prescriptionsforpatients/.github/workflows/ci.yml at main · NHSDigital/prescriptionsforpatients · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
name: merge to main workflow

on:
  push:
    branches: [main]

permissions: {}
jobs:
  get_config_values:
    uses: NHSDigital/eps-common-workflows/.github/workflows/get-repo-config.yml@e798d5aee897de6f7dc387dd5623fcd9ba4c8929
    with:
      verify_published_from_main_image: true
    permissions:
      attestations: read
      contents: read
      packages: read
  quality_checks:
    uses: NHSDigital/eps-common-workflows/.github/workflows/quality-checks-devcontainer.yml@8399c1f015c1304e40771cbd8ccc24c7ed48fdbc
    needs: [get_config_values]
    with:
      pinned_image: ${{ needs.get_config_values.outputs.pinned_image }}
    secrets:
      SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
    permissions:
      contents: read
      id-token: write
      packages: read
  get_commit_id:
    runs-on: ubuntu-22.04
    outputs:
      commit_id: ${{ steps.commit_id.outputs.commit_id }}
    steps:
      - name: Get Commit ID
        id: commit_id
        run: |
          echo "commit_id=${{ github.sha }}" >> "$GITHUB_OUTPUT"

  tag_release:
    needs: [quality_checks, get_commit_id, get_config_values]
    uses: NHSDigital/eps-common-workflows/.github/workflows/tag-release-devcontainer.yml@e798d5aee897de6f7dc387dd5623fcd9ba4c8929
    permissions:
      id-token: write
      contents: write
      packages: write
    with:
      dry_run: true
      pinned_image: ${{ needs.get_config_values.outputs.pinned_image }}
      branch_name: main
      tag_format: ${{ needs.get_config_values.outputs.tag_format }}

  package_code:
    needs: [tag_release, get_config_values]
    uses: ./.github/workflows/sam_package_code.yml
    with:
      pinned_image: ${{ needs.get_config_values.outputs.pinned_image }}
    permissions:
      contents: read
      packages: read
      id-token: write

  release_dev:
    needs: [tag_release, package_code, get_commit_id, get_config_values]
    uses: ./.github/workflows/sam_release_code.yml
    permissions:
      contents: write
      id-token: write
    with:
      ARTIFACT_BUCKET_PREFIX: ${{needs.tag_release.outputs.version_tag}}
      STACK_NAME: pfp
      TARGET_ENVIRONMENT: dev
      APIGEE_ENVIRONMENT: internal-dev
      ENABLE_MUTUAL_TLS: true
      MTLS_KEY: prescriptions-for-patients-mtls-1
      BUILD_ARTIFACT: packaged_code
      TRUSTSTORE_FILE: pfp-truststore.pem
      VERSION_NUMBER: ${{needs.tag_release.outputs.version_tag}}
      COMMIT_ID: ${{needs.get_commit_id.outputs.commit_id}}
      LOG_LEVEL: DEBUG
      LOG_RETENTION_DAYS: 30
      CREATE_INT_RELEASE_NOTES: true
      CREATE_PROD_RELEASE_NOTES: true
      TOGGLE_GET_STATUS_UPDATES: true
      ENABLE_ALERTS: true
      STATE_MACHINE_LOG_LEVEL: ALL
      RUN_REGRESSION_TESTS: true
      REGRESSION_TEST_PRODUCT: PFP-APIGEE
      FORWARD_CSOC_LOGS: false
      ALLOW_NHS_NUMBER_OVERRIDE: true
      REGRESSION_TEST_NON_PROXYGEN: true
      pinned_image: ${{ needs.get_config_values.outputs.pinned_image }}
    secrets:
      REGRESSION_TESTS_PEM: ${{ secrets.REGRESSION_TESTS_PEM }}
      CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }}
      TARGET_SPINE_SERVER: ${{ secrets.DEV_TARGET_SPINE_SERVER }}
      TARGET_SERVICE_SEARCH_SERVER: ${{ secrets.DEV_TARGET_SERVICE_SEARCH_SERVER }}
      DEV_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_CHECK_VERSION_ROLE }}
      INT_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.INT_CLOUD_FORMATION_CHECK_VERSION_ROLE }}
      PROD_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.PROD_CLOUD_FORMATION_CHECK_VERSION_ROLE }}
      DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE }}
      PROXYGEN_ROLE: ${{ secrets.PROXYGEN_PTL_ROLE }}

  release_dev_sandbox:
    needs: [tag_release, package_code, get_commit_id, get_config_values]
    uses: ./.github/workflows/sam_release_code.yml
    permissions:
      contents: write
      id-token: write
    with:
      ARTIFACT_BUCKET_PREFIX: ${{needs.tag_release.outputs.version_tag}}
      STACK_NAME: pfp-sandbox
      TARGET_ENVIRONMENT: dev
      APIGEE_ENVIRONMENT: internal-dev-sandbox
      ENABLE_MUTUAL_TLS: true
      MTLS_KEY: prescriptions-for-patients-mtls-1
      BUILD_ARTIFACT: packaged_sandbox_code
      TRUSTSTORE_FILE: pfp-sandbox-truststore.pem
      VERSION_NUMBER: ${{needs.tag_release.outputs.version_tag}}
      COMMIT_ID: ${{needs.get_commit_id.outputs.commit_id}}
      LOG_LEVEL: DEBUG
      LOG_RETENTION_DAYS: 30
      STATE_MACHINE_LOG_LEVEL: ALL
      RUN_REGRESSION_TESTS: false
      FORWARD_CSOC_LOGS: false
      ALLOW_NHS_NUMBER_OVERRIDE: true
      pinned_image: ${{ needs.get_config_values.outputs.pinned_image }}
    secrets:
      REGRESSION_TESTS_PEM: ${{ secrets.REGRESSION_TESTS_PEM }}
      CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }}
      TARGET_SPINE_SERVER: sandbox
      TARGET_SERVICE_SEARCH_SERVER: sandbox
      PROXYGEN_ROLE: ${{ secrets.PROXYGEN_PTL_ROLE }}

  release_qa:
    needs:
      [
        tag_release,
        release_dev,
        release_dev_sandbox,
        get_config_values,
        package_code,
        get_commit_id,
      ]
    uses: ./.github/workflows/sam_release_code.yml
    permissions:
      contents: write
      id-token: write
    with:
      ARTIFACT_BUCKET_PREFIX: ${{needs.tag_release.outputs.version_tag}}
      STACK_NAME: pfp
      TARGET_ENVIRONMENT: qa
      APIGEE_ENVIRONMENT: internal-qa
      ENABLE_MUTUAL_TLS: true
      MTLS_KEY: prescriptions-for-patients-mtls-1
      BUILD_ARTIFACT: packaged_code
      TRUSTSTORE_FILE: pfp-truststore.pem
      VERSION_NUMBER: ${{needs.tag_release.outputs.version_tag}}
      COMMIT_ID: ${{needs.get_commit_id.outputs.commit_id}}
      LOG_LEVEL: DEBUG
      LOG_RETENTION_DAYS: 30
      TOGGLE_GET_STATUS_UPDATES: true
      ENABLE_ALERTS: true
      STATE_MACHINE_LOG_LEVEL: ALL
      RUN_REGRESSION_TESTS: true
      REGRESSION_TEST_PRODUCT: PFP-APIGEE
      FORWARD_CSOC_LOGS: false
      ALLOW_NHS_NUMBER_OVERRIDE: true
      REGRESSION_TEST_NON_PROXYGEN: true
      pinned_image: ${{ needs.get_config_values.outputs.pinned_image }}
    secrets:
      REGRESSION_TESTS_PEM: ${{ secrets.REGRESSION_TESTS_PEM }}
      CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.QA_CLOUD_FORMATION_DEPLOY_ROLE }}
      TARGET_SPINE_SERVER: ${{ secrets.QA_TARGET_SPINE_SERVER }}
      TARGET_SERVICE_SEARCH_SERVER: ${{ secrets.QA_TARGET_SERVICE_SEARCH_SERVER }}
      PROXYGEN_ROLE: ${{ secrets.PROXYGEN_PTL_ROLE }}