From 4ed3baf3fdcedb32fcfcd66f5758b5a616c6ec12 Mon Sep 17 00:00:00 2001 From: Abigail McPhillips Date: Wed, 8 May 2024 10:39:17 +0100 Subject: [PATCH 01/35] Running new_service command and copying in config files - Makefile compared to our current version and updated / tweaked accordingly - global_config files reviewed. production and test not needed for now, but kept since they were autogenerated - terraform/ folder not yet reviewed --- .gitignore | 7 ++ .tool-versions | 2 +- Makefile | 76 +++++++++++++++++++ bin/.gitkeep | 0 global_config/domains.sh | 4 + global_config/production.sh | 6 ++ global_config/test.sh | 6 ++ terraform/application/application.tf | 37 +++++++++ terraform/application/cluster_data.tf | 4 + .../config/development.tfvars.json | 7 ++ .../application/config/development_Terrafile | 3 + .../application/config/production.tfvars.json | 9 +++ .../application/config/production_Terrafile | 3 + .../application/config/review.tfvars.json | 6 ++ terraform/application/config/review_Terrafile | 3 + terraform/application/database.tf | 32 ++++++++ terraform/application/output.tf | 3 + terraform/application/secrets.tf | 8 ++ terraform/application/statuscake.tf | 10 +++ terraform/application/terraform.tf | 46 +++++++++++ terraform/application/variables.tf | 52 +++++++++++++ .../config/development.tfvars.json | 16 ++++ .../config/development_Terrafile | 3 + .../config/production.tfvars.json | 16 ++++ .../config/production_Terrafile | 3 + terraform/domains/environment_domains/main.tf | 13 ++++ .../domains/environment_domains/terraform.tf | 19 +++++ .../domains/environment_domains/variables.tf | 4 + .../infrastructure/config/zones.tfvars.json | 11 +++ .../infrastructure/config/zones_Terrafile | 3 + terraform/domains/infrastructure/main.tf | 5 ++ terraform/domains/infrastructure/terraform.tf | 19 +++++ terraform/domains/infrastructure/variables.tf | 7 ++ 33 files changed, 442 insertions(+), 1 deletion(-) create mode 100644 bin/.gitkeep create mode 100644 global_config/domains.sh create mode 100644 global_config/production.sh create mode 100644 global_config/test.sh create mode 100644 terraform/application/application.tf create mode 100644 terraform/application/cluster_data.tf create mode 100644 terraform/application/config/development.tfvars.json create mode 100644 terraform/application/config/development_Terrafile create mode 100644 terraform/application/config/production.tfvars.json create mode 100644 terraform/application/config/production_Terrafile create mode 100644 terraform/application/config/review.tfvars.json create mode 100644 terraform/application/config/review_Terrafile create mode 100644 terraform/application/database.tf create mode 100644 terraform/application/output.tf create mode 100644 terraform/application/secrets.tf create mode 100644 terraform/application/statuscake.tf create mode 100644 terraform/application/terraform.tf create mode 100644 terraform/application/variables.tf create mode 100644 terraform/domains/environment_domains/config/development.tfvars.json create mode 100644 terraform/domains/environment_domains/config/development_Terrafile create mode 100644 terraform/domains/environment_domains/config/production.tfvars.json create mode 100644 terraform/domains/environment_domains/config/production_Terrafile create mode 100644 terraform/domains/environment_domains/main.tf create mode 100644 terraform/domains/environment_domains/terraform.tf create mode 100644 terraform/domains/environment_domains/variables.tf create mode 100644 terraform/domains/infrastructure/config/zones.tfvars.json create mode 100644 terraform/domains/infrastructure/config/zones_Terrafile create mode 100644 terraform/domains/infrastructure/main.tf create mode 100644 terraform/domains/infrastructure/terraform.tf create mode 100644 terraform/domains/infrastructure/variables.tf diff --git a/.gitignore b/.gitignore index dba304aef0..1b70e2dfe8 100644 --- a/.gitignore +++ b/.gitignore @@ -52,3 +52,10 @@ coverage/ # Editor specific files .vscode/ .rspec-local + +.terraform +terraform/application/vendor +terraform/domains/environment_domains/vendor +terraform.tfstate* +bin/terrafile +bin/konduit.sh diff --git a/.tool-versions b/.tool-versions index 4dee0780cc..cf8eeee53c 100644 --- a/.tool-versions +++ b/.tool-versions @@ -1,3 +1,3 @@ -terraform 1.2.4 +terraform 1.6.4 ruby 3.2.0 nodejs 16.17.0 diff --git a/Makefile b/Makefile index 534932a096..d8c10c2a57 100644 --- a/Makefile +++ b/Makefile @@ -55,27 +55,63 @@ terraform-init: set-azure-account -backend-config=container_name=${CONTAINER_NAME} \ ${BACKEND_KEY} +terraform-init-aks: composed-variables bin/terrafile set-azure-account-aks + $(if ${DOCKER_IMAGE_TAG}, , $(eval DOCKER_IMAGE_TAG=main)) + + ./bin/terrafile -p terraform/application/vendor/modules -f terraform/application/config/$(CONFIG)_Terrafile + terraform -chdir=terraform/application init -upgrade -reconfigure \ + -backend-config=resource_group_name=${RESOURCE_GROUP_NAME} \ + -backend-config=storage_account_name=${STORAGE_ACCOUNT_NAME} \ + -backend-config=key=${ENVIRONMENT}_kubernetes.tfstate + + $(eval export TF_VAR_azure_resource_prefix=${AZURE_RESOURCE_PREFIX}) + $(eval export TF_VAR_config_short=${CONFIG_SHORT}) + $(eval export TF_VAR_service_name=${SERVICE_NAME}) + $(eval export TF_VAR_service_short=${SERVICE_SHORT}) + $(eval export TF_VAR_docker_image=${DOCKER_REPOSITORY}:${DOCKER_IMAGE_TAG}) + terraform-plan: terraform-init terraform -chdir=azure/terraform plan \ -var="input_container_version=${IMAGE_TAG}" \ -var-file workspace_variables/${DEPLOY_ENV}.tfvars.json +terraform-plan-aks: terraform-init-aks + terraform -chdir=terraform/application plan -var-file "config/${CONFIG}.tfvars.json" + terraform-apply: terraform-init terraform -chdir=azure/terraform apply \ -var="input_container_version=${IMAGE_TAG}" \ -var-file workspace_variables/${DEPLOY_ENV}.tfvars.json +terraform-apply-aks: terraform-init-aks + terraform -chdir=terraform/application apply -var-file "config/${CONFIG}.tfvars.json" ${AUTO_APPROVE} + terraform-destroy: terraform-init terraform -chdir=azure/terraform destroy \ -var="input_container_version=${IMAGE_TAG}" \ -var-file workspace_variables/${DEPLOY_ENV}.tfvars.json +terraform-destroy-aks: terraform-init-aks + terraform -chdir=terraform/application destroy -var-file "config/${CONFIG}.tfvars.json" ${AUTO_APPROVE} + +domains: + $(eval include global_config/domains.sh) + composed-variables: $(eval RESOURCE_GROUP_NAME=${AZURE_RESOURCE_PREFIX}-${SERVICE_SHORT}-${CONFIG_SHORT}-rg) $(eval KEYVAULT_NAMES='("${AZURE_RESOURCE_PREFIX}-${SERVICE_SHORT}-${CONFIG_SHORT}-app-kv", "${AZURE_RESOURCE_PREFIX}-${SERVICE_SHORT}-${CONFIG_SHORT}-inf-kv")') $(eval STORAGE_ACCOUNT_NAME=${AZURE_RESOURCE_PREFIX}${SERVICE_SHORT}${CONFIG_SHORT}tfsa) $(eval LOG_ANALYTICS_WORKSPACE_NAME=${AZURE_RESOURCE_PREFIX}-${SERVICE_SHORT}-${CONFIG_SHORT}-log) +ci: + $(eval AUTO_APPROVE=-auto-approve) + $(eval SKIP_AZURE_LOGIN=true) + $(eval SKIP_CONFIRM=true) + +bin/terrafile: ## Install terrafile to manage terraform modules + curl -sL https://github.com/coretech/terrafile/releases/download/v${TERRAFILE_VERSION}/terrafile_${TERRAFILE_VERSION}_$$(uname)_x86_64.tar.gz \ + | tar xz -C ./bin terrafile + set-what-if: $(eval WHAT_IF=--what-if) @@ -96,6 +132,46 @@ deploy-arm-resources: arm-deployment ## Validate ARM resource deployment. Usage: validate-arm-resources: set-what-if arm-deployment ## Validate ARM resource deployment. Usage: make domains validate-arm-resources +domains-infra-init: bin/terrafile domains composed-variables set-azure-account-aks + ./bin/terrafile -p terraform/domains/infrastructure/vendor/modules -f terraform/domains/infrastructure/config/zones_Terrafile + + terraform -chdir=terraform/domains/infrastructure init -reconfigure -upgrade \ + -backend-config=resource_group_name=${RESOURCE_GROUP_NAME} \ + -backend-config=storage_account_name=${STORAGE_ACCOUNT_NAME} \ + -backend-config=key=domains_infrastructure.tfstate + +domains-infra-plan: domains domains-infra-init ## Terraform plan for DNS infrastructure (DNS zone and front door). Usage: make domains-infra-plan + terraform -chdir=terraform/domains/infrastructure plan -var-file config/zones.tfvars.json + +domains-infra-apply: domains domains-infra-init ## Terraform apply for DNS infrastructure (DNS zone and front door). Usage: make domains-infra-apply + terraform -chdir=terraform/domains/infrastructure apply -var-file config/zones.tfvars.json ${AUTO_APPROVE} + +domains-init: bin/terrafile domains composed-variables set-azure-account-aks + ./bin/terrafile -p terraform/domains/environment_domains/vendor/modules -f terraform/domains/environment_domains/config/${CONFIG}_Terrafile + + terraform -chdir=terraform/domains/environment_domains init -upgrade -reconfigure \ + -backend-config=resource_group_name=${RESOURCE_GROUP_NAME} \ + -backend-config=storage_account_name=${STORAGE_ACCOUNT_NAME} \ + -backend-config=key=${ENVIRONMENT}.tfstate + +domains-plan: domains-init ## Terraform plan for DNS environment domains. Usage: make development domains-plan + terraform -chdir=terraform/domains/environment_domains plan -var-file config/${CONFIG}.tfvars.json + +domains-apply: domains-init ## Terraform apply for DNS environment domains. Usage: make development domains-apply + terraform -chdir=terraform/domains/environment_domains apply -var-file config/${CONFIG}.tfvars.json ${AUTO_APPROVE} + test-cluster: $(eval CLUSTER_RESOURCE_GROUP_NAME=s189t01-tsc-ts-rg) $(eval CLUSTER_NAME=s189t01-tsc-test-aks) + +production-cluster: + $(eval CLUSTER_RESOURCE_GROUP_NAME=s189p01-tsc-pd-rg) + $(eval CLUSTER_NAME=s189p01-tsc-production-aks) + +get-cluster-credentials: set-azure-account-aks + az aks get-credentials --overwrite-existing -g ${CLUSTER_RESOURCE_GROUP_NAME} -n ${CLUSTER_NAME} + kubelogin convert-kubeconfig -l $(if ${GITHUB_ACTIONS},spn,azurecli) + +bin/konduit.sh: + curl -s https://raw.githubusercontent.com/DFE-Digital/teacher-services-cloud/main/scripts/konduit.sh -o bin/konduit.sh \ + && chmod +x bin/konduit.sh diff --git a/bin/.gitkeep b/bin/.gitkeep new file mode 100644 index 0000000000..e69de29bb2 diff --git a/global_config/domains.sh b/global_config/domains.sh new file mode 100644 index 0000000000..a7b7641875 --- /dev/null +++ b/global_config/domains.sh @@ -0,0 +1,4 @@ +AZURE_SUBSCRIPTION=s189-teacher-services-cloud-production +AZURE_RESOURCE_PREFIX=s189p01 +CONFIG_SHORT=dom +DISABLE_KEYVAULTS=true diff --git a/global_config/production.sh b/global_config/production.sh new file mode 100644 index 0000000000..0a122077b3 --- /dev/null +++ b/global_config/production.sh @@ -0,0 +1,6 @@ +CONFIG=production +ENVIRONMENT=production +CONFIG_SHORT=pd +AZURE_SUBSCRIPTION=s189-teacher-services-cloud-production +AZURE_RESOURCE_PREFIX=s189p01 +ENABLE_KV_DIAGNOSTICS=true diff --git a/global_config/test.sh b/global_config/test.sh new file mode 100644 index 0000000000..ad3f2f09d0 --- /dev/null +++ b/global_config/test.sh @@ -0,0 +1,6 @@ +CONFIG=test +ENVIRONMENT=test +CONFIG_SHORT=test +AZURE_SUBSCRIPTION=s189-teacher-services-cloud-test +AZURE_RESOURCE_PREFIX=s189t01 +KV_PURGE_PROTECTION=false diff --git a/terraform/application/application.tf b/terraform/application/application.tf new file mode 100644 index 0000000000..0b4ea22941 --- /dev/null +++ b/terraform/application/application.tf @@ -0,0 +1,37 @@ +module "application_configuration" { + source = "./vendor/modules/aks//aks/application_configuration" + + namespace = var.namespace + environment = var.environment + azure_resource_prefix = var.azure_resource_prefix + service_short = var.service_short + config_short = var.config_short + secret_key_vault_short = "app" + + # Delete for non rails apps + is_rails_application = true + + config_variables = { + ENVIRONMENT_NAME = var.environment + PGSSLMODE = local.postgres_ssl_mode + } + secret_variables = { + DATABASE_URL = module.postgres.url + } +} + +module "web_application" { + source = "./vendor/modules/aks//aks/application" + + is_web = true + + namespace = var.namespace + environment = var.environment + service_name = var.service_name + + cluster_configuration_map = module.cluster_data.configuration_map + kubernetes_config_map_name = module.application_configuration.kubernetes_config_map_name + kubernetes_secret_name = module.application_configuration.kubernetes_secret_name + + docker_image = var.docker_image +} diff --git a/terraform/application/cluster_data.tf b/terraform/application/cluster_data.tf new file mode 100644 index 0000000000..42778646b9 --- /dev/null +++ b/terraform/application/cluster_data.tf @@ -0,0 +1,4 @@ +module "cluster_data" { + source = "./vendor/modules/aks//aks/cluster_data" + name = var.cluster +} diff --git a/terraform/application/config/development.tfvars.json b/terraform/application/config/development.tfvars.json new file mode 100644 index 0000000000..4396a11152 --- /dev/null +++ b/terraform/application/config/development.tfvars.json @@ -0,0 +1,7 @@ +{ + "cluster": "test", + "namespace": "#NAMESPACE_PREFIX#-development", + "environment": "development", + "deploy_azure_backing_services": false, + "enable_postgres_ssl" : false +} diff --git a/terraform/application/config/development_Terrafile b/terraform/application/config/development_Terrafile new file mode 100644 index 0000000000..b4c222c13d --- /dev/null +++ b/terraform/application/config/development_Terrafile @@ -0,0 +1,3 @@ +aks: + source: "https://github.com/DFE-Digital/terraform-modules" + version: "testing" diff --git a/terraform/application/config/production.tfvars.json b/terraform/application/config/production.tfvars.json new file mode 100644 index 0000000000..370a677dd3 --- /dev/null +++ b/terraform/application/config/production.tfvars.json @@ -0,0 +1,9 @@ +{ + "cluster": "production", + "namespace": "#NAMESPACE_PREFIX#-production", + "environment": "production", + "enable_postgres_backup_storage" : true, + "enable_monitoring": true, + "external_url": "https://#DNS_ZONE_NAME#/healthcheck", + "statuscake_contact_groups": [282453] +} diff --git a/terraform/application/config/production_Terrafile b/terraform/application/config/production_Terrafile new file mode 100644 index 0000000000..5b2b118f00 --- /dev/null +++ b/terraform/application/config/production_Terrafile @@ -0,0 +1,3 @@ +aks: + source: "https://github.com/DFE-Digital/terraform-modules" + version: "stable" diff --git a/terraform/application/config/review.tfvars.json b/terraform/application/config/review.tfvars.json new file mode 100644 index 0000000000..f2f3ba3007 --- /dev/null +++ b/terraform/application/config/review.tfvars.json @@ -0,0 +1,6 @@ +{ + "cluster": "test", + "namespace": "#NAMESPACE_PREFIX#-development", + "deploy_azure_backing_services": false, + "enable_postgres_ssl" : false +} diff --git a/terraform/application/config/review_Terrafile b/terraform/application/config/review_Terrafile new file mode 100644 index 0000000000..65af53b11d --- /dev/null +++ b/terraform/application/config/review_Terrafile @@ -0,0 +1,3 @@ +aks: + source: "https://github.com/DFE-Digital/terraform-modules" + version: "main" diff --git a/terraform/application/database.tf b/terraform/application/database.tf new file mode 100644 index 0000000000..b87af9e531 --- /dev/null +++ b/terraform/application/database.tf @@ -0,0 +1,32 @@ +module "postgres" { + source = "./vendor/modules/aks//aks/postgres" + + namespace = var.namespace + environment = var.environment + azure_resource_prefix = var.azure_resource_prefix + service_name = var.service_name + service_short = var.service_short + config_short = var.config_short + cluster_configuration_map = module.cluster_data.configuration_map + use_azure = var.deploy_azure_backing_services + azure_enable_monitoring = var.enable_monitoring + azure_enable_backup_storage = var.enable_postgres_backup_storage + server_version = "14" +} + + +module "redis-cache" { + source = "./vendor/modules/aks//aks/redis" + + namespace = var.namespace + environment = var.environment + azure_resource_prefix = var.azure_resource_prefix + service_short = var.service_short + config_short = var.config_short + service_name = var.service_name + cluster_configuration_map = module.cluster_data.configuration_map + use_azure = var.deploy_azure_backing_services + azure_enable_monitoring = var.enable_monitoring + azure_patch_schedule = [{ "day_of_week" : "Sunday", "start_hour_utc" : 01 }] + server_version = "6" +} diff --git a/terraform/application/output.tf b/terraform/application/output.tf new file mode 100644 index 0000000000..989dbad146 --- /dev/null +++ b/terraform/application/output.tf @@ -0,0 +1,3 @@ +output "url" { + value = module.web_application.url +} diff --git a/terraform/application/secrets.tf b/terraform/application/secrets.tf new file mode 100644 index 0000000000..f3592a80a6 --- /dev/null +++ b/terraform/application/secrets.tf @@ -0,0 +1,8 @@ +module "infrastructure_secrets" { + source = "./vendor/modules/aks//aks/secrets" + + azure_resource_prefix = var.azure_resource_prefix + service_short = var.service_short + config_short = var.config_short + key_vault_short = "inf" +} diff --git a/terraform/application/statuscake.tf b/terraform/application/statuscake.tf new file mode 100644 index 0000000000..be1b3f03ef --- /dev/null +++ b/terraform/application/statuscake.tf @@ -0,0 +1,10 @@ +module "statuscake" { + count = var.enable_monitoring ? 1 : 0 + + source = "./vendor/modules/aks//monitoring/statuscake" + + uptime_urls = compact([module.web_application.probe_url, var.external_url]) + ssl_urls = compact([var.external_url]) + + contact_groups = var.statuscake_contact_groups +} diff --git a/terraform/application/terraform.tf b/terraform/application/terraform.tf new file mode 100644 index 0000000000..612bdf535e --- /dev/null +++ b/terraform/application/terraform.tf @@ -0,0 +1,46 @@ +terraform { + required_version = "= 1.6.4" + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "3.82.0" + } + kubernetes = { + source = "hashicorp/kubernetes" + version = "2.24.0" + } + statuscake = { + source = "StatusCakeDev/statuscake" + version = "2.1.0" + } + } + backend "azurerm" { + container_name = "terraform-state" + } +} + +provider "azurerm" { + features {} + + skip_provider_registration = true +} + +provider "kubernetes" { + host = module.cluster_data.kubernetes_host + client_certificate = module.cluster_data.kubernetes_client_certificate + client_key = module.cluster_data.kubernetes_client_key + cluster_ca_certificate = module.cluster_data.kubernetes_cluster_ca_certificate + + dynamic "exec" { + for_each = module.cluster_data.azure_RBAC_enabled ? [1] : [] + content { + api_version = "client.authentication.k8s.io/v1beta1" + command = "kubelogin" + args = module.cluster_data.kubelogin_args + } + } +} + +provider "statuscake" { + api_token = module.infrastructure_secrets.map.STATUSCAKE-API-TOKEN +} diff --git a/terraform/application/variables.tf b/terraform/application/variables.tf new file mode 100644 index 0000000000..7b899b3b34 --- /dev/null +++ b/terraform/application/variables.tf @@ -0,0 +1,52 @@ +variable "cluster" { + description = "AKS cluster where this app is deployed. Either 'test' or 'production'" +} +variable "namespace" { + description = "AKS namespace where this app is deployed" +} +variable "environment" { + description = "Name of the deployed environment in AKS" +} +variable "azure_resource_prefix" { + description = "Standard resource prefix. Usually s189t01 (test) or s189p01 (production)" +} +variable "config_short" { + description = "Short name of the environment configuration, e.g. dv, st, pd..." +} +variable "service_name" { + description = "Full name of the service. Lowercase and hyphen separated" +} +variable "service_short" { + description = "Short name to identify the service. Up to 6 charcters." +} +variable "deploy_azure_backing_services" { + default = true + description = "Deploy real Azure backing services like databases, as opposed to containers inside of AKS" +} +variable "enable_postgres_ssl" { + default = true + description = "Enforce SSL connection from the client side" +} +variable "enable_postgres_backup_storage" { + default = false + description = "Create a storage account to store database dumps" +} +variable "docker_image" { + description = "Docker image full name to identify it in the registry. Includes docker registry, repository and tag e.g.: ghcr.io/dfe-digital/teacher-pay-calculator:673f6309fd0c907014f44d6732496ecd92a2bcd0" +} +variable "external_url" { + default = null + description = "Healthcheck URL for StatusCake monitoring" +} +variable "statuscake_contact_groups" { + default = [] + description = "ID of the contact group in statuscake web UI" +} +variable "enable_monitoring" { + default = false + description = "Enable monitoring and alerting" +} + +locals { + postgres_ssl_mode = var.enable_postgres_ssl ? "require" : "disable" +} diff --git a/terraform/domains/environment_domains/config/development.tfvars.json b/terraform/domains/environment_domains/config/development.tfvars.json new file mode 100644 index 0000000000..94f5e4fc94 --- /dev/null +++ b/terraform/domains/environment_domains/config/development.tfvars.json @@ -0,0 +1,16 @@ +{ + "hosted_zone": { + "#DNS_ZONE_NAME#": { + "front_door_name": "#FRONT_DOOR_NAME#", + "resource_group_name": "#DOMAINS_RESOURCE_GROUP_NAME#", + "domains": [ + "development" + ], + "cached_paths": [ + "/assets/*" + ], + "environment_short": "dv", + "origin_hostname": "#SERVICE_NAME#-development.test.teacherservices.cloud" + } + } +} diff --git a/terraform/domains/environment_domains/config/development_Terrafile b/terraform/domains/environment_domains/config/development_Terrafile new file mode 100644 index 0000000000..dfce270ef6 --- /dev/null +++ b/terraform/domains/environment_domains/config/development_Terrafile @@ -0,0 +1,3 @@ +domains: + source: "https://github.com/DFE-Digital/terraform-modules" + version: "testing" diff --git a/terraform/domains/environment_domains/config/production.tfvars.json b/terraform/domains/environment_domains/config/production.tfvars.json new file mode 100644 index 0000000000..c6a84880f2 --- /dev/null +++ b/terraform/domains/environment_domains/config/production.tfvars.json @@ -0,0 +1,16 @@ +{ + "hosted_zone": { + "#DNS_ZONE_NAME#": { + "front_door_name": "#FRONT_DOOR_NAME#", + "resource_group_name": "#DOMAINS_RESOURCE_GROUP_NAME#", + "domains": [ + "apex" + ], + "cached_paths": [ + "/assets/*" + ], + "environment_short": "pd", + "origin_hostname": "#SERVICE_NAME#-production.teacherservices.cloud" + } + } +} diff --git a/terraform/domains/environment_domains/config/production_Terrafile b/terraform/domains/environment_domains/config/production_Terrafile new file mode 100644 index 0000000000..58e60b3c88 --- /dev/null +++ b/terraform/domains/environment_domains/config/production_Terrafile @@ -0,0 +1,3 @@ +domains: + source: "https://github.com/DFE-Digital/terraform-modules" + version: "stable" diff --git a/terraform/domains/environment_domains/main.tf b/terraform/domains/environment_domains/main.tf new file mode 100644 index 0000000000..96beb730ab --- /dev/null +++ b/terraform/domains/environment_domains/main.tf @@ -0,0 +1,13 @@ +# Used to create domains to be managed by front door. +module "domains" { + for_each = var.hosted_zone + source = "./vendor/modules/domains//domains/environment_domains" + zone = each.key + front_door_name = each.value.front_door_name + resource_group_name = each.value.resource_group_name + domains = each.value.domains + environment = each.value.environment_short + host_name = each.value.origin_hostname + null_host_header = try(each.value.null_host_header, false) + cached_paths = try(each.value.cached_paths, []) +} diff --git a/terraform/domains/environment_domains/terraform.tf b/terraform/domains/environment_domains/terraform.tf new file mode 100644 index 0000000000..0fb333955c --- /dev/null +++ b/terraform/domains/environment_domains/terraform.tf @@ -0,0 +1,19 @@ +terraform { + + required_version = "= 1.6.4" + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "3.82.0" + } + } + backend "azurerm" { + container_name = "terraform-state" + } +} + +provider "azurerm" { + features {} + + skip_provider_registration = true +} diff --git a/terraform/domains/environment_domains/variables.tf b/terraform/domains/environment_domains/variables.tf new file mode 100644 index 0000000000..ad63e546fd --- /dev/null +++ b/terraform/domains/environment_domains/variables.tf @@ -0,0 +1,4 @@ +variable "hosted_zone" { + type = map(any) + default = {} +} diff --git a/terraform/domains/infrastructure/config/zones.tfvars.json b/terraform/domains/infrastructure/config/zones.tfvars.json new file mode 100644 index 0000000000..eb2e2f1a7e --- /dev/null +++ b/terraform/domains/infrastructure/config/zones.tfvars.json @@ -0,0 +1,11 @@ +{ + "hosted_zone": { + "#DNS_ZONE_NAME#": { + "caa_records": {}, + "txt_records": {}, + "resource_group_name": "#DOMAINS_RESOURCE_GROUP_NAME#", + "front_door_name": "#FRONT_DOOR_NAME#" + } + }, + "deploy_default_records": false + } diff --git a/terraform/domains/infrastructure/config/zones_Terrafile b/terraform/domains/infrastructure/config/zones_Terrafile new file mode 100644 index 0000000000..58e60b3c88 --- /dev/null +++ b/terraform/domains/infrastructure/config/zones_Terrafile @@ -0,0 +1,3 @@ +domains: + source: "https://github.com/DFE-Digital/terraform-modules" + version: "stable" diff --git a/terraform/domains/infrastructure/main.tf b/terraform/domains/infrastructure/main.tf new file mode 100644 index 0000000000..da091f5e16 --- /dev/null +++ b/terraform/domains/infrastructure/main.tf @@ -0,0 +1,5 @@ +module "domains_infrastructure" { + source = "./vendor/modules/domains//domains/infrastructure" + hosted_zone = var.hosted_zone + deploy_default_records = var.deploy_default_records +} diff --git a/terraform/domains/infrastructure/terraform.tf b/terraform/domains/infrastructure/terraform.tf new file mode 100644 index 0000000000..65b9162e88 --- /dev/null +++ b/terraform/domains/infrastructure/terraform.tf @@ -0,0 +1,19 @@ +terraform { + required_version = "= 1.6.4" + + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "3.82.0" + } + } + backend "azurerm" { + container_name = "terraform-state" + } +} + +provider "azurerm" { + features {} + + skip_provider_registration = true +} diff --git a/terraform/domains/infrastructure/variables.tf b/terraform/domains/infrastructure/variables.tf new file mode 100644 index 0000000000..8d91472066 --- /dev/null +++ b/terraform/domains/infrastructure/variables.tf @@ -0,0 +1,7 @@ +variable "hosted_zone" { + type = map(any) +} + +variable "deploy_default_records" { + default = true +} From df344ab6f9dde00a6f95bc607144ca827ce9957b Mon Sep 17 00:00:00 2001 From: Abigail McPhillips Date: Thu, 9 May 2024 12:00:37 +0100 Subject: [PATCH 02/35] Tidy up generated files - Rename development config files to test config - Replace some missing constants - Domain bits are still missing, not needed right now: #FRONT_DOOR_NAME# #DOMAINS_RESOURCE_GROUP_NAME# - Remove Redis module --- .../config/development.tfvars.json | 7 ------- .../application/config/production.tfvars.json | 14 ++++++------- .../application/config/review.tfvars.json | 8 ++++---- terraform/application/config/test.tfvars.json | 7 +++++++ .../{development_Terrafile => test_Terrafile} | 0 terraform/application/database.tf | 17 ---------------- .../config/development.tfvars.json | 16 --------------- .../config/production.tfvars.json | 12 ++++------- .../config/test.tfvars.json | 12 +++++++++++ .../{development_Terrafile => test_Terrafile} | 0 .../infrastructure/config/zones.tfvars.json | 20 +++++++++---------- 11 files changed, 44 insertions(+), 69 deletions(-) delete mode 100644 terraform/application/config/development.tfvars.json create mode 100644 terraform/application/config/test.tfvars.json rename terraform/application/config/{development_Terrafile => test_Terrafile} (100%) delete mode 100644 terraform/domains/environment_domains/config/development.tfvars.json create mode 100644 terraform/domains/environment_domains/config/test.tfvars.json rename terraform/domains/environment_domains/config/{development_Terrafile => test_Terrafile} (100%) diff --git a/terraform/application/config/development.tfvars.json b/terraform/application/config/development.tfvars.json deleted file mode 100644 index 4396a11152..0000000000 --- a/terraform/application/config/development.tfvars.json +++ /dev/null @@ -1,7 +0,0 @@ -{ - "cluster": "test", - "namespace": "#NAMESPACE_PREFIX#-development", - "environment": "development", - "deploy_azure_backing_services": false, - "enable_postgres_ssl" : false -} diff --git a/terraform/application/config/production.tfvars.json b/terraform/application/config/production.tfvars.json index 370a677dd3..25bc897d9a 100644 --- a/terraform/application/config/production.tfvars.json +++ b/terraform/application/config/production.tfvars.json @@ -1,9 +1,9 @@ { - "cluster": "production", - "namespace": "#NAMESPACE_PREFIX#-production", - "environment": "production", - "enable_postgres_backup_storage" : true, - "enable_monitoring": true, - "external_url": "https://#DNS_ZONE_NAME#/healthcheck", - "statuscake_contact_groups": [282453] + "cluster": "production", + "namespace": "srtl-production", + "environment": "production", + "enable_postgres_backup_storage": true, + "enable_monitoring": true, + "external_url": "https://claim-additional-teaching-payment.service.gov.uk/healthcheck", + "statuscake_contact_groups": [282453] } diff --git a/terraform/application/config/review.tfvars.json b/terraform/application/config/review.tfvars.json index f2f3ba3007..ac1f382e51 100644 --- a/terraform/application/config/review.tfvars.json +++ b/terraform/application/config/review.tfvars.json @@ -1,6 +1,6 @@ { - "cluster": "test", - "namespace": "#NAMESPACE_PREFIX#-development", - "deploy_azure_backing_services": false, - "enable_postgres_ssl" : false + "cluster": "test", + "namespace": "srtl-development", + "deploy_azure_backing_services": false, + "enable_postgres_ssl": false } diff --git a/terraform/application/config/test.tfvars.json b/terraform/application/config/test.tfvars.json new file mode 100644 index 0000000000..7c1ad83f1b --- /dev/null +++ b/terraform/application/config/test.tfvars.json @@ -0,0 +1,7 @@ +{ + "cluster": "test", + "namespace": "srtl-test", + "environment": "test", + "deploy_azure_backing_services": false, + "enable_postgres_ssl": false +} diff --git a/terraform/application/config/development_Terrafile b/terraform/application/config/test_Terrafile similarity index 100% rename from terraform/application/config/development_Terrafile rename to terraform/application/config/test_Terrafile diff --git a/terraform/application/database.tf b/terraform/application/database.tf index b87af9e531..b8da6665df 100644 --- a/terraform/application/database.tf +++ b/terraform/application/database.tf @@ -13,20 +13,3 @@ module "postgres" { azure_enable_backup_storage = var.enable_postgres_backup_storage server_version = "14" } - - -module "redis-cache" { - source = "./vendor/modules/aks//aks/redis" - - namespace = var.namespace - environment = var.environment - azure_resource_prefix = var.azure_resource_prefix - service_short = var.service_short - config_short = var.config_short - service_name = var.service_name - cluster_configuration_map = module.cluster_data.configuration_map - use_azure = var.deploy_azure_backing_services - azure_enable_monitoring = var.enable_monitoring - azure_patch_schedule = [{ "day_of_week" : "Sunday", "start_hour_utc" : 01 }] - server_version = "6" -} diff --git a/terraform/domains/environment_domains/config/development.tfvars.json b/terraform/domains/environment_domains/config/development.tfvars.json deleted file mode 100644 index 94f5e4fc94..0000000000 --- a/terraform/domains/environment_domains/config/development.tfvars.json +++ /dev/null @@ -1,16 +0,0 @@ -{ - "hosted_zone": { - "#DNS_ZONE_NAME#": { - "front_door_name": "#FRONT_DOOR_NAME#", - "resource_group_name": "#DOMAINS_RESOURCE_GROUP_NAME#", - "domains": [ - "development" - ], - "cached_paths": [ - "/assets/*" - ], - "environment_short": "dv", - "origin_hostname": "#SERVICE_NAME#-development.test.teacherservices.cloud" - } - } -} diff --git a/terraform/domains/environment_domains/config/production.tfvars.json b/terraform/domains/environment_domains/config/production.tfvars.json index c6a84880f2..bb37dcca10 100644 --- a/terraform/domains/environment_domains/config/production.tfvars.json +++ b/terraform/domains/environment_domains/config/production.tfvars.json @@ -1,16 +1,12 @@ { "hosted_zone": { - "#DNS_ZONE_NAME#": { + "claim-additional-teaching-payment.service.gov.uk": { "front_door_name": "#FRONT_DOOR_NAME#", "resource_group_name": "#DOMAINS_RESOURCE_GROUP_NAME#", - "domains": [ - "apex" - ], - "cached_paths": [ - "/assets/*" - ], + "domains": ["apex"], + "cached_paths": ["/assets/*"], "environment_short": "pd", - "origin_hostname": "#SERVICE_NAME#-production.teacherservices.cloud" + "origin_hostname": "claim-additional-payments-for-teaching-production.teacherservices.cloud" } } } diff --git a/terraform/domains/environment_domains/config/test.tfvars.json b/terraform/domains/environment_domains/config/test.tfvars.json new file mode 100644 index 0000000000..ec5ad7b7c6 --- /dev/null +++ b/terraform/domains/environment_domains/config/test.tfvars.json @@ -0,0 +1,12 @@ +{ + "hosted_zone": { + "claim-additional-teaching-payment.service.gov.uk": { + "front_door_name": "#FRONT_DOOR_NAME#", + "resource_group_name": "#DOMAINS_RESOURCE_GROUP_NAME#", + "domains": ["test"], + "cached_paths": ["/assets/*"], + "environment_short": "test", + "origin_hostname": "claim-additional-payments-for-teaching-test.test.teacherservices.cloud" + } + } +} diff --git a/terraform/domains/environment_domains/config/development_Terrafile b/terraform/domains/environment_domains/config/test_Terrafile similarity index 100% rename from terraform/domains/environment_domains/config/development_Terrafile rename to terraform/domains/environment_domains/config/test_Terrafile diff --git a/terraform/domains/infrastructure/config/zones.tfvars.json b/terraform/domains/infrastructure/config/zones.tfvars.json index eb2e2f1a7e..fe0910df0a 100644 --- a/terraform/domains/infrastructure/config/zones.tfvars.json +++ b/terraform/domains/infrastructure/config/zones.tfvars.json @@ -1,11 +1,11 @@ { - "hosted_zone": { - "#DNS_ZONE_NAME#": { - "caa_records": {}, - "txt_records": {}, - "resource_group_name": "#DOMAINS_RESOURCE_GROUP_NAME#", - "front_door_name": "#FRONT_DOOR_NAME#" - } - }, - "deploy_default_records": false - } + "hosted_zone": { + "claim-additional-teaching-payment.service.gov.uk": { + "caa_records": {}, + "txt_records": {}, + "resource_group_name": "#DOMAINS_RESOURCE_GROUP_NAME#", + "front_door_name": "#FRONT_DOOR_NAME#" + } + }, + "deploy_default_records": false +} From a5ae6962eb6817f06df3673d8a771a31d67c8649 Mon Sep 17 00:00:00 2001 From: Abigail McPhillips Date: Fri, 10 May 2024 11:08:00 +0100 Subject: [PATCH 03/35] Comment out statuscake --- Makefile | 1 + terraform/application/statuscake.tf | 16 +++++++++------- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/Makefile b/Makefile index d8c10c2a57..cdcefa2097 100644 --- a/Makefile +++ b/Makefile @@ -40,6 +40,7 @@ review_aks: test-cluster $(eval ENVIRONMENT=review-${PR_NUMBER}) $(eval export TF_VAR_environment=${ENVIRONMENT}) $(eval include global_config/review.sh) + echo https://claim-additional-payments-for-teaching-$(PR_NUMBER).test.teacherservices.cloud will be created in aks set-azure-account: az account set -s ${AZ_SUBSCRIPTION} diff --git a/terraform/application/statuscake.tf b/terraform/application/statuscake.tf index be1b3f03ef..840f7a8ad6 100644 --- a/terraform/application/statuscake.tf +++ b/terraform/application/statuscake.tf @@ -1,10 +1,12 @@ -module "statuscake" { - count = var.enable_monitoring ? 1 : 0 +# TODO: Uncomment when needed then follow these steps: https://github.com/DFE-Digital/teacher-services-cloud/blob/main/documentation/onboard-service.md#configure-statuscake-credentials - source = "./vendor/modules/aks//monitoring/statuscake" +# module "statuscake" { +# count = var.enable_monitoring ? 1 : 0 - uptime_urls = compact([module.web_application.probe_url, var.external_url]) - ssl_urls = compact([var.external_url]) +# source = "./vendor/modules/aks//monitoring/statuscake" - contact_groups = var.statuscake_contact_groups -} +# uptime_urls = compact([module.web_application.probe_url, var.external_url]) +# ssl_urls = compact([var.external_url]) + +# contact_groups = var.statuscake_contact_groups +# } From 948e04da6ef8cffab3e3ccb2a747cdb87cf6c8d2 Mon Sep 17 00:00:00 2001 From: Abigail McPhillips Date: Mon, 13 May 2024 09:52:50 +0100 Subject: [PATCH 04/35] Add startup command --- terraform/application/application.tf | 2 +- terraform/application/config/review.tfvars.json | 3 ++- terraform/application/variables.tf | 3 +++ 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/terraform/application/application.tf b/terraform/application/application.tf index 0b4ea22941..a9f8a84be1 100644 --- a/terraform/application/application.tf +++ b/terraform/application/application.tf @@ -8,7 +8,6 @@ module "application_configuration" { config_short = var.config_short secret_key_vault_short = "app" - # Delete for non rails apps is_rails_application = true config_variables = { @@ -34,4 +33,5 @@ module "web_application" { kubernetes_secret_name = module.application_configuration.kubernetes_secret_name docker_image = var.docker_image + command = var.startup_command } diff --git a/terraform/application/config/review.tfvars.json b/terraform/application/config/review.tfvars.json index ac1f382e51..c6941fb9e9 100644 --- a/terraform/application/config/review.tfvars.json +++ b/terraform/application/config/review.tfvars.json @@ -2,5 +2,6 @@ "cluster": "test", "namespace": "srtl-development", "deploy_azure_backing_services": false, - "enable_postgres_ssl": false + "enable_postgres_ssl": false, + "startup_command": ["/bin/sh", "-c", "bundle exec rake db:schema:load db:seed && bundle exec rails server -b 0.0.0.0"] } diff --git a/terraform/application/variables.tf b/terraform/application/variables.tf index 7b899b3b34..2d7e11cfa9 100644 --- a/terraform/application/variables.tf +++ b/terraform/application/variables.tf @@ -34,6 +34,9 @@ variable "enable_postgres_backup_storage" { variable "docker_image" { description = "Docker image full name to identify it in the registry. Includes docker registry, repository and tag e.g.: ghcr.io/dfe-digital/teacher-pay-calculator:673f6309fd0c907014f44d6732496ecd92a2bcd0" } +variable "startup_command" { + type = list(string) +} variable "external_url" { default = null description = "Healthcheck URL for StatusCake monitoring" From d0ebb9d4f09c1c99e770edb255ed6a402ceb32c3 Mon Sep 17 00:00:00 2001 From: Abigail McPhillips Date: Mon, 13 May 2024 11:40:38 +0100 Subject: [PATCH 05/35] Pull image from docker hub --- Makefile | 4 ++-- config/environments/review.rb | 3 +++ 2 files changed, 5 insertions(+), 2 deletions(-) create mode 100644 config/environments/review.rb diff --git a/Makefile b/Makefile index cdcefa2097..672c219592 100644 --- a/Makefile +++ b/Makefile @@ -4,7 +4,7 @@ RG_TAGS={"Product" : "Claim Additional Payments for teaching"} REGION=UK South SERVICE_NAME=claim-additional-payments-for-teaching SERVICE_SHORT=capt -DOCKER_REPOSITORY=ghcr.io/dfe-digital/claim-additional-payments-for-teaching +DOCKER_REPOSITORY=dfedigital/teacher-payments-service help: @grep -E '^[a-zA-Z\._\-]+:.*?## .*$$' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}' @@ -57,7 +57,7 @@ terraform-init: set-azure-account ${BACKEND_KEY} terraform-init-aks: composed-variables bin/terrafile set-azure-account-aks - $(if ${DOCKER_IMAGE_TAG}, , $(eval DOCKER_IMAGE_TAG=main)) + $(if ${DOCKER_IMAGE_TAG}, , $(eval DOCKER_IMAGE_TAG=web-master)) ./bin/terrafile -p terraform/application/vendor/modules -f terraform/application/config/$(CONFIG)_Terrafile terraform -chdir=terraform/application init -upgrade -reconfigure \ diff --git a/config/environments/review.rb b/config/environments/review.rb new file mode 100644 index 0000000000..238cd25b69 --- /dev/null +++ b/config/environments/review.rb @@ -0,0 +1,3 @@ +# frozen_string_literal: true + +require Rails.root.join("config/environments/test") From 2affc29d4210f2a3dd030fcc05356877c91d6cea Mon Sep 17 00:00:00 2001 From: Abigail McPhillips Date: Mon, 13 May 2024 13:09:58 +0100 Subject: [PATCH 06/35] App config for review environment --- terraform/application/application.tf | 10 +++-- .../application/config/review.tfvars.json | 1 + .../application/config/review_app_env.yml | 39 +++++++++++++++++++ terraform/application/variables.tf | 5 +++ 4 files changed, 51 insertions(+), 4 deletions(-) create mode 100644 terraform/application/config/review_app_env.yml diff --git a/terraform/application/application.tf b/terraform/application/application.tf index a9f8a84be1..681d651efe 100644 --- a/terraform/application/application.tf +++ b/terraform/application/application.tf @@ -10,10 +10,12 @@ module "application_configuration" { is_rails_application = true - config_variables = { - ENVIRONMENT_NAME = var.environment - PGSSLMODE = local.postgres_ssl_mode - } + config_variables = merge( + local.app_env_values, + { + ENVIRONMENT_NAME = var.environment + PGSSLMODE = local.postgres_ssl_mode + }) secret_variables = { DATABASE_URL = module.postgres.url } diff --git a/terraform/application/config/review.tfvars.json b/terraform/application/config/review.tfvars.json index c6941fb9e9..d070c1605f 100644 --- a/terraform/application/config/review.tfvars.json +++ b/terraform/application/config/review.tfvars.json @@ -1,6 +1,7 @@ { "cluster": "test", "namespace": "srtl-development", + "config": "review", "deploy_azure_backing_services": false, "enable_postgres_ssl": false, "startup_command": ["/bin/sh", "-c", "bundle exec rake db:schema:load db:seed && bundle exec rails server -b 0.0.0.0"] diff --git a/terraform/application/config/review_app_env.yml b/terraform/application/config/review_app_env.yml new file mode 100644 index 0000000000..a318e52330 --- /dev/null +++ b/terraform/application/config/review_app_env.yml @@ -0,0 +1,39 @@ +--- +DFE_SIGN_IN_API_CLIENT_ID: teacherpayments +DFE_SIGN_IN_API_SECRET: secret +DFE_SIGN_IN_API_ENDPOINT: https://example.com + +DQT_API_URL: https://teacher-qualifications-api.education.gov.uk/ +DQT_API_KEY: 1a2b3c4d5e6f7g8h9i0 + +DQT_BEARER_BASE_URL: https://login.microsoftonline.com/123456/oauth2/v2.0/token +DQT_BEARER_GRANT_TYPE: client_credentials +DQT_BEARER_SCOPE: https://test.dynamics.com/.default +DQT_BEARER_CLIENT_ID: 1234 +DQT_BEARER_CLIENT_SECRET: 5678 +DQT_BASE_URL: https://test-api-customerengagement.platform.education.gov.uk/dqt-crm/v1/ +DQT_SUBSCRIPTION_KEY: 09876432 + +ADMIN_ALLOWED_IPS: ::1,127.0.0.1 + +ENVIRONMENT_NAME: test + +RAILS_ENV: test + +ORDNANCE_SURVEY_API_BASE_URL: https://api.os.uk +# ORDNANCE_SURVEY_CLIENT_PARAMS: { "key": "api-key-value" } + +RUN_FLAKY_SPECS: true +RUN_JS_SPECS: true +RUN_SLOW_SPECS: true + +SUPPRESS_DFE_ANALYTICS_INIT: true + +HMRC_API_BASE_URL: https://test-api.service.hmrc.gov.uk +HMRC_API_BANK_VALIDATION_ENABLED: false +HMRC_API_CLIENT_ID: test +HMRC_API_CLIENT_SECRET: test + +TID_SIGN_IN_ISSUER: https://preprod.teaching-identity.education.gov.uk/ +TID_SIGN_IN_API_ENDPOINT: https://preprod.teaching-identity.education.gov.uk:433 +TID_SIGN_IN_CLIENT_ID: claim diff --git a/terraform/application/variables.tf b/terraform/application/variables.tf index 2d7e11cfa9..f602f3b136 100644 --- a/terraform/application/variables.tf +++ b/terraform/application/variables.tf @@ -49,7 +49,12 @@ variable "enable_monitoring" { default = false description = "Enable monitoring and alerting" } +variable "config" { + type = string +} locals { postgres_ssl_mode = var.enable_postgres_ssl ? "require" : "disable" + app_env_values_from_yml = yamldecode(file("${path.module}/config/${var.config}_app_env.yml")) + app_env_values = merge(local.app_env_values_from_yml) } From 52be4820993faaffa7c1c75b89ddb8d4e17d73e9 Mon Sep 17 00:00:00 2001 From: Abigail McPhillips Date: Mon, 13 May 2024 15:08:39 +0100 Subject: [PATCH 07/35] update seed file --- db/seeds.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/db/seeds.rb b/db/seeds.rb index 1b186806ed..1d29285284 100644 --- a/db/seeds.rb +++ b/db/seeds.rb @@ -6,7 +6,7 @@ # movies = Movie.create([{ name: 'Star Wars' }, { name: 'Lord of the Rings' }]) # Character.create(name: 'Luke', movie: movies.first) -if Rails.env.development? || ENV["ENVIRONMENT_NAME"] == "review" +if Rails.env.development? || ENV["ENVIRONMENT_NAME"].start_with?('review') Journeys::Configuration.create!(routing_name: Journeys::TeacherStudentLoanReimbursement::ROUTING_NAME, current_academic_year: AcademicYear.current) Journeys::Configuration.create!(routing_name: Journeys::AdditionalPaymentsForTeaching::ROUTING_NAME, current_academic_year: AcademicYear.current) From e9dfbfd8d57879ee115f4ebeb32e0cfe618586c7 Mon Sep 17 00:00:00 2001 From: Abigail McPhillips Date: Mon, 13 May 2024 15:14:13 +0100 Subject: [PATCH 08/35] linting; --- db/seeds.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/db/seeds.rb b/db/seeds.rb index 1d29285284..527939817e 100644 --- a/db/seeds.rb +++ b/db/seeds.rb @@ -6,7 +6,7 @@ # movies = Movie.create([{ name: 'Star Wars' }, { name: 'Lord of the Rings' }]) # Character.create(name: 'Luke', movie: movies.first) -if Rails.env.development? || ENV["ENVIRONMENT_NAME"].start_with?('review') +if Rails.env.development? || ENV["ENVIRONMENT_NAME"].start_with?("review") Journeys::Configuration.create!(routing_name: Journeys::TeacherStudentLoanReimbursement::ROUTING_NAME, current_academic_year: AcademicYear.current) Journeys::Configuration.create!(routing_name: Journeys::AdditionalPaymentsForTeaching::ROUTING_NAME, current_academic_year: AcademicYear.current) From f25519a8d887af25332c8ca00b257e0c2a76f41d Mon Sep 17 00:00:00 2001 From: vacabor <166112501+vacabor@users.noreply.github.com> Date: Mon, 13 May 2024 15:25:10 +0100 Subject: [PATCH 09/35] WIP: Use the PR tagged image for now --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 672c219592..b8e1e36c4f 100644 --- a/Makefile +++ b/Makefile @@ -57,7 +57,7 @@ terraform-init: set-azure-account ${BACKEND_KEY} terraform-init-aks: composed-variables bin/terrafile set-azure-account-aks - $(if ${DOCKER_IMAGE_TAG}, , $(eval DOCKER_IMAGE_TAG=web-master)) + $(if ${DOCKER_IMAGE_TAG}, , $(eval DOCKER_IMAGE_TAG=web-capt-1632-implement-review-apps)) ./bin/terrafile -p terraform/application/vendor/modules -f terraform/application/config/$(CONFIG)_Terrafile terraform -chdir=terraform/application init -upgrade -reconfigure \ From 16a8c7d248efc4cdaf08a4c718c68e6017bdaaf2 Mon Sep 17 00:00:00 2001 From: vacabor <166112501+vacabor@users.noreply.github.com> Date: Tue, 14 May 2024 10:45:39 +0100 Subject: [PATCH 10/35] Add a build action to build and push the container to GHCR --- .github/actions/deploy-environment/action.yml | 45 +++++++++++ .github/workflows/build_and_deploy.yml | 74 +++++++++++++++++++ Makefile | 4 +- .../application/config/review.tfvars.json | 2 +- 4 files changed, 122 insertions(+), 3 deletions(-) create mode 100644 .github/actions/deploy-environment/action.yml create mode 100644 .github/workflows/build_and_deploy.yml diff --git a/.github/actions/deploy-environment/action.yml b/.github/actions/deploy-environment/action.yml new file mode 100644 index 0000000000..ffdf1718e9 --- /dev/null +++ b/.github/actions/deploy-environment/action.yml @@ -0,0 +1,45 @@ +name: Deploy environment +description: Deploys an application environment + +inputs: + environment: + description: The name of the environment + required: true + docker-image: + description: The Docker image to deploy + required: true + azure-credentials: + description: JSON object containing a service principal that can read from Azure Key Vault + required: true + pull-request-number: + description: The pull request number which triggered this deploy. + required: false + +runs: + using: composite + + steps: + - uses: hashicorp/setup-terraform@v3 + with: + terraform_version: 1.6.4 + terraform_wrapper: false + + - uses: DFE-Digital/github-actions/set-kubelogin-environment@master + with: + azure-credentials: ${{ inputs.azure-credentials }} + + - name: Terraform Apply + shell: bash + run: | + make ci ${{ inputs.environment }} terraform-apply + env: + DOCKER_IMAGE_TAG: ${{ inputs.docker-image }} + PR_NUMBER: ${{ inputs.pull-request-number }} + + - name: Extract Terraform outputs + shell: bash + id: set_outputs + run: | + output=$(terraform -chdir=terraform/application output -json ingress_hostnames) + echo "HOSTNAMES=$output" >> $GITHUB_ENV + diff --git a/.github/workflows/build_and_deploy.yml b/.github/workflows/build_and_deploy.yml new file mode 100644 index 0000000000..dc27df11e9 --- /dev/null +++ b/.github/workflows/build_and_deploy.yml @@ -0,0 +1,74 @@ +name: Build and deploy to AKS cluster + +on: + push: + branches: [master] + pull_request: + types: [labeled, opened, reopened, synchronize] + +concurrency: deploy-${{ github.ref }} + +permissions: + packages: write + pull-requests: write + +jobs: + build: + runs-on: ubuntu-latest + outputs: + docker-image-tag: ${{ steps.build-image.outputs.tag }} + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Build and push docker image + id: build-image + uses: DFE-Digital/github-actions/build-docker-image@master + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + context: . + + deploy_review: + name: Deploy to review environment + concurrency: deploy_review_${{ github.event.pull_request.number }} + runs-on: ubuntu-latest + if: ${{ contains(github.event.pull_request.labels.*.name, 'deploy') }} + needs: [build] + environment: + name: review + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - uses: ./.github/actions/deploy-environment + id: deploy + with: + environment: review + docker-image: ${{ needs.build.outputs.docker-image-tag }} + azure-credentials: ${{ secrets.AZURE_CREDENTIALS }} + pull-request-number: ${{ github.event.number }} + + - uses: azure/login@v2 + with: + creds: ${{ secrets.AZURE_CREDENTIALS }} + + - name: Seed Review App + shell: bash + if: github.event.number != '' + run: | + make ci review get-cluster-credentials + kubectl exec -n bat-qa deployment/claim-additional-payments-for-teaching-${{ github.event.number }} -- sh -c "cd /app && bundle exec rake db:schema:load db:seed" + env: + PR_NUMBER: ${{ github.event.number }} + + - name: Post comment to Pull Request ${{ github.event.number }} + if: ${{ github.event_name == 'pull_request' }} + uses: marocchino/sticky-pull-request-comment@v2 + with: + header: aks + message: | + ### Deployment + + https://claim-additional-payments-for-teaching-${{ github.event.number }}.test.teacherservices.cloud diff --git a/Makefile b/Makefile index b8e1e36c4f..1a8e8a385e 100644 --- a/Makefile +++ b/Makefile @@ -4,7 +4,7 @@ RG_TAGS={"Product" : "Claim Additional Payments for teaching"} REGION=UK South SERVICE_NAME=claim-additional-payments-for-teaching SERVICE_SHORT=capt -DOCKER_REPOSITORY=dfedigital/teacher-payments-service +DOCKER_REPOSITORY=ghcr.io/dfe-digital/claim-additional-payments-for-teaching help: @grep -E '^[a-zA-Z\._\-]+:.*?## .*$$' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}' @@ -57,7 +57,7 @@ terraform-init: set-azure-account ${BACKEND_KEY} terraform-init-aks: composed-variables bin/terrafile set-azure-account-aks - $(if ${DOCKER_IMAGE_TAG}, , $(eval DOCKER_IMAGE_TAG=web-capt-1632-implement-review-apps)) + $(if ${DOCKER_IMAGE_TAG}, , $(eval DOCKER_IMAGE_TAG=master)) ./bin/terrafile -p terraform/application/vendor/modules -f terraform/application/config/$(CONFIG)_Terrafile terraform -chdir=terraform/application init -upgrade -reconfigure \ diff --git a/terraform/application/config/review.tfvars.json b/terraform/application/config/review.tfvars.json index d070c1605f..bc91753a70 100644 --- a/terraform/application/config/review.tfvars.json +++ b/terraform/application/config/review.tfvars.json @@ -4,5 +4,5 @@ "config": "review", "deploy_azure_backing_services": false, "enable_postgres_ssl": false, - "startup_command": ["/bin/sh", "-c", "bundle exec rake db:schema:load db:seed && bundle exec rails server -b 0.0.0.0"] + "startup_command": ["/bin/sh", "-c", "bundle exec rails server -b 0.0.0.0"] } From 6e7e48269545b937bacecff33d2ee4d8d6250995 Mon Sep 17 00:00:00 2001 From: vacabor <166112501+vacabor@users.noreply.github.com> Date: Tue, 14 May 2024 11:00:58 +0100 Subject: [PATCH 11/35] Set the right subscription --- .github/workflows/build_and_deploy.yml | 2 +- Makefile | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build_and_deploy.yml b/.github/workflows/build_and_deploy.yml index dc27df11e9..d3f3687673 100644 --- a/.github/workflows/build_and_deploy.yml +++ b/.github/workflows/build_and_deploy.yml @@ -58,7 +58,7 @@ jobs: shell: bash if: github.event.number != '' run: | - make ci review get-cluster-credentials + make ci review-aks get-cluster-credentials kubectl exec -n bat-qa deployment/claim-additional-payments-for-teaching-${{ github.event.number }} -- sh -c "cd /app && bundle exec rake db:schema:load db:seed" env: PR_NUMBER: ${{ github.event.number }} diff --git a/Makefile b/Makefile index 1a8e8a385e..cab6d69715 100644 --- a/Makefile +++ b/Makefile @@ -34,8 +34,8 @@ production: $(eval CONTAINER_NAME=s118p01conttfstate) $(eval DEPLOY_ENV=production) -.PHONY: review_aks -review_aks: test-cluster +.PHONY: review-aks +review-aks: test-cluster $(if ${PR_NUMBER},,$(error Missing PR_NUMBER)) $(eval ENVIRONMENT=review-${PR_NUMBER}) $(eval export TF_VAR_environment=${ENVIRONMENT}) From 6447b20b58ebf05973a205b07f281be023964ae9 Mon Sep 17 00:00:00 2001 From: vacabor <166112501+vacabor@users.noreply.github.com> Date: Tue, 14 May 2024 11:06:38 +0100 Subject: [PATCH 12/35] Call review-aks rather than review --- .github/workflows/build_and_deploy.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build_and_deploy.yml b/.github/workflows/build_and_deploy.yml index d3f3687673..0fcea6fed8 100644 --- a/.github/workflows/build_and_deploy.yml +++ b/.github/workflows/build_and_deploy.yml @@ -36,7 +36,7 @@ jobs: if: ${{ contains(github.event.pull_request.labels.*.name, 'deploy') }} needs: [build] environment: - name: review + name: review-aks steps: - name: Checkout code @@ -45,7 +45,7 @@ jobs: - uses: ./.github/actions/deploy-environment id: deploy with: - environment: review + environment: review-aks docker-image: ${{ needs.build.outputs.docker-image-tag }} azure-credentials: ${{ secrets.AZURE_CREDENTIALS }} pull-request-number: ${{ github.event.number }} From 9ebf33949410d551e6cca9fb81115eeef7a493c8 Mon Sep 17 00:00:00 2001 From: vacabor <166112501+vacabor@users.noreply.github.com> Date: Tue, 14 May 2024 11:14:27 +0100 Subject: [PATCH 13/35] Call terraform-apply-aks --- .github/actions/deploy-environment/action.yml | 41 +++++++++---------- 1 file changed, 20 insertions(+), 21 deletions(-) diff --git a/.github/actions/deploy-environment/action.yml b/.github/actions/deploy-environment/action.yml index ffdf1718e9..e62a8422df 100644 --- a/.github/actions/deploy-environment/action.yml +++ b/.github/actions/deploy-environment/action.yml @@ -19,27 +19,26 @@ runs: using: composite steps: - - uses: hashicorp/setup-terraform@v3 - with: - terraform_version: 1.6.4 - terraform_wrapper: false + - uses: hashicorp/setup-terraform@v3 + with: + terraform_version: 1.6.4 + terraform_wrapper: false - - uses: DFE-Digital/github-actions/set-kubelogin-environment@master - with: - azure-credentials: ${{ inputs.azure-credentials }} + - uses: DFE-Digital/github-actions/set-kubelogin-environment@master + with: + azure-credentials: ${{ inputs.azure-credentials }} - - name: Terraform Apply - shell: bash - run: | - make ci ${{ inputs.environment }} terraform-apply - env: - DOCKER_IMAGE_TAG: ${{ inputs.docker-image }} - PR_NUMBER: ${{ inputs.pull-request-number }} - - - name: Extract Terraform outputs - shell: bash - id: set_outputs - run: | - output=$(terraform -chdir=terraform/application output -json ingress_hostnames) - echo "HOSTNAMES=$output" >> $GITHUB_ENV + - name: Terraform Apply + shell: bash + run: | + make ci ${{ inputs.environment }} terraform-apply-aks + env: + DOCKER_IMAGE_TAG: ${{ inputs.docker-image }} + PR_NUMBER: ${{ inputs.pull-request-number }} + - name: Extract Terraform outputs + shell: bash + id: set_outputs + run: | + output=$(terraform -chdir=terraform/application output -json ingress_hostnames) + echo "HOSTNAMES=$output" >> $GITHUB_ENV From e47360437b07acccdb6aaf7b51c4ad7752978f3a Mon Sep 17 00:00:00 2001 From: vacabor <166112501+vacabor@users.noreply.github.com> Date: Tue, 14 May 2024 11:43:03 +0100 Subject: [PATCH 14/35] Use PR number and not event number --- .github/actions/deploy-environment/action.yml | 7 ------- .github/workflows/build_and_deploy.yml | 8 ++++---- 2 files changed, 4 insertions(+), 11 deletions(-) diff --git a/.github/actions/deploy-environment/action.yml b/.github/actions/deploy-environment/action.yml index e62a8422df..1696f3dbfb 100644 --- a/.github/actions/deploy-environment/action.yml +++ b/.github/actions/deploy-environment/action.yml @@ -35,10 +35,3 @@ runs: env: DOCKER_IMAGE_TAG: ${{ inputs.docker-image }} PR_NUMBER: ${{ inputs.pull-request-number }} - - - name: Extract Terraform outputs - shell: bash - id: set_outputs - run: | - output=$(terraform -chdir=terraform/application output -json ingress_hostnames) - echo "HOSTNAMES=$output" >> $GITHUB_ENV diff --git a/.github/workflows/build_and_deploy.yml b/.github/workflows/build_and_deploy.yml index 0fcea6fed8..488d11a373 100644 --- a/.github/workflows/build_and_deploy.yml +++ b/.github/workflows/build_and_deploy.yml @@ -48,7 +48,7 @@ jobs: environment: review-aks docker-image: ${{ needs.build.outputs.docker-image-tag }} azure-credentials: ${{ secrets.AZURE_CREDENTIALS }} - pull-request-number: ${{ github.event.number }} + pull-request-number: ${{ github.event.pull_request.number }} - uses: azure/login@v2 with: @@ -59,9 +59,9 @@ jobs: if: github.event.number != '' run: | make ci review-aks get-cluster-credentials - kubectl exec -n bat-qa deployment/claim-additional-payments-for-teaching-${{ github.event.number }} -- sh -c "cd /app && bundle exec rake db:schema:load db:seed" + kubectl exec -n bat-qa deployment/claim-additional-payments-for-teaching-${{ github.event.pull_request.number }} -- sh -c "cd /app && bundle exec rake db:schema:load db:seed" env: - PR_NUMBER: ${{ github.event.number }} + PR_NUMBER: ${{ github.event.pull_request.number }} - name: Post comment to Pull Request ${{ github.event.number }} if: ${{ github.event_name == 'pull_request' }} @@ -71,4 +71,4 @@ jobs: message: | ### Deployment - https://claim-additional-payments-for-teaching-${{ github.event.number }}.test.teacherservices.cloud + https://claim-additional-payments-for-teaching-${{ github.event.pull_request.number }}.test.teacherservices.cloud/additional-payments/claim From e61e37ef3a474dd1cfb8e14ad8a7542393a35150 Mon Sep 17 00:00:00 2001 From: vacabor <166112501+vacabor@users.noreply.github.com> Date: Tue, 14 May 2024 11:54:37 +0100 Subject: [PATCH 15/35] Change PR message, fix deployment name --- .github/workflows/build_and_deploy.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build_and_deploy.yml b/.github/workflows/build_and_deploy.yml index 488d11a373..676f4f3057 100644 --- a/.github/workflows/build_and_deploy.yml +++ b/.github/workflows/build_and_deploy.yml @@ -59,7 +59,7 @@ jobs: if: github.event.number != '' run: | make ci review-aks get-cluster-credentials - kubectl exec -n bat-qa deployment/claim-additional-payments-for-teaching-${{ github.event.pull_request.number }} -- sh -c "cd /app && bundle exec rake db:schema:load db:seed" + kubectl exec -n srtl-development deployment/claim-additional-payments-for-teaching-review-${{ github.event.pull_request.number }} -- sh -c "cd /app && bundle exec rake db:schema:load db:seed" env: PR_NUMBER: ${{ github.event.pull_request.number }} @@ -69,6 +69,9 @@ jobs: with: header: aks message: | - ### Deployment + ### Deployments - https://claim-additional-payments-for-teaching-${{ github.event.pull_request.number }}.test.teacherservices.cloud/additional-payments/claim + | Journey | URL | + | ------------------- | --------------------------------------------------------------------------------------------------------------------------------------------- | + | Additional Payments | | + | Student Loans | | From a607a539fe3abbc35f9d29d51fff457fc70b587a Mon Sep 17 00:00:00 2001 From: vacabor <166112501+vacabor@users.noreply.github.com> Date: Tue, 14 May 2024 11:58:52 +0100 Subject: [PATCH 16/35] Correct comment URLs --- .github/workflows/build_and_deploy.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build_and_deploy.yml b/.github/workflows/build_and_deploy.yml index 676f4f3057..9d4805474e 100644 --- a/.github/workflows/build_and_deploy.yml +++ b/.github/workflows/build_and_deploy.yml @@ -73,5 +73,5 @@ jobs: | Journey | URL | | ------------------- | --------------------------------------------------------------------------------------------------------------------------------------------- | - | Additional Payments | | - | Student Loans | | + | Additional Payments | | + | Student Loans | | From 127e22da396ea88fcc64fe28f0b714db5a44b52b Mon Sep 17 00:00:00 2001 From: vacabor <166112501+vacabor@users.noreply.github.com> Date: Tue, 14 May 2024 11:59:26 +0100 Subject: [PATCH 17/35] Align table header --- .github/workflows/build_and_deploy.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build_and_deploy.yml b/.github/workflows/build_and_deploy.yml index 9d4805474e..6ba8ad13d7 100644 --- a/.github/workflows/build_and_deploy.yml +++ b/.github/workflows/build_and_deploy.yml @@ -71,7 +71,7 @@ jobs: message: | ### Deployments - | Journey | URL | - | ------------------- | --------------------------------------------------------------------------------------------------------------------------------------------- | + | Journey | URL | + | ------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------- | | Additional Payments | | | Student Loans | | From 6feebd33282d9551edd715ac765939abea5cdcef Mon Sep 17 00:00:00 2001 From: Abigail McPhillips Date: Tue, 14 May 2024 14:35:09 +0100 Subject: [PATCH 18/35] Add delete-review-app workflow --- .github/workflows/build_and_deploy.yml | 2 +- .github/workflows/delete_review_app.yml | 34 +++++++++++++++++++++++++ 2 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/delete_review_app.yml diff --git a/.github/workflows/build_and_deploy.yml b/.github/workflows/build_and_deploy.yml index 6ba8ad13d7..a4100cd089 100644 --- a/.github/workflows/build_and_deploy.yml +++ b/.github/workflows/build_and_deploy.yml @@ -54,7 +54,7 @@ jobs: with: creds: ${{ secrets.AZURE_CREDENTIALS }} - - name: Seed Review App + - name: Seed review app shell: bash if: github.event.number != '' run: | diff --git a/.github/workflows/delete_review_app.yml b/.github/workflows/delete_review_app.yml new file mode 100644 index 0000000000..1bc80f7e1c --- /dev/null +++ b/.github/workflows/delete_review_app.yml @@ -0,0 +1,34 @@ +name: Delete review app on AKS + +on: + pull_request: + branches: + - master + types: + - closed + +jobs: + delete-review-app: + name: Delete review app ${{ github.event.pull_request.number }} + concurrency: deploy_review_${{ github.event.pull_request.number }} + runs-on: ubuntu-latest + if: ${{ contains(github.event.pull_request.labels.*.name, 'deploy') }} + environment: review-aks + steps: + - name: Checkout + uses: actions/checkout@v4 + + - uses: hashicorp/setup-terraform@v3 + with: + terraform_version: 1.6.4 + terraform_wrapper: false + + - uses: DFE-Digital/github-actions/set-kubelogin-environment@master + with: + azure-credentials: ${{ secrets.AZURE_CREDENTIALS }} + + - name: Terraform destroy + run: | + make ci review-aks terraform-destroy-aks + env: + PR_NUMBER: ${{ github.event.pull_request.number }} From b18159a48c8c68febd15b51546c8cfe23e6c3465 Mon Sep 17 00:00:00 2001 From: Abigail McPhillips Date: Tue, 14 May 2024 14:46:53 +0100 Subject: [PATCH 19/35] Output APP_URL from build and use in PR comment --- .github/actions/deploy-environment/action.yml | 7 +++++++ .github/workflows/build_and_deploy.yml | 8 ++++---- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/.github/actions/deploy-environment/action.yml b/.github/actions/deploy-environment/action.yml index 1696f3dbfb..40b5b40ee4 100644 --- a/.github/actions/deploy-environment/action.yml +++ b/.github/actions/deploy-environment/action.yml @@ -35,3 +35,10 @@ runs: env: DOCKER_IMAGE_TAG: ${{ inputs.docker-image }} PR_NUMBER: ${{ inputs.pull-request-number }} + + - name: Extract Terraform outputs + shell: bash + id: set_outputs + run: | + output=$(terraform -chdir=terraform/application output -json url) + echo "APP_URL=$output" >> $GITHUB_ENV diff --git a/.github/workflows/build_and_deploy.yml b/.github/workflows/build_and_deploy.yml index a4100cd089..ff696bf942 100644 --- a/.github/workflows/build_and_deploy.yml +++ b/.github/workflows/build_and_deploy.yml @@ -71,7 +71,7 @@ jobs: message: | ### Deployments - | Journey | URL | - | ------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------- | - | Additional Payments | | - | Student Loans | | + | Journey | URL | + | ------------------- | ------------------------------------ | + | Additional Payments | <$APP_URL/additional-payments/claim> | + | Student Loans | <$APP_URL/student-loans/claim> | From 67cd34da78d2193ef5e9bdfdae4c1ac929243d84 Mon Sep 17 00:00:00 2001 From: Abigail McPhillips Date: Tue, 14 May 2024 15:00:27 +0100 Subject: [PATCH 20/35] Try to pull the APP_ULR from env again --- .github/workflows/build_and_deploy.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build_and_deploy.yml b/.github/workflows/build_and_deploy.yml index ff696bf942..cd6b9c533a 100644 --- a/.github/workflows/build_and_deploy.yml +++ b/.github/workflows/build_and_deploy.yml @@ -73,5 +73,5 @@ jobs: | Journey | URL | | ------------------- | ------------------------------------ | - | Additional Payments | <$APP_URL/additional-payments/claim> | - | Student Loans | <$APP_URL/student-loans/claim> | + | Additional Payments | <${{ env.APP_URL }}/additional-payments/claim> | + | Student Loans | <${{ env.APP_URL }}/student-loans/claim> | From 474e55735f731aa075af27b829bea146eb5b742c Mon Sep 17 00:00:00 2001 From: Abigail McPhillips Date: Tue, 14 May 2024 15:14:27 +0100 Subject: [PATCH 21/35] output raw url not json --- .github/actions/deploy-environment/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/deploy-environment/action.yml b/.github/actions/deploy-environment/action.yml index 40b5b40ee4..7908325377 100644 --- a/.github/actions/deploy-environment/action.yml +++ b/.github/actions/deploy-environment/action.yml @@ -40,5 +40,5 @@ runs: shell: bash id: set_outputs run: | - output=$(terraform -chdir=terraform/application output -json url) + output=$(terraform -chdir=terraform/application output -raw url) echo "APP_URL=$output" >> $GITHUB_ENV From 7ff5ed029af2e17ee828bccc909d824b40b1ae4e Mon Sep 17 00:00:00 2001 From: Abigail McPhillips Date: Tue, 14 May 2024 15:41:47 +0100 Subject: [PATCH 22/35] Update README --- README.md | 17 ++++------------- 1 file changed, 4 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index e458b03d0c..a7fc3f4b1f 100644 --- a/README.md +++ b/README.md @@ -280,21 +280,12 @@ https://test.additional-teaching-payment.education.gov.uk. The release process for Production is documented in [`docs/release-process.md`](docs/release-process.md) -### Heroku Review Apps - -Pull requests in the -[GitHub Repository](https://github.com/DFE-Digital/dfe-teachers-payment-service) -will automatically have a -[review app](https://devcenter.heroku.com/articles/github-integration-review-apps) -created in Heroku once CI has passed. - -For more information, see the [app's Heroku docs](docs/heroku.md) - ### Azure review apps -Pull requests automatically build a review app in Azure using the same -technologies as the production environment. Each one can be accessed via this -URL: `https://s118d02-app-pr--as.azurewebsites.net` +Adding the 'deploy' label to pull requests builds a review app in Azure using +the same technologies as the production environment. Each one can be accessed +via this URL: +`https://claim-additional-payments-for-teaching-review-.test.teacherservices.cloud` The review app is then destroyed when the PR is closed or merged. From eb4fc4617aac9d77cf9cd3699e9698fa37733ae1 Mon Sep 17 00:00:00 2001 From: Abigail McPhillips Date: Wed, 15 May 2024 09:54:46 +0100 Subject: [PATCH 23/35] Update config for test env --- global_config/test.sh | 2 +- terraform/application/config/test.tfvars.json | 4 +--- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/global_config/test.sh b/global_config/test.sh index ad3f2f09d0..ad8eae4807 100644 --- a/global_config/test.sh +++ b/global_config/test.sh @@ -1,6 +1,6 @@ CONFIG=test ENVIRONMENT=test -CONFIG_SHORT=test +CONFIG_SHORT=ts AZURE_SUBSCRIPTION=s189-teacher-services-cloud-test AZURE_RESOURCE_PREFIX=s189t01 KV_PURGE_PROTECTION=false diff --git a/terraform/application/config/test.tfvars.json b/terraform/application/config/test.tfvars.json index 7c1ad83f1b..b64515add3 100644 --- a/terraform/application/config/test.tfvars.json +++ b/terraform/application/config/test.tfvars.json @@ -1,7 +1,5 @@ { "cluster": "test", "namespace": "srtl-test", - "environment": "test", - "deploy_azure_backing_services": false, - "enable_postgres_ssl": false + "environment": "test" } From 930979904cabba6e9a22cd5f9a6769e016a885de Mon Sep 17 00:00:00 2001 From: Abigail McPhillips Date: Wed, 15 May 2024 09:56:46 +0100 Subject: [PATCH 24/35] Echo correct URL in makefile --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index cab6d69715..b362747ed7 100644 --- a/Makefile +++ b/Makefile @@ -40,7 +40,7 @@ review-aks: test-cluster $(eval ENVIRONMENT=review-${PR_NUMBER}) $(eval export TF_VAR_environment=${ENVIRONMENT}) $(eval include global_config/review.sh) - echo https://claim-additional-payments-for-teaching-$(PR_NUMBER).test.teacherservices.cloud will be created in aks + echo https://claim-additional-payments-for-teaching-review-$(PR_NUMBER).test.teacherservices.cloud will be created in aks set-azure-account: az account set -s ${AZ_SUBSCRIPTION} From 8b6680ae9ec02686856d93a9aadcdd13ed5076da Mon Sep 17 00:00:00 2001 From: Abigail McPhillips Date: Wed, 15 May 2024 10:24:09 +0100 Subject: [PATCH 25/35] dont suppress dfe analytics in review apps --- terraform/application/config/review_app_env.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/terraform/application/config/review_app_env.yml b/terraform/application/config/review_app_env.yml index a318e52330..786fbd2f4e 100644 --- a/terraform/application/config/review_app_env.yml +++ b/terraform/application/config/review_app_env.yml @@ -27,8 +27,6 @@ RUN_FLAKY_SPECS: true RUN_JS_SPECS: true RUN_SLOW_SPECS: true -SUPPRESS_DFE_ANALYTICS_INIT: true - HMRC_API_BASE_URL: https://test-api.service.hmrc.gov.uk HMRC_API_BANK_VALIDATION_ENABLED: false HMRC_API_CLIENT_ID: test From dc01c393cfbd803070e8681dd781994c629c704b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 15 May 2024 10:37:45 +0100 Subject: [PATCH 26/35] Bump selenium-webdriver from 4.19.0 to 4.20.1 (#2735) Bumps [selenium-webdriver](https://github.com/SeleniumHQ/selenium) from 4.19.0 to 4.20.1. - [Release notes](https://github.com/SeleniumHQ/selenium/releases) - [Changelog](https://github.com/SeleniumHQ/selenium/blob/trunk/rb/CHANGES) - [Commits](https://github.com/SeleniumHQ/selenium/commits) --- updated-dependencies: - dependency-name: selenium-webdriver dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 0e880dd3dd..2e30d77bd4 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -434,7 +434,7 @@ GEM sprockets (> 3.0) sprockets-rails tilt - selenium-webdriver (4.19.0) + selenium-webdriver (4.20.1) base64 (~> 0.2) rexml (~> 3.2, >= 3.2.5) rubyzip (>= 1.2.2, < 3.0) From acc1e2395681e1bd9fbb31aca016c5da17b41226 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 15 May 2024 11:56:45 +0100 Subject: [PATCH 27/35] Bump nokogiri from 1.16.2 to 1.16.5 (#2743) Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.16.2 to 1.16.5. - [Release notes](https://github.com/sparklemotion/nokogiri/releases) - [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md) - [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.16.2...v1.16.5) --- updated-dependencies: - dependency-name: nokogiri dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 2e30d77bd4..f27d55799d 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -259,7 +259,7 @@ GEM matrix (0.4.2) method_source (1.0.0) mini_mime (1.1.5) - mini_portile2 (2.8.5) + mini_portile2 (2.8.6) minitest (5.22.2) msgpack (1.7.2) multi_json (1.15.0) @@ -275,10 +275,10 @@ GEM net-smtp (0.4.0.1) net-protocol nio4r (2.7.0) - nokogiri (1.16.2) + nokogiri (1.16.5) mini_portile2 (~> 2.8.2) racc (~> 1.4) - nokogiri (1.16.2-x86_64-darwin) + nokogiri (1.16.5-x86_64-darwin) racc (~> 1.4) notifications-ruby-client (5.4.0) jwt (>= 1.5, < 3) From bf6ea7eddff09f4a2032e088e51b52dad60be432 Mon Sep 17 00:00:00 2001 From: vacabor <166112501+vacabor@users.noreply.github.com> Date: Wed, 15 May 2024 14:10:06 +0100 Subject: [PATCH 28/35] Add dfe:analytics:check lint step to the CI workflow --- .github/workflows/ci.yaml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 9ae159b3ee..3789ec036d 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -24,6 +24,33 @@ jobs: - name: Linting - Standardrb run: bin/rails standard + lint-dfe-analytics: + runs-on: ubuntu-latest + services: + postgres: + image: postgres:11-alpine + ports: + - '5432:5432' + env: + POSTGRES_USER: postgres + POSTGRES_PASSWORD: password + env: + RAILS_ENV: test + DFE_TEACHERS_PAYMENT_SERVICE_DATABASE_USERNAME: postgres + DFE_TEACHERS_PAYMENT_SERVICE_DATABASE_PASSWORD: password + DFE_TEACHERS_PAYMENT_SERVICE_DATABASE_HOST: localhost + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Install Ruby + uses: ruby/setup-ruby@v1 + with: + bundler-cache: true + - name: Prepare DB + run: bin/rails db:prepare + - name: Linting - DfE::Analytics + run: bin/rails dfe:analytics:check + test: runs-on: ubuntu-latest strategy: From 025283bd042232546d4573c916715abec0fdf252 Mon Sep 17 00:00:00 2001 From: vacabor <166112501+vacabor@users.noreply.github.com> Date: Wed, 15 May 2024 14:12:07 +0100 Subject: [PATCH 29/35] Fix indentation --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 3789ec036d..a0201b248a 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -40,7 +40,7 @@ jobs: DFE_TEACHERS_PAYMENT_SERVICE_DATABASE_PASSWORD: password DFE_TEACHERS_PAYMENT_SERVICE_DATABASE_HOST: localhost steps: - - name: Checkout code + - name: Checkout code uses: actions/checkout@v4 - name: Install Ruby uses: ruby/setup-ruby@v1 From def6f3de8b1dbdcaf8ed6ea0db777076889e72f6 Mon Sep 17 00:00:00 2001 From: AbigailMcP Date: Wed, 15 May 2024 14:43:38 +0100 Subject: [PATCH 30/35] Update .github/workflows/build_and_deploy.yml Co-authored-by: Steven Lorek --- .github/workflows/build_and_deploy.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build_and_deploy.yml b/.github/workflows/build_and_deploy.yml index cd6b9c533a..65f35ae48a 100644 --- a/.github/workflows/build_and_deploy.yml +++ b/.github/workflows/build_and_deploy.yml @@ -75,3 +75,4 @@ jobs: | ------------------- | ------------------------------------ | | Additional Payments | <${{ env.APP_URL }}/additional-payments/claim> | | Student Loans | <${{ env.APP_URL }}/student-loans/claim> | + | Admin | <${{ env.APP_URL }}/admin> | From 1f4683212d9ff292ed0368ad011a0abc822ee9aa Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 15 May 2024 16:17:49 +0100 Subject: [PATCH 31/35] Bump dotenv-rails from 3.1.0 to 3.1.2 (#2746) Bumps [dotenv-rails](https://github.com/bkeepers/dotenv) from 3.1.0 to 3.1.2. - [Release notes](https://github.com/bkeepers/dotenv/releases) - [Changelog](https://github.com/bkeepers/dotenv/blob/main/Changelog.md) - [Commits](https://github.com/bkeepers/dotenv/compare/v3.1.0...v3.1.2) --- updated-dependencies: - dependency-name: dotenv-rails dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index f27d55799d..7cd2e94878 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -129,9 +129,9 @@ GEM delayed_job (>= 3.0, < 5) diff-lcs (1.5.1) docile (1.4.0) - dotenv (3.1.0) - dotenv-rails (3.1.0) - dotenv (= 3.1.0) + dotenv (3.1.2) + dotenv-rails (3.1.2) + dotenv (= 3.1.2) railties (>= 6.1) erubi (1.12.0) et-orbi (1.2.7) @@ -218,7 +218,7 @@ GEM html-attributes-utils (0.9.2) activesupport (>= 6.1.4.4) httpclient (2.8.3) - i18n (1.14.4) + i18n (1.14.5) concurrent-ruby (~> 1.0) jbuilder (2.11.5) actionview (>= 5.0.0) @@ -257,10 +257,10 @@ GEM rack (>= 2.1.4.1) marcel (1.0.3) matrix (0.4.2) - method_source (1.0.0) + method_source (1.1.0) mini_mime (1.1.5) mini_portile2 (2.8.6) - minitest (5.22.2) + minitest (5.22.3) msgpack (1.7.2) multi_json (1.15.0) multipart-post (2.3.0) @@ -320,7 +320,7 @@ GEM nio4r (~> 2.0) raabro (1.4.0) racc (1.7.3) - rack (2.2.8.1) + rack (2.2.9) rack-mini-profiler (3.3.1) rack (>= 1.2.0) rack-oauth2 (1.21.3) @@ -369,7 +369,7 @@ GEM thor (~> 1.0) zeitwerk (~> 2.5) rainbow (3.1.1) - rake (13.1.0) + rake (13.2.1) rb-fsevent (0.11.2) rb-inotify (0.10.1) ffi (~> 1.0) @@ -523,7 +523,7 @@ GEM websocket-extensions (0.1.5) xpath (3.2.0) nokogiri (~> 1.8) - zeitwerk (2.6.13) + zeitwerk (2.6.14) PLATFORMS ruby From cae3f936b38aa7d02a4472dc13752d83f43f836f Mon Sep 17 00:00:00 2001 From: Abigail McPhillips Date: Thu, 16 May 2024 11:13:25 +0100 Subject: [PATCH 32/35] Require deploy tag to build, remove master branch condition --- .github/workflows/build_and_deploy.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/build_and_deploy.yml b/.github/workflows/build_and_deploy.yml index 65f35ae48a..578f8103bb 100644 --- a/.github/workflows/build_and_deploy.yml +++ b/.github/workflows/build_and_deploy.yml @@ -1,8 +1,6 @@ name: Build and deploy to AKS cluster on: - push: - branches: [master] pull_request: types: [labeled, opened, reopened, synchronize] @@ -15,6 +13,7 @@ permissions: jobs: build: runs-on: ubuntu-latest + if: ${{ contains(github.event.pull_request.labels.*.name, 'deploy') }} outputs: docker-image-tag: ${{ steps.build-image.outputs.tag }} @@ -33,7 +32,6 @@ jobs: name: Deploy to review environment concurrency: deploy_review_${{ github.event.pull_request.number }} runs-on: ubuntu-latest - if: ${{ contains(github.event.pull_request.labels.*.name, 'deploy') }} needs: [build] environment: name: review-aks From 306c5e8b63a952c7997f01d1cca2084c453a0373 Mon Sep 17 00:00:00 2001 From: Abigail McPhillips Date: Thu, 16 May 2024 11:16:50 +0100 Subject: [PATCH 33/35] test From 3f5f486a9b937421d3b24a5451d3f348b0581f38 Mon Sep 17 00:00:00 2001 From: Abigail McPhillips Date: Thu, 16 May 2024 14:34:12 +0100 Subject: [PATCH 34/35] set review config from production --- config/environments/review.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/environments/review.rb b/config/environments/review.rb index 238cd25b69..8513ffef36 100644 --- a/config/environments/review.rb +++ b/config/environments/review.rb @@ -1,3 +1,3 @@ # frozen_string_literal: true -require Rails.root.join("config/environments/test") +require Rails.root.join("config/environments/production") From 7f0fb34cd515746b4b3cd01773b2ec02273d3288 Mon Sep 17 00:00:00 2001 From: Abigail McPhillips Date: Thu, 16 May 2024 14:45:23 +0100 Subject: [PATCH 35/35] update env name and rails env --- terraform/application/config/review_app_env.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/terraform/application/config/review_app_env.yml b/terraform/application/config/review_app_env.yml index 786fbd2f4e..c58668c4c8 100644 --- a/terraform/application/config/review_app_env.yml +++ b/terraform/application/config/review_app_env.yml @@ -16,9 +16,7 @@ DQT_SUBSCRIPTION_KEY: 09876432 ADMIN_ALLOWED_IPS: ::1,127.0.0.1 -ENVIRONMENT_NAME: test - -RAILS_ENV: test +ENVIRONMENT_NAME: review ORDNANCE_SURVEY_API_BASE_URL: https://api.os.uk # ORDNANCE_SURVEY_CLIENT_PARAMS: { "key": "api-key-value" }