From e470c3b7101345f50747505a2c9aca56938e3a3c Mon Sep 17 00:00:00 2001 From: pawan kushwaha <144677445+pskushwaha1@users.noreply.github.com> Date: Thu, 16 May 2024 13:37:32 +0100 Subject: [PATCH] Adding Dev workflow & dev variable (#1623) * Adding Dev workflow & dev variable --- .../workflows/build-deploy-frontend-dev.yml | 82 +++++++++++++++++++ ci/terraform/dev.tfvars | 43 +++++++--- 2 files changed, 115 insertions(+), 10 deletions(-) create mode 100644 .github/workflows/build-deploy-frontend-dev.yml diff --git a/.github/workflows/build-deploy-frontend-dev.yml b/.github/workflows/build-deploy-frontend-dev.yml new file mode 100644 index 000000000..77c0594aa --- /dev/null +++ b/.github/workflows/build-deploy-frontend-dev.yml @@ -0,0 +1,82 @@ +name: Build and deploy frontend Dev +env: + AWS_REGION: eu-west-2 + DEPLOYER_ROLE: arn:aws:iam::706615647326:role/deployers/dev-github-actions-publish-to-s3-for-code-signing + DEV_GHA_DEPLOYER_ROLE: arn:aws:iam::653994557586:role/dev-auth-deploy-pipeline-GitHubActionsRole-QrtGginNnjDD + DEV_TOOLING_ECR_FRONTEND_REPO: frontend-image-repository + DEV_BASIC_SIDECAR_ECR_REPO: basic-auth-sidecar-image-repository + DEV_ARTIFACT_BUCKET: dev-auth-deploy-pipeline-githubartifactsourcebuck-ssdefc91xjh6 + +on: + workflow_dispatch: + +jobs: + build: + runs-on: ubuntu-latest + timeout-minutes: 60 + permissions: + id-token: write + contents: read + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Assume AWS DEPLOYER role in tooling acct + uses: aws-actions/configure-aws-credentials@v1-node16 + with: + role-to-assume: ${{ env.DEPLOYER_ROLE }} + aws-region: ${{ env.AWS_REGION }} + - name: Login to Amazon ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v1 + - name: Login to GDS Dev Dynatrace Container Registry + uses: docker/login-action@v3 + with: + registry: khw46367.live.dynatrace.com + username: khw46367 + password: ${{ secrets.DYNATRACE_PAAS_TOKEN }} + - name: Build, tag, and push frontend + env: + ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} + ECR_REPOSITORY: ${{ env.DEV_TOOLING_ECR_FRONTEND_REPO }} + IMAGE_TAG: ${{ github.sha }} + run: | + docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG . + docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG + - name: Build, tag, and push basic-auth-sidecar + working-directory: basic-auth-sidecar + env: + ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} + ECR_REPOSITORY: ${{ env.DEV_BASIC_SIDECAR_ECR_REPO }} + IMAGE_TAG: ${{ github.sha }} + run: | + docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG . + docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG + + deploy: + needs: build + runs-on: ubuntu-latest + timeout-minutes: 60 + permissions: + id-token: write + contents: read + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Set up AWS credentials + uses: aws-actions/configure-aws-credentials@v2 + with: + role-to-assume: ${{ env.DEV_GHA_DEPLOYER_ROLE }} + aws-region: ${{ env.AWS_REGION }} + + - name: Upload frontend Terraform files + working-directory: ci/terraform + run: | + zip -r frontend.zip . + S3_RESPONSE=`aws s3api put-object \ + --bucket ${{ env.DEV_ARTIFACT_BUCKET }} \ + --key frontend.zip \ + --body frontend.zip \ + --metadata "repository=$GITHUB_REPOSITORY,commitsha=$GITHUB_SHA,committag=$GIT_TAG,commitmessage=$COMMIT_MSG"` + VERSION=`echo $S3_RESPONSE | jq .VersionId -r` + echo "VERSION=$VERSION" >> $GITHUB_ENV diff --git a/ci/terraform/dev.tfvars b/ci/terraform/dev.tfvars index 530be4b95..9211e8f98 100644 --- a/ci/terraform/dev.tfvars +++ b/ci/terraform/dev.tfvars @@ -1,12 +1,35 @@ -basic_auth_bypass_cidr_blocks = [] -deployer_role_arn = "arn:aws:iam::761723964695:role/deployer-role-pipeline-dev" -common_state_bucket = "digital-identity-dev-tfstate" -incoming_traffic_cidr_blocks = ["0.0.0.0/0"] -support_account_recovery = "1" -language_toggle_enabled = "1" - -logging_endpoint_arns = [ - "arn:aws:logs:eu-west-2:885513274347:destination:csls_cw_logs_destination_prodpython" -] +environment = "dev" +common_state_bucket = "di-auth-development-tfstate" + +frontend_auto_scaling_v2_enabled = true + +frontend_task_definition_cpu = 512 +frontend_task_definition_memory = 1024 +frontend_auto_scaling_min_count = 1 +frontend_auto_scaling_max_count = 2 +ecs_desired_count = 1 + +alb_idle_timeout = 30 + +support_account_recovery = "1" +support_authorize_controller = "1" +support_account_interventions = "1" +support_reauthentication = "1" +support_2fa_b4_password_reset = "1" +support_2hr_lockout = "1" +password_reset_code_entered_wrong_blocked_minutes = "1" +account_recovery_code_entered_wrong_blocked_minutes = "1" +code_request_blocked_minutes = "1" +email_entered_wrong_blocked_minutes = "1" +code_entered_wrong_blocked_minutes = "1" +reduced_code_block_duration_minutes = "0.5" +url_for_support_links = "https://home.dev.account.gov.uk/contact-gov-uk-one-login" +language_toggle_enabled = "1" + +logging_endpoint_arns = [] + +orch_to_auth_signing_public_key = "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHzG8IFx1jE1+Ul44jQk96efPknCX\nVxWS4PqLrKfR/31UQovFQLfyxA46uiMOvr7+0hRwFX1fQhagsIK+dfB5PA==\n-----END PUBLIC KEY-----" +orch_to_auth_client_id = "orchestrationAuth" +orch_to_auth_audience = "https://signin.dev.account.gov.uk/" dynatrace_secret_arn = "arn:aws:secretsmanager:eu-west-2:216552277552:secret:DynatraceNonProductionVariables"