update withdrawal reasons

DFE-Digital · Dec 6, 2024 · e08e035 · e08e035
1 parent 191dde6
commit e08e035
Show file tree

Hide file tree

Showing 89 changed files with 1,079 additions and 689 deletions.
diff --git a/.github/workflows/database-backup.yml b/.github/workflows/database-backup.yml
@@ -115,6 +115,9 @@ jobs:
         sudo rm -rf /usr/share/dotnet || true
         sudo rm -rf /opt/ghc || true
 
+    - name: Set env variable
+      run: echo "SANITISED_FILE_NAME=register_sanitised_$(date +"%F")" >> $GITHUB_ENV
+
     - name: Create local Sanitised Database
       run: |
         createdb ${DATABASE_NAME} && psql -f ${{ env.BACKUP_FILE_NAME }}.sql -d ${DATABASE_NAME}
@@ -142,20 +145,20 @@ jobs:
 
     - name: Dump the Sanitised Database
       run: |
-        pg_dump --encoding utf8 --compress=1 --clean --no-owner --if-exists -d ${DATABASE_NAME} -f backup_sanitised.sql.gz
+        pg_dump --encoding utf8 --compress=1 --clean --no-owner --if-exists -d ${DATABASE_NAME} -f ${SANITISED_FILE_NAME}.sql.gz
       env:
         DATABASE_NAME: register_trainee_teachers
         PGUSER:  postgres
         PGPASSWORD: postgres
         PGHOST: localhost
         PGPORT: 5432
 
-    - name: Upload Sanitised Backup
-      uses: actions/upload-artifact@v4
-      with:
-        name: backup_sanitised
-        path: backup_sanitised.sql.gz
-        retention-days: 3
+    - name: Upload Backup to Azure Storage
+      run: |
+        az storage blob upload --container-name database-backup \
+        --file ${SANITISED_FILE_NAME}.sql.gz --name ${SANITISED_FILE_NAME}.sql.gz --overwrite \
+        --connection-string '${{ env.STORAGE_CONN_STR }}'
+        rm ${SANITISED_FILE_NAME}.sql.gz
 
     - name: Check for Failure
       uses: ./.github/actions/send-slack-notification/
@@ -175,14 +178,34 @@ jobs:
     - uses: actions/checkout@v4
       name: Checkout
 
+    - name: Set env variable
+      run: echo "SANITISED_FILE_NAME=register_sanitised_$(date +"%F")" >> $GITHUB_ENV
+
+    - name: Set KV environment variables
+      run: |
+        tf_vars_file=terraform/aks/workspace-variables/production.tfvars.json
+        echo "key_vault_name=$(jq -r '.key_vault_name' ${tf_vars_file})" >> $GITHUB_ENV
+
     - uses: azure/login@v2
       with:
-        creds: ${{ secrets.AZURE_CREDENTIALS_STAGING }}
+        creds: ${{ secrets.AZURE_CREDENTIALS_PRODUCTION }}
+
+    - name: Set Connection String
+      run: |
+        STORAGE_CONN_STR="$(az keyvault secret show --name REGISTER-BACKUP-STORAGE-CONNECTION-STRING-AKS --vault-name ${{ env.key_vault_name }} | jq -r .value)"
+        echo "::add-mask::$STORAGE_CONN_STR"
+        echo "STORAGE_CONN_STR=$STORAGE_CONN_STR" >> $GITHUB_ENV
+
+    - name: Download Backup
+      run: |
+        az storage blob download --container-name database-backup \
+        --file ${SANITISED_FILE_NAME}.sql.gz --name ${SANITISED_FILE_NAME}.sql.gz \
+        --connection-string '${{ env.STORAGE_CONN_STR }}'
+        az logout
 
-    - name: Download Sanitised Backup
-      uses: actions/download-artifact@v4
+    - uses: azure/login@v2
       with:
-        name: backup_sanitised
+        creds: ${{ secrets.AZURE_CREDENTIALS_STAGING }}
 
     - name: Install kubectl
       uses: DFE-Digital/github-actions/set-kubectl@master
@@ -200,7 +223,7 @@ jobs:
     - name: Restore backup to aks env database
       shell: bash
       run: |
-        bin/konduit.sh -i backup_sanitised.sql.gz -c -t 7200 register-staging -- psql
+        bin/konduit.sh -i ${SANITISED_FILE_NAME}.sql.gz -c -t 7200 register-staging -- psql
 
     - name: Check for Failure
       uses: ./.github/actions/send-slack-notification/

diff --git a/.github/workflows/reset-sandbox-database.yml b/.github/workflows/reset-sandbox-database.yml
@@ -19,15 +19,34 @@ jobs:
     - uses: actions/checkout@v4
       name: Checkout
 
+    - name: Set KV environment variables
+      run: |
+        tf_vars_file=terraform/aks/workspace-variables/production.tfvars.json
+        echo "key_vault_name=$(jq -r '.key_vault_name' ${tf_vars_file})" >> $GITHUB_ENV
+
+    - name: Set env variable
+      run: echo "SANITISED_FILE_NAME=register_sanitised_$(date +"%F")" >> $GITHUB_ENV
+
     - uses: azure/login@v2
       with:
-        creds: ${{ secrets.AZURE_CREDENTIALS_SANDBOX }}
+        creds: ${{ secrets.AZURE_CREDENTIALS_PRODUCTION }}
+
+    - name: Set Connection String
+      run: |
+        STORAGE_CONN_STR="$(az keyvault secret show --name REGISTER-BACKUP-STORAGE-CONNECTION-STRING-AKS --vault-name ${{ env.key_vault_name }} | jq -r .value)"
+        echo "::add-mask::$STORAGE_CONN_STR"
+        echo "STORAGE_CONN_STR=$STORAGE_CONN_STR" >> $GITHUB_ENV
+
+    - name: Download Backup
+      run: |
+        az storage blob download --container-name database-backup \
+        --file ${SANITISED_FILE_NAME}.sql.gz --name ${SANITISED_FILE_NAME}.sql.gz \
+        --connection-string '${{ env.STORAGE_CONN_STR }}'
+        az logout
 
-    - name: Download Sanitised Backup
-      uses: dawidd6/action-download-artifact@v6
+    - uses: azure/login@v2
       with:
-        workflow: database-backup.yml
-        name: backup_sanitised
+        creds: ${{ secrets.AZURE_CREDENTIALS_SANDBOX }}
 
     - name: Install kubectl
       uses: DFE-Digital/github-actions/set-kubectl@master
@@ -45,7 +64,7 @@ jobs:
     - name: Restore backup to aks env database
       shell: bash
       run: |
-        bin/konduit.sh -i backup_sanitised.sql.gz -c -t 7200 register-sandbox -- psql
+        bin/konduit.sh -i ${SANITISED_FILE_NAME}.sql.gz -c -t 7200 register-sandbox -- psql
 
     - name: Swap providers to vendor
       shell: bash

diff --git a/.gitignore b/.gitignore
@@ -67,11 +67,12 @@ config/localhost/https/localhost.crt
 dump.rdb
 
 bin/fetch_config.rb
-bin/terrafile
 bin/konduit.sh
 
 # Downloaded terraform modules
 terraform/aks/vendor/
+terraform/custom_domains/infrastructure/vendor/
+terraform/custom_domains/environment_domains/vendor/
 
 Procfile.dev
 missing-location-graph-from-dfe-reference.json

diff --git a/Gemfile b/Gemfile
@@ -121,10 +121,10 @@ gem "govuk_markdown"
 
 gem "mechanize" # interact with HESA
 
-gem "dfe-reference-data", require: "dfe/reference_data", github: "DFE-Digital/dfe-reference-data", tag: "v3.6.6"
+gem "dfe-reference-data", require: "dfe/reference_data", github: "DFE-Digital/dfe-reference-data", tag: "v3.6.7"
 
 # for sending analytics data to the analytics platform
-gem "dfe-analytics", github: "DFE-Digital/dfe-analytics", tag: "v1.15.0"
+gem "dfe-analytics", github: "DFE-Digital/dfe-analytics", tag: "v1.15.1"
 
 gem "ruby-progressbar" # useful for tracking long running rake tasks
 

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -1,20 +1,20 @@
 GIT
   remote: https://github.com/DFE-Digital/dfe-analytics.git
-  revision: 15208a10476428d645f69b184f18eba6cd1b6213
-  tag: v1.15.0
+  revision: 7618b23697e91ab1ababee5234faaa260f6c873e
+  tag: v1.15.1
   specs:
-    dfe-analytics (1.15.0)
+    dfe-analytics (1.15.1)
       google-cloud-bigquery (~> 1.38)
       httparty (~> 0.21)
       multi_xml (~> 0.6.0)
       request_store_rails (~> 2)
 
 GIT
   remote: https://github.com/DFE-Digital/dfe-reference-data.git
-  revision: a9af3f8eaee02b92dcc206e1442c4d5ef0305bc7
-  tag: v3.6.6
+  revision: f6349961e0b912cc11b7e47b5cb1eed2dbd69ffe
+  tag: v3.6.7
   specs:
-    dfe-reference-data (3.6.3)
+    dfe-reference-data (3.6.7)
       activesupport
       tzinfo
 
@@ -398,7 +398,7 @@ GEM
     msgpack (1.7.2)
     multi_json (1.15.0)
     multi_xml (0.6.0)
-    mutex_m (0.2.0)
+    mutex_m (0.3.0)
     net-http (0.5.0)
       uri
     net-http-digest_auth (1.4.1)
@@ -415,9 +415,9 @@ GEM
       net-protocol
     nio4r (2.7.4)
     nkf (0.2.0)
-    nokogiri (1.16.7-arm64-darwin)
+    nokogiri (1.16.8-arm64-darwin)
       racc (~> 1.4)
-    nokogiri (1.16.7-x86_64-linux)
+    nokogiri (1.16.8-x86_64-linux)
       racc (~> 1.4)
     notifications-ruby-client (6.2.0)
       jwt (>= 1.5, < 3)
@@ -527,9 +527,9 @@ GEM
       activesupport (>= 4.2)
       choice (~> 0.2.0)
       ruby-graphviz (~> 1.2)
-    rails-html-sanitizer (1.6.0)
+    rails-html-sanitizer (1.6.1)
       loofah (~> 2.21)
-      nokogiri (~> 1.14)
+      nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0)
     railties (7.2.2)
       actionpack (= 7.2.2)
       activesupport (= 7.2.2)

diff --git a/Makefile b/Makefile
@@ -3,7 +3,6 @@ ifndef VERBOSE
 endif
 SERVICE_SHORT=rtt
 SERVICE_NAME=register
-TERRAFILE_VERSION=0.8
 
 help:
 	@echo "Environment setup targets:"
@@ -32,12 +31,6 @@ install-konduit: ## Install the konduit script, for accessing backend services
 		&& chmod +x bin/konduit.sh \
 		|| true
 
-install-terrafile: ## Install terrafile to manage terraform modules
-	[ ! -f bin/terrafile ] \
-		&& curl -sL https://github.com/coretech/terrafile/releases/download/v${TERRAFILE_VERSION}/terrafile_${TERRAFILE_VERSION}_$$(uname)_x86_64.tar.gz \
-		| tar xz -C ./bin terrafile \
-		|| true
-
 local: ## Configure local dev environment
 	$(eval DEPLOY_ENV=local)
 	$(eval AZ_SUBSCRIPTION=s121-findpostgraduateteachertraining-development)
@@ -96,8 +89,6 @@ sandbox:
 	$(eval DEPLOY_ENV=sandbox)
 	$(eval export TF_VARS=-var config_short=${CONFIG_SHORT} -var service_short=${SERVICE_SHORT} -var service_name=${SERVICE_NAME} -var azure_resource_prefix=${RESOURCE_NAME_PREFIX})
 
-
-
 set-azure-account:
 	echo "Logging on to ${AZ_SUBSCRIPTION}"
 	az account set -s ${AZ_SUBSCRIPTION}
@@ -128,14 +119,10 @@ install-fetch-config:
 		&& chmod +x bin/fetch_config.rb \
 		|| true
 
-read-deployment-config:
-	$(eval export POSTGRES_DATABASE_NAME=register-postgres-${paas_env})
-
 read-tf-config:
 	$(eval key_vault_name=$(shell jq -r '.key_vault_name' terraform/$(PLATFORM)/workspace-variables/$(DEPLOY_ENV).tfvars.json))
 	$(eval key_vault_app_secret_name=$(shell jq -r '.key_vault_app_secret_name' terraform/$(PLATFORM)/workspace-variables/$(DEPLOY_ENV).tfvars.json))
 	$(eval key_vault_infra_secret_name=$(shell jq -r '.key_vault_infra_secret_name' terraform/$(PLATFORM)/workspace-variables/$(DEPLOY_ENV).tfvars.json))
-	$(eval space=$(shell jq -r '.paas_space_name' terraform/$(PLATFORM)/workspace-variables/$(DEPLOY_ENV).tfvars.json))
 
 read-cluster-config:
 	$(eval CLUSTER=$(shell jq -r '.cluster' terraform/$(PLATFORM)/workspace-variables/$(DEPLOY_ENV).tfvars.json))
@@ -165,12 +152,13 @@ deploy: terraform-init
 destroy: terraform-init
 	terraform -chdir=terraform/$(PLATFORM) destroy -var-file=./workspace-variables/$(DEPLOY_ENV).tfvars.json -var-file=./workspace-variables/$(DEPLOY_ENV)_backend.tfvars ${TF_VARS} $(AUTO_APPROVE)
 
-terraform-init: install-terrafile
+terraform-init:
 	$(if $(IMAGE_TAG), , $(eval export IMAGE_TAG=main))
 	$(eval export TF_VAR_app_docker_image=ghcr.io/dfe-digital/register-trainee-teachers:$(IMAGE_TAG))
 
 	az account set -s $(AZ_SUBSCRIPTION) && az account show
-	[ "${RUN_TERRAFILE}" = "yes" ] && ./bin/terrafile -p terraform/$(PLATFORM)/vendor/modules -f terraform/$(PLATFORM)/workspace-variables/$(DEPLOY_ENV)_Terrafile || true
+	rm -rf terraform/$(PLATFORM)/vendor/modules/aks
+	git -c advice.detachedHead=false clone --depth=1 --single-branch --branch ${TERRAFORM_MODULES_TAG} https://github.com/DFE-Digital/terraform-modules.git terraform/$(PLATFORM)/vendor/modules/aks
 	terraform -chdir=terraform/$(PLATFORM) init -reconfigure -upgrade -backend-config=./workspace-variables/$(DEPLOY_ENV)_backend.tfvars $(backend_key)
 
 get-cluster-credentials: read-cluster-config set-azure-account ## make <config> get-cluster-credentials [ENVIRONMENT=<clusterX>]
@@ -197,84 +185,43 @@ worker-ssh: get-cluster-credentials
 	$(if $(APP_NAME), $(eval export APP_ID=$(APP_NAME)) , $(eval export APP_ID=$(CONFIG_LONG)))
 	kubectl -n ${NAMESPACE} exec -ti --tty deployment/register-${APP_ID}-worker -- /bin/sh
 
-get-image-tag:
-	$(eval export TAG=$(shell cf target -s ${space} 1> /dev/null && cf app register-${paas_env} | awk -F : '$$1 == "docker image" {print $$3}'))
-	@echo ${TAG}
-
-get-postgres-instance-guid: ## Gets the postgres service instance's guid make qa get-postgres-instance-guid
-	$(eval export DB_INSTANCE_GUID=$(shell cf target -s ${space} 1> /dev/null && cf service register-postgres-${paas_env} --guid))
-	@echo ${DB_INSTANCE_GUID}
-
-rename-postgres-service: ## make qa rename-postgres-service
-	cf target -s ${space} 1> /dev/null
-	cf rename-service register-postgres-${paas_env} register-postgres-${paas_env}-old
-
-remove-postgres-tf-state: terraform-init ## make qa remove-postgres-tf-state
-	terraform -chdir=terraform/$(PLATFORM) state rm module.paas.cloudfoundry_service_instance.postgres_instance
-
-set-restore-variables:
-	$(if $(IMAGE_TAG), , $(error can only run with an IMAGE_TAG))
-	$(if $(DB_INSTANCE_GUID), , $(error can only run with DB_INSTANCE_GUID, get it by running `make ${space} get-postgres-instance-guid`))
-	$(if $(SNAPSHOT_TIME), , $(error can only run with BEFORE_TIME, eg SNAPSHOT_TIME="2021-09-14 16:00:00"))
-	$(eval export TF_VAR_paas_docker_image=ghcr.io/dfe-digital/register-trainee-teachers:$(IMAGE_TAG))
-	$(eval export TF_VAR_paas_restore_from_db_guid=$(DB_INSTANCE_GUID))
-	$(eval export TF_VAR_paas_db_backup_before_point_in_time=$(SNAPSHOT_TIME))
-	echo "Restoring register-trainee-teachers from $(TF_VAR_paas_restore_from_db_guid) before $(TF_VAR_paas_db_backup_before_point_in_time)"
-
-restore-postgres: set-restore-variables deploy ##  make qa restore-postgres IMAGE_TAG=12345abcdef67890ghijklmnopqrstuvwxyz1234 DB_INSTANCE_GUID=abcdb262-79d1-xx1x-b1dc-0534fb9b4 SNAPSHOT_TIME="2021-11-16 15:20:00"
-
-restore-data-from-nightly-backup: read-deployment-config read-tf-config # make production restore-data-from-nightly-backup CONFIRM_PRODUCTION=YES CONFIRM_RESTORE=YES BACKUP_DATE="yyyy-mm-dd"
-	bin/download-nightly-backup REGISTER-BACKUP-STORAGE-CONNECTION-STRING ${key_vault_name} ${BACKUP_CONTAINER_NAME} register_${paas_env}_ ${BACKUP_DATE}
-	$(if $(CONFIRM_RESTORE), , $(error Restore can only run with CONFIRM_RESTORE))
-	bin/restore-nightly-backup ${space} ${POSTGRES_DATABASE_NAME} register_${paas_env}_ ${BACKUP_DATE}
-
-upload-review-backup: read-deployment-config read-tf-config # make review upload-review-backup BACKUP_DATE=2022-06-10 APP_NAME=1234
-	bin/upload-review-backup REGISTER-BACKUP-STORAGE-CONNECTION-STRING ${key_vault_name} ${BACKUP_CONTAINER_NAME} register_${paas_env}_${BACKUP_DATE}.tar.gz
-
-backup-review-database: read-deployment-config # make review backup-review-database APP_NAME=1234
-	bin/backup-review-database ${POSTGRES_DATABASE_NAME} ${paas_env}
-
-deploy-domain-resources: check-auto-approve domain-azure-resources # make register deploy-domain-resources AUTO_APPROVE=1
-
-check-auto-approve:
-	$(if $(AUTO_APPROVE), , $(error can only run with AUTO_APPROVE))
-
-register:
+domains:
 	$(eval include global_config/register-domain.sh)
 
-domains-infra-init: set-production-subscription set-azure-account
+domains-infra-init: domains set-azure-account
+	rm -rf terraform/custom_domains/infrastructure/vendor/modules/domains
+	git -c advice.detachedHead=false clone --depth=1 --single-branch --branch ${TERRAFORM_MODULES_TAG} https://github.com/DFE-Digital/terraform-modules.git terraform/custom_domains/infrastructure/vendor/modules/domains
+
 	terraform -chdir=terraform/custom_domains/infrastructure init -reconfigure -upgrade \
 		-backend-config=workspace_variables/${DOMAINS_ID}_backend.tfvars
 
-domains-infra-plan: domains-infra-init # make register domains-infra-plan
+domains-infra-plan: domains-infra-init # make domains-infra-plan
 	terraform -chdir=terraform/custom_domains/infrastructure plan -var-file workspace_variables/${DOMAINS_ID}.tfvars.json
 
-domains-infra-apply: domains-infra-init # make register domains-infra-apply
+domains-infra-apply: domains-infra-init # make domains-infra-apply
 	terraform -chdir=terraform/custom_domains/infrastructure apply -var-file workspace_variables/${DOMAINS_ID}.tfvars.json ${AUTO_APPROVE}
 
-domains-init: set-production-subscription set-azure-account
-	$(if $(PR_NUMBER), $(eval DEPLOY_ENV=${PR_NUMBER}))
+domains-init: domains set-azure-account
+	rm -rf terraform/custom_domains/environment_domains/vendor/modules/domains
+	git -c advice.detachedHead=false clone --depth=1 --single-branch --branch ${TERRAFORM_MODULES_TAG} https://github.com/DFE-Digital/terraform-modules.git terraform/custom_domains/environment_domains/vendor/modules/domains
+
 	terraform -chdir=terraform/custom_domains/environment_domains init -upgrade -reconfigure -backend-config=workspace_variables/${DOMAINS_ID}_${DEPLOY_ENV}_backend.tfvars
 
-domains-plan: domains-init  # make register qa domains-plan
+domains-plan: domains-init  # make qa domains-plan
 	terraform -chdir=terraform/custom_domains/environment_domains plan -var-file workspace_variables/${DOMAINS_ID}_${DEPLOY_ENV}.tfvars.json
 
-domains-apply: domains-init # make register qa domains-apply
+domains-apply: domains-init # make qa domains-apply
 	terraform -chdir=terraform/custom_domains/environment_domains apply -var-file workspace_variables/${DOMAINS_ID}_${DEPLOY_ENV}.tfvars.json ${AUTO_APPROVE}
 
-domains-destroy: domains-init # make register qa domains-destroy
+domains-destroy: domains-init # make qa domains-destroy
 	terraform -chdir=terraform/custom_domains/environment_domains destroy -var-file workspace_variables/${DOMAINS_ID}_${DEPLOY_ENV}.tfvars.json
 
-set-production-subscription:
-	$(eval AZ_SUBSCRIPTION=s189-teacher-services-cloud-production)
-
-domain-azure-resources: set-azure-account set-azure-template-tag set-azure-resource-group-tags #
-	$(if $(AUTO_APPROVE), , $(error can only run with AUTO_APPROVE))
+domain-azure-resources: domains set-azure-account set-azure-template-tag set-azure-resource-group-tags # make domain-azure-resources
 	az deployment sub create -l "UK South" --template-uri "https://raw.githubusercontent.com/DFE-Digital/tra-shared-services/${ARM_TEMPLATE_TAG}/azure/resourcedeploy.json" \
 		--name "${DNS_ZONE}domains-$(shell date +%Y%m%d%H%M%S)" --parameters "resourceGroupName=${RESOURCE_NAME_PREFIX}-${DNS_ZONE}domains-rg" 'tags=${RG_TAGS}' \
 			"tfStorageAccountName=${RESOURCE_NAME_PREFIX}${DNS_ZONE}domainstf" "tfStorageContainerName=${DNS_ZONE}domains-tf"  "keyVaultName=${RESOURCE_NAME_PREFIX}-${DNS_ZONE}domains-kv" ${WHAT_IF}
 
-validate-domain-resources: set-what-if domain-azure-resources # make register validate-domain-resources
+validate-domain-resources: set-what-if domain-azure-resources # make validate-domain-resources
 
 action-group-resources: set-azure-account # make env action-group-resources [email protected] . Must be run before setting enable_monitoring=true for each subscription
 	$(if $(ACTION_GROUP_EMAIL), , $(error Please specify a notification email for the action group))

diff --git a/README.md b/README.md
@@ -33,7 +33,6 @@ A service for training providers in England to register trainees with the Depart
 - [Alerting & Monitoring](/docs/alerting_and_monitoring.md)
 - [Transactional Emails](/docs/emails.md)
 - [Healthchecks](/docs/healthcheck_and_ping_endpoints.md)
-- [Maintenance Mode](/docs/maintenance-mode.md)
 - [Disaster Recovery Plan](/docs/disaster-recovery.md)
 - [ADRs](/docs/adr/index.md)
 - [Support Playbook](/docs/support_playbook.md)

diff --git a/app/components/performance_profile_banner/view.html.erb b/app/components/performance_profile_banner/view.html.erb
@@ -0,0 +1,5 @@
+<%= govuk_notification_banner(title_text: "Important") do |banner| %>
+  <% banner.with_heading(text: banner_heading_text) %>
+
+  <%= govuk_link_to("Sign off your performance profile", "#")%> by the <%= deadline_date %> deadline.
+<% end %>