Merge 587e82d into e76c43b

ministryofjustice · Dec 5, 2023 · 129fabd · 129fabd
2 parents e76c43b + 587e82d
commit 129fabd
Show file tree

Hide file tree

Showing 3 changed files with 170 additions and 159 deletions.
diff --git a/.github/workflows/docker_job.yml b/.github/workflows/docker_job.yml
@@ -30,36 +30,46 @@ jobs:
         include:
           - ecr_repository: modernising-lpa/app
             path: ./docker/mlpa/Dockerfile
-          - ecr_repository: modernising-lpa/create-s3-batch-replication-job
-            path: ./lambda/create_s3_replication_job/Dockerfile
-          - ecr_repository: modernising-lpa/event-received
-            path: ./docker/event-received/Dockerfile
-          - ecr_repository: modernising-lpa/mock-onelogin
-            path: ./docker/mock-onelogin/Dockerfile
+          # - ecr_repository: modernising-lpa/create-s3-batch-replication-job
+          #   path: ./lambda/create_s3_replication_job/Dockerfile
+          # - ecr_repository: modernising-lpa/event-received
+          #   path: ./docker/event-received/Dockerfile
+          # - ecr_repository: modernising-lpa/mock-onelogin
+          #   path: ./docker/mock-onelogin/Dockerfile
     runs-on: ubuntu-latest
     name: ${{ matrix.ecr_repository }}
     steps:
       - uses: actions/checkout@v4
         with:
           ref: ${{ inputs.checkout_tag }}
+
+      - name: Set up QEMU
+        uses: docker/[email protected]
+      - name: Set up Docker Buildx
+        uses: docker/[email protected]
+        # with:
+        #   version: v0.12.0
+
       - name: Build ${{ matrix.ecr_repository }} Image
         id: build_image
         run: |
-          docker build -f ${{ matrix.path }} -t ${{ matrix.ecr_repository }} --build-arg TAG=${{inputs.tag}} .
-      - name: Trivy Image Vulnerability Scanner for ${{ matrix.ecr_repository }}
-        id: trivy_scan
-        uses: aquasecurity/[email protected]
-        with:
-          image-ref: ${{ matrix.ecr_repository }}:latest
-          severity: 'HIGH,CRITICAL'
-          format: 'sarif'
-          output: 'trivy-results.sarif'
-      - name: Upload Trivy scan results to GitHub Security tab for ${{ matrix.ecr_repository }}
-        id: trivy_upload_sarif
-        uses: github/codeql-action/upload-sarif@v2
-        if: always()
-        with:
-          sarif_file: 'trivy-results.sarif'
+          docker buildx build \
+            --platform linux/amd64,linux/arm64 \
+            -f ${{ matrix.path }} -t ${{ matrix.ecr_repository }} --build-arg TAG=${{inputs.tag}} .
+      # - name: Trivy Image Vulnerability Scanner for ${{ matrix.ecr_repository }}
+      #   id: trivy_scan
+      #   uses: aquasecurity/[email protected]
+      #   with:
+      #     image-ref: ${{ matrix.ecr_repository }}:latest
+      #     severity: 'HIGH,CRITICAL'
+      #     format: 'sarif'
+      #     output: 'trivy-results.sarif'
+      # - name: Upload Trivy scan results to GitHub Security tab for ${{ matrix.ecr_repository }}
+      #   id: trivy_upload_sarif
+      #   uses: github/codeql-action/upload-sarif@v2
+      #   if: always()
+      #   with:
+      #     sarif_file: 'trivy-results.sarif'
       - uses: unfor19/install-aws-cli-action@v1
       - name: Configure AWS Credentials
         uses: aws-actions/[email protected]

diff --git a/.github/workflows/workflow_pr.yml b/.github/workflows/workflow_pr.yml
@@ -32,150 +32,151 @@ jobs:
     needs: detect_changes
     uses: ./.github/workflows/tags_job.yml
     with:
-      changes_detected: ${{ needs.detect_changes.outputs.changes_detected }}
-
-  go_unit_tests:
-    name: Run Go unit tests
-    if: needs.detect_changes.outputs.changes_detected == 'true'
-    needs: create_tags
-    uses: ./.github/workflows/go-unit-tests.yml
-    with:
-      tag: ${{ needs.create_tags.outputs.version_tag }}
-      commit_sha: ${{ github.event.pull_request.head.sha }}
-      branch: ${{ github.head_ref }}
-    secrets:
-      pact_broker_password: ${{ secrets.PACT_BROKER_PASSWORD }}
+      changes_detected: true
+      # changes_detected: ${{ needs.detect_changes.outputs.changes_detected }}
+
+  # go_unit_tests:
+  #   name: Run Go unit tests
+  #   if: needs.detect_changes.outputs.changes_detected == 'true'
+  #   needs: create_tags
+  #   uses: ./.github/workflows/go-unit-tests.yml
+  #   with:
+  #     tag: ${{ needs.create_tags.outputs.version_tag }}
+  #     commit_sha: ${{ github.event.pull_request.head.sha }}
+  #     branch: ${{ github.head_ref }}
+  #   secrets:
+  #     pact_broker_password: ${{ secrets.PACT_BROKER_PASSWORD }}
 
   docker_build_scan_push:
     name: Docker Build, Scan and Push
-    if: needs.detect_changes.outputs.changes_detected == 'true' &&
-      (needs.go_unit_tests.result == 'success' || needs.go_unit_tests.result == 'skipped')
+    # if: needs.detect_changes.outputs.changes_detected == 'true' &&
+    #   (needs.go_unit_tests.result == 'success' || needs.go_unit_tests.result == 'skipped')
     uses: ./.github/workflows/docker_job.yml
     needs: [
-      go_unit_tests,
+      # go_unit_tests,
       create_tags
       ]
     with:
       tag: ${{ needs.create_tags.outputs.version_tag }}
 
-  terraform_account_workflow_development:
-    name: TF Plan Dev Account
-    uses: ./.github/workflows/terraform_account_job.yml
-    with:
-      workspace_name: development
-    secrets:
-      aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }}
-      aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }}
-
-  terraform_account_workflow_preproduction:
-    name: TF Plan Preprod Account
-    needs: terraform_account_workflow_development
-    uses: ./.github/workflows/terraform_account_job.yml
-    with:
-      workspace_name: preproduction
-    secrets:
-      aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }}
-      aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }}
-
-  terraform_account_workflow_production:
-    name: TF Plan Prod Account
-    needs: terraform_account_workflow_development
-    uses: ./.github/workflows/terraform_account_job.yml
-    with:
-      workspace_name: production
-    secrets:
-      aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }}
-      aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }}
-
-  ui_tests_image:
-    name: Run Cypress UI Tests On Images
-    if: needs.detect_changes.outputs.changes_detected == 'true' &&
-      (needs.docker_build_scan_push.result == 'success' || needs.docker_build_scan_push.result == 'skipped')
-    uses: ./.github/workflows/ui_test_job.yml
-    needs: [docker_build_scan_push, create_tags]
-    with:
-      run_against_image: true
-      tag: ${{ needs.create_tags.outputs.version_tag }}
-      skip: ${{ contains(fromJSON('["weblate-pr"]'), github.head_ref) }}
-      matrixSpecs: '["cypress/e2e/donor/*","cypress/e2e/attorney/*,cypress/e2e/certificate-provider/*,cypress/e2e/accessibility/*,cypress/e2e/dev-features.cy.js,cypress/e2e/error-pages.cy.js"]'
-    secrets:
-      aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }}
-      aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }}
-      cypress_record_key: ${{ secrets.CYPRESS_RECORD_KEY }}
-      github_access_token: ${{ secrets.GITHUB_TOKEN }}
-
-  pr_deploy:
-      name: PR Environment Deploy
-      if: always() &&
-        (needs.go_unit_tests.result == 'success' || needs.go_unit_tests.result == 'skipped') &&
-        (needs.docker_build_scan_push.result == 'success' || needs.docker_build_scan_push.result == 'skipped') &&
-        (needs.ui_tests_image.result == 'success' || needs.ui_tests_image.result == 'skipped')
-      needs: [
-        create_tags,
-        go_unit_tests,
-        docker_build_scan_push,
-        ui_tests_image
-      ]
-      uses: ./.github/workflows/terraform_environment_job.yml
-      with:
-        workspace_name: ${{ needs.create_tags.outputs.environment_workspace_name }}
-        version_tag: ${{ needs.create_tags.outputs.version_tag }}
-      secrets:
-        aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }}
-        aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }}
-        ssh_deploy_key: ${{ secrets.OPG_MODERNISING_LPA_DEPLOY_KEY_PRIVATE_KEY }}
-        github_access_token: ${{ secrets.GITHUB_TOKEN }}
-        pagerduty_api_key: ${{ secrets.PAGERDUTY_API_KEY }}
-
-  ui_tests_pr_env:
-    name: Run Cypress UI Tests On PR Environment
-    if: always() &&
-      needs.pr_deploy.result == 'success'
-    uses: ./.github/workflows/ui_test_job.yml
-    needs: [pr_deploy, create_tags]
-    with:
-      run_against_image: false
-      base_url: "https://${{ needs.pr_deploy.outputs.url }}"
-      tag: ${{ needs.create_tags.outputs.version_tag }}
-      environment_config_json: ${{ needs.pr_deploy.outputs.environment_config_json }}
-      matrixSpecs: '["cypress/e2e/donor/start.cy.js,cypress/e2e/smoke/external.cy.js"]'
-    secrets:
-      aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }}
-      aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }}
-      cypress_record_key: ${{ secrets.CYPRESS_RECORD_KEY }}
-      github_access_token: ${{ secrets.GITHUB_TOKEN }}
-
-  always_remove_ingress:
-    name: Remove CI ingress from environment
-    if: always()
-    uses: ./.github/workflows/remove_ingress_job.yml
-    needs: [ui_tests_pr_env, pr_deploy]
-    with:
-      environment_config_json: ${{ needs.pr_deploy.outputs.environment_config_json }}
-    secrets:
-      aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }}
-      aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }}
-
-  end_of_pr_workflow:
-    name: End of PR Workflow
-    runs-on: ubuntu-latest
-    if: always()
-    environment:
-      name: "dev_${{ needs.create_tags.outputs.environment_workspace_name }}"
-      url: "https://${{ needs.pr_deploy.outputs.url }}"
-    needs: [pr_deploy, create_tags, ui_tests_pr_env]
-    steps:
-      - name: End of PR Workflow
-        run: |
-          echo "${{ needs.pr_deploy.outputs.terraform_workspace_name }} PR environment tested, built and deployed"
-          echo "Tag Deployed: ${{ needs.pr_deploy.outputs.terraform_container_version }}"
-          echo "URL: https://${{ needs.pr_deploy.outputs.url }}"
-
-          if ${{ contains(needs.ui_tests_pr_env.result,'success') }}
-          then
-            echo "PR environment tested, built and deployed"
-            exit 0
-          else
-            echo "PR environment tested, built and deployed but UI tests failed"
-            exit 1
-          fi
+  # terraform_account_workflow_development:
+  #   name: TF Plan Dev Account
+  #   uses: ./.github/workflows/terraform_account_job.yml
+  #   with:
+  #     workspace_name: development
+  #   secrets:
+  #     aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }}
+  #     aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }}
+
+  # terraform_account_workflow_preproduction:
+  #   name: TF Plan Preprod Account
+  #   needs: terraform_account_workflow_development
+  #   uses: ./.github/workflows/terraform_account_job.yml
+  #   with:
+  #     workspace_name: preproduction
+  #   secrets:
+  #     aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }}
+  #     aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }}
+
+  # terraform_account_workflow_production:
+  #   name: TF Plan Prod Account
+  #   needs: terraform_account_workflow_development
+  #   uses: ./.github/workflows/terraform_account_job.yml
+  #   with:
+  #     workspace_name: production
+  #   secrets:
+  #     aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }}
+  #     aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }}
+
+  # ui_tests_image:
+  #   name: Run Cypress UI Tests On Images
+  #   if: needs.detect_changes.outputs.changes_detected == 'true' &&
+  #     (needs.docker_build_scan_push.result == 'success' || needs.docker_build_scan_push.result == 'skipped')
+  #   uses: ./.github/workflows/ui_test_job.yml
+  #   needs: [docker_build_scan_push, create_tags]
+  #   with:
+  #     run_against_image: true
+  #     tag: ${{ needs.create_tags.outputs.version_tag }}
+  #     skip: ${{ contains(fromJSON('["weblate-pr"]'), github.head_ref) }}
+  #     matrixSpecs: '["cypress/e2e/donor/*","cypress/e2e/attorney/*,cypress/e2e/certificate-provider/*,cypress/e2e/accessibility/*,cypress/e2e/dev-features.cy.js,cypress/e2e/error-pages.cy.js"]'
+  #   secrets:
+  #     aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }}
+  #     aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }}
+  #     cypress_record_key: ${{ secrets.CYPRESS_RECORD_KEY }}
+  #     github_access_token: ${{ secrets.GITHUB_TOKEN }}
+
+  # pr_deploy:
+  #     name: PR Environment Deploy
+  #     if: always() &&
+  #       (needs.go_unit_tests.result == 'success' || needs.go_unit_tests.result == 'skipped') &&
+  #       (needs.docker_build_scan_push.result == 'success' || needs.docker_build_scan_push.result == 'skipped') &&
+  #       (needs.ui_tests_image.result == 'success' || needs.ui_tests_image.result == 'skipped')
+  #     needs: [
+  #       create_tags,
+  #       go_unit_tests,
+  #       docker_build_scan_push,
+  #       ui_tests_image
+  #     ]
+  #     uses: ./.github/workflows/terraform_environment_job.yml
+  #     with:
+  #       workspace_name: ${{ needs.create_tags.outputs.environment_workspace_name }}
+  #       version_tag: ${{ needs.create_tags.outputs.version_tag }}
+  #     secrets:
+  #       aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }}
+  #       aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }}
+  #       ssh_deploy_key: ${{ secrets.OPG_MODERNISING_LPA_DEPLOY_KEY_PRIVATE_KEY }}
+  #       github_access_token: ${{ secrets.GITHUB_TOKEN }}
+  #       pagerduty_api_key: ${{ secrets.PAGERDUTY_API_KEY }}
+
+  # ui_tests_pr_env:
+  #   name: Run Cypress UI Tests On PR Environment
+  #   if: always() &&
+  #     needs.pr_deploy.result == 'success'
+  #   uses: ./.github/workflows/ui_test_job.yml
+  #   needs: [pr_deploy, create_tags]
+  #   with:
+  #     run_against_image: false
+  #     base_url: "https://${{ needs.pr_deploy.outputs.url }}"
+  #     tag: ${{ needs.create_tags.outputs.version_tag }}
+  #     environment_config_json: ${{ needs.pr_deploy.outputs.environment_config_json }}
+  #     matrixSpecs: '["cypress/e2e/donor/start.cy.js,cypress/e2e/smoke/external.cy.js"]'
+  #   secrets:
+  #     aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }}
+  #     aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }}
+  #     cypress_record_key: ${{ secrets.CYPRESS_RECORD_KEY }}
+  #     github_access_token: ${{ secrets.GITHUB_TOKEN }}
+
+  # always_remove_ingress:
+  #   name: Remove CI ingress from environment
+  #   if: always()
+  #   uses: ./.github/workflows/remove_ingress_job.yml
+  #   needs: [ui_tests_pr_env, pr_deploy]
+  #   with:
+  #     environment_config_json: ${{ needs.pr_deploy.outputs.environment_config_json }}
+  #   secrets:
+  #     aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }}
+  #     aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }}
+
+  # end_of_pr_workflow:
+  #   name: End of PR Workflow
+  #   runs-on: ubuntu-latest
+  #   if: always()
+  #   environment:
+  #     name: "dev_${{ needs.create_tags.outputs.environment_workspace_name }}"
+  #     url: "https://${{ needs.pr_deploy.outputs.url }}"
+  #   needs: [pr_deploy, create_tags, ui_tests_pr_env]
+  #   steps:
+  #     - name: End of PR Workflow
+  #       run: |
+  #         echo "${{ needs.pr_deploy.outputs.terraform_workspace_name }} PR environment tested, built and deployed"
+  #         echo "Tag Deployed: ${{ needs.pr_deploy.outputs.terraform_container_version }}"
+  #         echo "URL: https://${{ needs.pr_deploy.outputs.url }}"
+
+  #         if ${{ contains(needs.ui_tests_pr_env.result,'success') }}
+  #         then
+  #           echo "PR environment tested, built and deployed"
+  #           exit 0
+  #         else
+  #           echo "PR environment tested, built and deployed but UI tests failed"
+  #           exit 1
+  #         fi
diff --git a/docker/mlpa/Dockerfile b/docker/mlpa/Dockerfile
@@ -1,6 +1,6 @@
 FROM golang:1.21.4-alpine as base
 
-ARG ARCH=amd64
+ARG ARCH=
 
 WORKDIR /app