From f9c77790a04f021c728077aa01cf6d43f0244b1c Mon Sep 17 00:00:00 2001 From: Seun Ogunbiyi <91503321+Tiny49@users.noreply.github.com> Date: Thu, 18 Jul 2024 11:16:42 +0100 Subject: [PATCH] FS-4528: Build and Deploy to AWS Environments. (#7) * Added new services and the code * edited the manifest file * edited * edited the files * edited the flag * fix unit tests * default db url * added the latest image --------- Co-authored-by: Sarah Sloan --- .github/PULL_REQUEST_TEMPLATE.md | 16 ++ .github/dependabot.yml | 16 ++ .github/workflows/codeql-analysis.yml | 75 +++++++ .github/workflows/copilot_deploy.yml | 161 +++++++++++++++ config/envs/unit_test.py | 5 +- copilot/.workspace | 1 + .../addons/fsd-self-serve-cluster.yml | 183 ++++++++++++++++++ copilot/fsd-self-serve/manifest.yml | 109 +++++++++++ 8 files changed, 565 insertions(+), 1 deletion(-) create mode 100644 .github/PULL_REQUEST_TEMPLATE.md create mode 100644 .github/dependabot.yml create mode 100644 .github/workflows/codeql-analysis.yml create mode 100644 .github/workflows/copilot_deploy.yml create mode 100644 copilot/.workspace create mode 100644 copilot/fsd-self-serve/addons/fsd-self-serve-cluster.yml create mode 100644 copilot/fsd-self-serve/manifest.yml diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..960d2fa --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,16 @@ +_Add ticket reference to Pull Request title: e.g. 'FS-123: Add content', if there is no ticket prefix with BAU_ + + +### Change description +_A brief description of the pull request_ + +- [ ] Unit tests and other appropriate tests added or updated +- [ ] README and other documentation has been updated / added (if needed) +- [ ] Commit messages are meaningful and follow good commit message guidelines (e.g. "FS-XXXX: Add margin to nav items preventing overlapping of logo") + + +### How to test +_If manual testing is needed, give suggested testing steps_ + + +### Screenshots of UI changes (if applicable) diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..759ba39 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,16 @@ +version: 2 +updates: + - package-ecosystem: "pip" + directory: "/" + schedule: + interval: "weekly" + pull-request-branch-name: + separator: "-" + rebase-strategy: "auto" + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + pull-request-branch-name: + separator: "-" + rebase-strategy: "auto" diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml new file mode 100644 index 0000000..911728b --- /dev/null +++ b/.github/workflows/codeql-analysis.yml @@ -0,0 +1,75 @@ +# For most projects, this workflow file will not need changing; you simply need +# to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +# +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# +name: "CodeQL" + +on: + push: + paths-ignore: + - "**/README.md" + branches: [ main ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ main ] + paths-ignore: + - "**/README.md" + + schedule: + - cron: '44 9 * * 2' + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: [ 'python' ] + # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] + # Learn more about CodeQL language support at https://git.io/codeql-language-support + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + # queries: ./path/to/local/query, your-org/your-repo/queries@main + + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@v3 + + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 https://git.io/JvXDl + + # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines + # and modify them (or add more) to build your code if your project + # uses a compiled language + + #- run: | + # make bootstrap + # make release + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 diff --git a/.github/workflows/copilot_deploy.yml b/.github/workflows/copilot_deploy.yml new file mode 100644 index 0000000..769f6e5 --- /dev/null +++ b/.github/workflows/copilot_deploy.yml @@ -0,0 +1,161 @@ +name: Deploy to AWS +run-name: AWS Deploy ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.environment || (github.ref == 'refs/heads/main' && 'Dev-Test-UAT-Prod' || 'Dev') }} + +on: + workflow_dispatch: + inputs: + environment: + description: Which AWS Account to use + type: choice + required: true + options: + - dev + - test + - uat + - prod + run_performance_tests: + required: false + default: false + type: boolean + description: Run performance tests + run_e2e_tests_assessment: + required: false + default: false + type: boolean + description: Run e2e tests (assessment) + run_e2e_tests_application: + required: false + default: true + type: boolean + description: Run e2e tests (application) + push: + # Ignore README markdown and the docs folder + # Only automatically deploy when something in the app or tests folder has changed + paths: + - '!**/README.md' + - '!docs/**' + - 'app/**' + - 'config/**' + - 'tests/**' + - 'requirements-dev.in' + - 'requirements-dev.txt' + - 'requirements.in' + - 'requirements.txt' + - '.github/workflows/copilot_deploy.yml' + +jobs: + setup: + uses: communitiesuk/funding-service-design-workflows/.github/workflows/determine-jobs.yml@main + with: + environment: ${{ inputs.environment }} + + pre_deploy_tests: + uses: communitiesuk/funding-service-design-workflows/.github/workflows/pre-deploy.yml@main + with: + postgres_unit_testing: true + db_name: fab_unit_test + + paketo_build: + needs: [ setup ] + permissions: + packages: write + uses: communitiesuk/funding-service-design-workflows/.github/workflows/package.yml@main + with: + version_to_build: sha-${{ github.sha }} + owner: ${{ github.repository_owner }} + application: funding-service-design-self-serve + assets_required: false + + dev_deploy: + needs: [ pre_deploy_tests, paketo_build, setup ] + if: ${{ contains(fromJSON(needs.setup.outputs.jobs_to_run), 'dev') }} + uses: communitiesuk/funding-service-design-workflows/.github/workflows/standard-deploy.yml@main + secrets: + AWS_ACCOUNT: ${{ secrets.AWS_ACCOUNT }} + with: + environment: dev + app_name: self-serve + version: sha-${{ github.sha }} + + post_dev_deploy_tests: + needs: dev_deploy + concurrency: + group: 'fsd-preaward-dev' + cancel-in-progress: false + secrets: + FSD_GH_APP_ID: ${{ secrets.FSD_GH_APP_ID }} + FSD_GH_APP_KEY: ${{ secrets.FSD_GH_APP_KEY }} + uses: communitiesuk/funding-service-design-workflows/.github/workflows/post-deploy.yml@main + with: + run_performance_tests: ${{ inputs.run_performance_tests || true }} + run_e2e_tests_assessment: ${{ inputs.run_e2e_tests_assessment || false }} + run_e2e_tests_application: ${{ inputs.run_e2e_tests_application || false }} + app_name: self-serve + environment: dev + + test_deploy: + needs: [ dev_deploy, post_dev_deploy_tests, paketo_build, setup ] + if: ${{ always() && contains(fromJSON(needs.setup.outputs.jobs_to_run), 'test') && (! contains(needs.*.result, 'failure') ) && (! contains(needs.*.result, 'cancelled') )}} + uses: communitiesuk/funding-service-design-workflows/.github/workflows/standard-deploy.yml@main + secrets: + AWS_ACCOUNT: ${{ secrets.AWS_ACCOUNT }} + with: + environment: test + app_name: self-serve + version: sha-${{ github.sha }} + + post_test_deploy_tests: + needs: test_deploy + if: ${{ always() && contains(fromJSON(needs.setup.outputs.jobs_to_run), 'test') && (! contains(needs.*.result, 'failure') ) && (! contains(needs.*.result, 'cancelled') )}} + concurrency: + group: 'fsd-preaward-test' + cancel-in-progress: false + secrets: + FSD_GH_APP_ID: ${{ secrets.FSD_GH_APP_ID }} + FSD_GH_APP_KEY: ${{ secrets.FSD_GH_APP_KEY }} + uses: communitiesuk/funding-service-design-workflows/.github/workflows/post-deploy.yml@main + with: + run_performance_tests: ${{ inputs.run_performance_tests || false }} + run_e2e_tests_assessment: ${{ inputs.run_e2e_tests_assessment || false }} + run_e2e_tests_application: ${{ inputs.run_e2e_tests_application || true }} + app_name: self-serve + environment: test + + uat_deploy: + needs: [ dev_deploy, post_dev_deploy_tests, test_deploy, post_test_deploy_tests, paketo_build, setup ] + if: ${{ always() && contains(fromJSON(needs.setup.outputs.jobs_to_run), 'uat') && (! contains(needs.*.result, 'failure') ) && (! contains(needs.*.result, 'cancelled') )}} + uses: communitiesuk/funding-service-design-workflows/.github/workflows/standard-deploy.yml@main + secrets: + AWS_ACCOUNT: ${{ secrets.AWS_ACCOUNT }} + with: + environment: uat + app_name: self-serve + version: sha-${{ github.sha }} + + post_uat_deploy_tests: + needs: uat_deploy + if: ${{ always() && contains(fromJSON(needs.setup.outputs.jobs_to_run), 'uat') && (! contains(needs.*.result, 'failure') ) && (! contains(needs.*.result, 'cancelled') )}} + concurrency: + group: 'fsd-preaward-uat' + cancel-in-progress: false + secrets: + FSD_GH_APP_ID: ${{ secrets.FSD_GH_APP_ID }} + FSD_GH_APP_KEY: ${{ secrets.FSD_GH_APP_KEY }} + uses: communitiesuk/funding-service-design-workflows/.github/workflows/post-deploy.yml@main + with: + run_performance_tests: ${{ inputs.run_performance_tests || false }} + run_e2e_tests_assessment: ${{ inputs.run_e2e_tests_assessment || false }} + run_e2e_tests_application: ${{ inputs.run_e2e_tests_application || true }} + app_name: self-serve + environment: uat + + prod_deploy: + needs: [ dev_deploy, post_dev_deploy_tests, test_deploy, post_test_deploy_tests, uat_deploy, post_uat_deploy_tests, paketo_build, setup ] + if: ${{ always() && contains(fromJSON(needs.setup.outputs.jobs_to_run), 'prod') && (! contains(needs.*.result, 'failure') ) && (! contains(needs.*.result, 'cancelled') )}} + uses: communitiesuk/funding-service-design-workflows/.github/workflows/standard-deploy.yml@main + secrets: + AWS_ACCOUNT: ${{ secrets.AWS_ACCOUNT }} + with: + environment: prod + app_name: self-serve + version: sha-${{ github.sha }} diff --git a/config/envs/unit_test.py b/config/envs/unit_test.py index 0703936..526846e 100644 --- a/config/envs/unit_test.py +++ b/config/envs/unit_test.py @@ -1,4 +1,5 @@ import logging +from os import getenv from fsd_utils import configclass @@ -11,4 +12,6 @@ class UnitTestConfig(Config): # Logging FSD_LOG_LEVEL = logging.DEBUG - SQLALCHEMY_DATABASE_URI = "postgresql://postgres:password@fab-db:5432/fab_unit_test" # pragma: allowlist secret + SQLALCHEMY_DATABASE_URI = getenv( + "DATABASE_URL", "postgresql://postgres:postgres@127.0.0.1:5432/fab_unit_test" # pragma: allowlist secret + ) diff --git a/copilot/.workspace b/copilot/.workspace new file mode 100644 index 0000000..92b2058 --- /dev/null +++ b/copilot/.workspace @@ -0,0 +1 @@ +application: pre-award diff --git a/copilot/fsd-self-serve/addons/fsd-self-serve-cluster.yml b/copilot/fsd-self-serve/addons/fsd-self-serve-cluster.yml new file mode 100644 index 0000000..7d8b7b0 --- /dev/null +++ b/copilot/fsd-self-serve/addons/fsd-self-serve-cluster.yml @@ -0,0 +1,183 @@ +Parameters: + App: + Type: String + Description: Your application's name. + Env: + Type: String + Description: The environment name your service, job, or workflow is being deployed to. + Name: + Type: String + Description: The name of the service, job, or workflow being deployed. + # Customize your Aurora Serverless cluster by setting the default value of the following parameters. + fsdselfserveclusterDBName: + Type: String + Description: The name of the initial database to be created in the Aurora Serverless v2 cluster. + Default: fsd_self_serve + # Cannot have special characters + # Naming constraints: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Limits.html#RDS_Limits.Constraints +Mappings: + fsdselfserveclusterEnvScalingConfigurationMap: + All: + "DBMinCapacity": 0.5 # AllowedValues: from 0.5 through 128 + "DBMaxCapacity": 8 # AllowedValues: from 0.5 through 128 + BastionMap: + dev: + "SecurityGroup": "sg-0b6c7aabb95bf14a9" + test: + "SecurityGroup": "sg-0cf75a004dbade7b8" + uat: + "SecurityGroup": "sg-04017abfef2079894" + prod: + "SecurityGroup": "sg-08cecea8f9b8a4ec9" + +Resources: + fsdselfserveclusterDBSubnetGroup: + Type: 'AWS::RDS::DBSubnetGroup' + Properties: + DBSubnetGroupDescription: Group of Copilot private subnets for Aurora Serverless v2 cluster. + SubnetIds: + !Split [',', { 'Fn::ImportValue': !Sub '${App}-${Env}-PrivateSubnets' }] + fsdselfserveclusterSecurityGroup: + Metadata: + 'aws:copilot:description': 'A security group for your workload to access the Aurora Serverless v2 cluster fsdselfservecluster' + Type: 'AWS::EC2::SecurityGroup' + Properties: + GroupDescription: !Sub 'The Security Group for ${Name} to access Aurora Serverless v2 cluster fsdselfservecluster.' + VpcId: + Fn::ImportValue: + !Sub '${App}-${Env}-VpcId' + Tags: + - Key: Name + Value: !Sub 'copilot-${App}-${Env}-${Name}-Aurora' + fsdselfserveclusterDBClusterSecurityGroup: + Metadata: + 'aws:copilot:description': 'A security group for your Aurora Serverless v2 cluster fsdselfservecluster' + Type: AWS::EC2::SecurityGroup + Properties: + GroupDescription: The Security Group for the Aurora Serverless v2 cluster. + SecurityGroupIngress: + - ToPort: 5432 + FromPort: 5432 + IpProtocol: tcp + Description: !Sub 'From the Aurora Security Group of the workload ${Name}.' + SourceSecurityGroupId: !Ref fsdselfserveclusterSecurityGroup + - ToPort: 5432 + FromPort: 5432 + IpProtocol: tcp + Description: !Sub 'From the Bastion Security Group.' + SourceSecurityGroupId: !FindInMap [BastionMap, !Ref Env, 'SecurityGroup'] + VpcId: + Fn::ImportValue: + !Sub '${App}-${Env}-VpcId' + Tags: + - Key: Name + Value: !Sub 'copilot-${App}-${Env}-${Name}-Aurora' + fsdselfserveclusterAuroraSecret: + Metadata: + 'aws:copilot:description': 'A Secrets Manager secret to store your DB credentials' + Type: AWS::SecretsManager::Secret + Properties: + Description: !Sub Aurora main user secret for ${AWS::StackName} + GenerateSecretString: + SecretStringTemplate: '{"username": "postgres"}' + GenerateStringKey: "password" + ExcludePunctuation: true + IncludeSpace: false + PasswordLength: 16 + fsdselfserveclusterDBClusterParameterGroup: + Metadata: + 'aws:copilot:description': 'A DB parameter group for engine configuration values' + Type: 'AWS::RDS::DBClusterParameterGroup' + Properties: + Description: !Ref 'AWS::StackName' + Family: 'aurora-postgresql14' + Parameters: + client_encoding: 'UTF8' + fsdselfserveclusterDBCluster: + Metadata: + 'aws:copilot:description': 'The fsdselfservecluster Aurora Serverless v2 database cluster' + Type: 'AWS::RDS::DBCluster' + Properties: + MasterUsername: + !Join [ "", [ '{{resolve:secretsmanager:', !Ref fsdselfserveclusterAuroraSecret, ":SecretString:username}}" ]] # pragma: allowlist secret + MasterUserPassword: + !Join [ "", [ '{{resolve:secretsmanager:', !Ref fsdselfserveclusterAuroraSecret, ":SecretString:password}}" ]] # pragma: allowlist secret + DatabaseName: !Ref fsdselfserveclusterDBName + Engine: 'aurora-postgresql' + EngineVersion: '14.4' + DBClusterParameterGroupName: !Ref fsdselfserveclusterDBClusterParameterGroup + DBSubnetGroupName: !Ref fsdselfserveclusterDBSubnetGroup + Port: 5432 + StorageEncrypted: true + BackupRetentionPeriod: 8 + VpcSecurityGroupIds: + - !Ref fsdselfserveclusterDBClusterSecurityGroup + ServerlessV2ScalingConfiguration: + # Replace "All" below with "!Ref Env" to set different autoscaling limits per environment. + MinCapacity: !FindInMap [fsdselfserveclusterEnvScalingConfigurationMap, All, DBMinCapacity] + MaxCapacity: !FindInMap [fsdselfserveclusterEnvScalingConfigurationMap, All, DBMaxCapacity] + fsdselfserveclusterDBWriterInstance: + Metadata: + 'aws:copilot:description': 'The fsdselfservecluster Aurora Serverless v2 writer instance' + Type: 'AWS::RDS::DBInstance' + Properties: + DBClusterIdentifier: !Ref fsdselfserveclusterDBCluster + DBInstanceClass: db.serverless + Engine: 'aurora-postgresql' + PromotionTier: 1 + AvailabilityZone: !Select + - 0 + - !GetAZs + Ref: AWS::Region + + fsdselfserveclusterSecretAuroraClusterAttachment: + Type: AWS::SecretsManager::SecretTargetAttachment + Properties: + SecretId: !Ref fsdselfserveclusterAuroraSecret + TargetId: !Ref fsdselfserveclusterDBCluster + TargetType: AWS::RDS::DBCluster + + FormRunnerFormUploadsBucketAccessPolicy: + Type: AWS::IAM::ManagedPolicy + Properties: + PolicyDocument: + Version: "2012-10-17" + Statement: + - Sid: S3FormUploadBucketActions + Effect: Allow + Action: + - s3:Get* + - s3:List* + - s3:Describe* + - s3:PutObject + - s3:PutObjectACL + - s3:DeleteObject + - s3:ReplicateObject + Resource: + - Fn::ImportValue: !Sub ${App}-${Env}-FormUploadsBucketARN + - !Sub + - "${FullBucketARN}/*" + - FullBucketARN: + Fn::ImportValue: !Sub "${App}-${Env}-FormUploadsBucketARN" + +Outputs: + DatabaseUrl: + Description: "The URL of this database." + Value: + !Sub + - "postgres://${USERNAME}:${PASSWORD}@${HOSTNAME}:${PORT}/${DBNAME}" + - USERNAME: !Join [ "", [ '{{resolve:secretsmanager:', !Ref fsdselfserveclusterAuroraSecret, ":SecretString:username}}" ]] # pragma: allowlist secret + PASSWORD: !Join [ "", [ '{{resolve:secretsmanager:', !Ref fsdselfserveclusterAuroraSecret, ":SecretString:password}}" ]] # pragma: allowlist secret + HOSTNAME: !Join [ "", [ '{{resolve:secretsmanager:', !Ref fsdselfserveclusterAuroraSecret, ":SecretString:host}}" ]] # pragma: allowlist secret + PORT: !Join [ "", [ '{{resolve:secretsmanager:', !Ref fsdselfserveclusterAuroraSecret, ":SecretString:port}}" ]] # pragma: allowlist secret + DBNAME: !Join [ "", [ '{{resolve:secretsmanager:', !Ref fsdselfserveclusterAuroraSecret, ":SecretString:dbname}}" ]] # pragma: allowlist secret + + fsdselfserveclusterSecret: # injected as FSDselfserveCLUSTER_SECRET environment variable by Copilot. + Description: "The JSON secret that holds the database username and password. Fields are 'host', 'port', 'dbname', 'username', 'password', 'dbClusterIdentifier' and 'engine'" + Value: !Ref fsdselfserveclusterAuroraSecret + fsdselfserveclusterSecurityGroup: + Description: "The security group to attach to the workload." + Value: !Ref fsdselfserveclusterSecurityGroup + FormRunnerFormUploadsBucketAccessPolicyArn: + Description: "The ARN of the ManagedPolicy to attach to the task role." + Value: !Ref FormRunnerFormUploadsBucketAccessPolicy diff --git a/copilot/fsd-self-serve/manifest.yml b/copilot/fsd-self-serve/manifest.yml new file mode 100644 index 0000000..e583b78 --- /dev/null +++ b/copilot/fsd-self-serve/manifest.yml @@ -0,0 +1,109 @@ +# The manifest for the "fsd-assessment" service. +# Read the full specification for the "Load Balanced Web Service" type at: +# https://aws.github.io/copilot-cli/docs/manifest/lb-web-service/ + +# Your service name will be used in naming your resources like log groups, ECS services, etc. +name: fsd-self-serve +type: Load Balanced Web Service + +# Distribute traffic to your service. +http: + # Requests to this path will be forwarded to your service. + # To match all requests you can use the "/" path. + path: '/' + # You can specify a custom health check path. The default is "/". + healthcheck: '/healthcheck' + #alias: self-serve.${COPILOT_ENVIRONMENT_NAME}.access-funding.test.levellingup.gov.uk + +# Configuration for your containers and service. +image: + # Docker build arguments. For additional overrides: https://aws.github.io/copilot-cli/docs/manifest/lb-web-service/#image-location + location: ghcr.io/communitiesuk/funding-service-design-self-serve:sha-6cdb8baa686e0357be6b56730938bab7e433fd96 + # Port exposed through your container to route traffic to it. + port: 8080 + +# Valid values: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-cpu-memory-error.html +# Number of CPU units for the task. +cpu: 1024 +# Amount of memory in MiB used by the task. +memory: 2048 + +# See https://aws.github.io/copilot-cli/docs/manifest/lb-web-service/#platform +platform: linux/x86_64 +# Number of tasks that should be running in your service. +count: 2 +# Enable running commands in your container. +exec: true + +network: + connect: true # Enable Service Connect for intra-environment traffic between services. + +# storage: + # readonly_fs: true # Limit to read-only access to mounted root filesystems. + +# Optional fields for more advanced use-cases. +# +# Pass environment variables as key value pairs. +# variables: +# ACCOUNT_STORE_API_HOST: "http://fsd-account-store:8080" +# APPLICANT_self-serve_HOST: "https://self-serve.${COPILOT_ENVIRONMENT_NAME}.access-funding.test.levellingup.gov.uk" +# APPLICATION_STORE_API_HOST: "http://fsd-application-store:8080" +# AUTHENTICATOR_HOST: "https://authenticator.${COPILOT_ENVIRONMENT_NAME}.access-funding.test.levellingup.gov.uk" +# COOKIE_DOMAIN: ".test.levellingup.gov.uk" +# FLASK_ENV: ${COPILOT_ENVIRONMENT_NAME} +# FORMS_SERVICE_PUBLIC_HOST: "https://forms.${COPILOT_ENVIRONMENT_NAME}.access-funding.test.levellingup.gov.uk" +# FUND_STORE_API_HOST: "http://fsd-fund-store:8080" +# NOTIFICATION_SERVICE_HOST: http://fsd-notification:8080 +# REDIS_INSTANCE_URI: +# from_cfn: ${COPILOT_APPLICATION_NAME}-${COPILOT_ENVIRONMENT_NAME}-MagicLinksRedisInstanceURI +# SENTRY_DSN: "https://3c6d2fd1e3824aecb3826a7d640b29a9@o1432034.ingest.sentry.io/4503897449103360" +# MAINTENANCE_MODE: false + +secrets: + RSA256_PUBLIC_KEY_BASE64: /copilot/${COPILOT_APPLICATION_NAME}/${COPILOT_ENVIRONMENT_NAME}/secrets/RSA256_PUBLIC_KEY_BASE64 + +# You can override any of the values defined above by environment. +environments: + dev: + count: + spot: 1 + test: + deployment: + rolling: 'recreate' + count: + spot: 2 +# uat: +# http: +# alias: "self-serve.${COPILOT_ENVIRONMENT_NAME}.access-funding.test.levellingup.gov.uk" +# count: +# range: 2-4 +# cooldown: +# in: 60s +# out: 30s +# cpu_percentage: +# value: 70 +# memory_percentage: +# value: 80 +# requests: 30 +# response_time: 2s +# prod: +# http: +# alias: ["self-serve.prod.access-funding.levellingup.gov.uk", "self-serve.access-funding.levellingup.gov.uk"] +# hosted_zone: Z0686469NF3ZJTU9I02M +# variables: +# COOKIE_DOMAIN: ".levellingup.gov.uk" +# AUTHENTICATOR_HOST: "https://authenticator.access-funding.levellingup.gov.uk" +# APPLICANT_self-serve_HOST: "https://self-serve.access-funding.levellingup.gov.uk" +# ASSESSMENT_self-serve_HOST: "https://assessment.access-funding.levellingup.gov.uk" +# FORMS_SERVICE_PUBLIC_HOST: "https://forms.access-funding.levellingup.gov.uk" +# FLASK_ENV: production +# count: +# range: 2-4 +# cooldown: +# in: 60s +# out: 30s +# cpu_percentage: +# value: 70 +# memory_percentage: +# value: 80 +# requests: 30