     - name: Install oathtool
+  #       run: sudo apt-get update && sudo apt-get install -y oathtool
+
+  #     - name: Get JWT token for apigee
+  #       env:
+  #         APIGEE_USERNAME: ${{ vars.APIGEE_USERNAME }}
+  #         APIGEE_PASSWORD: ${{ secrets.APIGEE_PASSWORD }}
+  #         APIGEE_OAUTH_TOKEN: ${{ secrets.APIGEE_BASIC_AUTH_TOKEN }}
+  #         APIGEE_OTP_SECRET: ${{ secrets.APIGEE_OTP_KEY }}
+  #       run: |
+  #         CODE=$(oathtool --totp -b "$APIGEE_OTP_SECRET")
+  #         echo "::add-mask::$CODE"
+  #         echo "Requesting access token from Apigee..."
+  #         response=$(curl -s -X POST "https://login.apigee.com/oauth/token" \
+  #           -H "Content-Type: application/x-www-form-urlencoded" \
+  #           -H "Accept: application/json;charset=utf-8" \
+  #           -H "Authorization: Basic $APIGEE_BASIC_AUTH_TOKEN" \
+  #           -d "username=$APIGEE_USERNAME&password=$APIGEE_PASSWORD&mfa_token=$CODE&grant_type=password")
+  #         token=$(echo "$response" | jq -e -r '.access_token')
+  #         if [[ -z "$token" ]]; then
+  #           echo "Failed to retrieve access token"
+  #           exit 1
+  #         fi
+  #         echo "::add-mask::$token"
+  #         echo "APIGEE_ACCESS_TOKEN=$token" >> $GITHUB_ENV
+
+  #     - name: Run e2e tests
+  #       working-directory: ${{ vars.E2E_DIR_PATH }}
+  #       env:
+  #         APIGEE_ACCESS_TOKEN: ${{ env.APIGEE_ACCESS_TOKEN }}
+  #         APIGEE_USERNAME: [email protected]
+  #       run: |
+  #         export APIGEE_ENVIRONMENT=internal-dev
+  #         export PROXY_NAME=immunisation-fhir-api-${{ inputs.sub_environment }}
+  #         export SERVICE_BASE_PATH=immunisation-fhir-api/FHIR/R4-${{ inputs.sub_environment }}
+  #         make run-immunization