FS-4570 deployment fixes (#6)

* FS-4570: deployment fixes

* FS-4570: deployment fixes

* FS-4570: deployment fixes

* FS-4570: deployment fixes

* FS-4570: deployment fixes

.github/workflows/copilot_deploy.yml

@@ -43,7 +43,7 @@ on:
 
 env:
   DOCKER_REGISTRY: ghcr.io
-  IMAGE_NAME: "funding-service-design-form-runner"
+  IMAGE_NAME: "funding-service-design-adapter-form-runner"
   IMAGE_REPO_PATH: "ghcr.io/${{github.repository_owner}}"
 
 jobs:
@@ -97,7 +97,7 @@ jobs:
           tags: ${{ steps.metadata.outputs.tags}}
           labels: ${{ steps.metadata.outputs.labels }}
           push: true
-          file: ./fsd_config/Dockerfile
+          file: ./runner/Dockerfile
           build-args: |
             LAST_TAG='${{env.VERSION}}'
             LAST_COMMIT='${{ github.sha }}'
@@ -114,7 +114,7 @@ jobs:
       AWS_ACCOUNT: ${{ secrets.AWS_ACCOUNT }}
     with:
       environment: dev
-      app_name: "form-runner"
+      app_name: "form-runner-adapter"
       version: sha-${{ github.sha }}
 
   post_dev_deploy_tests:
@@ -145,7 +145,7 @@ jobs:
       AWS_ACCOUNT: ${{ secrets.AWS_ACCOUNT }}
     with:
       environment: "test"
-      app_name: "form-runner"
+      app_name: "form-runner-adapter"
       version: sha-${{ github.sha }}
 
   post_test_deploy_tests:
@@ -185,7 +185,7 @@ jobs:
       AWS_ACCOUNT: ${{ secrets.AWS_ACCOUNT }}
     with:
       environment: "uat"
-      app_name: "form-runner"
+      app_name: "form-runner-adapter"
       version: sha-${{ github.sha }}
 
   post_uat_deploy_tests:
@@ -234,5 +234,5 @@ jobs:
       AWS_ACCOUNT: ${{ secrets.AWS_ACCOUNT }}
     with:
       environment: "prod"
-      app_name: "form-runner"
+      app_name: "form-runner-adapter"
       version: sha-${{ github.sha }}

.gitmodules

@@ -1,3 +1,3 @@
 [submodule "digital-form-builder"]
 	path = digital-form-builder
-	url = git@github.com:XGovFormBuilder/digital-form-builder.git
+	url = https://github.com/XGovFormBuilder/digital-form-builder.git

copilot/.workspace

@@ -0,0 +1 @@
+application: pre-award

copilot/fsd-form-runner/addons/form-runner-data.yml

@@ -0,0 +1,120 @@
+Parameters:
+  App:
+    Type: String
+    Description: Your application's name.
+  Env:
+    Type: String
+    Description: The environment name your service, job, or workflow is being deployed to.
+  Name:
+    Type: String
+    Description: The name of the service, job, or workflow being deployed.
+
+Resources:
+  # Subnet group to control where the Redis gets placed
+  FormRunnerRedisSubnetGroup:
+    Type: AWS::ElastiCache::SubnetGroup
+    Properties:
+      Description: Group of subnets to place Redis into
+      SubnetIds:
+        !Split [",", { "Fn::ImportValue": !Sub "${App}-${Env}-PrivateSubnets" }]
+
+  # Security group to add the Redis cluster to the VPC,
+  # and to allow the Fargate containers to talk to Redis on port 6379
+  FormRunnerRedisSecurityGroup:
+    Type: AWS::EC2::SecurityGroup
+    Properties:
+      GroupDescription: "Redis Security Group"
+      VpcId:
+        Fn::ImportValue: !Sub "${App}-${Env}-VpcId"
+
+  # Enable ingress from other ECS services created within the environment.
+  FormRunnerRedisIngress:
+    Type: AWS::EC2::SecurityGroupIngress
+    Properties:
+      Description: Ingress from Fargate containers
+      GroupId: !Ref "FormRunnerRedisSecurityGroup"
+      IpProtocol: tcp
+      FromPort: 6379
+      ToPort: 6379
+      SourceSecurityGroupId:
+        Fn::ImportValue: !Sub "${App}-${Env}-EnvironmentSecurityGroup"
+
+  # Secret Storage of access credentials
+  FormRunnerRedisSecret:
+    Metadata:
+      "aws:copilot:description": "A Secrets Manager secret to store your DB credentials"
+    Type: AWS::SecretsManager::Secret
+    Properties:
+      Description: !Sub "Redis main user secret for ${AWS::StackName}"
+      GenerateSecretString:
+        SecretStringTemplate: '{"username": "redis"}'
+        GenerateStringKey: "password"
+        ExcludePunctuation: true
+        IncludeSpace: false
+        PasswordLength: 16
+
+  # Creation of the cluster itself
+  FormRunnerRedisReplicationGroup:
+    Type: AWS::ElastiCache::ReplicationGroup
+    Properties:
+      ReplicationGroupDescription: !Sub "${Env} Funding Service Form Runner"
+      AutomaticFailoverEnabled: true
+      AtRestEncryptionEnabled: true
+      TransitEncryptionEnabled: true
+      AutoMinorVersionUpgrade: true
+      MultiAZEnabled: true
+      CacheNodeType: cache.t3.micro
+      CacheSubnetGroupName: !Ref "FormRunnerRedisSubnetGroup"
+      SecurityGroupIds:
+        - !GetAtt "FormRunnerRedisSecurityGroup.GroupId"
+      Engine: redis
+      NumCacheClusters: 2
+
+  # Redis endpoint stored in SSM so that other services can retrieve the endpoint.
+  FormRunnerRedisEndpointAddressParam:
+    Type: AWS::SSM::Parameter
+    Properties:
+      Name: !Sub "/${App}/${Env}/${Name}/redis" # Other services can retrieve the endpoint from this path.
+      Type: String
+      Value: !GetAtt "FormRunnerRedisReplicationGroup.PrimaryEndPoint.Address"
+
+  FormRunnerFormUploadsBucketAccessPolicy:
+    Type: AWS::IAM::ManagedPolicy
+    Properties:
+      PolicyDocument:
+        Version: "2012-10-17"
+        Statement:
+          - Sid: S3FormUploadBucketActions
+            Effect: Allow
+            Action:
+              - s3:Get*
+              - s3:List*
+              - s3:Describe*
+              - s3:PutObject
+              - s3:PutObjectACL
+              - s3:DeleteObject
+              - s3:ReplicateObject
+            Resource:
+              - Fn::ImportValue: !Sub ${App}-${Env}-FormUploadsBucketARN
+              - !Sub
+                - "${FullBucketARN}/*"
+                - FullBucketARN:
+                    Fn::ImportValue: !Sub "${App}-${Env}-FormUploadsBucketARN"
+
+Outputs:
+  FormRunnerRedisEndpoint:
+    Description: The endpoint of the redis cluster
+    Value: !GetAtt "FormRunnerRedisReplicationGroup.PrimaryEndPoint.Address"
+    Export:
+      Name: !Sub ${App}-${Env}-FormRunnerRedisEndpoint
+  FormRunnerRedisInstanceURI:
+    Description: "The URI of the redis cluster."
+    Value: !Sub
+      - "rediss://${HOSTNAME}:${PORT}"
+      - HOSTNAME: !GetAtt "FormRunnerRedisReplicationGroup.PrimaryEndPoint.Address"
+        PORT: !GetAtt "FormRunnerRedisReplicationGroup.PrimaryEndPoint.Port"
+    Export:
+      Name: !Sub ${App}-${Env}-FormRunnerRedisInstanceURI
+  FormRunnerFormUploadsBucketAccessPolicyArn:
+    Description: "The ARN of the ManagedPolicy to attach to the task role."
+    Value: !Ref FormRunnerFormUploadsBucketAccessPolicy

copilot/fsd-form-runner/manifest.yml

@@ -0,0 +1,127 @@
+# The manifest for the "form-runner" service.
+# Read the full specification for the "Load Balanced Web Service" type at:
+#  https://aws.github.io/copilot-cli/docs/manifest/lb-web-service/
+name: "fsd-form-runner"
+type: "Load Balanced Web Service"
+
+# Distribute traffic to your service.
+http:
+  # Requests to this path will be forwarded to your service.
+  # To match all requests you can use the "/" path.
+  path: "/"
+  # You can specify a custom health check path. The default is "/".
+  healthcheck: "/health-check"
+  alias: forms.${COPILOT_ENVIRONMENT_NAME}.access-funding.test.levellingup.gov.uk
+
+# Configuration for your containers and service.
+image:
+  # Docker build arguments. For additional overrides: https://aws.github.io/copilot-cli/docs/manifest/lb-web-service/#image-build
+  location: ghcr.io/communitiesuk/runner:latest
+  # Port exposed through your container to route traffic to it.
+  port: 3009
+
+# Valid values: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-cpu-memory-error.html
+# Number of CPU units for the task.
+cpu: 1024
+# Amount of memory in MiB used by the task.
+memory: 2048
+
+# See https://aws.github.io/copilot-cli/docs/manifest/lb-web-service/#platform
+platform: linux/x86_64
+
+# Number of tasks that should be running in your service.
+count: 1
+
+# Enable running commands in your container.
+exec: true
+
+network:
+  connect: true # Enable Service Connect for intra-environment traffic between services.
+
+  # Override the network configuration with the public/private/data subnets built using terraform
+  # notification should be private (internal)
+  # vpc:
+  #   placement:
+  #     subnets: ["subnet-04851bdddcd8f5bbc", "subnet-0178ac1212c96b6c4"]
+
+# storage:
+# readonly_fs: true       # Limit to read-only access to mounted root filesystems.
+
+# Optional fields for more advanced use-cases.
+#
+# Pass environment variables as key value pairs.
+variables:
+  ACCESSIBILITY_STATEMENT_URL: "https://frontend.${COPILOT_ENVIRONMENT_NAME}.access-funding.test.levellingup.gov.uk/accessibility_statement"
+  AWS_BUCKET_NAME:
+    from_cfn: ${COPILOT_APPLICATION_NAME}-${COPILOT_ENVIRONMENT_NAME}-FormUploadsBucket
+  BASIC_AUTH_ON: false
+  CONTACT_US_URL: "https://frontend.${COPILOT_ENVIRONMENT_NAME}.access-funding.test.levellingup.gov.uk/contact_us"
+  COOKIE_POLICY_URL: "https://frontend.${COPILOT_ENVIRONMENT_NAME}.access-funding.test.levellingup.gov.uk/cookie_policy"
+  FEEDBACK_LINK: "https://frontend.${COPILOT_ENVIRONMENT_NAME}.access-funding.test.levellingup.gov.uk/feedback"
+  JWT_REDIRECT_TO_AUTHENTICATION_URL: "https://authenticator.${COPILOT_ENVIRONMENT_NAME}.access-funding.test.levellingup.gov.uk/sessions/sign-out"
+  LOGOUT_URL: "https://authenticator.${COPILOT_ENVIRONMENT_NAME}.access-funding.test.levellingup.gov.uk/sessions/sign-out"
+  MULTIFUND_URL: "https://frontend.${COPILOT_ENVIRONMENT_NAME}.access-funding.test.levellingup.gov.uk/account"
+  NODE_CONFIG: '{"safelist": ["fsd-application-store"]}'
+  NODE_ENV: production
+  PRIVACY_POLICY_URL: "https://frontend.${COPILOT_ENVIRONMENT_NAME}.access-funding.test.levellingup.gov.uk/privacy"
+  SERVICE_START_PAGE: "https://frontend.${COPILOT_ENVIRONMENT_NAME}.access-funding.test.levellingup.gov.uk/account"
+  SINGLE_REDIS: true
+  JWT_AUTH_COOKIE_NAME: "fsd_user_token"
+  ELIGIBILITY_RESULT_URL: "https://frontend.${COPILOT_ENVIRONMENT_NAME}.access-funding.test.levellingup.gov.uk/eligibility-result"
+
+secrets:
+  RSA256_PUBLIC_KEY_BASE64: /copilot/${COPILOT_APPLICATION_NAME}/${COPILOT_ENVIRONMENT_NAME}/secrets/RSA256_PUBLIC_KEY_BASE64
+  SESSION_COOKIE_PASSWORD: /copilot/${COPILOT_APPLICATION_NAME}/${COPILOT_ENVIRONMENT_NAME}/secrets/SESSION_COOKIE_PASSWORD
+
+# You can override any of the values defined above by environment.
+environments:
+  dev:
+    count:
+      spot: 1
+  test:
+    deployment:
+      rolling: "recreate"
+    count:
+      spot: 2
+  uat:
+    count:
+      range: 2-4
+      cooldown:
+        in: 60s
+        out: 30s
+      cpu_percentage:
+        value: 70
+      memory_percentage:
+        value: 80
+      requests: 30
+      response_time: 2s
+  prod:
+    http:
+      alias:
+        [
+          "forms.prod.access-funding.levellingup.gov.uk",
+          "forms.access-funding.levellingup.gov.uk",
+        ]
+      hosted_zone: Z0686469NF3ZJTU9I02M
+    variables:
+      ACCESSIBILITY_STATEMENT_URL: "https://frontend.access-funding.levellingup.gov.uk/accessibility_statement"
+      BASIC_AUTH_ON: false
+      CONTACT_US_URL: "https://frontend.access-funding.levellingup.gov.uk/contact_us"
+      COOKIE_POLICY_URL: "https://frontend.access-funding.levellingup.gov.uk/cookie_policy"
+      FEEDBACK_LINK: "https://frontend.access-funding.levellingup.gov.uk/feedback"
+      JWT_REDIRECT_TO_AUTHENTICATION_URL: "https://authenticator.access-funding.levellingup.gov.uk/sessions/sign-out"
+      LOGOUT_URL: "https://authenticator.access-funding.levellingup.gov.uk/sessions/sign-out"
+      MULTIFUND_URL: "https://frontend.access-funding.levellingup.gov.uk/account"
+      PRIVACY_POLICY_URL: "https://frontend.access-funding.levellingup.gov.uk/privacy"
+      SERVICE_START_PAGE: "https://frontend.access-funding.levellingup.gov.uk/account"
+      ELIGIBILITY_RESULT_URL: "https://frontend.access-funding.levellingup.gov.uk/eligibility-result"
+    count:
+      range: 2-4
+      cooldown:
+        in: 60s
+        out: 30s
+      cpu_percentage:
+        value: 70
+      memory_percentage:
+        value: 80
+      requests: 30