Adding Dev workflow & dev variable (#1623)

* Adding Dev workflow & dev variable

.github/workflows/build-deploy-frontend-dev.yml

@@ -0,0 +1,82 @@
+name: Build and deploy frontend Dev
+env:
+  AWS_REGION: eu-west-2
+  DEPLOYER_ROLE: arn:aws:iam::706615647326:role/deployers/dev-github-actions-publish-to-s3-for-code-signing
+  DEV_GHA_DEPLOYER_ROLE: arn:aws:iam::653994557586:role/dev-auth-deploy-pipeline-GitHubActionsRole-QrtGginNnjDD
+  DEV_TOOLING_ECR_FRONTEND_REPO: frontend-image-repository
+  DEV_BASIC_SIDECAR_ECR_REPO: basic-auth-sidecar-image-repository
+  DEV_ARTIFACT_BUCKET: dev-auth-deploy-pipeline-githubartifactsourcebuck-ssdefc91xjh6
+
+on:
+  workflow_dispatch:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    timeout-minutes: 60
+    permissions:
+      id-token: write
+      contents: read
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v3
+    - name: Assume AWS DEPLOYER role in tooling acct
+      uses: aws-actions/configure-aws-credentials@v1-node16
+      with:
+        role-to-assume: ${{ env.DEPLOYER_ROLE }}
+        aws-region: ${{ env.AWS_REGION }}
+    - name: Login to Amazon ECR
+      id: login-ecr
+      uses: aws-actions/amazon-ecr-login@v1
+    - name: Login to GDS Dev Dynatrace Container Registry
+      uses: docker/login-action@v3
+      with:
+        registry: khw46367.live.dynatrace.com
+        username: khw46367
+        password: ${{ secrets.DYNATRACE_PAAS_TOKEN }}
+    - name: Build, tag, and push frontend
+      env:
+        ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+        ECR_REPOSITORY: ${{ env.DEV_TOOLING_ECR_FRONTEND_REPO }}
+        IMAGE_TAG: ${{ github.sha }}
+      run: |
+        docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
+        docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
+    - name: Build, tag, and push basic-auth-sidecar
+      working-directory: basic-auth-sidecar
+      env:
+        ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+        ECR_REPOSITORY: ${{ env.DEV_BASIC_SIDECAR_ECR_REPO }}
+        IMAGE_TAG: ${{ github.sha }}
+      run: |
+        docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
+        docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
+
+  deploy:
+    needs: build
+    runs-on: ubuntu-latest
+    timeout-minutes: 60
+    permissions:
+      id-token: write
+      contents: read
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Set up AWS credentials
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          role-to-assume: ${{ env.DEV_GHA_DEPLOYER_ROLE }}
+          aws-region: ${{ env.AWS_REGION }}
+
+      - name: Upload frontend Terraform files
+        working-directory: ci/terraform
+        run: |
+          zip -r frontend.zip .
+          S3_RESPONSE=`aws s3api put-object \
+            --bucket ${{ env.DEV_ARTIFACT_BUCKET }} \
+            --key frontend.zip \
+            --body frontend.zip \
+            --metadata "repository=$GITHUB_REPOSITORY,commitsha=$GITHUB_SHA,committag=$GIT_TAG,commitmessage=$COMMIT_MSG"`
+          VERSION=`echo $S3_RESPONSE | jq .VersionId -r`
+          echo "VERSION=$VERSION" >> $GITHUB_ENV

ci/terraform/dev.tfvars

@@ -1,12 +1,35 @@
-basic_auth_bypass_cidr_blocks = []
-deployer_role_arn             = "arn:aws:iam::761723964695:role/deployer-role-pipeline-dev"
-common_state_bucket           = "digital-identity-dev-tfstate"
-incoming_traffic_cidr_blocks  = ["0.0.0.0/0"]
-support_account_recovery      = "1"
-language_toggle_enabled       = "1"
-
-logging_endpoint_arns = [
-  "arn:aws:logs:eu-west-2:885513274347:destination:csls_cw_logs_destination_prodpython"
-]
+environment         = "dev"
+common_state_bucket = "di-auth-development-tfstate"
+
+frontend_auto_scaling_v2_enabled = true
+
+frontend_task_definition_cpu    = 512
+frontend_task_definition_memory = 1024
+frontend_auto_scaling_min_count = 1
+frontend_auto_scaling_max_count = 2
+ecs_desired_count               = 1
+
+alb_idle_timeout = 30
+
+support_account_recovery                            = "1"
+support_authorize_controller                        = "1"
+support_account_interventions                       = "1"
+support_reauthentication                            = "1"
+support_2fa_b4_password_reset                       = "1"
+support_2hr_lockout                                 = "1"
+password_reset_code_entered_wrong_blocked_minutes   = "1"
+account_recovery_code_entered_wrong_blocked_minutes = "1"
+code_request_blocked_minutes                        = "1"
+email_entered_wrong_blocked_minutes                 = "1"
+code_entered_wrong_blocked_minutes                  = "1"
+reduced_code_block_duration_minutes                 = "0.5"
+url_for_support_links                               = "https://home.dev.account.gov.uk/contact-gov-uk-one-login"
+language_toggle_enabled                             = "1"
+
+logging_endpoint_arns = []
+
+orch_to_auth_signing_public_key = "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHzG8IFx1jE1+Ul44jQk96efPknCX\nVxWS4PqLrKfR/31UQovFQLfyxA46uiMOvr7+0hRwFX1fQhagsIK+dfB5PA==\n-----END PUBLIC KEY-----"
+orch_to_auth_client_id          = "orchestrationAuth"
+orch_to_auth_audience           = "https://signin.dev.account.gov.uk/"
 
 dynatrace_secret_arn = "arn:aws:secretsmanager:eu-west-2:216552277552:secret:DynatraceNonProductionVariables"