Merge branch 'master' into CAPT-1527/keep-irp-national-insurance-and-…

…name-for-2-years

.github/actions/deploy-environment/action.yml

@@ -14,6 +14,16 @@ inputs:
   pull-request-number:
     description: The pull request number which triggered this deploy.
     required: false
+  prepare-database:
+    description: Whether to prepare the database by running migrations or seeding if needed
+    required: false
+    default: true
+  aks-namespace:
+    description: The namespace under which kubectl will run
+    required: true
+  aks-deployment:
+    description: The deployment which kubectl will target for running migrations
+    required: true
 
 runs:
   using: composite
@@ -42,3 +52,19 @@ runs:
       run: |
         output=$(terraform -chdir=terraform/application output -raw url)
         echo "APP_URL=$output" >> $GITHUB_ENV
+
+    - uses: azure/login@v2
+      with:
+        creds: ${{ inputs.azure-credentials }}
+
+    - name: Set kubectl
+      uses: DFE-Digital/github-actions/set-kubectl@master
+
+    - name: Prepare database
+      if: ${{ inputs.prepare-database }}
+      shell: bash
+      run: |
+        make ci ${{ inputs.environment }} get-cluster-credentials
+        kubectl exec -n ${{ inputs.aks-namespace }} deployment/${{ inputs.aks-deployment }}-worker -- sh -c "DISABLE_DATABASE_ENVIRONMENT_CHECK=1 bin/prepare-database"
+      env:
+        PR_NUMBER: ${{ inputs.pull-request-number }}

.github/workflows/build_and_deploy.yml

@@ -50,22 +50,9 @@ jobs:
           docker-image: ${{ needs.build.outputs.docker-image-tag }}
           azure-credentials: ${{ secrets.AZURE_CREDENTIALS }}
           pull-request-number: ${{ github.event.pull_request.number }}
-
-      - uses: azure/login@v2
-        with:
-          creds: ${{ secrets.AZURE_CREDENTIALS }}
-
-      - name: Set kubectl
-        uses: DFE-Digital/github-actions/set-kubectl@master
-
-      - name: Seed review app
-        shell: bash
-        if: github.event.number != ''
-        run: |
-          make ci review-aks get-cluster-credentials
-          kubectl exec -n srtl-development deployment/claim-additional-payments-for-teaching-review-${{ github.event.pull_request.number }}-worker -- sh -c "DISABLE_DATABASE_ENVIRONMENT_CHECK=1 bin/prepare-database"
-        env:
-          PR_NUMBER: ${{ github.event.pull_request.number }}
+          aks-namespace: srtl-development
+          aks-deployment: claim-additional-payments-for-teaching-review-${{ github.event.pull_request.number }}
+          prepare-database: ${{ github.event.pull_request.number != '' }}
 
       - name: Post comment to Pull Request ${{ github.event.number }}
         if: ${{ github.event_name == 'pull_request' }}
@@ -83,17 +70,21 @@ jobs:
             | Relocation Payments | <${{ env.APP_URL }}/get-a-teacher-relocation-payment/landing-page> |
             | Admin               | <${{ env.APP_URL }}/admin>                                         |
 
-  deploy_test:
-    name: Deploy to test environment
-    concurrency: deploy_test
+  deploy:
+    name: Deploy to ${{ matrix.environment }}
     runs-on: ubuntu-latest
+    concurrency: deploy_${{ matrix.environment }}
     if: github.ref == 'refs/heads/master' && github.event_name == 'push'
     needs: [build]
     environment:
-      name: test-aks
+      name: ${{ matrix.environment }}-aks
       url: ${{ steps.deploy.outputs.environment_url }}
     outputs:
       environment_url: ${{ steps.deploy.outputs.environment_url }}
+    strategy:
+      max-parallel: 1
+      matrix:
+        environment: [test, production]
 
     steps:
       - name: Checkout code
@@ -106,15 +97,11 @@ jobs:
       - uses: ./.github/actions/deploy-environment
         id: deploy
         with:
-          environment: test-aks
+          environment: ${{ matrix.environment }}-aks
           docker-image: ${{ needs.build.outputs.docker-image-tag }}
           azure-credentials: ${{ secrets.AZURE_CREDENTIALS }}
-
-      - name: Run migrations
-        shell: bash
-        run: |
-          make ci test-aks get-cluster-credentials
-          kubectl exec -n srtl-test deployment/claim-additional-payments-for-teaching-test-worker -- sh -c "DISABLE_DATABASE_ENVIRONMENT_CHECK=1 bin/prepare-database"
+          aks-namespace: srtl-${{ matrix.environment }}
+          aks-deployment: claim-additional-payments-for-teaching-${{ matrix.environment }}
 
       - name: Install Ruby
         uses: ruby/setup-ruby@v1
@@ -126,7 +113,7 @@ jobs:
         run: bundle exec rspec spec/smoke -t smoke:true -b
         env:
           RAILS_ENV: test
-          SMOKE_TEST_APP_HOST: ${{ env.APP_URL }}
+          SMOKE_TEST_APP_HOST: ${{ vars.SMOKE_TEST_APP_HOST }}
           BASIC_AUTH_USERNAME: ${{ secrets.BASIC_AUTH_USERNAME }}
           BASIC_AUTH_PASSWORD: ${{ secrets.BASIC_AUTH_PASSWORD }}
 
@@ -135,6 +122,8 @@ jobs:
         uses: rtCamp/action-slack-notify@master
         env:
           SLACK_COLOR: failure
-          SLACK_TITLE: Failure deploying release to test
-          SLACK_MESSAGE: Failure deploying release to test - Docker tag ${{ needs.build.outputs.docker-image-tag }}
+          SLACK_TITLE: Failure deploying release to ${{ matrix.environment }}
+          SLACK_MESSAGE:
+            Failure deploying release to ${{ matrix.environment }} - Docker tag ${{ needs.build.outputs.docker-image-tag
+            }}
           SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}

.github/workflows/database_backup.yml

@@ -0,0 +1,24 @@
+name: Backup Database to Azure Storage
+concurrency: build_and_deploy_main
+
+on:
+  workflow_dispatch:
+  schedule: # 03:00 UTC
+    - cron: "0 3 * * *"
+
+jobs:
+  backup:
+    name: Backup AKS Database (production)
+    runs-on: ubuntu-latest
+    environment: production-aks
+
+    steps:
+      - name: Backup postgres
+        uses: DFE-Digital/github-actions/backup-postgres@master
+        with:
+          storage-account: s189p01captdbbkppdsa
+          resource-group: s189p01-capt-pd-rg
+          app-name: claim-additional-payments-for-teaching-production-web
+          cluster: production
+          azure-credentials: ${{ secrets.AZURE_CREDENTIALS }}
+          backup-file: capt_prod_$(date +"%F").sql

.github/workflows/database_restore.yml

@@ -0,0 +1,44 @@
+name: Restore Database from Azure Storage
+concurrency: build_and_deploy_main
+
+on:
+  workflow_dispatch:
+    inputs:
+      confirm:
+        description: Set to true to restore nightly backup to production
+        required: true
+        default: 'false'
+        type: choice
+        options:
+        - 'false'
+        - 'true'
+      backup-file:
+        description: Name of the backup file in Azure storage. e.g. capt_prod_2024-07-15.sql.gz. The default value is today's backup.
+        type: string
+
+jobs:
+  restore:
+    name: Restore AKS Database (production)
+    if: inputs.confirm == 'true'
+    runs-on: ubuntu-latest
+    environment: production-aks
+
+    steps:
+      - name: Set backup file
+        run: |
+          if [ "${{ inputs.backup-file }}" != "" ]; then
+            BACKUP_FILE=${{ inputs.backup-file }}
+          else
+            BACKUP_FILE=capt_prod_$(date +"%F").sql.gz
+          fi
+          echo "BACKUP_FILE=$BACKUP_FILE" >> $GITHUB_ENV
+
+      - name: Restore postgres
+        uses: DFE-Digital/github-actions/restore-postgres-backup@master
+        with:
+          storage-account: s189p01captdbbkppdsa
+          resource-group: s189p01-capt-pd-rg
+          app-name: claim-additional-payments-for-teaching-production-web
+          cluster: production
+          azure-credentials: ${{ secrets.AZURE_CREDENTIALS }}
+          backup-file: ${{ env.BACKUP_FILE }}

Dockerfile

@@ -53,22 +53,7 @@ WORKDIR ${APP_HOME}
 
 EXPOSE 3000
 
-CMD /filebeat/filebeat -c /filebeat/filebeat.yml & bundle exec rails server
-
-# Download and install filebeat for sending logs to logstash
-ENV FILEBEAT_VERSION=7.6.2
-ENV FILEBEAT_DOWNLOAD_PATH=/tmp/filebeat.tar.gz
-ENV FILEBEAT_CHECKSUM=482304509aed80db78ef63a0fed88e4453ebe7b11f6b4ab3168036a78f6a413e2f6a5c039f405e13984653b1a094c23f7637ac7daf3da75a032692d1c34a9b65
-
-RUN curl https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-${FILEBEAT_VERSION}-linux-x86_64.tar.gz -o ${FILEBEAT_DOWNLOAD_PATH} && \
-  [ "$(sha512sum ${FILEBEAT_DOWNLOAD_PATH})" = "${FILEBEAT_CHECKSUM}  ${FILEBEAT_DOWNLOAD_PATH}" ] && \
-  tar xzvf ${FILEBEAT_DOWNLOAD_PATH} && \
-  rm ${FILEBEAT_DOWNLOAD_PATH} && \
-  mv filebeat-${FILEBEAT_VERSION}-linux-x86_64 /filebeat && \
-  rm -f /filebeat/filebeat.yml
-
-# Copy our local filebeat config to the installation
-COPY filebeat.yml /filebeat/filebeat.yml
+CMD bundle exec rails server
 
 # Copy dependencies (relying on dependencies using the same base image as this)
 COPY --from=dependencies ${DEPS_HOME}/Gemfile ${APP_HOME}/Gemfile
@@ -96,7 +81,7 @@ RUN DFE_SIGN_IN_API_CLIENT_ID= \
   SUPPRESS_DFE_ANALYTICS_INIT= \
   bundle exec rake assets:precompile
 
-RUN chown -hR appuser:appgroup ${APP_HOME} /filebeat
+RUN chown -hR appuser:appgroup ${APP_HOME}
 
 USER appuser
 

Gemfile.lock

@@ -292,6 +292,8 @@ GEM
     nokogiri (1.16.6)
       mini_portile2 (~> 2.8.2)
       racc (~> 1.4)
+    nokogiri (1.16.6-arm64-darwin)
+      racc (~> 1.4)
     nokogiri (1.16.6-x86_64-darwin)
       racc (~> 1.4)
     nokogiri (1.16.6-x86_64-linux)
@@ -398,7 +400,7 @@ GEM
     request_store_rails (2.0.0)
       concurrent-ruby (~> 1.0)
     retriable (3.1.2)
-    rexml (3.3.1)
+    rexml (3.3.2)
       strscan
     rollbar (3.5.2)
     rotp (6.3.0)
@@ -551,6 +553,7 @@ GEM
     zeitwerk (2.6.16)
 
 PLATFORMS
+  arm64-darwin-23
   ruby
   x86_64-darwin-21
   x86_64-linux

README.md

@@ -295,17 +295,6 @@ STRONGLY discouraged.**
 The console will be ran inside a container instance and won't be on one of the
 web servers, however it will have access to the database.
 
-### Through the Azure UI
-
-- Navigate to the
-  [container instance](https://portal.azure.com/#blade/HubsExtension/BrowseResourceBlade/resourceType/Microsoft.ContainerInstance%2FcontainerGroups)
-  resource (eg. `s118d01-app-worker-aci`)
-- Then go to 'Containers' under 'Settings'
-- With the container selected go to the 'Connect' tab
-- Choose the start up command (`/bin/bash` is recommended) and connect
-- From there, you can run a Rails console with `bin/rails console`. Pass the
-  `--sandbox` flag if you don’t need to modify data.
-
 ### Through the Azure CLI
 
 We have a helpful script you can run that will connect you to the right resource

app/controllers/admin/eligible_fe_providers_controller.rb

@@ -0,0 +1,45 @@
+module Admin
+  class EligibleFeProvidersController < BaseAdminController
+    before_action :ensure_service_operator
+
+    helper_method :journey_configuration
+
+    def create
+      @download_form = EligibleFeProvidersForm.new
+      @upload_form = EligibleFeProvidersForm.new(upload_params)
+
+      if @upload_form.invalid?
+        render "admin/journey_configurations/edit"
+      else
+        @upload_form.importer.run
+        flash[:notice] = @upload_form.importer.results_message
+
+        redirect_to edit_admin_journey_configuration_path(Journeys::FurtherEducationPayments::ROUTING_NAME, eligible_fe_providers_upload: {academic_year: @upload_form.academic_year})
+      end
+    end
+
+    def show
+      @download_form = EligibleFeProvidersForm.new(download_params)
+
+      send_data EligibleFeProvider.csv_for_academic_year(@download_form.academic_year),
+        type: "text/csv",
+        filename: "eligible_further_education_providers_#{@download_form.academic_year}.csv"
+    end
+
+    private
+
+    def journey_configuration
+      @journey_configuration ||= Journeys::Configuration.find_by(
+        routing_name: Journeys::FurtherEducationPayments::ROUTING_NAME
+      )
+    end
+
+    def upload_params
+      params.require(:eligible_fe_providers_upload).permit(:academic_year, :file)
+    end
+
+    def download_params
+      params.require(:eligible_fe_providers_download).permit(:academic_year)
+    end
+  end
+end

app/controllers/admin/journey_configurations_controller.rb

@@ -10,6 +10,9 @@ def index
 
     def edit
       @csv_upload = Policies::LevellingUpPremiumPayments::AwardCsvImporter.new if journey_configuration.additional_payments?
+
+      @upload_form = EligibleFeProvidersForm.new(upload_params)
+      @download_form = EligibleFeProvidersForm.new
     end
 
     def update
@@ -19,6 +22,10 @@ def update
 
     private
 
+    def upload_params
+      params.fetch(:eligible_fe_providers_upload, {}).permit(:academic_year)
+    end
+
     def journey_configuration
       return unless params[:id].present?
 

app/forms/admin/eligible_fe_providers_form.rb

@@ -0,0 +1,35 @@
+class Admin::EligibleFeProvidersForm
+  include ActiveModel::Model
+  include ActiveModel::Attributes
+
+  attribute :academic_year, AcademicYear::Type.new
+  attribute :file
+
+  validates :file,
+    presence: {message: "Choose a CSV file of eligible FE providers to upload"}
+
+  validate :validate_importer_errors
+
+  def select_options
+    (0..2).map do |relative_year|
+      academic_year = AcademicYear.current + relative_year
+      OpenStruct.new(id: academic_year.to_s, name: academic_year)
+    end
+  end
+
+  def importer
+    @importer ||= EligibleFeProvidersImporter.new(
+      file,
+      academic_year
+    )
+  end
+
+  private
+
+  # importer is not activemodel::errors compliant
+  def validate_importer_errors
+    importer.errors.each do |error|
+      errors.add(:file, error)
+    end
+  end
+end