Testing

.github/dependabot.yml

@@ -1,16 +1,16 @@
-# To get started with Dependabot version updates, you'll need to specify which
-# package ecosystems to update and where the package manifests are located.
-# Please see the documentation for all configuration options:
-# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
-
 version: 2
 updates:
   - package-ecosystem: "gradle"
     directory: "/"
     schedule:
       interval: "daily"
+
   - package-ecosystem: "npm"
     directory: "/ui"
-    open-pull-requests-limit: 0    # Disable version updates for npm dependencies
+    schedule:
+      interval: "monthly" # to reduce frequency of npm updates
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
     schedule:
       interval: "daily"

.github/workflows/build.yml

@@ -19,7 +19,6 @@ jobs:
     env:
       ecr_image_name: 374269020027.dkr.ecr.eu-west-2.amazonaws.com/delius-core-user-management
       ghcr_image_name: ghcr.io/${{ github.repository_owner }}/delius-core-user-management
-      version: ${{ github.event.release.tag_name }}
 
     steps:
       - uses: actions/checkout@v3

.github/workflows/deploy.yml

@@ -1,6 +1,19 @@
 name: Deploy
 
-on: push
+on:
+  push:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: Version
+        required: true
+      environment:
+        description: Environment
+        required: true
+        type: choice
+        options:
+          - dev
+          - test
 
 permissions:
   id-token: write # Required for OIDC
@@ -9,22 +22,21 @@ permissions:
 jobs:
   deploy:
     runs-on: ubuntu-latest
-
     steps:
       - uses: actions/checkout@v3
 
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v4
         with:
+          aws-region: eu-west-2
           role-to-assume: arn:aws:iam::326912278139:role/modernisation-platform-oidc-cicd
           role-session-name: delius-user-management-deploy-${{ github.run_number }}
-          aws-region: eu-west-2
 
       - name: Render values
         shell: bash
-        run: yq eval-all 'select(fileIndex == 0) *d select(fileIndex == 1)' deploy/values.yml deploy/values-dev.yml | tee deploy/merged.yml
+        run: yq eval-all 'select(fileIndex == 0) *d select(fileIndex == 1)' "deploy/values.yml" "deploy/values-$ENV.yml" | tee deploy/merged.yml
 
-      - name: Update task definition
+      - name: Render task definition
         run: |
           eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"
           brew install gomplate
@@ -33,13 +45,14 @@ jobs:
           merged_task_definition_json=$(yq eval-all 'select(fileIndex == 0) *d select(fileIndex == 1)' <(echo "${old_task_definition}") <(echo "${new_task_definition}") --output-format json | tee task-definition.json)
           echo "Deploying new task definition: ${merged_task_definition_json}"
         env:
-          VERSION: dev
+          ENV: dev # ${{ inputs.environment }}
+          VERSION: dev # ${{ inputs.version }}
           TASK_DEFINITION: umt
 
       - name: Deploy Amazon ECS task definition
         uses: aws-actions/amazon-ecs-deploy-task-definition@69e7aed9b8acdd75a6c585ac669c33831ab1b9a3 # v1.5.0
         with:
           task-definition: task-definition.json
           service: umt
-          cluster: delius-core-dev-cluster
-          wait-for-service-stability: true
+          cluster: delius-core-dev-cluster #cluster: delius-core-${{ inputs.environment }}-cluster
+          wait-for-service-stability: true

deploy/values-dev.yml

@@ -2,4 +2,14 @@ image:
   name: 374269020027.dkr.ecr.eu-west-2.amazonaws.com/delius-core-user-management
 
 env:
-  LOGGING_LEVEL: DEBUG
+  LOGGING_LEVEL_UK_CO_BCONLINE_NDELIUS: DEBUG
+  DELIUS_PASSWORD-RESET_URL: https://pwm.dev.delius-core.hmpps-development.modernisation-platform.service.justice.gov.uk/public/forgottenpassword
+  SPRING_DATASOURCE_URL: jdbc:oracle:thin:@(DESCRIPTION=(LOAD_BALANCE=OFF)(CONNECT_TIMEOUT=10)(RETRY_COUNT=3)(ADDRESS_LIST=(ADDRESS=(PROTOCOL=tcp)(HOST=delius-db-1.mis-dev.delius.probation.hmpps.dsd.io)(PORT=1521)))(CONNECT_DATA=(SERVICE_NAME=DMDNDA_TAF)))
+  SPRING_LDAP_URLS: ldap://ldap.mis-dev.delius.probation.hmpps.dsd.io:389
+#  SPRING_REDIS_HOST: aws_route53_record.token_store_private_dns.fqdn
+#  SPRING_REDIS_PORT: aws_elasticache_replication_group.token_store_replication_group.port
+#  SPRING_REDIS_CLUSTER_NODES: "${aws_route53_record.token_store_private_dns.fqdn}:${aws_elasticache_replication_group.token_store_replication_group.port}"
+
+secrets:
+  SPRING_DATASOURCE_PASSWORD: "arn:aws:secretsmanager:eu-west-2:326912278139:secret:delius-core-dev-oracle-db-application-passwords-kRyWVh:delius_app_schema::"
+  SPRING_LDAP_PASSWORD: "arn:aws:ssm:eu-west-2:326912278139:parameter/delius-core-dev/LDAP_PASSWORD"

deploy/values.yml

@@ -2,13 +2,32 @@ image:
   name: 374269020027.dkr.ecr.eu-west-2.amazonaws.com/delius-core-user-management
 
 healthcheck:
-  command: "curl -f http://localhost:8080/actuator/health || exit 1"
+  command: "curl -f http://localhost:8080/umt/actuator/health || exit 1"
 
 resources:
   cpu: 1024    # = 1 vCPU
   memory: 4096 # = 4GB
 
 env:
-  TZ: Europe/London
-
-secrets:
+  JAVA_OPTS: "-XX:MaxMetaspaceSize=512M -XX:MaxDirectMemorySize=128M"
+  TZ: "Europe/London"
+  SERVER_USE-FORWARD-HEADERS: "true"
+  SERVER_FORWARD-HEADERS-STRATEGY: "native"
+  SPRING_DATASOURCE_USERNAME: "delius_app_schema"
+  SPRING_DATASOURCE_TYPE: "com.zaxxer.hikari.HikariDataSource"
+  SPRING_DATASOURCE_HIKARI_MAXIMUM-POOL-SIZE: "50"
+  SPRING_JPA_PROPERTIES_HIBERNATE_DIALECT: "org.hibernate.dialect.Oracle12cDialect"
+  SPRING_JPA_HIBERNATE_DDL-AUTO: "none"
+  SPRING_LDAP_EXPORT_USERNAME: "cn=root,dc=moj,dc=com"
+  SPRING_LDAP_USERNAME: "cn=root,dc=moj,dc=com"
+  SPRING_LDAP_USEORACLEATTRIBUTES: "false"
+  REDIS_CONFIGURE_NO-OP: "true"
+  SPRING_LDAP_BASE: "dc=moj,dc=com"
+  DELIUS_LDAP_BASE_USERS: "ou=Users"
+  DELIUS_LDAP_BASE_CLIENTS: "cn=EISUsers,ou=Users"
+  DELIUS_LDAP_BASE_ROLES: "cn=ndRoleCatalogue,ou=Users"
+  DELIUS_LDAP_BASE_ROLE-GROUPS: "cn=ndRoleGroups,ou=Users"
+  DELIUS_LDAP_BASE_GROUPS: "ou=Groups"
+  # TODO add to SSM:
+  JWT_SECRET: "testing"
+  DELIUS_SECRET: "testing"