Merge remote-tracking branch 'origin/main' into AB2D-5997/Conf_reason…

…_code_upd

.github/workflows/opt-out-export-dev-deploy.yml

@@ -0,0 +1,38 @@
+name: opt-out-export dev deploy
+
+on:
+  workflow_dispatch:
+
+jobs:
+  deploy:
+    runs-on: self-hosted
+    environment: dev
+    defaults:
+      run:
+        working-directory: ./attribution-data-file-share
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-java@v3
+        with:
+          java-version: '17'
+          distribution: 'temurin'
+      - uses: cmsgov/ab2d-bcda-dpc-platform/actions/aws-params-env-action@main
+        env:
+          AWS_REGION: ${{ vars.AWS_REGION }}
+        with:
+          params: |
+            ARTIFACTORY_URL=/artifactory/url
+            ARTIFACTORY_USER=/artifactory/user
+            ARTIFACTORY_PASSWORD=/artifactory/password
+      - name: Build opt-out-export zip file
+        run: ../gradlew buildZip
+      - uses: aws-actions/configure-aws-credentials@v3
+        with:
+          aws-region: ${{ vars.AWS_REGION }}
+          role-to-assume: arn:aws:iam::${{ secrets.ACCOUNT_ID }}:role/delegatedadmin/developer/ab2d-dev-github-actions
+      - name: Upload and reload
+        run: |
+          aws s3 cp --no-progress build/distributions/attributionDataShare.zip \
+            s3://ab2d-dev-opt-out-export-function/function-${{ github.sha }}.zip
+          aws lambda update-function-code --function-name ab2d-dev-opt-out-export \
+            --s3-bucket ab2d-dev-opt-out-export-function --s3-key function-${{ github.sha }}.zip

.github/workflows/opt-out-export-prod-deploy.yml

@@ -0,0 +1,24 @@
+name: opt-out-export prod deploy
+
+on:
+  workflow_dispatch:
+
+jobs:
+  deploy:
+    permissions:
+      contents: read
+      id-token: write
+    runs-on: ubuntu-latest
+    environment: prod
+    steps:
+      - uses: aws-actions/configure-aws-credentials@v3
+        with:
+          aws-region: ${{ vars.AWS_REGION }}
+          role-to-assume: arn:aws:iam::${{ secrets.ACCOUNT_ID }}:role/delegatedadmin/developer/ab2d-prod-github-actions
+      - name: Promote lambda code from test to prod
+        run: |
+          aws s3 cp --no-progress \
+            s3://ab2d-test-opt-out-export-function/function-${{ github.sha }}.zip \
+            s3://ab2d-prod-opt-out-export-function/function-${{ github.sha }}.zip
+          aws lambda update-function-code --function-name ab2d-prod-opt-out-export \
+            --s3-bucket ab2d-prod-opt-out-export-function --s3-key function-${{ github.sha }}.zip

.github/workflows/opt-out-export-test-deploy.yml

@@ -0,0 +1,39 @@
+name: opt-out-export test (impl) deploy
+
+on:
+  workflow_call: # Allow for call from integration test
+  workflow_dispatch:
+
+jobs:
+  deploy:
+    runs-on: self-hosted
+    environment: test
+    defaults:
+      run:
+        working-directory: ./attribution-data-file-share
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-java@v3
+        with:
+          java-version: '17'
+          distribution: 'temurin'
+      - uses: cmsgov/ab2d-bcda-dpc-platform/actions/aws-params-env-action@main
+        env:
+          AWS_REGION: ${{ vars.AWS_REGION }}
+        with:
+          params: |
+            ARTIFACTORY_URL=/artifactory/url
+            ARTIFACTORY_USER=/artifactory/user
+            ARTIFACTORY_PASSWORD=/artifactory/password
+      - name: Build opt-out-export zip file
+        run: ../gradlew buildZip
+      - uses: aws-actions/configure-aws-credentials@v3
+        with:
+          aws-region: ${{ vars.AWS_REGION }}
+          role-to-assume: arn:aws:iam::${{ secrets.ACCOUNT_ID }}:role/delegatedadmin/developer/ab2d-test-github-actions
+      - name: Upload and reload
+        run: |
+          aws s3 cp --no-progress build/distributions/attributionDataShare.zip \
+            s3://ab2d-test-opt-out-export-function/function-${{ github.sha }}.zip
+          aws lambda update-function-code --function-name ab2d-test-opt-out-export \
+            --s3-bucket ab2d-test-opt-out-export-function --s3-key function-${{ github.sha }}.zip

.github/workflows/opt-out-export-test-integration.yml

@@ -0,0 +1,40 @@
+name: opt-out-export integration tests
+
+on:
+  push:
+    paths:
+      - .github/workflows/opt-out-export-test-integration.yml
+      - attribution-data-file-share/**
+  workflow_dispatch:
+
+# Ensure we only have one integration test running at a time
+concurrency:
+  group: opt-out-export-test-integration
+
+jobs:
+  # Deploy first if triggered by push
+  deploy:
+    if: ${{ github.event_name == 'push' }}
+    uses: ./.github/workflows/opt-out-export-test-deploy.yml
+    secrets: inherit
+
+  trigger:
+    if: ${{ always() }}
+    needs: deploy
+    permissions:
+      contents: read
+      id-token: write
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: ./attribution-data-file-share
+    steps:
+      - uses: aws-actions/configure-aws-credentials@v3
+        with:
+          aws-region: ${{ vars.AWS_REGION }}
+          role-to-assume: arn:aws:iam::${{ secrets.TEST_ACCOUNT_ID }}:role/delegatedadmin/developer/ab2d-test-github-actions
+      - name: Send event to trigger export lambda function
+        run: |
+          aws events put-events --entries file://test/events.json # TODO Add events.json matching rule for lambda trigger
+
+  # TODO Check bucket for export file

.github/workflows/opt-out-export-unit.yml

@@ -0,0 +1,33 @@
+name: opt-out-export unit tests
+
+on:
+  pull_request:
+    paths:
+      - .github/workflows/opt-out-export-unit.yml
+      - attribution-data-file-share/**
+  workflow_dispatch:
+
+jobs:
+  test:
+    runs-on: self-hosted
+    defaults:
+      run:
+        working-directory: ./attribution-data-file-share
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-java@v3
+        with:
+          java-version: '17'
+          distribution: 'temurin'
+      - uses: cmsgov/ab2d-bcda-dpc-platform/actions/aws-params-env-action@main
+        env:
+          AWS_REGION: ${{ vars.AWS_REGION }}
+        with:
+          params: |
+            ARTIFACTORY_URL=/artifactory/url
+            ARTIFACTORY_USER=/artifactory/user
+            ARTIFACTORY_PASSWORD=/artifactory/password
+            SONAR_HOST_URL=/sonarqube/url
+            SONAR_TOKEN=/sonarqube/token
+      - name: Run unit tests for opt-out-export lambda
+        run: ../gradlew test

.github/workflows/opt-out-import-deploy-dev.yml → .github/workflows/opt-out-import-dev-deploy.yml

@@ -29,8 +29,10 @@ jobs:
       - uses: aws-actions/configure-aws-credentials@v3
         with:
           aws-region: ${{ vars.AWS_REGION }}
-          role-to-assume: ${{ vars.ACCOUNT_ROLE }}
+          role-to-assume: arn:aws:iam::${{ secrets.ACCOUNT_ID }}:role/delegatedadmin/developer/ab2d-dev-github-actions
       - name: Upload and reload
         run: |
-          aws s3 cp --no-progress build/distributions/optout.zip s3://${{ vars.OPT_OUT_IMPORT_ZIP_BUCKET }}/function.zip
-          aws lambda update-function-code --function-name ab2d-dev-opt-out-import --s3-bucket ${{ vars.OPT_OUT_IMPORT_ZIP_BUCKET }} --s3-key function.zip
+          aws s3 cp --no-progress build/distributions/optout.zip \
+            s3://ab2d-dev-opt-out-import-function/function-${{ github.sha }}.zip
+          aws lambda update-function-code --function-name ab2d-dev-opt-out-import \
+            --s3-bucket ab2d-dev-opt-out-import-function --s3-key function-${{ github.sha }}.zip

.github/workflows/opt-out-import-deploy-prod.yml → .github/workflows/opt-out-import-prod-deploy.yml

@@ -14,8 +14,11 @@ jobs:
       - uses: aws-actions/configure-aws-credentials@v3
         with:
           aws-region: ${{ vars.AWS_REGION }}
-          role-to-assume: ${{ vars.ACCOUNT_ROLE }}
+          role-to-assume: arn:aws:iam::${{ secrets.ACCOUNT_ID }}:role/delegatedadmin/developer/ab2d-prod-github-actions
       - name: Promote lambda code from test to prod
         run: |
-          aws s3 cp --no-progress s3://${{ vars.OPT_OUT_IMPORT_TEST_ZIP_BUCKET }}/function.zip s3://${{ vars.OPT_OUT_IMPORT_ZIP_BUCKET }}/function.zip
-          aws lambda update-function-code --function-name ab2d-prod-opt-out-import --s3-bucket ${{ vars.OPT_OUT_IMPORT_ZIP_BUCKET }} --s3-key function.zip
+          aws s3 cp --no-progress \
+            s3://ab2d-test-opt-out-import-function/function-${{ github.sha }}.zip \
+            s3://ab2d-prod-opt-out-import-function/function-${{ github.sha }}.zip
+          aws lambda update-function-code --function-name ab2d-prod-opt-out-import \
+            --s3-bucket ab2d-prod-opt-out-import-function --s3-key function-${{ github.sha }}.zip

.github/workflows/opt-out-import-deploy-test.yml → .github/workflows/opt-out-import-test-deploy.yml

@@ -1,11 +1,7 @@
 name: opt-out-import test (impl) deploy
 
 on:
-  push:
-    branches:
-      - main
-    paths:
-      - optout/**
+  workflow_call: # Allow for call from integration test
   workflow_dispatch:
 
 jobs:
@@ -34,8 +30,10 @@ jobs:
       - uses: aws-actions/configure-aws-credentials@v3
         with:
           aws-region: ${{ vars.AWS_REGION }}
-          role-to-assume: ${{ vars.ACCOUNT_ROLE }}
+          role-to-assume: arn:aws:iam::${{ secrets.ACCOUNT_ID }}:role/delegatedadmin/developer/ab2d-test-github-actions
       - name: Upload and reload
         run: |
-          aws s3 cp --no-progress build/distributions/optout.zip s3://${{ vars.OPT_OUT_IMPORT_ZIP_BUCKET }}/function.zip
-          aws lambda update-function-code --function-name ab2d-test-opt-out-import --s3-bucket ${{ vars.OPT_OUT_IMPORT_ZIP_BUCKET }} --s3-key function.zip
+          aws s3 cp --no-progress build/distributions/optout.zip \
+            s3://ab2d-test-opt-out-import-function/function-${{ github.sha }}.zip
+          aws lambda update-function-code --function-name ab2d-test-opt-out-import \
+            --s3-bucket ab2d-test-opt-out-import-function --s3-key function-${{ github.sha }}.zip

.github/workflows/opt-out-import-test-integration.yml

@@ -0,0 +1,56 @@
+name: opt-out-import test integration
+
+on:
+  push:
+    paths:
+      - .github/workflows/opt-out-import-test-integration.yml
+      - optout/**
+  workflow_dispatch:
+
+# Ensure we have only one integration test running at a time
+concurrency:
+  group: opt-out-import-test-integration
+
+jobs:
+  # Deploy first if triggered by push
+  deploy:
+    if: ${{ github.event_name == 'push' }}
+    uses: ./.github/workflows/opt-out-import-test-deploy.yml
+    secrets: inherit
+
+  trigger:
+    if: ${{ always() }}
+    needs: deploy
+    permissions:
+      contents: read
+      id-token: write
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: ./optout
+    steps:
+      - uses: actions/checkout@v4
+      - uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: ${{ vars.AWS_REGION }}
+          # Note that we assume the lambda role
+          role-to-assume: arn:aws:iam::${{ secrets.TEST_ACCOUNT_ID }}:role/delegatedadmin/developer/ab2d-test-opt-out-import-function
+      - uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: ${{ vars.AWS_REGION }}
+          # Now assume the BFD bucket role
+          role-to-assume: arn:aws:iam::${{ secrets.BFD_ACCOUNT_ID }}:role/bfd-test-eft-ab2d-bucket-role
+          role-chaining: true
+          role-skip-session-tagging: true
+      - name: Upload test file to the BFD bucket to trigger lambda function via SNS message
+        run: |
+          aws s3 cp --no-progress src/test/resources/optOutDummy.txt \
+            s3://bfd-test-eft/bfdeft01/ab2d/in/test-${{ github.run_id }}.txt
+      - name: Check bucket for response file
+        run: |
+          sleep 30
+          aws s3 cp --no-progress s3://bfd-test-eft/bfdeft01/ab2d/out/test-${{ github.run_id }}.txt \
+            test-response.txt
+          cat test-response.txt
+
+  # TODO Run another job to check database for update

.github/workflows/opt-out-import-test-unit.yml → .github/workflows/opt-out-import-unit.yml

@@ -3,7 +3,7 @@ name: opt-out-import unit tests
 on:
   pull_request:
     paths:
-      - .github/workflows/opt-out-import-test-unit.yml
+      - .github/workflows/opt-out-import-unit.yml
       - optout/**
   workflow_dispatch: