Optum · dilip0515 · Apr 1, 2025 · Apr 1, 2025 · Apr 1, 2025 · Apr 1, 2025
diff --git a/.github/workflows/nonprod.yaml b/.github/workflows/nonprod.yaml
@@ -0,0 +1,19 @@
+name: Nonprod Deployment
+
+on:
+  push:
+    branches:
+      - patch-test-workflows
+
+jobs:
+  pipeline:
+    uses: ./.github/workflows/pipeline.yaml
+    with:
+      environment: nonprod
+    secrets:
+      AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
+      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY}}
+      DCE_NONPROD_HOSTNAME: ${{ secrets.DCE_NONPROD_HOSTNAME }}
+      NOTIFY_EMAIL: ${{ secrets.NOTIFY_EMAIL }}
+
diff --git a/.github/workflows/deploy.yml → .github/workflows/pipeline.yaml b/.github/workflows/deploy.yml → .github/workflows/pipeline.yaml
@@ -1,15 +1,88 @@
-name: Deploy
+name: DCE deploy to environment
 
 on:
-  workflow_run:
-    workflows: ["Test And Build"]
-    types: [completed]
+  workflow_call:
+    inputs:
+      environment:
+        required: true
+        type: string
+        description: "The environment to deploy to (e.g. nonprod, prod)"
+        default: "nonprod"
+      branch:
+        required: false
+        type: string
+        default: master
+      release:
+        required: false
+        type: string
+        default: none
+      go_version:
+        required: false
+        type: string
+        default: "1.21.6"
+      terraform_version:
+        required: false
+        type: string
+        default: "1.7.4"
+    secrets:
+      AWS_DEFAULT_REGION:
+        required: true
+      AWS_ACCESS_KEY_ID:
+        required: true
+      AWS_SECRET_ACCESS_KEY:
+        required: true
+      DCE_NONPROD_HOSTNAME:
+        required: true
+      NOTIFY_EMAIL:
+       required: true
 
 jobs:
+  TestAndBuild:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      - name: Setup Python
+        uses: actions/setup-python@v2
+        with:
+          python-version: "3.x"
+
+      - name: Install Terraform
+        uses: hashicorp/setup-terraform@v1
+        with:
+          terraform_version: ${{ inputs.terraform_version }}
+
+      - name: Setup Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: ${{ inputs.go_version }}
+
+      - name: Set up Golang CI Tools
+        run: ./scripts/install_ci.sh
+
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      - name: Build Go executables
+        run: make build
+
+      - name: Publish build artifacts (bin)
+        uses: actions/upload-artifact@v4
+        with:
+          name: bin
+          path: bin
+
+      - name: Publish build artifacts (deploy_scripts)
+        uses: actions/upload-artifact@v4
+        with:
+          name: deploy_scripts
+          path: scripts
+
   Deploy:
-    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+    needs: [TestAndBuild]
     runs-on: ubuntu-latest
-    environment: "nonprod"
+    environment: nonprod
     steps:
       - name: Checkout repository
         uses: actions/checkout@v2
@@ -45,7 +118,7 @@ jobs:
       - name: Set up the Go workspace
         uses: actions/setup-go@v2
         with:
-          go-version: ${{ env.GO_VERSION }}
+          go-version: ${{ inputs.go_version }}
           go-path: ${{ github.workspace }}/gopath
           go-bin: ${{ github.workspace }}/gopath/bin
       - name: Download pipeline dependencies
@@ -66,10 +139,11 @@ jobs:
         # (deploy DCE in DCE)
       - name: Lease DCE Account
         env:
-          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_DCE_API_ADMIN_NONPROD_ACCESS_KEY_ID }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_DCE_API_ADMIN_NONPROD_SECRET_ACCESS_KEY }}
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           AWS_DEFAULT_REGION: us-east-1
           NAMESPACE: ${{ env.namespace }}
+          DCE_NONPROD_HOSTNAME: ${{secrets.DCE_NONPROD_HOSTNAME}}
         run: |
           set -ex
           echo "Principal ID is ${NAMESPACE}"
@@ -114,7 +188,7 @@ jobs:
       - name: Install Terraform
         uses: hashicorp/setup-terraform@v1
         with:
-          terraform_version: ${{ env.TERRAFORM_VERSION }}
+          terraform_version: ${{ inputs.terraform_version }}
 
       # Configure the Terraform backend
       - name: Configure Terraform Backend
@@ -158,7 +232,7 @@ jobs:
           echo "Running build script"
           ./scripts/build.sh
 
-      # Deploy Application Code to AWS -- > TODO: ARTIFACTS_BUCKET_NAME and NAMESPACE values are hardcoded as -raw flag or jq are throwing errors
+      # Deploy Application Code to AWS -- > TODO ARTIFACTS_BUCKET_NAME and NAMESPACE values are hardcoded as -raw flag or jq are throwing errors
       - name: Deploy Application Code
         run: |
 
@@ -171,10 +245,10 @@ jobs:
           echo "Output namespace: ${NAMESPACE}"
           ./scripts/deploy.sh \
             /home/runner/work/dce/dce/bin/build_artifacts.zip \
-            github-pr-513 \
-            000879607493-dce-artifacts-github-pr-513
+            cd\
+            000879607493-dce-artifacts-cd
 
-      # Functional Tests --> TODO: need to fix the Functional Tests failures
+      # Functional Tests --> TODO need to fix the test failures
       # - name: Functional Tests
       #   run: |
       #     set -euxo pipefail
@@ -183,7 +257,7 @@ jobs:
       #     go get github.com/jstemmer/go-junit-report
       #     go test -v ./tests/... -test.timeout 50m 2>&1 | tee >(go-junit-report > junit-report/functional.xml)
 
-      # Publish junit test results (for unit and functional tests) -- > TODO need to fix the Functional Tests failures
+      # Publish junit test results (for unit and functional tests) -- > TODO need to fix the test failures
 
       # - name: Publish Test Results
       #   if: always()
@@ -270,8 +344,8 @@ jobs:
       - name: DCE Lease Login
         env:
           AWS_DEFAULT_REGION: us-east-1
-          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_DCE_API_ADMIN_NONPROD_ACCESS_KEY_ID }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_DCE_API_ADMIN_NONPROD_SECRET_ACCESS_KEY }}
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
         run: |
           set -ex
           lease_id=$(cat ./lease_id.txt)
@@ -286,7 +360,7 @@ jobs:
       - name: Install Terraform
         uses: hashicorp/setup-terraform@v1
         with:
-          terraform_version: ${{ env.TERRAFORM_VERSION }}
+          terraform_version: ${{ inputs.terraform_version }}
 
       - name: Terraform destroy
         run: |
@@ -302,8 +376,8 @@ jobs:
       - name: End DCE Lease
         env:
           AWS_DEFAULT_REGION: us-east-1
-          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_DCE_API_ADMIN_NONPROD_ACCESS_KEY_ID }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_DCE_API_ADMIN_NONPROD_SECRET_ACCESS_KEY }}
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY}}
         run: |
           set -ex
           lease_id=$(cat ./lease_id.txt)
@@ -324,3 +398,56 @@ jobs:
           ./dce --config=./dce.yml leases end \
             -p ${namespace} \
             -a ${account_id}
+
+  Release:
+    needs: [Deploy]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      - name: Fetch all tags
+        run: git fetch --tags
+
+      - name: Download bin artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: bin
+          path: ${{ github.workspace }}/bin
+
+      - name: Download deploy_scripts artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: deploy_scripts
+          path: ${{ github.workspace }}/deploy_scripts
+
+      - name: Get latest tag
+        id: get_latest_tag
+        run: |
+          latest_tag=$(git describe --tags `git rev-list --tags --max-count=1`)
+          echo "::set-output name=latest_tag::$latest_tag"
+
+      - name: Determine if prerelease
+        id: prerelease_check
+        run: |
+          if [ "${{ github.ref }}" == "refs/heads/master" ]; then
+            echo "::set-output name=prerelease::false"
+          else
+            echo "::set-output name=prerelease::true"
+          fi
+
+      - name: Create GitHub Release
+        if: github.event_name != 'pull_request'
+        uses: actions/create-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          tag_name: "prerelease-${{ github.sha }}"
+          release_name: "Prerelease for ${{ github.sha }}"
+          draft: false
+          prerelease: ${{ steps.prerelease_check.outputs.prerelease }}
+          files: |
+            ${{ github.workspace }}/bin/build_artifacts.zip
+            ${{ github.workspace }}/bin/terraform_artifacts.zip
+            ${{ github.workspace }}/deploy_scripts/deploy.sh
+            ${{ github.workspace }}/deploy_scripts/restore_db.sh
diff --git a/.github/workflows/prerelease.yml b/.github/workflows/prerelease.yml
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml