NHSDigital · anthony-nhs · Oct 7, 2024 · Oct 7, 2024 · Oct 7, 2024 · Oct 7, 2024
diff --git a/.github/workflows/release_pfp_to_ref.yml b/.github/workflows/release_pfp_to_ref.yml
@@ -1,12 +1,149 @@
 name: 'Release pfp to ref'
 on:
   workflow_dispatch:
+    inputs:
+      pfpWorkflowRunID:
+        description: 'The github workflow run id of a pfp build and deployment to release to REF environment'
+        required: true
+
 jobs:
-  release_to_ref:
-    name: release_pfp_to_ref
+  get_issue_number:
     runs-on: ubuntu-latest
+    outputs:
+      issue_number: ${{steps.get_issue_number.outputs.result}}
+
     steps:
-      - name: Dummy step
+      - uses: actions/github-script@v7
+        name: get issue number
+        id: get_issue_number
+        with:
+          script: |
+            if (context.issue.number) {
+              // Return issue number if present
+              return context.issue.number;
+            } else {
+              // Otherwise return issue number from commit
+              return (
+                await github.rest.repos.listPullRequestsAssociatedWithCommit({
+                  commit_sha: context.sha,
+                  owner: context.repo.owner,
+                  repo: context.repo.repo,
+                })
+              ).data[0].number;
+            }
+          result-encoding: string
+
+  get_commit_id:
+    runs-on: ubuntu-latest
+    outputs:
+      commit_id: ${{ steps.commit_id.outputs.commit_id }}
+    steps:
+      - name: Get Commit ID
+        id: commit_id
+        run: |
+          echo "commit_id=${{ github.sha }}" >> "$GITHUB_OUTPUT"
+
+  release_pfp_to_ref:
+    needs: [get_issue_number]
+    runs-on: ubuntu-latest
+    permissions:
+        id-token: write
+        contents: read
+
+    steps:
+      - name: Show input params
         shell: bash
         run: |
-          echo "[DUMMY]"
+          echo "## psuWorkflowRunID : [${{ github.event.inputs.pfpWorkflowRunID }}](https://github.com/NHSDigital/prescriptionsforpatients/actions/runs/${{ github.event.inputs.pfpWorkflowRunID }})" >> "$GITHUB_STEP_SUMMARY"
+
+      - name: Checkout local github actions
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ env.BRANCH_NAME }}
+          fetch-depth: 0
+          sparse-checkout: |
+            .github
+            .tool-versions
+            poetry.lock
+            poetry.toml
+            pyproject.toml
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: eu-west-2
+          role-to-assume: ${{ secrets.REF_CLOUD_FORMATION_DEPLOY_ROLE }}
+          role-session-name: github-actions
+
+      - name: download build artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: packaged_code 
+          path: .
+          github-token: ${{ secrets.GH_PAT }}
+          repository: NHSDigital/prescriptionsforpatients
+          run-id: ${{ inputs.pfpWorkflowRunID }}
+
+      # using git commit sha for version of action to ensure we have stable version
+      - name: Install asdf
+        uses: asdf-vm/actions/setup@05e0d2ed97b598bfce82fd30daf324ae0c4570e6
+        with:
+          asdf_branch: v0.11.3
+
+      - name: Cache asdf
+        uses: actions/cache@v4
+        with:
+          path: |
+            ~/.asdf
+          key: ${{ runner.os }}-asdf-${{ hashFiles('**/.tool-versions') }}
+          restore-keys: |
+            ${{ runner.os }}-asdf-
+
+      - name: Install asdf dependencies in .tool-versions
+        uses: asdf-vm/actions/install@05e0d2ed97b598bfce82fd30daf324ae0c4570e6
+        with:
+          asdf_branch: v0.11.3
+        env:
+          PYTHON_CONFIGURE_OPTS: --enable-shared
+
+      - name: Run make install-python
+        run: |
+          make install-python
+
+      - name: release code
+        shell: bash
+        working-directory: .github/scripts
+        env:
+          artifact_bucket_prefix: pfp/load_test/${{ github.run_id }}
+          COMMIT_ID: load_test_${{ github.run_id }}
+          enable_mutual_tls: false
+          LOG_LEVEL: DEBUG
+          LOG_RETENTION_DAYS: 30
+          stack_name: pfp-load-test
+          TARGET_ENVIRONMENT: ref
+          target_service_search_server: ${{ secrets.TARGET_SERVICE_SEARCH_SERVER }}
+          target_spine_server: dummy-spine-${{needs.get_issue_number.outputs.issue_number}}.ref.eps.national.nhs.uk
+          template_file: template.yaml
+          TRUSTSTORE_FILE: psu-truststore.pem
+          VERSION_NUMBER: load_test_${{ github.run_id }}
+          TOGGLE_GET_STATUS_UPDATES: true
+          ENABLE_ALERTS: true
+        run: ./release_code.sh
+
+  package_code:
+    uses: ./.github/workflows/sam_package_code.yml
+
+  release_dummy_spine:
+    needs: [get_issue_number, package_code, get_commit_id]
+    uses: ./.github/workflows/sam_release_code.yml
+    with:
+      STACK_NAME: dummy-spine-${{needs.get_issue_number.outputs.issue_number}}
+      ARTIFACT_BUCKET_PREFIX: PR-${{needs.get_issue_number.outputs.issue_number}}
+      TARGET_ENVIRONMENT: dev-pr
+      BUILD_ARTIFACT: packaged_code
+      VERSION_NUMBER: PR-${{ needs.get_issue_number.outputs.issue_number }}
+      COMMIT_ID: ${{ needs.get_commit_id.outputs.commit_id }}
+      LOG_LEVEL: DEBUG
+      LOG_RETENTION_DAYS: 30
+    secrets:
+      CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.REF_CLOUD_FORMATION_DEPLOY_ROLE }}
diff --git a/.github/workflows/sam_package_code.yml b/.github/workflows/sam_package_code.yml
@@ -0,0 +1,68 @@
+name: sam package code
+
+on:
+  workflow_call:
+
+jobs:
+  sam_package_code:
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ env.BRANCH_NAME }}
+
+      # using git commit sha for version of action to ensure we have stable version
+      - name: Install asdf
+        uses: asdf-vm/actions/setup@05e0d2ed97b598bfce82fd30daf324ae0c4570e6
+        with:
+          asdf_branch: v0.11.3
+
+      - name: Cache asdf
+        uses: actions/cache@v4
+        with:
+          path: |
+            ~/.asdf
+          key: ${{ runner.os }}-asdf-${{ hashFiles('**/.tool-versions') }}
+          restore-keys: |
+            ${{ runner.os }}-asdf-
+
+      - name: Install asdf dependencies in .tool-versions
+        uses: asdf-vm/actions/install@05e0d2ed97b598bfce82fd30daf324ae0c4570e6
+        with:
+          asdf_branch: v0.11.3
+        env:
+          PYTHON_CONFIGURE_OPTS: --enable-shared
+
+      - name: Setting up .npmrc
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          echo "//npm.pkg.github.com/:_authToken=${NODE_AUTH_TOKEN}" >> ~/.npmrc
+          echo "@NHSDigital:registry=https://npm.pkg.github.com" >> ~/.npmrc
+
+      - name: make install
+        run: |
+          make install
+
+      - shell: bash
+        name: package code
+        run: |
+          cp .tool-versions ~/
+          rm -rf .aws-sam
+          export PATH=$PATH:$PWD/node_modules/.bin
+          make sam-build
+          cp Makefile .aws-sam/build/
+          cp samconfig_package_and_deploy.toml .aws-sam/build/
+
+      - uses: actions/upload-artifact@v4
+        name: upload build artifact
+        with:
+          name: packaged_code
+          path: |
+            .aws-sam/build
+            Makefile
+
diff --git a/.github/workflows/sam_release_code.yml b/.github/workflows/sam_release_code.yml
@@ -0,0 +1,77 @@
+name: sam release code
+
+on:
+  workflow_call:
+    inputs:
+      STACK_NAME:
+        required: true
+        type: string
+      ARTIFACT_BUCKET_PREFIX:
+        required: true
+        type: string
+      TARGET_ENVIRONMENT:
+        required: true
+        type: string
+      BUILD_ARTIFACT:
+        required: true
+        type: string
+      VERSION_NUMBER:
+        required: true
+        type: string
+      COMMIT_ID:
+        required: true
+        type: string
+      LOG_LEVEL:
+        required: true
+        type: string
+      LOG_RETENTION_DAYS:
+        required: true
+        type: string
+    secrets:
+      CLOUD_FORMATION_DEPLOY_ROLE:
+        required: true
+
+jobs:
+  sam_release_code:
+    runs-on: ubuntu-latest
+    environment: ${{ inputs.TARGET_ENVIRONMENT }}
+    permissions:
+      id-token: write
+      contents: write
+
+    steps:
+      - name: Checkout local github actions
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ env.BRANCH_NAME }}
+          fetch-depth: 0
+          sparse-checkout: |
+            .github
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: eu-west-2
+          role-to-assume: ${{ secrets.CLOUD_FORMATION_DEPLOY_ROLE }}
+          role-session-name: github-actions
+
+      - name: download build artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: ${{ inputs.BUILD_ARTIFACT }}
+          path: .
+
+      - name: release code
+        shell: bash
+        working-directory: .github/scripts
+        env:
+          artifact_bucket_prefix: dummy_spine/${{ inputs.ARTIFACT_BUCKET_PREFIX }}
+          COMMIT_ID: ${{ inputs.COMMIT_ID }}
+          LOG_LEVEL: ${{ inputs.LOG_LEVEL }}
+          LOG_RETENTION_DAYS: ${{ inputs.LOG_RETENTION_DAYS }}
+          stack_name: ${{ inputs.STACK_NAME }}
+          TARGET_ENVIRONMENT: ${{ inputs.TARGET_ENVIRONMENT }}
+          template_file: template.yaml
+          VERSION_NUMBER: ${{ inputs.VERSION_NUMBER }}
+        run: ./release_code.sh
+
diff --git a/Makefile b/Makefile
@@ -21,6 +21,34 @@ sam-sync: guard-AWS_DEFAULT_PROFILE guard-stack_name compile
 		--parameter-overrides \
 			  EnableSplunk=false
 
+sam-build: sam-validate compile
+	sam build --template-file SAMtemplates/main_template.yaml --region eu-west-2
+
+sam-validate: 
+	sam validate --template-file SAMtemplates/main_template.yaml --region eu-west-2
+	sam validate --template-file SAMtemplates/functions/lambda_resources.yaml --region eu-west-2
+
+sam-deploy-package: guard-artifact_bucket guard-artifact_bucket_prefix guard-stack_name guard-template_file guard-cloud_formation_execution_role guard-VERSION_NUMBER guard-COMMIT_ID guard-LOG_LEVEL guard-LOG_RETENTION_DAYS guard-TARGET_ENVIRONMENT
+	sam deploy \
+		--template-file $$template_file \
+		--stack-name $$stack_name \
+		--capabilities CAPABILITY_NAMED_IAM CAPABILITY_AUTO_EXPAND \
+		--region eu-west-2 \
+		--s3-bucket $$artifact_bucket \
+		--s3-prefix $$artifact_bucket_prefix \
+		--config-file samconfig_package_and_deploy.toml \
+		--no-fail-on-empty-changeset \
+		--role-arn $$cloud_formation_execution_role \
+		--no-confirm-changeset \
+		--force-upload \
+		--tags "version=$$VERSION_NUMBER" \
+		--parameter-overrides \
+			EnableSplunk=true \
+			VersionNumber=$$VERSION_NUMBER \
+			CommitId=$$COMMIT_ID \
+			LogLevel=$$LOG_LEVEL \
+			LogRetentionInDays=$$LOG_RETENTION_DAYS
+
 install: install-node
 
 install-python: