DP-187 Provision Orchestrator's core componenets

- Update Github workflow (locked to the feature branch for now)
cabinetoffice · Jul 13, 2024 · f2db62d · f2db62d
1 parent e042c24
commit f2db62d
Show file tree

Hide file tree

Showing 28 changed files with 502 additions and 19 deletions.
diff --git a/.github/workflows/main-build-test-deploy.yaml b/.github/workflows/main-build-test-deploy.yaml
@@ -0,0 +1,143 @@
+name: CI/CD Pipeline
+
+on:
+  push:
+    branches: [DP-187]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup .NET
+        uses: actions/setup-dotnet@v4
+        with:
+          dotnet-version: '8.0.x'
+
+      - name: Build .NET Project
+        run: |
+          dotnet tool restore
+          dotnet restore
+          dotnet build
+
+      - name: Build Docker Images
+        run: make build-docker
+
+      - name: Save Docker Images
+        run: |
+          docker save -o cdp-images.tar cabinetoffice/cdp-organisation-information-migrations:latest cabinetoffice/cdp-data-sharing:latest cabinetoffice/cdp-entity-verification:latest cabinetoffice/cdp-forms:latest cabinetoffice/cdp-organisation-app:latest cabinetoffice/cdp-organisation:latest cabinetoffice/cdp-person:latest cabinetoffice/cdp-tenant:latest cabinetoffice/cdp-authority:latest
+
+      - name: Upload Docker Images as Artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: docker-images
+          path: cdp-images.tar
+
+  test:
+    runs-on: ubuntu-latest
+    needs: build
+    env:
+      CDP_ORGANISATION_APP_PORT: 8888
+      CDP_TENANT_PORT: 8811
+      CDP_ORGANISATION_PORT: 8822
+      CDP_PERSON_PORT: 8833
+      CDP_FORMS_PORT: 8844
+      CDP_DATA_SHARING_PORT: 8855
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup .NET
+        uses: actions/setup-dotnet@v4
+        with:
+          dotnet-version: '8.0.x'
+
+      - name: Download Docker Images
+        uses: actions/download-artifact@v4
+        with:
+          name: docker-images
+
+      - name: Load Docker Images
+        run: docker load -i cdp-images.tar
+
+      - name: Start services
+        run: make up
+
+      - name: Run Tests
+        run: |
+          dotnet test --logger trx --results-directory TestResults
+
+      - name: Stop services
+        run: make down
+
+  deploy:
+    runs-on: ubuntu-latest
+    needs: test
+    if: github.ref == 'refs/heads/DP-187' && github.repository_owner == 'cabinetoffice'
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Download Docker Images
+        uses: actions/download-artifact@v4
+        with:
+          name: docker-images
+
+      - name: Load Docker Images
+        run: docker load -i cdp-images.tar
+
+      - name: Set up AWS CLI
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: eu-west-2
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v2
+
+      - name: Generate Image Version
+        id: image_version
+        run: |
+          IMAGE_VERSION=$(date +%Y%m%d)-$(git rev-parse --short HEAD)
+          echo "IMAGE_VERSION=$IMAGE_VERSION" >> $GITHUB_ENV
+
+      - name: Tag and Push Docker Images
+        run: |
+          for image in cabinetoffice/cdp-organisation-information-migrations cabinetoffice/cdp-data-sharing cabinetoffice/cdp-entity-verification cabinetoffice/cdp-forms cabinetoffice/cdp-organisation-app cabinetoffice/cdp-organisation cabinetoffice/cdp-person cabinetoffice/cdp-tenant cabinetoffice/cdp-authority; do
+            CLEAN_IMAGE_NAME=$(echo $image | sed 's/^cabinetoffice\///')
+            docker tag $image:latest ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.eu-west-2.amazonaws.com/$CLEAN_IMAGE_NAME:${{ env.IMAGE_VERSION }}
+            docker push ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.eu-west-2.amazonaws.com/$CLEAN_IMAGE_NAME:${{ env.IMAGE_VERSION }}
+          done
+
+      - name: Create Git Tag
+        run: |
+          git config --global user.name "github-actions"
+          git config --global user.email "[email protected]"
+          git tag ${{ env.IMAGE_VERSION }}
+          git push origin ${{ env.IMAGE_VERSION }}
+
+      - name: Store Version in SSM Parameter Store
+        run: |
+          aws ssm put-parameter --name "cdp-sirsi-service-version" --value "${{ env.IMAGE_VERSION }}" --type String --overwrite
+
+  document:
+    runs-on: ubuntu-latest
+    name: Publish documentation
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Build
+        run: cd docs && make build
+      - name: Publish
+        if: github.ref == 'refs/heads/DP-187' && github.repository_owner == 'cabinetoffice'
+        run: cd docs && make publish-docs-during-cd
+      - name: Upload Documentation
+        uses: actions/upload-artifact@v4
+        with:
+          name: Documentation
+          path: docs/build/*
diff --git a/.github/workflows/build.yml → .github/workflows/main-pr-check.yml b/.github/workflows/build.yml → .github/workflows/main-pr-check.yml
@@ -1,9 +1,8 @@
 name: Build
 
 on:
-  push:
-    branches: [main]
   pull_request:
+    branches: [DP-187]
 
 jobs:
   test:
@@ -61,20 +60,12 @@ jobs:
       - name: Stop services
         run: make down
 
-  docs:
+  document:
     runs-on: ubuntu-latest
-    name: Build documentation
+    name: Publish documentation
     steps:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - name: Build
         run: cd docs && make build
-      - name: Publish
-        if: github.ref == 'refs/heads/main' && github.repository_owner == 'cabinetoffice'
-        run: cd docs && make publish
-      - name: Upload Documentation
-        uses: actions/upload-artifact@v4
-        with:
-          name: Documentation
-          path: docs/build/*
diff --git a/docs/Makefile b/docs/Makefile
@@ -15,6 +15,14 @@ publish: build/cdp.html
 	git add index.html && git commit -m 'Update the documentation' && git push origin gh-pages
 .PHONY: publish
 
+publish-docs-during-cd: build/cdp.html
+	git config --global user.name 'github-actions'
+	git config --global user.email '[email protected]'
+	git checkout gh-pages
+	cp build/cdp.html index.html
+	git add index.html && git commit -m 'Update the documentation' && git push origin gh-pages
+.PHONY: publish-docs-during-cd
+
 build-docker:
 	docker build -t cabinetoffice/asciidoctor .
 .PHONY: build-docker
diff --git a/terragrunt/components/common/networking/terragrunt.hcl b/terragrunt/components/common/networking/terragrunt.hcl
@@ -1,5 +1,5 @@
 terraform {
-  source = "../../../modules//networking"
+  source = local.global_vars.locals.environment != "orchestrator" ? "../../../modules//networking" : null
 }
 
 include {

diff --git a/terragrunt/components/core/networking/terragrunt.hcl b/terragrunt/components/core/networking/terragrunt.hcl
@@ -1,5 +1,5 @@
 terraform {
-  source = "../../../modules//core-networking"
+  source = local.global_vars.locals.environment != "orchestrator" ? "../../../modules//core-networking" : null
 }
 
 include {

diff --git a/terragrunt/components/core/security-groups/terragrunt.hcl b/terragrunt/components/core/security-groups/terragrunt.hcl
@@ -1,5 +1,5 @@
 terraform {
-  source = "../../../modules//core-security-groups"
+  source = local.global_vars.locals.environment != "orchestrator" ? "../../../modules//core-security-groups" : null
 }
 
 include {

diff --git a/terragrunt/components/orchestrator/ecr/terragrunt.hcl b/terragrunt/components/orchestrator/ecr/terragrunt.hcl
@@ -0,0 +1,31 @@
+terraform {
+  source = local.global_vars.locals.environment == "orchestrator" ? "../../../modules//orchestrator/ecr" : null
+}
+
+include {
+  path = find_in_parent_folders()
+}
+
+locals {
+
+  global_vars = read_terragrunt_config(find_in_parent_folders("terragrunt.hcl"))
+  core_vars   = read_terragrunt_config(find_in_parent_folders("orchestrator.hcl"))
+
+  tags = merge(
+    local.global_vars.inputs.tags,
+    local.core_vars.inputs.tags,
+    {
+      component = "orchestrator-ecr"
+    }
+  )
+
+  account_ids = {
+    for name, env in local.global_vars.locals.environments : name => env.account_id
+  }
+}
+
+inputs = {
+  account_ids     = local.account_ids
+  service_configs = local.global_vars.locals.service_configs
+  tags            = local.tags
+}
diff --git a/terragrunt/components/orchestrator/iam/terragrunt.hcl b/terragrunt/components/orchestrator/iam/terragrunt.hcl
@@ -0,0 +1,26 @@
+terraform {
+  source = local.global_vars.locals.environment == "orchestrator" ? "../../../modules//orchestrator/iam" : null
+}
+
+include {
+  path = find_in_parent_folders()
+}
+
+locals {
+
+  global_vars = read_terragrunt_config(find_in_parent_folders("terragrunt.hcl"))
+  core_vars   = read_terragrunt_config(find_in_parent_folders("orchestrator.hcl"))
+
+  tags = merge(
+    local.global_vars.inputs.tags,
+    local.core_vars.inputs.tags,
+    {
+      component = "orchestrator-iam"
+    }
+  )
+}
+
+inputs = {
+  tags                = local.tags
+  terraform_operators = local.global_vars.locals.terraform_operators
+}
diff --git a/terragrunt/components/orchestrator/orchestrator.hcl b/terragrunt/components/orchestrator/orchestrator.hcl
@@ -0,0 +1,9 @@
+locals {
+  tags = {
+    component_root = "orchestrator"
+  }
+}
+
+inputs = {
+  tags = local.tags
+}
diff --git a/terragrunt/components/service/api-gateway/terragrunt.hcl b/terragrunt/components/service/api-gateway/terragrunt.hcl
@@ -1,5 +1,5 @@
 terraform {
-  source = "../../../modules//api-gateway"
+  source = local.global_vars.locals.environment != "orchestrator" ? "../../../modules//api-gateway" : null
 }
 
 include {

diff --git a/terragrunt/components/service/database/terragrunt.hcl b/terragrunt/components/service/database/terragrunt.hcl
@@ -1,5 +1,5 @@
 terraform {
-  source = "../../../modules//database"
+  source = local.global_vars.locals.environment != "orchestrator" ? "../../../modules//database" : null
 }
 
 include {

diff --git a/terragrunt/components/service/ecs/terragrunt.hcl b/terragrunt/components/service/ecs/terragrunt.hcl
@@ -1,5 +1,5 @@
 terraform {
-  source = "../../../modules//ecs"
+  source = local.global_vars.locals.environment != "orchestrator" ? "../../../modules//ecs" : null
 }
 
 include {

diff --git a/terragrunt/components/service/telemetry/terragrunt.hcl b/terragrunt/components/service/telemetry/terragrunt.hcl
@@ -1,5 +1,5 @@
 terraform {
-  source = "../../../modules//telemetry"
+  source = local.global_vars.locals.environment != "orchestrator" ? "../../../modules//telemetry" : null
 }
 
 include {

diff --git a/terragrunt/components/terragrunt.hcl b/terragrunt/components/terragrunt.hcl
@@ -2,14 +2,33 @@ locals {
 
     cidr_b_development = 3
     cidr_b_integration = 4
+    cidr_b_orchestrator = 5
     cidr_b_production = 1
     cidr_b_staging = 2
 
     environment = get_env("TG_ENVIRONMENT", "development")
 
     environments = {
+        orchestrator = {
+            cidr_block             = "10.${local.cidr_b_orchestrator}.0.0/16"
+            account_id             = 891377225335
+            name                   = "orchestrator"
+            postgres_instance_type = "db.t4g.micro"
+            private_subnets        = [
+                "10.${local.cidr_b_orchestrator}.101.0/24",
+                "10.${local.cidr_b_orchestrator}.102.0/24",
+                "10.${local.cidr_b_orchestrator}.103.0/24"
+            ]
+            public_subnets = [
+                "10.${local.cidr_b_orchestrator}.1.0/24",
+                "10.${local.cidr_b_orchestrator}.2.0/24",
+                "10.${local.cidr_b_orchestrator}.3.0/24"
+            ]
+            top_level_domain = "findatender.codatt.net"
+        }
         development = {
             cidr_block             = "10.${local.cidr_b_development}.0.0/16"
+            account_id             = 471112892058
             name                   = "dev"
             postgres_instance_type = "db.t4g.micro"
             private_subnets        = [
@@ -26,6 +45,7 @@ locals {
         }
         staging = {
             cidr_block             = "10.${local.cidr_b_staging}.0.0/16"
+            account_id             = 905418042182
             name                   = "staging"
             postgres_instance_type = "db.t4g.micro"
             private_subnets        = [
@@ -42,6 +62,7 @@ locals {
         }
         integration = {
             cidr_block             = "10.${local.cidr_b_integration}.0.0/16"
+            account_id             = 767397666448
             name                   = "integration"
             postgres_instance_type = "db.t4g.micro"
             private_subnets        = [
@@ -58,6 +79,7 @@ locals {
         }
         production = {
             cidr_block             = "10.${local.cidr_b_production}.0.0/16"
+            account_id             = 471112843276
             name                   = "production"
             postgres_instance_type = "db.t4g.micro"
             private_subnets        = [

diff --git a/terragrunt/modules/core-iam/ci-datasource.tf b/terragrunt/modules/core-iam/ci-datasource.tf
@@ -1,3 +1,6 @@
+# Note!
+# Resources in this file are shared with orchestrator/iam module
+
 data "aws_iam_policy_document" "terraform_assume" {
   statement {
     actions = ["sts:AssumeRole"]

diff --git a/terragrunt/modules/core-iam/ci.tf b/terragrunt/modules/core-iam/ci.tf
@@ -1,3 +1,6 @@
+# Note!
+# Resources in this file are shared with orchestrator/iam module
+
 resource "aws_iam_role" "terraform" {
   assume_role_policy = data.aws_iam_policy_document.terraform_assume.json
   name               = "${local.name_prefix}-${var.environment}-terraform"