Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[DW-3359] New workflows for daylight saving checking #2500

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[DW-3359] New workflows for daylight saving checking #2500

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 33 additions & 0 deletions .github/workflows/daylight-saving-setter.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
name: DAYLIGHT SAVINGS CHECKER

on:
schedule:
- cron: "0 0 1 4,11 *"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please annotate what time, month etc., this CRON job runs.


# Allows you to run this workflow manually from the Actions tab if needed in emergencies
workflow_dispatch:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is missing a command name.


jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
# set the environment variables
- name: SET BST ENV VAR
run: echo "BST_ENV_VAR=$(TZ='Europe/London' date)" >> $GITHUB_ENV
- name: SET UTC ENV VAR
run: echo "UTC_ENV_VAR=$(date)" >> $GITHUB_ENV

# Runs DAYLIGHT SAVING FALSE
- name: IT IS NOT DAYLIGHT SAVING
if: ${{ env.BST_ENV_VAR == env.UTC_ENV_VAR }}
run: |
curl -L -X PUT -H "Accept: application/vnd.github+json" -H 'Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' -H "X-GitHub-Api-Version: 2022-11-28" https://api.github.com/repos/NHS-digital-website/hippo/actions/workflows/#TODO/disable
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why does this line say todo?

curl -L -X PUT -H "Accept: application/vnd.github+json" -H 'Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' -H "X-GitHub-Api-Version: 2022-11-28" https://api.github.com/repos/NHS-digital-website/hippo/actions/workflows/#TODO/enable

# Runs DAYLIGHT SAVING TRUE
- name: IT IS DAYLIGHT SAVING
if: ${{ env.BST_ENV_VAR != env.UTC_ENV_VAR }}
run: |
curl -L -X PUT -H "Accept: application/vnd.github+json" -H 'Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' -H "X-GitHub-Api-Version: 2022-11-28" https://api.github.com/repos/NHS-digital-website/hippo/actions/workflows/#TODO/enable
curl -L -X PUT -H "Accept: application/vnd.github+json" -H 'Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' -H "X-GitHub-Api-Version: 2022-11-28" https://api.github.com/repos/NHS-digital-website/hippo/actions/workflows/#TODO/disable
274 changes: 274 additions & 0 deletions .github/workflows/deploy-to-production_daylight.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,274 @@
name: Deploy to Production


on:
# Request Hotfix Deployment
repository_dispatch:
types:
- slack-deploy-hotfix-command-odv2
# Schedule A Normal Deployment
schedule:
# Runs at 12:05 pm weekdays (UK time)
- cron: "5 13 * * 1-5"

env:
#Prod Env Id
PROD_ENV_ID: "91d6f394-c2ed-40aa-bc8d-3b29e2aaa645"
TARGET: "production"
jobs:

integrity:
name: Slack Integrity Check
# Only runs for SLACK Command (hotfix)

runs-on: ubuntu-latest
timeout-minutes: 1
if: (github.event_name != 'schedule')
steps:
# Validate that the command is called from deployment-od2-prod
- name: Checking source
uses: actions/github-script@v6
env:
CHANNEL_ID: ${{ github.event.client_payload.data.channel_id }}
if: ${{ env.CHANNEL_ID !='C0353KHFXNJ' }}
with:
script: |
core.setFailed('Caller source not verified!')

#
# Validate that the origin is from Slack
# See: https://api.slack.com/authentication/verifying-requests-from-slack
#
- name: Validate Origin
uses: actions/github-script@v6
env:
AGENT: ${{ github.event.client_payload.integrity.agent }}
BODY: ${{ github.event.client_payload.integrity.body }}
TIMESTAMP: ${{ github.event.client_payload.integrity.timestamp }}
SIGNATURE: ${{ github.event.client_payload.integrity.signature }}
SIGNING_SECRET: ${{ secrets.SLACK_SIGNING_SECRET }}
with:
script: |
if(!`${process.env.AGENT}`.startsWith("Slackbot")){
core.setFailed("User agent mismatch.")
} else {
const base = `v0:${process.env.TIMESTAMP}:${process.env.BODY}`
const hash = require('crypto').createHmac('sha256', `${process.env.SIGNING_SECRET}`).update(base).digest("hex")
if(`${process.env.SIGNATURE}` !== `v0=${hash}`) {
core.setFailed("The origin integrity check failed.")
}
}

#
# Provide a URL to the active GitHub Actions Workflow run
#
- name: Slack message (Track progress message)
if: ${{ success() }}
uses: muinmomin/webhook-action@v1.0.0
with:
url: ${{ env.SLACK_WEBHOOK }}
data: '{ "channel": "${{ env.CHANNEL_ID }}", "text": "Pipeline progress...", "attachments": [{ "text" : "The pipeline logs are here ${{ env.GITHUB_WORKFLOW_URL }}", "color": "#005EB8" }] }'
env:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
GITHUB_WORKFLOW_URL: "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
CHANNEL_ID: ${{ github.event.client_payload.data.channel_id }}


update-tag-hotfix:
runs-on: ubuntu-latest
name: Move tag uat to rc for Hotfix
# Only runs for SLACK Command (hotfix)
needs: integrity
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0 # Need all the tags for versioning
ref: master

- name: Tagging the build
run: |
make git.update-environment-tag ENV=rc VERSION=uat


prepare-prod-deployment:
name: Deploy to Production
runs-on: ubuntu-latest
timeout-minutes: 85
if: ${{ !failure() }}
needs: [update-tag-hotfix,integrity]
steps:
#
# Step 1
#
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0 # Need all the tags for versioning
ref: master

- name: Obtain file name for deployment
id: filename
run: |
fileVersion=$(git describe --tags --match v3.0* rc)
fileName=$(git describe --tags --match v3.0* rc).tar.gz

echo "fileName=${fileName}" >> $GITHUB_OUTPUT
echo "fileVersion=${fileVersion}" >> $GITHUB_OUTPUT


# Get API access token and verify it.
- name: Obtaino JWT Token
id: jwt_token
run: |
response=$(curl -i \
-H "Accept: application/json; charset=utf-8" \
-X POST https://api.${{ secrets.HOST }}/v3/authn/access_token \
-d '{ "username": "${{ env.USERNAME }}", "password": "${{ env.PASSWORD }}" }')
token=$(echo $response | awk 'match($0, /access_token":"[^"]+"/) {print substr($0, RSTART+15)}' | cut -d '"' -f 1 )
refresh=$(echo $response | awk 'match($0, /refresh_token":"[^"]+"/) {print substr($0, RSTART+16)}' | cut -d '"' -f 1 )
echo "token=$token" >> $GITHUB_OUTPUT
echo "refresh=$refresh" >> $GITHUB_OUTPUT
env:
USERNAME: ${{ secrets.MISSION_CONTROL_API_USERNAME }}
PASSWORD: ${{ secrets.MISSION_CONTROL_API_PASSWORD }}
- name: Verify JWT Token
id: jwt_token_verify
run: |
code=$(curl -L \
-H "Accept: application/json; charset=utf-8" \
-H "Authorization: Bearer ${{ steps.jwt_token.outputs.token }}" \
-X GET https://api.${{ secrets.HOST }}/v3/authn/verify_token \
-o /dev/null -w '%{http_code}\n' -s)
echo "code=$code" >> $GITHUB_OUTPUT
- name: Check Response Code from Verify JWT Token
if: ${{ steps.jwt_token_verify.outputs.code != 200 }}
uses: actions/github-script@v6
with:
script: |
core.setFailed('The JWT token failed verification!')

#
# Prepare App Config Deployment Details
#
- name: Get Configuration Files Details
id: files
run: |
response=$(curl \
-H "Authorization: Bearer ${{ steps.jwt_token.outputs.token }}" \
-X GET https://api.${{ secrets.HOST }}/v3/appconfigfiles)
echo "details=${response}" >> $GITHUB_OUTPUT

- name: Get Lastest System Properties for Envrinment
id: system-properties
run: |
id=$(echo '${{steps.files.outputs.details}}' | sed -e 's/+00:00/Z/g' | jq ' . | map( select( .name | startswith( "${{ env.TARGET }}-system-" ) ) ) | sort_by( .createdAt | fromdate ) | reverse | .[0].id')
echo "id=${id}" >> $GITHUB_OUTPUT

- name: Get Lastest Platform Properties for Envrinment
id: platform-properties
run: |
id=$(echo '${{steps.files.outputs.details}}' | sed -e 's/+00:00/Z/g' | jq ' . | map( select( .name | startswith( "${{ env.TARGET }}-content-search-" ) ) ) | sort_by( .createdAt | fromdate ) | reverse | .[0].id')
echo "id=${id}" >> $GITHUB_OUTPUT

- name: Get Lastest Content Search key for Envrinment
id: content-search-key
run: |
id=$(echo '${{steps.files.outputs.details}}' | sed -e 's/+00:00/Z/g' | jq ' . | map( select( .name | startswith( "content-search-key-" ) ) ) | sort_by( .createdAt | fromdate ) | reverse | .[0].id')
echo "id=${id}" >> $GITHUB_OUTPUT

- name: Get Lastest AWS Keys for Envrinment
id: aws-keys
run: |
id=$(echo '${{steps.files.outputs.details}}' | sed -e 's/+00:00/Z/g' | jq ' . | map( select( .name | startswith( "${{ env.TARGET }}-aws-credentials-" ) ) ) | sort_by( .createdAt | fromdate ) | reverse | .[0].id')
echo "id=${id}" >> $GITHUB_OUTPUT

- name: Get Lastest IP Configuration File ID
id: latest-ip-whitelist
run: |
id=$(echo '${{steps.files.outputs.details}}' | sed -e 's/+00:00/Z/g' | jq ' . | map( select( .name | startswith( "hippo-ipfilter-" ) ) ) | sort_by( .createdAt | fromdate ) | reverse | .[0].id')
echo "id=${id}" >> $GITHUB_OUTPUT

- name: Get All Distribution Ids
id: all-distribution-id
run: |
response=$(curl \
-H "Authorization: Bearer ${{ steps.jwt_token.outputs.token }}" \
-X GET https://api.${{ secrets.HOST }}/v3/distributions)
echo "allDistIds=${response}" >> $GITHUB_OUTPUT
respLengthTemp=${#response}
echo "respLength=${respLengthTemp}" >> $GITHUB_OUTPUT
echo ${respLengthTemp}

- name: Distribution Ids Retrival failed
if: ${{steps.all-distribution-id.outputs.respLength < 4}}
uses: actions/github-script@v6
with:
script: |
core.setFailed('Retrival of distibution ids failed ')

- name: Get Distribution Ids for prod deployment
id: prod-distribution-ids
run: |
latestId=$(echo '${{steps.all-distribution-id.outputs.allDistIds}}' | sed -e 's/+00:00/Z/g' | jq --compact-output '[.items[] | {id: .id , date: .createdAt, name: .name}] | map(select(.name | test("${{ steps.filename.outputs.fileName }}"))) | map(.id)')
prodLatestDistId=$(echo ${latestId} | tr "[" " " | tr "]" " " | xargs)
echo "prodDistId=${prodLatestDistId}" >> $GITHUB_OUTPUT
echo ${{steps.all-distribution-id.outputs.respLength}}

- name: Get latest Email SMTP properties File
id: brc-mail-smtp
run: |
id=$(echo '${{steps.files.outputs.details}}' | sed -e 's/+00:00/Z/g' | jq ' . | map( select( .name | startswith( "brc-mail-smtp-" ) ) ) | sort_by( .createdAt | fromdate ) | reverse | .[0].id')
echo "id=${id}" >> $GITHUB_OUTPUT

- name: Request Deployment from BR Cloud
id: deployment
run: |
code=$(curl -i \
-H "Accept: application/json; charset=utf-8" \
-H "Authorization: Bearer ${{ steps.jwt_token.outputs.token }}" \
-X PUT https://api.${{ secrets.HOST }}/v3/environments/${{ env.ENVIRONMENT }}/deploy \
-d '{ "distributionId": "${{ env.DISTRIBUTION }}", "strategy" : "rollingupdate", "appConfigFileRoles": [ { "appConfigFileId": ${{ steps.aws-keys.outputs.id }}, "role": "file", "newFilename": "aws-credentials.properties" }, { "appConfigFileId": ${{ steps.platform-properties.outputs.id }}, "role": "file", "newFilename": "platform.properties" }, { "appConfigFileId": ${{ steps.content-search-key.outputs.id }}, "role": "file", "newFilename": "content-search-key.pem" }, { "appConfigFileId": ${{ steps.system-properties.outputs.id }}, "role": "systemproperty" }, { "appConfigFileId": ${{ steps.latest-ip-whitelist.outputs.id }}, "role": "file", "newFilename": "hippo-ipfilter.properties" }, { "appConfigFileId": ${{ steps.brc-mail-smtp.outputs.id }}, "role": "file", "newFilename": "brc-mail-smtp.properties" } ] }' \
-o /dev/null -w '%{http_code}\n' -s)
echo "code=$code" >> $GITHUB_OUTPUT
env:
DISTRIBUTION: ${{ steps.prod-distribution-ids.outputs.prodDistId }}
ENVIRONMENT: ${{ env.PROD_ENV_ID }}

- name: Check Response Code from Request Deployment
uses: actions/github-script@v6
if: ${{ steps.deployment.outputs.code != 202 }}
with:
script: core.setFailed('Response code mismatch while requesting deployment from BR Cloud! Response ${{ env.CODE }}')
env:
CODE: ${{ steps.deployment.outputs.code }}

post-deployment:
needs: prepare-prod-deployment
if: ${{ !failure() }}
timeout-minutes: 60
name: Updating Tag
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0 # Need all the tags for versioning
ref: master

- name: Tagging the build
run: |
make git.update-environment-tag ENV=prd VERSION=rc
#
# Provide a URL to the active GitHub Actions Workflow run
#
- name: Slack message (Track progress message)
if: ${{ success() }}
uses: muinmomin/webhook-action@v1.0.0
with:
url: ${{ env.SLACK_WEBHOOK }}
data: '{ "channel": "${{ env.CHANNEL_ID }}", "text": "Pipeline Finished", "attachments": [{ "text" : "The pipeline finished", "color": "#7CFC00" }] }'
env:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
GITHUB_WORKFLOW_URL: "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
CHANNEL_ID: ${{ github.event.client_payload.data.channel_id }}