From 404a88c986239f7a9a17bfaf350e5abe1ad02374 Mon Sep 17 00:00:00 2001 From: Anthony Brown <121869075+anthony-nhs@users.noreply.github.com> Date: Mon, 7 Oct 2024 08:17:16 +0000 Subject: [PATCH 01/14] release dummy spine --- .github/workflows/release_pfp_to_ref.yml | 60 +++++++++- .github/workflows/sam_package_code.yml | 68 +++++++++++ .github/workflows/sam_release_code.yml | 80 +++++++++++++ Makefile | 28 +++++ SAMtemplates/main_template.yaml | 142 +---------------------- 5 files changed, 233 insertions(+), 145 deletions(-) create mode 100644 .github/workflows/sam_package_code.yml create mode 100644 .github/workflows/sam_release_code.yml diff --git a/.github/workflows/release_pfp_to_ref.yml b/.github/workflows/release_pfp_to_ref.yml index 7dc37021..783440ee 100644 --- a/.github/workflows/release_pfp_to_ref.yml +++ b/.github/workflows/release_pfp_to_ref.yml @@ -2,11 +2,61 @@ name: 'Release pfp to ref' on: workflow_dispatch: jobs: - release_to_ref: - name: release_pfp_to_ref + get_issue_number: runs-on: ubuntu-latest + outputs: + issue_number: ${{steps.get_issue_number.outputs.result}} + steps: - - name: Dummy step - shell: bash + - uses: actions/github-script@v7 + name: get issue number + id: get_issue_number + with: + script: | + if (context.issue.number) { + // Return issue number if present + return context.issue.number; + } else { + // Otherwise return issue number from commit + return ( + await github.rest.repos.listPullRequestsAssociatedWithCommit({ + commit_sha: context.sha, + owner: context.repo.owner, + repo: context.repo.repo, + }) + ).data[0].number; + } + result-encoding: string + + get_commit_id: + runs-on: ubuntu-latest + outputs: + commit_id: ${{ steps.commit_id.outputs.commit_id }} + steps: + - name: Get Commit ID + id: commit_id run: | - echo "[DUMMY]" \ No newline at end of file + echo "commit_id=${{ github.sha }}" >> "$GITHUB_OUTPUT" + + package_code: + uses: ./.github/workflows/sam_package_code.yml + + release_dummy_spine: + needs: [get_issue_number, package_code, get_commit_id] + uses: ./.github/workflows/sam_release_code.yml + with: + STACK_NAME: dummy-spine-${{needs.get_issue_number.outputs.issue_number}} + ARTIFACT_BUCKET_PREFIX: PR-${{needs.get_issue_number.outputs.issue_number}} + TARGET_ENVIRONMENT: dev-pr + APIGEE_ENVIRONMENT: internal-dev + ENABLE_MUTUAL_TLS: false + BUILD_ARTIFACT: packaged_code + TRUSTSTORE_FILE: pfp-truststore.pem + VERSION_NUMBER: PR-${{ needs.get_issue_number.outputs.issue_number }} + COMMIT_ID: ${{ needs.get_commit_id.outputs.commit_id }} + LOG_LEVEL: DEBUG + LOG_RETENTION_DAYS: 30 + TOGGLE_GET_STATUS_UPDATES: true + ENABLE_ALERTS: false + secrets: + CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }} diff --git a/.github/workflows/sam_package_code.yml b/.github/workflows/sam_package_code.yml new file mode 100644 index 00000000..682036db --- /dev/null +++ b/.github/workflows/sam_package_code.yml @@ -0,0 +1,68 @@ +name: sam package code + +on: + workflow_call: + +jobs: + sam_package_code: + runs-on: ubuntu-latest + permissions: + id-token: write + contents: read + packages: read + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + ref: ${{ env.BRANCH_NAME }} + + # using git commit sha for version of action to ensure we have stable version + - name: Install asdf + uses: asdf-vm/actions/setup@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 + with: + asdf_branch: v0.11.3 + + - name: Cache asdf + uses: actions/cache@v4 + with: + path: | + ~/.asdf + key: ${{ runner.os }}-asdf-${{ hashFiles('**/.tool-versions') }} + restore-keys: | + ${{ runner.os }}-asdf- + + - name: Install asdf dependencies in .tool-versions + uses: asdf-vm/actions/install@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 + with: + asdf_branch: v0.11.3 + env: + PYTHON_CONFIGURE_OPTS: --enable-shared + + - name: Setting up .npmrc + env: + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + echo "//npm.pkg.github.com/:_authToken=${NODE_AUTH_TOKEN}" >> ~/.npmrc + echo "@NHSDigital:registry=https://npm.pkg.github.com" >> ~/.npmrc + + - name: make install + run: | + make install + + - shell: bash + name: package code + run: | + cp .tool-versions ~/ + rm -rf .aws-sam + export PATH=$PATH:$PWD/node_modules/.bin + make sam-build + cp Makefile .aws-sam/build/ + cp samconfig_package_and_deploy.toml .aws-sam/build/ + + - uses: actions/upload-artifact@v4 + name: upload build artifact + with: + name: packaged_code + path: | + .aws-sam/build + diff --git a/.github/workflows/sam_release_code.yml b/.github/workflows/sam_release_code.yml new file mode 100644 index 00000000..ea175cd2 --- /dev/null +++ b/.github/workflows/sam_release_code.yml @@ -0,0 +1,80 @@ +name: sam release code + +on: + workflow_call: + inputs: + STACK_NAME: + required: true + type: string + ARTIFACT_BUCKET_PREFIX: + required: true + type: string + TARGET_ENVIRONMENT: + required: true + type: string + APIGEE_ENVIRONMENT: + required: true + type: string + BUILD_ARTIFACT: + required: true + type: string + VERSION_NUMBER: + required: true + type: string + COMMIT_ID: + required: true + type: string + LOG_LEVEL: + required: true + type: string + LOG_RETENTION_DAYS: + required: true + type: string + secrets: + CLOUD_FORMATION_DEPLOY_ROLE: + required: true + +jobs: + sam_release_code: + runs-on: ubuntu-latest + environment: ${{ inputs.TARGET_ENVIRONMENT }} + permissions: + id-token: write + contents: write + + steps: + - name: Checkout local github actions + uses: actions/checkout@v4 + with: + ref: ${{ env.BRANCH_NAME }} + fetch-depth: 0 + sparse-checkout: | + .github + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-region: eu-west-2 + role-to-assume: ${{ secrets.REF_CLOUD_FORMATION_DEPLOY_ROLE }} + role-session-name: github-actions + + - name: download build artifact + uses: actions/download-artifact@v4 + with: + name: ${{ inputs.BUILD_ARTIFACT }} + path: . + + - name: release code + shell: bash + working-directory: .github/scripts + env: + artifact_bucket_prefix: dummy_spine/${{ inputs.ARTIFACT_BUCKET_PREFIX }} + COMMIT_ID: ${{ inputs.COMMIT_ID }} + LOG_LEVEL: ${{ inputs.LOG_LEVEL }} + LOG_RETENTION_DAYS: ${{ inputs.LOG_RETENTION_DAYS }} + stack_name: ${{ inputs.STACK_NAME }} + TARGET_ENVIRONMENT: ${{ inputs.TARGET_ENVIRONMENT }} + template_file: template.yaml + VERSION_NUMBER: ${{ inputs.VERSION_NUMBER }} + run: ./release_code.sh + diff --git a/Makefile b/Makefile index 88a4bcbd..0b6f8be0 100644 --- a/Makefile +++ b/Makefile @@ -21,6 +21,34 @@ sam-sync: guard-AWS_DEFAULT_PROFILE guard-stack_name compile --parameter-overrides \ EnableSplunk=false +sam-build: sam-validate compile + sam build --template-file SAMtemplates/main_template.yaml --region eu-west-2 + +sam-validate: + sam validate --template-file SAMtemplates/main_template.yaml --region eu-west-2 + sam validate --template-file SAMtemplates/functions/lambda_resources.yaml --region eu-west-2 + +sam-deploy-package: guard-artifact_bucket guard-artifact_bucket_prefix guard-stack_name guard-template_file guard-cloud_formation_execution_role guard-LATEST_TRUSTSTORE_VERSION guard-TRUSTSTORE_FILE guard-enable_mutual_tls guard-VERSION_NUMBER guard-COMMIT_ID guard-LOG_LEVEL guard-LOG_RETENTION_DAYS guard-TARGET_ENVIRONMENT guard-target_spine_server guard-target_service_search_server guard-TOGGLE_GET_STATUS_UPDATES + sam deploy \ + --template-file $$template_file \ + --stack-name $$stack_name \ + --capabilities CAPABILITY_NAMED_IAM CAPABILITY_AUTO_EXPAND \ + --region eu-west-2 \ + --s3-bucket $$artifact_bucket \ + --s3-prefix $$artifact_bucket_prefix \ + --config-file samconfig_package_and_deploy.toml \ + --no-fail-on-empty-changeset \ + --role-arn $$cloud_formation_execution_role \ + --no-confirm-changeset \ + --force-upload \ + --tags "version=$$VERSION_NUMBER" \ + --parameter-overrides \ + EnableSplunk=true \ + VersionNumber=$$VERSION_NUMBER \ + CommitId=$$COMMIT_ID \ + LogLevel=$$LOG_LEVEL \ + LogRetentionInDays=$$LOG_RETENTION_DAYS + install: install-node install-python: diff --git a/SAMtemplates/main_template.yaml b/SAMtemplates/main_template.yaml index 9fe1802f..0456d3c4 100644 --- a/SAMtemplates/main_template.yaml +++ b/SAMtemplates/main_template.yaml @@ -1,7 +1,7 @@ AWSTemplateFormatVersion: "2010-09-09" Transform: AWS::Serverless-2016-10-31 Description: > - prescription status update api sandbox template + Template for a dummy spine # More info about Globals: https://github.com/awslabs/serverless-application-model/blob/master/docs/globals.rst Globals: @@ -18,15 +18,6 @@ Globals: - !Sub "arn:aws:lambda:${AWS::Region}:580247275435:layer:LambdaInsightsExtension:38" Parameters: - TruststoreVersion: - Type: String - Default: none - - EnableMutualTLS: - Type: String - Default: false - AllowedValues: [true, false] - EnableSplunk: Type: String Default: false @@ -66,7 +57,6 @@ Parameters: ] Conditions: - ShouldUseMutualTLS: !Equals [true, !Ref EnableMutualTLS] ShouldUseSplunk: !Equals [true, !Ref EnableSplunk] Resources: @@ -147,32 +137,7 @@ Resources: Fn::ImportValue: eps-route53-resources:EPS-ZoneID EndpointConfiguration: REGIONAL SecurityPolicy: TLS_1_2 - MutualTlsAuthentication: - TruststoreUri: - "Fn::If": - - ShouldUseMutualTLS - - Fn::Join: - - "/" - - - "s3:/" - - !Select [ - 5, - !Split [ - ":", - Fn::ImportValue: account-resources:TrustStoreBucket, - ], - ] - - "psu-sandbox-truststore.pem" - - !Ref "AWS::NoValue" - TruststoreVersion: - "Fn::If": - - ShouldUseMutualTLS - - !Ref TruststoreVersion - - !Ref "AWS::NoValue" - DisableExecuteApiEndpoint: - "Fn::If": - - ShouldUseMutualTLS - - true - - !Ref "AWS::NoValue" + DisableExecuteApiEndpoint: false AccessLogSettings: DestinationArn: !GetAtt ApiGwAccessLogs.Arn Format: "{ \ @@ -227,106 +192,3 @@ Resources: LogGroupName: !Ref ApiGwAccessLogs FilterPattern: "" # All logs DestinationArn: !ImportValue lambda-resources:SplunkDeliveryStream - - ArtilleryBucket: - Type: AWS::S3::Bucket - Properties: - PublicAccessBlockConfiguration: - BlockPublicAcls: true - BlockPublicPolicy: true - IgnorePublicAcls: true - RestrictPublicBuckets: true - BucketName: !Sub "artilleryio-test-data-${AWS::AccountId}-${AWS::Region}" - BucketEncryption: - ServerSideEncryptionConfiguration: - - ServerSideEncryptionByDefault: - KMSMasterKeyID: !Sub "arn:aws:kms:${AWS::Region}:${AWS::AccountId}:${ArtilleryBucketKMSKeyAlias}" - SSEAlgorithm: "aws:kms" - - ArtilleryBucketPolicy: - Type: AWS::S3::BucketPolicy - Properties: - Bucket: !Ref ArtilleryBucket - PolicyDocument: - Statement: - - Effect: Deny - Principal: "*" - Action: - - s3:* - Resource: - - !Join ["", [!GetAtt ArtilleryBucket.Arn, "/*"]] - - !GetAtt ArtilleryBucket.Arn - Condition: - Bool: - aws:SecureTransport: false - - ArtilleryBucketKMSKeyAlias: - Type: AWS::KMS::Alias - Properties: - AliasName: alias/ArtilleryBucketKMSKeyAlias - TargetKeyId: !Ref ArtilleryBucketKMSKey - - ArtilleryBucketKMSKey: - Type: AWS::KMS::Key - Properties: - EnableKeyRotation: true - KeyPolicy: - Version: 2012-10-17 - Id: key-s3 - Statement: - - Sid: Enable IAM User Permissions - Effect: Allow - Principal: - AWS: !Sub "arn:aws:iam::${AWS::AccountId}:root" - Action: - - kms:* - Resource: "*" - - ArtilleryLambdaManagedPolicy: - Type: AWS::IAM::ManagedPolicy - Properties: - PolicyDocument: - Version: 2012-10-17 - Statement: - - Effect: Allow - Action: - - kms:DescribeKey - - kms:GenerateDataKey* - - kms:Encrypt - - kms:ReEncrypt* - - kms:Decrypt - Resource: !GetAtt ArtilleryBucketKMSKey.Arn - - Effect: Allow - Action: - - sqs:* - Resource: !Sub "arn:aws:sqs:*:${AWS::AccountId}:artilleryio*" - - Effect: Allow - Action: - - s3:GetObject* - - s3:PutObject* - - s3:GetBucket* - - s3:List* - - s3:HeadObject - Resource: - - !Join ["", [!GetAtt ArtilleryBucket.Arn, "/*"]] - - !GetAtt ArtilleryBucket.Arn - - ArtilleryLambdaResources: - Type: AWS::Serverless::Application - Properties: - Location: functions/lambda_resources.yaml - Parameters: - StackName: !Ref AWS::StackName - LambdaName: !Sub ${AWS::StackName}-ArtilleryLambdaResources - LambdaArn: !Sub arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:${AWS::StackName}-ArtilleryLambdaResources - LogRetentionInDays: !Ref LogRetentionInDays - CloudWatchKMSKeyId: !ImportValue account-resources:CloudwatchLogsKmsKeyArn - EnableSplunk: !Ref EnableSplunk - SplunkSubscriptionFilterRole: !ImportValue lambda-resources:SplunkSubscriptionFilterRole - SplunkDeliveryStreamArn: !ImportValue lambda-resources:SplunkDeliveryStream - IncludeAdditionalPolicies: true - AdditionalPolicies: !Join - - "," - - - !Ref ArtilleryLambdaManagedPolicy - - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole - - arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole From c74c3fc149146b8a7fb012e70a33dbb1c52bd018 Mon Sep 17 00:00:00 2001 From: Anthony Brown <121869075+anthony-nhs@users.noreply.github.com> Date: Mon, 7 Oct 2024 08:27:18 +0000 Subject: [PATCH 02/14] fix workflows --- .github/workflows/release_pfp_to_ref.yml | 5 ----- .github/workflows/sam_package_code.yml | 1 - .github/workflows/sam_release_code.yml | 3 --- 3 files changed, 9 deletions(-) diff --git a/.github/workflows/release_pfp_to_ref.yml b/.github/workflows/release_pfp_to_ref.yml index 783440ee..fd817f00 100644 --- a/.github/workflows/release_pfp_to_ref.yml +++ b/.github/workflows/release_pfp_to_ref.yml @@ -48,15 +48,10 @@ jobs: STACK_NAME: dummy-spine-${{needs.get_issue_number.outputs.issue_number}} ARTIFACT_BUCKET_PREFIX: PR-${{needs.get_issue_number.outputs.issue_number}} TARGET_ENVIRONMENT: dev-pr - APIGEE_ENVIRONMENT: internal-dev - ENABLE_MUTUAL_TLS: false BUILD_ARTIFACT: packaged_code - TRUSTSTORE_FILE: pfp-truststore.pem VERSION_NUMBER: PR-${{ needs.get_issue_number.outputs.issue_number }} COMMIT_ID: ${{ needs.get_commit_id.outputs.commit_id }} LOG_LEVEL: DEBUG LOG_RETENTION_DAYS: 30 - TOGGLE_GET_STATUS_UPDATES: true - ENABLE_ALERTS: false secrets: CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }} diff --git a/.github/workflows/sam_package_code.yml b/.github/workflows/sam_package_code.yml index 682036db..1111bb75 100644 --- a/.github/workflows/sam_package_code.yml +++ b/.github/workflows/sam_package_code.yml @@ -9,7 +9,6 @@ jobs: permissions: id-token: write contents: read - packages: read steps: - name: Checkout code uses: actions/checkout@v4 diff --git a/.github/workflows/sam_release_code.yml b/.github/workflows/sam_release_code.yml index ea175cd2..6ad5ba6c 100644 --- a/.github/workflows/sam_release_code.yml +++ b/.github/workflows/sam_release_code.yml @@ -12,9 +12,6 @@ on: TARGET_ENVIRONMENT: required: true type: string - APIGEE_ENVIRONMENT: - required: true - type: string BUILD_ARTIFACT: required: true type: string From 1f5823caa1ae9ed5c48626ec4139d2b85331a5ae Mon Sep 17 00:00:00 2001 From: Anthony Brown <121869075+anthony-nhs@users.noreply.github.com> Date: Mon, 7 Oct 2024 08:29:10 +0000 Subject: [PATCH 03/14] add missing file --- samconfig_package_and_deploy.toml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 samconfig_package_and_deploy.toml diff --git a/samconfig_package_and_deploy.toml b/samconfig_package_and_deploy.toml new file mode 100644 index 00000000..1a25944d --- /dev/null +++ b/samconfig_package_and_deploy.toml @@ -0,0 +1,31 @@ +# More information about the configuration file can be found here: +# https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-sam-cli-config.html +version = 0.1 + +[default] +[default.global.parameters] +stack_name = "sam-app" + +[default.build.parameters] +cached = true +parallel = true + +[default.validate.parameters] +lint = true + +[default.deploy.parameters] +capabilities = ["CAPABILITY_IAM", "CAPABILITY_AUTO_EXPAND"] +confirm_changeset = true +resolve_s3 = false + +[default.package.parameters] +resolve_s3 = false + +[default.sync.parameters] +watch = true + +[default.local_start_api.parameters] +warm_containers = "EAGER" + +[default.local_start_lambda.parameters] +warm_containers = "EAGER" From 4d89428bf04a268347f9e0b34809d495d213b59c Mon Sep 17 00:00:00 2001 From: Anthony Brown <121869075+anthony-nhs@users.noreply.github.com> Date: Mon, 7 Oct 2024 08:31:24 +0000 Subject: [PATCH 04/14] fix role --- .github/workflows/release_pfp_to_ref.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release_pfp_to_ref.yml b/.github/workflows/release_pfp_to_ref.yml index fd817f00..d9b59590 100644 --- a/.github/workflows/release_pfp_to_ref.yml +++ b/.github/workflows/release_pfp_to_ref.yml @@ -54,4 +54,4 @@ jobs: LOG_LEVEL: DEBUG LOG_RETENTION_DAYS: 30 secrets: - CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }} + CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.REF_CLOUD_FORMATION_DEPLOY_ROLE }} From a920bf27217ee020199384489bfcce835493488d Mon Sep 17 00:00:00 2001 From: Anthony Brown <121869075+anthony-nhs@users.noreply.github.com> Date: Mon, 7 Oct 2024 08:35:18 +0000 Subject: [PATCH 05/14] fix creds --- .github/workflows/sam_release_code.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sam_release_code.yml b/.github/workflows/sam_release_code.yml index 6ad5ba6c..24f1202c 100644 --- a/.github/workflows/sam_release_code.yml +++ b/.github/workflows/sam_release_code.yml @@ -52,7 +52,7 @@ jobs: uses: aws-actions/configure-aws-credentials@v4 with: aws-region: eu-west-2 - role-to-assume: ${{ secrets.REF_CLOUD_FORMATION_DEPLOY_ROLE }} + role-to-assume: ${{ secrets.CLOUD_FORMATION_DEPLOY_ROLE }} role-session-name: github-actions - name: download build artifact From 736040322e9bceb47cf1ea79c094ce7479062789 Mon Sep 17 00:00:00 2001 From: Anthony Brown <121869075+anthony-nhs@users.noreply.github.com> Date: Mon, 7 Oct 2024 08:41:02 +0000 Subject: [PATCH 06/14] force folders --- .github/workflows/sam_package_code.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/sam_package_code.yml b/.github/workflows/sam_package_code.yml index 1111bb75..bf5b1dda 100644 --- a/.github/workflows/sam_package_code.yml +++ b/.github/workflows/sam_package_code.yml @@ -64,4 +64,5 @@ jobs: name: packaged_code path: | .aws-sam/build + Makefile From 7a92d8c7b80f94b9878df62d0c8f503666d5efda Mon Sep 17 00:00:00 2001 From: Anthony Brown <121869075+anthony-nhs@users.noreply.github.com> Date: Mon, 7 Oct 2024 08:44:25 +0000 Subject: [PATCH 07/14] fix makefile --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 0b6f8be0..8d025e4e 100644 --- a/Makefile +++ b/Makefile @@ -28,7 +28,7 @@ sam-validate: sam validate --template-file SAMtemplates/main_template.yaml --region eu-west-2 sam validate --template-file SAMtemplates/functions/lambda_resources.yaml --region eu-west-2 -sam-deploy-package: guard-artifact_bucket guard-artifact_bucket_prefix guard-stack_name guard-template_file guard-cloud_formation_execution_role guard-LATEST_TRUSTSTORE_VERSION guard-TRUSTSTORE_FILE guard-enable_mutual_tls guard-VERSION_NUMBER guard-COMMIT_ID guard-LOG_LEVEL guard-LOG_RETENTION_DAYS guard-TARGET_ENVIRONMENT guard-target_spine_server guard-target_service_search_server guard-TOGGLE_GET_STATUS_UPDATES +sam-deploy-package: guard-artifact_bucket guard-artifact_bucket_prefix guard-stack_name guard-template_file guard-cloud_formation_execution_role guard-VERSION_NUMBER guard-COMMIT_ID guard-LOG_LEVEL guard-LOG_RETENTION_DAYS guard-TARGET_ENVIRONMENT sam deploy \ --template-file $$template_file \ --stack-name $$stack_name \ From bf307efd185ccfbbe1f7c0bfb4a2e7b76ae2e17c Mon Sep 17 00:00:00 2001 From: Anthony Brown <121869075+anthony-nhs@users.noreply.github.com> Date: Mon, 7 Oct 2024 17:14:36 +0000 Subject: [PATCH 08/14] add a proper spine response --- packages/dummySpine/src/response.json | 412 +++++++++++++++++++++++++- 1 file changed, 408 insertions(+), 4 deletions(-) diff --git a/packages/dummySpine/src/response.json b/packages/dummySpine/src/response.json index ee8e5dda..e6d36da5 100644 --- a/packages/dummySpine/src/response.json +++ b/packages/dummySpine/src/response.json @@ -1,10 +1,414 @@ { "resourceType": "Bundle", - "id": "4a12363f-c9c0-4ea5-ad61-e53a0c1bf899", + "id": "155e1102-9e71-4f19-9453-b905c0bbc494", "meta": { - "lastUpdated": "2024-04-29T07:52:39+00:00" + "lastUpdated": "2022-11-21T14:00:00+00:00" }, "type": "searchset", - "total": 0, - "entry": [] + "total": 1, + "entry": [ + { + "fullUrl": "urn:uuid:0cb82cfa-76c8-4fb2-a08e-bf0e326e5487", + "search": { + "mode": "match" + }, + "resource": { + "resourceType": "Bundle", + "id": "0cb82cfa-76c8-4fb2-a08e-bf0e326e5487", + "type": "collection", + "entry": [ + { + "fullUrl": "urn:uuid:a54219b8-f741-4c47-b662-e4f8dfa49ab6", + "resource": { + "resourceType": "MedicationRequest", + "status": "active", + "intent": "order", + "medicationCodeableConcept": { + "coding": [ + { + "system": "http://snomed.info/sct", + "code": "39732311000001104", + "display": "Amoxicillin 250mg capsules" + } + ] + }, + "subject": { + "identifier": { + "system": "https://fhir.nhs.uk/Id/nhs-number", + "value": "9449304130" + } + }, + "requester": { + "reference": "urn:uuid:56166769-c1c4-4d07-afa8-132b5dfca666" + }, + "groupIdentifier": { + "system": "https://fhir.nhs.uk/Id/prescription-order-number", + "value": "24F5DA-A83008-7EFE6Z" + }, + "courseOfTherapyType": { + "coding": [ + { + "system": "http://terminology.hl7.org/CodeSystem/medicationrequest-course-of-therapy", + "code": "acute", + "display": "Short course (acute) therapy" + } + ] + }, + "dispenseRequest": { + "validityPeriod": { + "start": "2024-01-17" + }, + "quantity": { + "value": 20, + "unit": "tablet", + "system": "http://snomed.info/sct", + "code": "428673006" + }, + "performer": { + "reference": "urn:uuid:afb07f8b-e8d7-4cad-895d-494e6b35b2a1" + } + }, + "substitution": { + "allowedBoolean": false + }, + "extension": [ + { + "url": "https://fhir.nhs.uk/StructureDefinition/Extension-DM-PrescriptionStatusHistory", + "extension": [ + { + "url": "statusDate", + "valueDateTime": "2024-02-01T11:14:21Z" + }, + { + "url": "status", + "valueCoding": { + "system": "https://fhir.nhs.uk/CodeSystem/task-businessStatus-nppt", + "code": "With Pharmacy" + } + } + ] + } + ] + } + }, + { + "fullUrl": "urn:uuid:6989b7bd-8db6-428c-a593-4022e3044c00", + "resource": { + "resourceType": "MedicationRequest", + "status": "active", + "intent": "order", + "medicationCodeableConcept": { + "coding": [ + { + "system": "http://snomed.info/sct", + "code": "322341003", + "display": "Co-codamol 30mg/500mg tablets" + } + ] + }, + "subject": { + "identifier": { + "system": "https://fhir.nhs.uk/Id/nhs-number", + "value": "9449304130" + } + }, + "requester": { + "reference": "urn:uuid:56166769-c1c4-4d07-afa8-132b5dfca666" + }, + "groupIdentifier": { + "system": "https://fhir.nhs.uk/Id/prescription-order-number", + "value": "24F5DA-A83008-7EFE6Z" + }, + "courseOfTherapyType": { + "coding": [ + { + "system": "http://terminology.hl7.org/CodeSystem/medicationrequest-course-of-therapy", + "code": "acute", + "display": "Short course (acute) therapy" + } + ] + }, + "dispenseRequest": { + "validityPeriod": { + "start": "2024-01-17" + }, + "quantity": { + "value": 20, + "unit": "tablet", + "system": "http://snomed.info/sct", + "code": "428673006" + }, + "performer": { + "reference": "urn:uuid:afb07f8b-e8d7-4cad-895d-494e6b35b2a1" + } + }, + "substitution": { + "allowedBoolean": false + }, + "extension": [ + { + "url": "https://fhir.nhs.uk/StructureDefinition/Extension-DM-PrescriptionStatusHistory", + "extension": [ + { + "url": "statusDate", + "valueDateTime": "2024-02-01T11:14:21Z" + }, + { + "url": "status", + "valueCoding": { + "system": "https://fhir.nhs.uk/CodeSystem/task-businessStatus-nppt", + "code": "With Pharmacy" + } + } + ] + } + ] + } + }, + { + "fullUrl": "urn:uuid:2868554c-5565-4d31-b92a-c5b8dab8b90a", + "resource": { + "resourceType": "MedicationRequest", + "status": "active", + "intent": "order", + "medicationCodeableConcept": { + "coding": [ + { + "system": "http://snomed.info/sct", + "code": "321080004", + "display": "Pseudoephedrine hydrochloride 60mg tablets" + } + ] + }, + "subject": { + "identifier": { + "system": "https://fhir.nhs.uk/Id/nhs-number", + "value": "9449304130" + } + }, + "requester": { + "reference": "urn:uuid:56166769-c1c4-4d07-afa8-132b5dfca666" + }, + "groupIdentifier": { + "system": "https://fhir.nhs.uk/Id/prescription-order-number", + "value": "24F5DA-A83008-7EFE6Z" + }, + "courseOfTherapyType": { + "coding": [ + { + "system": "http://terminology.hl7.org/CodeSystem/medicationrequest-course-of-therapy", + "code": "acute", + "display": "Short course (acute) therapy" + } + ] + }, + "dispenseRequest": { + "validityPeriod": { + "start": "2024-01-17" + }, + "quantity": { + "value": 30, + "unit": "tablet", + "system": "http://snomed.info/sct", + "code": "428673006" + }, + "performer": { + "reference": "urn:uuid:afb07f8b-e8d7-4cad-895d-494e6b35b2a1" + } + }, + "substitution": { + "allowedBoolean": false + }, + "extension": [ + { + "url": "https://fhir.nhs.uk/StructureDefinition/Extension-DM-PrescriptionStatusHistory", + "extension": [ + { + "url": "statusDate", + "valueDateTime": "2024-02-01T11:14:21Z" + }, + { + "url": "status", + "valueCoding": { + "system": "https://fhir.nhs.uk/CodeSystem/task-businessStatus-nppt", + "code": "With Pharmacy" + } + } + ] + } + ] + } + }, + { + "fullUrl": "urn:uuid:5cb17f5a-11ac-4e18-825f-6470467238b3", + "resource": { + "resourceType": "MedicationRequest", + "status": "active", + "intent": "order", + "medicationCodeableConcept": { + "coding": [ + { + "system": "http://snomed.info/sct", + "code": "324252006", + "display": "Azithromycin 250mg capsules" + } + ] + }, + "subject": { + "identifier": { + "system": "https://fhir.nhs.uk/Id/nhs-number", + "value": "9449304130" + } + }, + "requester": { + "reference": "urn:uuid:56166769-c1c4-4d07-afa8-132b5dfca666" + }, + "groupIdentifier": { + "system": "https://fhir.nhs.uk/Id/prescription-order-number", + "value": "24F5DA-A83008-7EFE6Z" + }, + "courseOfTherapyType": { + "coding": [ + { + "system": "http://terminology.hl7.org/CodeSystem/medicationrequest-course-of-therapy", + "code": "acute", + "display": "Short course (acute) therapy" + } + ] + }, + "dispenseRequest": { + "validityPeriod": { + "start": "2024-01-17" + }, + "quantity": { + "value": 30, + "unit": "tablet", + "system": "http://snomed.info/sct", + "code": "428673006" + }, + "performer": { + "reference": "urn:uuid:afb07f8b-e8d7-4cad-895d-494e6b35b2a1" + } + }, + "substitution": { + "allowedBoolean": false + }, + "extension": [ + { + "url": "https://fhir.nhs.uk/StructureDefinition/Extension-DM-PrescriptionStatusHistory", + "extension": [ + { + "url": "statusDate", + "valueDateTime": "2024-02-01T11:14:21Z" + }, + { + "url": "status", + "valueCoding": { + "system": "https://fhir.nhs.uk/CodeSystem/task-businessStatus-nppt", + "code": "With Pharmacy" + } + } + ] + } + ] + } + }, + { + "fullUrl": "urn:uuid:56166769-c1c4-4d07-afa8-132b5dfca666", + "resource": { + "resourceType": "PractitionerRole", + "id": "56166769-c1c4-4d07-afa8-132b5dfca666", + "practitioner": { + "reference": "urn:uuid:a8c85454-f8cb-498d-9629-78e2cb5fa47a" + }, + "organization": { + "reference": "urn:uuid:3b4b03a5-52ba-4ba6-9b82-70350aa109d8" + } + } + }, + { + "fullUrl": "urn:uuid:a8c85454-f8cb-498d-9629-78e2cb5fa47a", + "resource": { + "resourceType": "Practitioner", + "id": "a8c85454-f8cb-498d-9629-78e2cb5fa47a", + "name": [ + { + "family": "BOIN", + "given": [ + "C" + ], + "prefix": [ + "DR" + ] + } + ] + } + }, + { + "fullUrl": "urn:uuid:3b4b03a5-52ba-4ba6-9b82-70350aa109d8", + "resource": { + "resourceType": "Organization", + "id": "3b4b03a5-52ba-4ba6-9b82-70350aa109d8", + "identifier": [ + { + "system": "https://fhir.nhs.uk/Id/ods-organization-code", + "value": "A83008" + } + ], + "name": "HALLGARTH SURGERY", + "telecom": [ + { + "system": "phone", + "use": "work", + "value": "0115 9737320" + } + ], + "address": [ + { + "use": "work", + "type": "both", + "line": [ + "HALLGARTH SURGERY", + "CHEAPSIDE", + "SHILDON", + "COUNTY DURHAM" + ], + "postalCode": "DL4 2HP" + } + ] + } + }, + { + "fullUrl": "urn:uuid:afb07f8b-e8d7-4cad-895d-494e6b35b2a1", + "resource": { + "resourceType": "Organization", + "id": "afb07f8b-e8d7-4cad-895d-494e6b35b2a1", + "identifier": [ + { + "system": "https://fhir.nhs.uk/Id/ods-organization-code", + "value": "VNE51" + } + ], + "name": "Social Care Site - HEALTH AND CARE AT HOME", + "telecom": [ + { + "system": "phone", + "use": "work", + "value": "0115 9999999" + } + ], + "address": [ + { + "use": "work", + "type": "both", + "text": "THE HEALTH AND WELLBEING INNOVATION C, TRELISKE, TRURO, CORNWALL", + "postalCode": "TR1 3FF" + } + ] + } + } + ] + } + } + ] } \ No newline at end of file From 87a1600629a951e1564b97ecf34b1b359214d841 Mon Sep 17 00:00:00 2001 From: Anthony Brown <121869075+anthony-nhs@users.noreply.github.com> Date: Mon, 7 Oct 2024 17:18:05 +0000 Subject: [PATCH 09/14] fix example --- packages/dummySpine/src/response.json | 78 ++------------------------- 1 file changed, 3 insertions(+), 75 deletions(-) diff --git a/packages/dummySpine/src/response.json b/packages/dummySpine/src/response.json index e6d36da5..b25202d9 100644 --- a/packages/dummySpine/src/response.json +++ b/packages/dummySpine/src/response.json @@ -70,25 +70,7 @@ }, "substitution": { "allowedBoolean": false - }, - "extension": [ - { - "url": "https://fhir.nhs.uk/StructureDefinition/Extension-DM-PrescriptionStatusHistory", - "extension": [ - { - "url": "statusDate", - "valueDateTime": "2024-02-01T11:14:21Z" - }, - { - "url": "status", - "valueCoding": { - "system": "https://fhir.nhs.uk/CodeSystem/task-businessStatus-nppt", - "code": "With Pharmacy" - } - } - ] - } - ] + } } }, { @@ -144,25 +126,7 @@ }, "substitution": { "allowedBoolean": false - }, - "extension": [ - { - "url": "https://fhir.nhs.uk/StructureDefinition/Extension-DM-PrescriptionStatusHistory", - "extension": [ - { - "url": "statusDate", - "valueDateTime": "2024-02-01T11:14:21Z" - }, - { - "url": "status", - "valueCoding": { - "system": "https://fhir.nhs.uk/CodeSystem/task-businessStatus-nppt", - "code": "With Pharmacy" - } - } - ] - } - ] + } } }, { @@ -219,24 +183,6 @@ "substitution": { "allowedBoolean": false }, - "extension": [ - { - "url": "https://fhir.nhs.uk/StructureDefinition/Extension-DM-PrescriptionStatusHistory", - "extension": [ - { - "url": "statusDate", - "valueDateTime": "2024-02-01T11:14:21Z" - }, - { - "url": "status", - "valueCoding": { - "system": "https://fhir.nhs.uk/CodeSystem/task-businessStatus-nppt", - "code": "With Pharmacy" - } - } - ] - } - ] } }, { @@ -292,25 +238,7 @@ }, "substitution": { "allowedBoolean": false - }, - "extension": [ - { - "url": "https://fhir.nhs.uk/StructureDefinition/Extension-DM-PrescriptionStatusHistory", - "extension": [ - { - "url": "statusDate", - "valueDateTime": "2024-02-01T11:14:21Z" - }, - { - "url": "status", - "valueCoding": { - "system": "https://fhir.nhs.uk/CodeSystem/task-businessStatus-nppt", - "code": "With Pharmacy" - } - } - ] - } - ] + } } }, { From 749b6b85f8e7078e62766ad794811b72b68467ab Mon Sep 17 00:00:00 2001 From: Anthony Brown <121869075+anthony-nhs@users.noreply.github.com> Date: Mon, 7 Oct 2024 17:25:11 +0000 Subject: [PATCH 10/14] fix example --- packages/dummySpine/src/response.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/dummySpine/src/response.json b/packages/dummySpine/src/response.json index b25202d9..f4b621ac 100644 --- a/packages/dummySpine/src/response.json +++ b/packages/dummySpine/src/response.json @@ -182,7 +182,7 @@ }, "substitution": { "allowedBoolean": false - }, + } } }, { From 42f21ec4dc27b830fbba046ada3caf38847979ba Mon Sep 17 00:00:00 2001 From: Anthony Brown <121869075+anthony-nhs@users.noreply.github.com> Date: Tue, 8 Oct 2024 07:17:37 +0000 Subject: [PATCH 11/14] release pfp to ref --- .github/workflows/release_pfp_to_ref.yml | 90 ++++++++++++++++++++++++ 1 file changed, 90 insertions(+) diff --git a/.github/workflows/release_pfp_to_ref.yml b/.github/workflows/release_pfp_to_ref.yml index d9b59590..83339a6e 100644 --- a/.github/workflows/release_pfp_to_ref.yml +++ b/.github/workflows/release_pfp_to_ref.yml @@ -1,6 +1,11 @@ name: 'Release pfp to ref' on: workflow_dispatch: + inputs: + pfpWorkflowRunID: + description: 'The github workflow run id of a pfp build and deployment to release to REF environment' + required: true + jobs: get_issue_number: runs-on: ubuntu-latest @@ -38,6 +43,91 @@ jobs: run: | echo "commit_id=${{ github.sha }}" >> "$GITHUB_OUTPUT" + release_to_ref: + runs-on: ubuntu-latest + permissions: + id-token: write + contents: read + + steps: + - name: Show input params + shell: bash + run: | + echo "## psuWorkflowRunID : [${{ github.event.inputs.pfpWorkflowRunID }}](https://github.com/NHSDigital/prescriptionsforpatients/actions/runs/${{ github.event.inputs.pfpWorkflowRunID }})" >> "$GITHUB_STEP_SUMMARY" + + - name: Checkout local github actions + uses: actions/checkout@v4 + with: + ref: ${{ env.BRANCH_NAME }} + fetch-depth: 0 + sparse-checkout: | + .github + .tool-versions + poetry.lock + poetry.toml + pyproject.toml + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-region: eu-west-2 + role-to-assume: ${{ secrets.REF_CLOUD_FORMATION_DEPLOY_ROLE }} + role-session-name: github-actions + + - name: download build artifact + uses: actions/download-artifact@v4 + with: + name: packaged_code + path: . + github-token: ${{ secrets.GH_PAT }} + repository: NHSDigital/prescriptionsforpatients + run-id: ${{ inputs.pfpWorkflowRunID }} + + # using git commit sha for version of action to ensure we have stable version + - name: Install asdf + uses: asdf-vm/actions/setup@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 + with: + asdf_branch: v0.11.3 + + - name: Cache asdf + uses: actions/cache@v4 + with: + path: | + ~/.asdf + key: ${{ runner.os }}-asdf-${{ hashFiles('**/.tool-versions') }} + restore-keys: | + ${{ runner.os }}-asdf- + + - name: Install asdf dependencies in .tool-versions + uses: asdf-vm/actions/install@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 + with: + asdf_branch: v0.11.3 + env: + PYTHON_CONFIGURE_OPTS: --enable-shared + + - name: Run make install-python + run: | + make install-python + + - name: release code + shell: bash + working-directory: .github/scripts + env: + artifact_bucket_prefix: pfp/load_test/${{ github.run_id }} + COMMIT_ID: load_test_${{ github.run_id }} + enable_mutual_tls: false + LOG_LEVEL: DEBUG + LOG_RETENTION_DAYS: 30 + stack_name: psu-load-test + TARGET_ENVIRONMENT: ref + template_file: template.yaml + TRUSTSTORE_FILE: psu-truststore.pem + VERSION_NUMBER: load_test_${{ github.run_id }} + DYNAMODB_AUTOSCALE: true + DEPLOY_CHECK_PRESCRIPTION_STATUS_UPDATE: true + ENABLE_ALERTS: true + run: ./release_code.sh + package_code: uses: ./.github/workflows/sam_package_code.yml From 460043e4e828baa3c6b73c00f1a3699b75812beb Mon Sep 17 00:00:00 2001 From: Anthony Brown <121869075+anthony-nhs@users.noreply.github.com> Date: Tue, 8 Oct 2024 07:50:42 +0000 Subject: [PATCH 12/14] fix releaese --- .github/workflows/release_pfp_to_ref.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release_pfp_to_ref.yml b/.github/workflows/release_pfp_to_ref.yml index 83339a6e..d6f423c6 100644 --- a/.github/workflows/release_pfp_to_ref.yml +++ b/.github/workflows/release_pfp_to_ref.yml @@ -43,7 +43,8 @@ jobs: run: | echo "commit_id=${{ github.sha }}" >> "$GITHUB_OUTPUT" - release_to_ref: + release_pfp_to_ref: + needs: [get_issue_number] runs-on: ubuntu-latest permissions: id-token: write @@ -120,11 +121,12 @@ jobs: LOG_RETENTION_DAYS: 30 stack_name: psu-load-test TARGET_ENVIRONMENT: ref + target_service_search_server: ${{ secrets.TARGET_SERVICE_SEARCH_SERVER }} + target_spine_server: dummy-spine-${{needs.get_issue_number.outputs.issue_number}}.ref.eps.national.nhs.uk template_file: template.yaml TRUSTSTORE_FILE: psu-truststore.pem VERSION_NUMBER: load_test_${{ github.run_id }} - DYNAMODB_AUTOSCALE: true - DEPLOY_CHECK_PRESCRIPTION_STATUS_UPDATE: true + TOGGLE_GET_STATUS_UPDATES: true ENABLE_ALERTS: true run: ./release_code.sh From e396d5557d3b0a40f5df5100e500bb66efde8c8b Mon Sep 17 00:00:00 2001 From: Anthony Brown <121869075+anthony-nhs@users.noreply.github.com> Date: Tue, 8 Oct 2024 10:51:10 +0000 Subject: [PATCH 13/14] fix stack name --- .github/workflows/release_pfp_to_ref.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release_pfp_to_ref.yml b/.github/workflows/release_pfp_to_ref.yml index d6f423c6..74af610f 100644 --- a/.github/workflows/release_pfp_to_ref.yml +++ b/.github/workflows/release_pfp_to_ref.yml @@ -119,7 +119,7 @@ jobs: enable_mutual_tls: false LOG_LEVEL: DEBUG LOG_RETENTION_DAYS: 30 - stack_name: psu-load-test + stack_name: pfp-load-test TARGET_ENVIRONMENT: ref target_service_search_server: ${{ secrets.TARGET_SERVICE_SEARCH_SERVER }} target_spine_server: dummy-spine-${{needs.get_issue_number.outputs.issue_number}}.ref.eps.national.nhs.uk From 1821447f9665b29f32387833db489c2e858d3de2 Mon Sep 17 00:00:00 2001 From: Anthony Brown <121869075+anthony-nhs@users.noreply.github.com> Date: Tue, 8 Oct 2024 10:57:30 +0000 Subject: [PATCH 14/14] add secret and access policy --- SAMtemplates/main_template.yaml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/SAMtemplates/main_template.yaml b/SAMtemplates/main_template.yaml index 0456d3c4..750e3e42 100644 --- a/SAMtemplates/main_template.yaml +++ b/SAMtemplates/main_template.yaml @@ -192,3 +192,34 @@ Resources: LogGroupName: !Ref ApiGwAccessLogs FilterPattern: "" # All logs DestinationArn: !ImportValue lambda-resources:SplunkDeliveryStream + + SpineCAChain: + Type: AWS::SecretsManager::Secret + Properties: + Description: CA chain for spine + KmsKeyId: alias/SecretsKMSKeyAlias + SecretString: ChangeMe + + LambdaAccessSecretsPolicy: + Type: AWS::IAM::ManagedPolicy + Properties: + PolicyDocument: + Version: 2012-10-17 + Statement: + - Effect: Allow + Action: + - secretsmanager:GetSecretValue + Resource: + - !Ref SpineCAChain + +Outputs: + LambdaAccessSecretsPolicy: + Description: "Lambda Access Secrets Policy ARN" + Value: !GetAtt LambdaAccessSecretsPolicy.PolicyArn + Export: + Name: !Join [":", [!Ref "AWS::StackName", "LambdaAccessSecretsPolicy"]] + SpineCAChain: + Description: SpineCAChain + Value: !GetAtt SpineCAChain.Id + Export: + Name: !Join [":", [!Ref "AWS::StackName", "SpineCAChain"]]