Skip to content

Commit de3864d

Browse files
benilovjbenilovj
authored
Merge pull request #4112 from nhsuk/next
Version 2.12.0
2 parents d96f052 + 9d28f93 commit de3864d

File tree

225 files changed

+8552
-877
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

225 files changed

+8552
-877
lines changed

.github/workflows/data-replication-pipeline.yml

Lines changed: 16 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -87,16 +87,8 @@ jobs:
8787
uses: hashicorp/setup-terraform@v3
8888
with:
8989
terraform_version: 1.11.4
90-
- name: Get db secret arn
91-
id: get-db-secret-arn
92-
working-directory: terraform/app
93-
run: |
94-
terraform init -backend-config="env/${{ inputs.environment }}-backend.hcl" -upgrade
95-
DB_SECRET_ARN=$(terraform output --raw db_secret_arn)
96-
echo "DB_SECRET_ARN=$DB_SECRET_ARN" >> $GITHUB_OUTPUT
9790
outputs:
9891
SNAPSHOT_ARN: ${{ steps.get-latest-snapshot.outputs.SNAPSHOT_ARN }}
99-
DB_SECRET_ARN: ${{ steps.get-db-secret-arn.outputs.DB_SECRET_ARN }}
10092

10193
prepare-webapp:
10294
name: Prepare webapp
@@ -154,17 +146,24 @@ jobs:
154146
uses: hashicorp/setup-terraform@v3
155147
with:
156148
terraform_version: 1.11.4
149+
- name: Get db secret arn
150+
id: get-db-secret-arn
151+
working-directory: terraform/app
152+
run: |
153+
terraform init -backend-config="env/${{ inputs.environment }}-backend.hcl" -upgrade
154+
DB_SECRET_ARN=$(terraform output --raw db_secret_arn)
155+
echo "DB_SECRET_ARN=$DB_SECRET_ARN" >> $GITHUB_OUTPUT
157156
- name: Terraform Plan
158157
id: plan
159158
run: |
160159
set -eo pipefail
161160
terraform init -backend-config="env/${{ inputs.environment }}-backend.hcl" -upgrade
162-
161+
163162
CIDR_BLOCKS='${{ inputs.egress_cidr }}'
164163
PLAN_ARGS=(
165164
"plan"
166165
"-var=image_digest=${{ env.DOCKER_DIGEST }}"
167-
"-var=db_secret_arn=${{ env.DB_SECRET_ARN }}"
166+
"-var=db_secret_arn=${{ steps.get-db-secret-arn.outputs.DB_SECRET_ARN }}"
168167
"-var=imported_snapshot=${{ env.SNAPSHOT_ARN }}"
169168
"-var-file=env/${{ inputs.environment }}.tfvars"
170169
"-var=allowed_egress_cidr_blocks=$CIDR_BLOCKS"
@@ -211,3 +210,10 @@ jobs:
211210
set -e
212211
terraform init -backend-config="env/${{ inputs.environment }}-backend.hcl" -upgrade
213212
terraform apply ${{ runner.temp }}/tfplan
213+
- name: Deploy db-access-service
214+
run: |
215+
task_definition_arn=$(terraform output -raw task_definition_arn)
216+
aws ecs update-service \
217+
--cluster mavis-${{ inputs.environment }}-data-replication \
218+
--service mavis-${{ inputs.environment }}-data-replication \
219+
--task-definition $task_definition_arn

.github/workflows/deploy-monitoring.yml

Lines changed: 151 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,151 @@
1+
name: Deploy monitoring stack
2+
run-name: Deploy monitoring stack for ${{ inputs.environment }}
3+
4+
on:
5+
workflow_dispatch:
6+
inputs:
7+
environment:
8+
description: Deployment environment
9+
required: true
10+
type: choice
11+
options:
12+
- development
13+
- production
14+
git_ref_to_deploy:
15+
description: Git reference to deploy
16+
required: false
17+
type: string
18+
19+
permissions: {}
20+
21+
concurrency:
22+
group: deploy-monitoring-${{ inputs.environment }}
23+
24+
env:
25+
aws_role: ${{ inputs.environment == 'production'
26+
&& 'arn:aws:iam::820242920762:role/GithubDeployMonitoring'
27+
|| 'arn:aws:iam::393416225559:role/GithubDeployMonitoring' }}
28+
aws_account_id: ${{ inputs.environment == 'production'
29+
&& '820242920762' || '393416225559' }}
30+
git_ref_to_deploy: ${{ inputs.git_ref_to_deploy || github.ref_name }}
31+
32+
jobs:
33+
plan-aws:
34+
name: Terraform plan (AWS)
35+
runs-on: ubuntu-latest
36+
permissions:
37+
id-token: write
38+
outputs:
39+
has_changes: ${{ steps.plan.outputs.has_changes }}
40+
defaults:
41+
run:
42+
working-directory: terraform/monitoring/aws
43+
steps:
44+
- name: Checkout code
45+
uses: actions/checkout@v4
46+
with:
47+
ref: ${{ env.git_ref_to_deploy }}
48+
- name: Configure AWS Credentials
49+
uses: aws-actions/configure-aws-credentials@v4
50+
with:
51+
role-to-assume: ${{ env.aws_role }}
52+
aws-region: eu-west-2
53+
- name: Install terraform
54+
uses: hashicorp/setup-terraform@v3
55+
with:
56+
terraform_version: 1.11.4
57+
- name: Terraform Plan
58+
id: plan
59+
run: |
60+
set -e
61+
terraform init -backend-config="env/${{ inputs.environment }}-backend.hcl" -upgrade
62+
terraform plan -var-file="env/${{ inputs.environment }}.tfvars" \
63+
-out ${{ runner.temp }}/tfplan-aws | tee ${{ runner.temp }}/tf_stdout_aws
64+
TF_EXIT_CODE=${PIPESTATUS[0]}
65+
cat ${{ runner.temp }}/tf_stdout_aws
66+
if [ $TF_EXIT_CODE -eq 1 ]; then
67+
exit $TF_EXIT_CODE
68+
fi
69+
70+
# Check if there are changes to apply
71+
if grep -q "Your infrastructure matches the configuration." ${{ runner.temp }}/tf_stdout_aws; then
72+
echo "has_changes=false" >> $GITHUB_OUTPUT
73+
echo "No infrastructure changes detected"
74+
else
75+
echo "has_changes=true" >> $GITHUB_OUTPUT
76+
echo "Infrastructure changes detected"
77+
fi
78+
- name: Upload AWS plan artifact
79+
uses: actions/upload-artifact@v4
80+
with:
81+
name: tfplan_monitoring_aws-${{ inputs.environment }}
82+
path: ${{ runner.temp }}/tfplan-aws
83+
84+
apply-aws:
85+
name: Terraform apply (AWS)
86+
runs-on: ubuntu-latest
87+
needs: plan-aws
88+
if: needs.plan-aws.outputs.has_changes == 'true'
89+
environment: ${{ inputs.environment }}
90+
permissions:
91+
id-token: write
92+
defaults:
93+
run:
94+
working-directory: terraform/monitoring/aws
95+
steps:
96+
- name: Checkout code
97+
uses: actions/checkout@v4
98+
with:
99+
ref: ${{ env.git_ref_to_deploy }}
100+
- name: Configure AWS Credentials
101+
uses: aws-actions/configure-aws-credentials@v4
102+
with:
103+
role-to-assume: ${{ env.aws_role }}
104+
aws-region: eu-west-2
105+
- name: Download AWS plan artifact
106+
uses: actions/download-artifact@v4
107+
with:
108+
name: tfplan_monitoring_aws-${{ inputs.environment }}
109+
path: ${{ runner.temp }}
110+
- name: Install terraform
111+
uses: hashicorp/setup-terraform@v3
112+
with:
113+
terraform_version: 1.11.4
114+
- name: Apply AWS changes
115+
run: |
116+
set -e
117+
terraform init -backend-config="env/${{ inputs.environment }}-backend.hcl" -upgrade
118+
terraform apply ${{ runner.temp }}/tfplan-aws
119+
120+
apply-grafana:
121+
name: Terraform apply (Grafana)
122+
runs-on: ubuntu-latest
123+
needs: [plan-aws, apply-aws]
124+
if: always() && needs.plan-aws-aws.result == 'success' && (needs.apply-aws.result == 'success' || needs.apply-aws.result == 'skipped')
125+
permissions:
126+
id-token: write
127+
defaults:
128+
run:
129+
working-directory: terraform/monitoring
130+
steps:
131+
- name: Checkout code
132+
uses: actions/checkout@v4
133+
with:
134+
ref: ${{ env.git_ref_to_deploy }}
135+
- name: Configure AWS Credentials
136+
uses: aws-actions/configure-aws-credentials@v4
137+
with:
138+
role-to-assume: ${{ env.aws_role }}
139+
aws-region: eu-west-2
140+
- name: Install terraform
141+
uses: hashicorp/setup-terraform@v3
142+
with:
143+
terraform_version: 1.11.4
144+
- name: Install dependencies
145+
run: |
146+
sudo apt-get update
147+
sudo apt-get install -y jq uuid-runtime
148+
- name: Deploy Grafana using tf_grafana.sh
149+
run: |
150+
./tf_grafana.sh ${{ inputs.environment }} plan --plan-file ${{ runner.temp }}/out
151+
./tf_grafana.sh ${{ inputs.environment }} apply --plan-file ${{ runner.temp }}/out

.tool-versions

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
nodejs 22.15.0
22
postgres 17.2
33
ruby 3.4.3
4-
awscli 2.13.31
4+
awscli 2.27.46
55
terraform 1.11.4
66
tflint 0.55.1
77
pkl 0.28.1

Dockerfile

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -80,6 +80,8 @@ USER 1000:1000
8080
# Entrypoint prepares the database.
8181
ENTRYPOINT ["/rails/bin/docker-entrypoint"]
8282

83+
VOLUME ["/rails/tmp", "rails/log", "/tmp", "/var/log", "/var/lib/amazon/ssm"]
84+
8385
# Start web server by default, this can be overwritten by environment variable
8486
EXPOSE 4000
8587
ENV HTTP_PORT=4000

Gemfile.lock

Lines changed: 16 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -113,7 +113,7 @@ GEM
113113
ast (2.4.3)
114114
attr_required (1.0.2)
115115
aws-eventstream (1.4.0)
116-
aws-partitions (1.1134.0)
116+
aws-partitions (1.1135.0)
117117
aws-sdk-accessanalyzer (1.74.0)
118118
aws-sdk-core (~> 3, >= 3.227.0)
119119
aws-sigv4 (~> 1.5)
@@ -124,7 +124,7 @@ GEM
124124
base64
125125
jmespath (~> 1, >= 1.6.1)
126126
logger
127-
aws-sdk-ec2 (1.541.0)
127+
aws-sdk-ec2 (1.542.0)
128128
aws-sdk-core (~> 3, >= 3.227.0)
129129
aws-sigv4 (~> 1.5)
130130
aws-sdk-ecr (1.106.0)
@@ -136,8 +136,8 @@ GEM
136136
aws-sdk-kms (1.107.0)
137137
aws-sdk-core (~> 3, >= 3.227.0)
138138
aws-sigv4 (~> 1.5)
139-
aws-sdk-rds (1.283.0)
140-
aws-sdk-core (~> 3, >= 3.225.0)
139+
aws-sdk-rds (1.284.0)
140+
aws-sdk-core (~> 3, >= 3.227.0)
141141
aws-sigv4 (~> 1.5)
142142
aws-sdk-s3 (1.194.0)
143143
aws-sdk-core (~> 3, >= 3.227.0)
@@ -214,7 +214,7 @@ GEM
214214
docile (1.4.0)
215215
domain_name (0.6.20240107)
216216
drb (2.2.3)
217-
dry-cli (1.2.0)
217+
dry-cli (1.3.0)
218218
email_validator (2.2.4)
219219
activemodel
220220
erb (5.0.2)
@@ -231,7 +231,7 @@ GEM
231231
railties (>= 6.1.0)
232232
faker (3.5.2)
233233
i18n (>= 1.8.11, < 2)
234-
faraday (2.13.3)
234+
faraday (2.13.4)
235235
faraday-net_http (>= 2.0, < 3.5)
236236
json
237237
logger
@@ -316,7 +316,7 @@ GEM
316316
jmespath (1.6.2)
317317
jsbundling-rails (1.3.1)
318318
railties (>= 6.0.0)
319-
json (2.13.0)
319+
json (2.13.1)
320320
json-jwt (1.16.6)
321321
activesupport (>= 4.2)
322322
aes_key_wrap
@@ -428,8 +428,9 @@ GEM
428428
parser (3.3.8.0)
429429
ast (~> 2.4.1)
430430
racc
431-
pg (1.5.9)
432-
phonelib (0.10.10)
431+
pg (1.6.0-arm64-darwin)
432+
pg (1.6.0-x86_64-linux)
433+
phonelib (0.10.11)
433434
pp (0.6.2)
434435
prettyprint
435436
prettier_print (1.2.1)
@@ -494,7 +495,7 @@ GEM
494495
rails-html-sanitizer (1.6.2)
495496
loofah (~> 2.21)
496497
nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0)
497-
rails_semantic_logger (4.17.0)
498+
rails_semantic_logger (4.18.0)
498499
rack
499500
railties (>= 5.1)
500501
semantic_logger (~> 4.16)
@@ -518,7 +519,7 @@ GEM
518519
psych (>= 4.0.0)
519520
redcarpet (3.6.1)
520521
regexp_parser (2.10.0)
521-
reline (0.6.1)
522+
reline (0.6.2)
522523
io-console (~> 0.5)
523524
responders (3.1.1)
524525
actionpack (>= 5.2)
@@ -601,7 +602,7 @@ GEM
601602
crass (~> 1.0.2)
602603
nokogiri (>= 1.16.8)
603604
securerandom (0.4.1)
604-
semantic_logger (4.16.1)
605+
semantic_logger (4.17.0)
605606
concurrent-ruby (~> 1.0)
606607
sentry-rails (5.26.0)
607608
railties (>= 5.0)
@@ -707,9 +708,9 @@ GEM
707708
websocket-extensions (0.1.5)
708709
wicked (2.0.0)
709710
railties (>= 3.0.7)
710-
with_advisory_lock (5.3.0)
711-
activerecord (>= 6.1)
712-
zeitwerk (>= 2.6)
711+
with_advisory_lock (7.0.1)
712+
activerecord (>= 7.2)
713+
zeitwerk (>= 2.7)
713714
xpath (3.2.0)
714715
nokogiri (~> 1.8)
715716
yard (0.9.37)

app/components/app_child_summary_component.rb

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -110,6 +110,8 @@ def call
110110

111111
private
112112

113+
def academic_year = AcademicYear.current
114+
113115
def format_nhs_number
114116
highlight_if(helpers.patient_nhs_number(@child), @child.nhs_number_changed?)
115117
end
@@ -162,7 +164,7 @@ def format_school
162164

163165
def format_year_group
164166
highlight_if(
165-
helpers.patient_year_group(@child),
167+
helpers.patient_year_group(@child, academic_year:),
166168
@child.year_group_changed? || @child.registration_changed?
167169
)
168170
end

0 commit comments

Comments
 (0)