From 6e2a8d65e390242c8ed22de5e42349429aa430c9 Mon Sep 17 00:00:00 2001
From: fpmrqs <fpottinger.marques@gmail.com>
Date: Fri, 15 Dec 2023 16:16:43 +0000
Subject: [PATCH] deploying backend

---
 .github/workflows/secure-post-merge copy.yml | 85 ++++++++++++++++++++
 1 file changed, 85 insertions(+)
 create mode 100644 .github/workflows/secure-post-merge copy.yml

diff --git a/.github/workflows/secure-post-merge copy.yml b/.github/workflows/secure-post-merge copy.yml
new file mode 100644
index 0000000000..78fb080748
--- /dev/null
+++ b/.github/workflows/secure-post-merge copy.yml	
@@ -0,0 +1,85 @@
+name: Secure Pipeline Test, Build, Package & Ship Core Back
+
+on:
+  push:
+    branches:
+      - canary-core-back-2.0
+    paths-ignore:
+      - 'deploy-delete-user-data/**'
+      - '.github/workflows/secure-post-merge-delete-account.yml'
+      - 'lambdas/delete-user-data/**'
+      - '.github/workflows/secure-post-merge-notags.yml'
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    env:
+      AWS_REGION: eu-west-2
+      ENVIRONMENT: build
+    permissions:
+      id-token: write
+      contents: read
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Set up JDK 17
+        uses: actions/setup-java@v3
+        with:
+          java-version: '17'
+          distribution: 'adopt'
+          cache: gradle
+
+      - name: Set up Python 3.8
+        uses: actions/setup-python@v4
+        with:
+          python-version: "3.8"
+
+      - name: Setup Gradle
+        uses: gradle/gradle-build-action@v2
+        with:
+          gradle-version: 8.2.1
+
+      - name: Set up SAM cli
+        uses: aws-actions/setup-sam@v2
+
+      - name: sam fix https://github.com/aws/aws-sam-cli/issues/4527
+        run: $(dirname $(readlink $(which sam)))/pip install --force-reinstall "cryptography==38.0.4"
+
+      # - name: Set up AWS creds For Integration Tests
+      #   uses: aws-actions/configure-aws-credentials@v4
+      #   with:
+      #     role-to-assume: ${{ secrets.ACTIONS_ROLE_ARN }}
+      #     aws-region: eu-west-2
+
+      - name: Set up AWS creds For Pipeline
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.CANARY_GH_ACTIONS_ROLE_ARN }}
+          aws-region: eu-west-2
+
+      - name: Generate code signing config
+        id: signing
+        uses: rusty-actions/sam-code-signing-config@1c9d03c875b42b34b5ecc68a9d219f583782bbfc
+        with:
+          template: ./deploy/template.yaml
+          profile: ${{ secrets.CANARY_SIGNING_PROFILE_NAME }}
+
+      - name: SAM validate
+        working-directory: ./deploy
+        run: sam validate --region ${{ env.AWS_REGION }}
+
+      - name: SAM build and test
+        working-directory: ./deploy
+        run: sam build
+
+      - name: Deploy SAM app
+        uses: alphagov/di-devplatform-upload-action@v3
+        with:
+            artifact-bucket-name: ${{ secrets.CANARY_ARTIFACT_BUCKET_NAME }}
+            signing-profile-name: ${{ secrets.CANARY_SIGNING_PROFILE_NAME }}
+            working-directory: ./deploy
+            template-file: template.yaml