diff --git a/.azuredevops/pipelines/cd-infrastructure-dev-core.yaml b/.azuredevops/pipelines/cd-infrastructure-dev-core.yaml index 8ef949f4..08362634 100644 --- a/.azuredevops/pipelines/cd-infrastructure-dev-core.yaml +++ b/.azuredevops/pipelines/cd-infrastructure-dev-core.yaml @@ -14,9 +14,16 @@ resources: - repository: dtos-devops-templates type: github name: NHSDigital/dtos-devops-templates - ref: cf5e22fe4614b7d077a22301d29883e86ac3defc + ref: main endpoint: NHSDigital +parameters: + - name: imageHash + type: string + default: '' + - name: registryHost + type: string + variables: - group: DEV_core_backend - group: DEV_audit_backend_remote_state @@ -36,6 +43,8 @@ stages: condition: eq(variables['Build.Reason'], 'Manual') variables: tfVarsFile: environments/$(ENVIRONMENT).tfvars + imageHash: ${{ parameters.imageHash }} + registryHost: ${{ parameters.registryHost }} jobs: - job: init_and_plan displayName: Init, plan, store artifact diff --git a/.github/workflows/cicd-1-pull-request.yaml b/.github/workflows/cicd-1-pull-request.yaml index aa6d71d0..c408785d 100644 --- a/.github/workflows/cicd-1-pull-request.yaml +++ b/.github/workflows/cicd-1-pull-request.yaml @@ -103,14 +103,14 @@ jobs: build-image-stage: # Recommended maximum execution time is 3 minutes name: Image build stage needs: [metadata, commit-stage, test-stage] - uses: NHSDigital/dtos-devops-templates/.github/workflows/stage-3-build.yaml@main + uses: NHSDigital/dtos-devops-templates/.github/workflows/stage-3-build.yaml if: needs.metadata.outputs.does_pull_request_exist == 'true' || github.ref == 'refs/heads/main' || (github.event_name == 'pull_request' && (github.event.action == 'opened' || github.event.action == 'reopened')) with: docker_compose_file_csv_list: ./compose.yaml excluded_containers_csv_list: azurite,azurite-setup,sql-database,database-setup,db environment_tag: ${{ needs.metadata.outputs.environment_tag }} function_app_source_code_path: src - project_name: service-layer + project_name: dtos-service-layer secrets: inherit acceptance-stage: # Recommended maximum execution time is 10 minutes name: Acceptance stage diff --git a/compose.yaml b/compose.yaml index 1512cfc2..480ce21e 100644 --- a/compose.yaml +++ b/compose.yaml @@ -147,3 +147,5 @@ volumes: mesh-config-data: name: mesh-config-data driver: local + + diff --git a/infrastructure/tf-core/function_app.tf b/infrastructure/tf-core/function_app.tf index 348b0760..4f27ec0f 100644 --- a/infrastructure/tf-core/function_app.tf +++ b/infrastructure/tf-core/function_app.tf @@ -7,7 +7,7 @@ module "functionapp" { resource_group_name = azurerm_resource_group.core[each.value.region].name location = each.value.region - acr_login_server = "https://ghcr.io/nhsdigital" + acr_login_server = "${var.registry_host}" ai_connstring = data.azurerm_application_insights.ai.connection_string always_on = var.function_apps.always_on app_service_logs_disk_quota_mb = var.function_apps.app_service_logs_disk_quota_mb @@ -15,11 +15,11 @@ module "functionapp" { app_settings = each.value.app_settings asp_id = module.app-service-plan["${each.value.app_service_plan_key}-${each.value.region}"].app_service_plan_id cont_registry_use_mi = var.function_apps.cont_registry_use_mi - # azuread_group_ids = each.value.azuread_group_ids + # azuread_group_ids = each.value.azuread_group_ids function_app_slots = var.function_app_slots health_check_path = var.function_apps.health_check_path image_name = "${var.function_apps.docker_img_prefix}-${lower(each.value.name_suffix)}" - image_tag = var.function_apps.docker_env_tag + image_tag = "${var.image_commit_hash}" ip_restriction_default_action = var.function_apps.ip_restriction_default_action ip_restrictions = each.value.ip_restrictions log_analytics_workspace_id = data.terraform_remote_state.audit.outputs.log_analytics_workspace_id[local.primary_region] diff --git a/infrastructure/tf-core/variables.tf b/infrastructure/tf-core/variables.tf index 85155882..32b57044 100644 --- a/infrastructure/tf-core/variables.tf +++ b/infrastructure/tf-core/variables.tf @@ -211,6 +211,11 @@ variable "function_app_slots" { })) } +variable "image_commit_hash" { + description = "The commit SHA of the Docker image generated by the CI pipeline and applied to all functions" + type = string +} + variable "key_vault" { description = "Configuration for the key vault" type = object({ @@ -257,6 +262,7 @@ variable "network_security_group_rules" { source_addresses = ["0.0.0.0/0"] destination_fqdns = ["example.com"] }, + ] */ variable "regions" { @@ -276,6 +282,12 @@ variable "regions" { })) } +variable "registry_host" { + description = "The URL of the container registry used by the CI pipeline. Default = " + type = string + default = "https://ghcr.io/nhsdigital" +} + variable "routes" { description = "Routes configuration for different regions" type = map(object({ diff --git a/scripts/terraform/examples/empty.tf b/scripts/terraform/examples/empty.tf new file mode 100644 index 00000000..6cb7b04f --- /dev/null +++ b/scripts/terraform/examples/empty.tf @@ -0,0 +1,14 @@ +terraform { + required_version = ">= 1.0.0" + + required_providers { + null = { + source = "hashicorp/null" + version = "~> 3.0" + } + } +} + +provider "null" { + # Does nothing, just here to satisfy provider requirement +} diff --git a/scripts/terraform/terraform.mk b/scripts/terraform/terraform.mk index 120a0591..4348ef64 100644 --- a/scripts/terraform/terraform.mk +++ b/scripts/terraform/terraform.mk @@ -41,11 +41,11 @@ clean:: # Remove Terraform files (terraform) - optional: terraform_dir|dir=[path opts=$(or ${terraform_opts}, ${opts}) _terraform: # Terraform command wrapper - mandatory: cmd=[command to execute]; optional: dir=[path to a directory where the command will be executed, relative to the project's top-level directory, default is one of the module variables or the example directory, if not set], opts=[options to pass to the Terraform command, default is none/empty] - # 'TERRAFORM_STACK' is passed to the functions as environment variable - TERRAFORM_STACK=$(or ${TERRAFORM_STACK}, $(or ${terraform_stack}, $(or ${STACK}, $(or ${stack}, scripts/terraform/examples/terraform-state-aws-s3)))) - dir=$(or ${dir}, ${TERRAFORM_STACK}) - source scripts/terraform/terraform.lib.sh - terraform-${cmd} # 'dir' and 'opts' are accessible by the function as environment variables, if set +# 'TERRAFORM_STACK' is passed to the functions as environment variable + TERRAFORM_STACK="$${TERRAFORM_STACK:-$${terraform_stack:-$${STACK:-$${stack:-scripts/terraform/examples}}}}"; + dir="$${dir:-$${TERRAFORM_STACK}}"; + source scripts/terraform/terraform.lib.sh; + terraform-${cmd} # ============================================================================== # Quality checks - please DO NOT edit this section! @@ -67,10 +67,10 @@ terraform-example-destroy-aws-infrastructure: # Destroy example of AWS infrastru make terraform-destroy opts="-auto-approve" terraform-example-clean: # Remove Terraform example files @ExamplesAndTests - dir=$(or ${dir}, ${TERRAFORM_STACK}) - source scripts/terraform/terraform.lib.sh - terraform-clean - rm -f ${TERRAFORM_STACK}/.terraform.lock.hcl + dir="$${dir:-$${TERRAFORM_STACK}}"; \ + source scripts/terraform/terraform.lib.sh; \ + terraform-clean; \ + rm -f "$${TERRAFORM_STACK}/.terraform.lock.hcl" \ # ============================================================================== # Configuration - please DO NOT edit this section! @@ -93,4 +93,4 @@ ${VERBOSE}.SILENT: \ terraform-install \ terraform-plan \ terraform-shellscript-lint \ - terraform-validate \ + terraform-validate diff --git a/src/ServiceLayer.API/Program.cs b/src/ServiceLayer.API/Program.cs index 6bf7313f..83eacfcc 100644 --- a/src/ServiceLayer.API/Program.cs +++ b/src/ServiceLayer.API/Program.cs @@ -27,3 +27,6 @@ .Build(); await host.RunAsync(); + + +