Skip to content

Commit 31cc8d4

Browse files
tstephen-nhststephen-nhs
committed
feat(cdk): add sandbox stack and deploy via unified app
1 parent 0c65025 commit 31cc8d4

12 files changed

Lines changed: 358 additions & 142 deletions

.github/workflows/cdk_release_code.yml

Lines changed: 21 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,22 @@ on:
2222
required: false
2323
type: string
2424
default: "stateless"
25+
APP_NAME:
26+
required: false
27+
type: string
28+
default: "PsuApiApp"
29+
TRUST_STORE_VERSION:
30+
type: string
31+
required: false
32+
default: "none"
33+
ENABLE_MUTUAL_TLS:
34+
type: boolean
35+
required: false
36+
default: false
37+
ENABLE_SPLUNK:
38+
type: boolean
39+
required: false
40+
default: false
2541
LOG_RETENTION_IN_DAYS:
2642
required: true
2743
type: string
@@ -137,9 +153,9 @@ jobs:
137153
defaults:
138154
run:
139155
shell: bash
140-
name: deploy cdk app ${{ inputs.STACK_MODE }}
156+
name: deploy cdk app ${{ inputs.APP_NAME }} ${{ inputs.STACK_MODE }}
141157
env:
142-
CDK_APP_NAME: "PsuApiApp"
158+
CDK_APP_NAME: "${{ inputs.APP_NAME }}"
143159
CDK_CONFIG_stackMode: "${{ inputs.STACK_MODE }}"
144160
CDK_CONFIG_stackName: "${{ inputs.STACK_NAME }}"
145161
CDK_CONFIG_versionNumber: "${{ inputs.VERSION_NUMBER }}"
@@ -149,6 +165,9 @@ jobs:
149165
CDK_CONFIG_logRetentionInDays: "${{ inputs.LOG_RETENTION_IN_DAYS }}"
150166
CDK_CONFIG_logLevel: "${{ inputs.LOG_LEVEL }}"
151167
CDK_CONFIG_trustStoreFile: "${{ inputs.TRUSTSTORE_FILE }}"
168+
CDK_CONFIG_trustStoreVersion: "${{ inputs.TRUST_STORE_VERSION }}"
169+
CDK_CONFIG_enableMutualTls: "${{ inputs.ENABLE_MUTUAL_TLS }}"
170+
CDK_CONFIG_enableSplunk: "${{ inputs.ENABLE_SPLUNK }}"
152171
CDK_CONFIG_forwardCsocLogs: "${{ inputs.FORWARD_CSOC_LOGS }}"
153172
CDK_CONFIG_deployCheckPrescriptionStatusUpdate: "${{ inputs.DEPLOY_CHECK_PRESCRIPTION_STATUS_UPDATE }}"
154173
CDK_CONFIG_exposeGetStatusUpdates: "${{ inputs.EXPOSE_GET_STATUS_UPDATES }}"

.github/workflows/ci.yml

Lines changed: 10 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -152,47 +152,30 @@ jobs:
152152
REGRESSION_TESTS_PEM: ${{ secrets.REGRESSION_TESTS_PEM }}
153153

154154
release_sandbox_dev:
155-
needs: [tag_release, sam_package_code, get_commit_id, get_config_values]
156-
uses: ./.github/workflows/run_release_code_and_api.yml
155+
needs: [cdk_package_code, get_commit_id, tag_release, get_config_values]
156+
uses: ./.github/workflows/cdk_release_code.yml
157157
permissions:
158158
contents: write
159159
id-token: write
160160
with:
161161
pinned_image: ${{ needs.get_config_values.outputs.pinned_image }}
162-
ARTIFACT_BUCKET_PREFIX: ${{needs.tag_release.outputs.version_tag}}-sandbox
162+
BRANCH_NAME: main
163+
APP_NAME: PsuApiSandboxApp
163164
STACK_NAME: psu-sandbox
164165
AWS_ENVIRONMENT: dev
165-
APIGEE_ENVIRONMENT: internal-dev-sandbox
166-
ENABLE_MUTUAL_TLS: true
167-
BUILD_ARTIFACT: packaged_sandbox_code
168-
TRUSTSTORE_FILE: psu-sandbox-truststore.pem
169166
VERSION_NUMBER: ${{needs.tag_release.outputs.version_tag}}
170167
COMMIT_ID: ${{needs.get_commit_id.outputs.commit_id}}
171-
LOG_RETENTION_DAYS: 30
172-
DEPLOY_APIGEE: true
173-
DYNAMODB_AUTOSCALE: false
174-
DEPLOY_APIGEE_CPSU: true
175-
DEPLOY_CHECK_PRESCRIPTION_STATUS_UPDATE: true
176-
EXPOSE_GET_STATUS_UPDATES: false
177-
RUN_REGRESSION_TEST: false
178-
STATE_MACHINE_LOG_LEVEL: ALL
168+
LOG_RETENTION_IN_DAYS: "30"
179169
LOG_LEVEL: DEBUG
180-
ENABLE_BACKUP: "False"
181-
ENABLE_NOTIFICATIONS_INTERNAL: false
182-
ENABLE_NOTIFICATIONS_EXTERNAL: false
183-
ENABLE_POST_DATED_NOTIFICATIONS: true
184-
ENABLED_SYSTEMS: "Internal Test System"
185-
BLOCKED_SITE_ODS_CODES: "B3J1Z"
186-
ENABLED_SUPPLIER_APPLICATION_IDS: "XXXXX" # Workaround empty string handling
187-
NOTIFY_ROUTING_PLAN_ID: "e57fe5cc-0567-4854-abe2-b7dd9014a50c"
188-
NOTIFY_API_BASE_URL: "https://int.api.service.nhs.uk"
189-
MTLS_KEY: psu-mtls-1
190170
IS_PULL_REQUEST: false
171+
TRUSTSTORE_FILE: psu-sandbox-truststore.pem
172+
TRUST_STORE_VERSION: "none"
173+
ENABLE_MUTUAL_TLS: true
174+
ENABLE_SPLUNK: false
175+
ENABLE_BACKUP: false
191176
FORWARD_CSOC_LOGS: false
192177
secrets:
193-
REGRESSION_TESTS_PEM: ${{ secrets.REGRESSION_TESTS_PEM }}
194178
CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }}
195-
PROXYGEN_ROLE: ${{ secrets.PROXYGEN_PTL_ROLE }}
196179

197180
release_qa:
198181
needs:

.github/workflows/pull_request.yml

Lines changed: 12 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -230,44 +230,29 @@ jobs:
230230
PROXYGEN_ROLE: ${{ secrets.PROXYGEN_PTL_ROLE }}
231231
REGRESSION_TESTS_PEM: ${{ secrets.REGRESSION_TESTS_PEM }}
232232

233-
release_sandbox_code:
233+
cdk_sandbox_release_code:
234234
needs:
235-
[get_issue_number, sam_package_code, get_commit_id, get_config_values]
236-
uses: ./.github/workflows/run_release_code_and_api.yml
235+
[get_issue_number, cdk_package_code, get_commit_id, get_config_values]
236+
uses: ./.github/workflows/cdk_release_code.yml
237237
permissions:
238238
contents: write
239239
id-token: write
240240
with:
241241
pinned_image: ${{ needs.get_config_values.outputs.pinned_image }}
242+
BRANCH_NAME: ${{ github.event.pull_request.head.ref }}
243+
APP_NAME: PsuApiSandboxApp
242244
STACK_NAME: psu-pr-${{needs.get_issue_number.outputs.issue_number}}-sandbox
243-
ARTIFACT_BUCKET_PREFIX: PR-${{needs.get_issue_number.outputs.issue_number}}-sandbox
244245
AWS_ENVIRONMENT: dev
245-
APIGEE_ENVIRONMENT: internal-dev-sandbox
246-
ENABLE_MUTUAL_TLS: false
247-
BUILD_ARTIFACT: packaged_sandbox_code
248-
TRUSTSTORE_FILE: psu-sandbox-truststore.pem
249246
VERSION_NUMBER: PR-${{ needs.get_issue_number.outputs.issue_number }}
250247
COMMIT_ID: ${{ needs.get_commit_id.outputs.commit_id }}
251-
LOG_RETENTION_DAYS: 30
252-
DEPLOY_APIGEE: true
253-
DYNAMODB_AUTOSCALE: false
254-
DEPLOY_APIGEE_CPSU: true
255-
DEPLOY_CHECK_PRESCRIPTION_STATUS_UPDATE: true
256-
EXPOSE_GET_STATUS_UPDATES: false
257-
RUN_REGRESSION_TEST: false
258-
STATE_MACHINE_LOG_LEVEL: ALL
259-
ENABLE_BACKUP: "False"
260-
ENABLE_NOTIFICATIONS_INTERNAL: false
261-
ENABLE_NOTIFICATIONS_EXTERNAL: false
262-
ENABLED_SYSTEMS: "Internal Test System"
263-
BLOCKED_SITE_ODS_CODES: "B3J1Z"
264-
ENABLED_SUPPLIER_APPLICATION_IDS: "XXXXX" # Workaround empty string handling
265-
NOTIFY_ROUTING_PLAN_ID: "e57fe5cc-0567-4854-abe2-b7dd9014a50c"
266-
NOTIFY_API_BASE_URL: "https://int.api.service.nhs.uk"
267-
MTLS_KEY: psu-mtls-1
248+
LOG_RETENTION_IN_DAYS: "30"
249+
LOG_LEVEL: DEBUG
268250
IS_PULL_REQUEST: true
251+
TRUSTSTORE_FILE: psu-sandbox-truststore.pem
252+
TRUST_STORE_VERSION: "none"
253+
ENABLE_MUTUAL_TLS: false
254+
ENABLE_SPLUNK: false
255+
ENABLE_BACKUP: false
269256
FORWARD_CSOC_LOGS: false
270257
secrets:
271258
CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }}
272-
PROXYGEN_ROLE: ${{ secrets.PROXYGEN_PTL_ROLE }}
273-
REGRESSION_TESTS_PEM: ${{ secrets.REGRESSION_TESTS_PEM }}

.github/workflows/release.yml

Lines changed: 22 additions & 62 deletions
Original file line numberDiff line numberDiff line change
@@ -192,50 +192,30 @@ jobs:
192192
REGRESSION_TESTS_PEM: ${{ secrets.REGRESSION_TESTS_PEM }}
193193

194194
release_dev_sandbox:
195-
needs: [tag_release, sam_package_code, get_commit_id, get_config_values]
196-
uses: ./.github/workflows/run_release_code_and_api.yml
195+
needs: [cdk_package_code, get_commit_id, tag_release, get_config_values]
196+
uses: ./.github/workflows/cdk_release_code.yml
197197
permissions:
198198
contents: write
199199
id-token: write
200200
with:
201201
pinned_image: ${{ needs.get_config_values.outputs.pinned_image }}
202-
ARTIFACT_BUCKET_PREFIX: ${{needs.tag_release.outputs.version_tag}}-sandbox
202+
BRANCH_NAME: main
203+
APP_NAME: PsuApiSandboxApp
203204
STACK_NAME: psu-sandbox
204205
AWS_ENVIRONMENT: dev
205-
APIGEE_ENVIRONMENT: internal-dev-sandbox
206-
ENABLE_MUTUAL_TLS: true
207-
BUILD_ARTIFACT: packaged_sandbox_code
208-
TRUSTSTORE_FILE: psu-sandbox-truststore.pem
209206
VERSION_NUMBER: ${{needs.tag_release.outputs.version_tag}}
210207
COMMIT_ID: ${{needs.get_commit_id.outputs.commit_id}}
211-
LOG_RETENTION_DAYS: 30
212-
DEPLOY_APIGEE: true
213-
DYNAMODB_AUTOSCALE: false
214-
DEPLOY_APIGEE_CPSU: true
215-
DEPLOY_CHECK_PRESCRIPTION_STATUS_UPDATE: true
216-
EXPOSE_GET_STATUS_UPDATES: false
217-
RUN_REGRESSION_TEST: false
218-
STATE_MACHINE_LOG_LEVEL: ALL
219-
ENABLE_BACKUP: "False"
220-
ENABLE_NOTIFICATIONS_INTERNAL: false
221-
ENABLE_NOTIFICATIONS_EXTERNAL: false
222-
ENABLE_POST_DATED_NOTIFICATIONS: false
223-
ENABLED_SYSTEMS: "Internal Test System"
224-
BLOCKED_SITE_ODS_CODES: "B3J1Z"
225-
ENABLED_SUPPLIER_APPLICATION_IDS: "XXXXX"
226-
NOTIFY_ROUTING_PLAN_ID: "e57fe5cc-0567-4854-abe2-b7dd9014a50c"
227-
NOTIFY_API_BASE_URL: "https://int.api.service.nhs.uk"
228-
MTLS_KEY: psu-mtls-1
208+
LOG_RETENTION_IN_DAYS: "30"
209+
LOG_LEVEL: DEBUG
229210
IS_PULL_REQUEST: false
230-
TEST_PRESCRIPTIONS_1: ${{ vars.TEST_PRESCRIPTIONS_1_VALUES }}
231-
TEST_PRESCRIPTIONS_2: ${{ vars.TEST_PRESCRIPTIONS_2_VALUES }}
232-
TEST_PRESCRIPTIONS_3: ${{ vars.TEST_PRESCRIPTIONS_3_VALUES }}
233-
TEST_PRESCRIPTIONS_4: ${{ vars.TEST_PRESCRIPTIONS_4_VALUES }}
211+
TRUSTSTORE_FILE: psu-sandbox-truststore.pem
212+
TRUST_STORE_VERSION: "none"
213+
ENABLE_MUTUAL_TLS: true
214+
ENABLE_SPLUNK: false
215+
ENABLE_BACKUP: false
234216
FORWARD_CSOC_LOGS: false
235217
secrets:
236218
CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }}
237-
PROXYGEN_ROLE: ${{ secrets.PROXYGEN_PTL_ROLE }}
238-
REGRESSION_TESTS_PEM: ${{ secrets.REGRESSION_TESTS_PEM }}
239219

240220
release_ref:
241221
needs:
@@ -534,55 +514,35 @@ jobs:
534514
release_int_sandbox:
535515
needs:
536516
[
517+
cdk_package_code,
537518
tag_release,
538519
release_qa,
539-
sam_package_code,
540520
get_commit_id,
541521
get_config_values,
542522
]
543-
uses: ./.github/workflows/run_release_code_and_api.yml
523+
uses: ./.github/workflows/cdk_release_code.yml
544524
permissions:
545525
contents: write
546526
id-token: write
547527
with:
548528
pinned_image: ${{ needs.get_config_values.outputs.pinned_image }}
549-
ARTIFACT_BUCKET_PREFIX: ${{needs.tag_release.outputs.version_tag}}-sandbox
529+
BRANCH_NAME: main
530+
APP_NAME: PsuApiSandboxApp
550531
STACK_NAME: psu-sandbox
551532
AWS_ENVIRONMENT: int
552-
APIGEE_ENVIRONMENT: sandbox
553-
ENABLE_MUTUAL_TLS: true
554-
BUILD_ARTIFACT: packaged_sandbox_code
555-
TRUSTSTORE_FILE: psu-sandbox-truststore.pem
556533
VERSION_NUMBER: ${{needs.tag_release.outputs.version_tag}}
557534
COMMIT_ID: ${{needs.get_commit_id.outputs.commit_id}}
558-
LOG_RETENTION_DAYS: 30
559-
DEPLOY_APIGEE: true
560-
DYNAMODB_AUTOSCALE: false
561-
DEPLOY_APIGEE_CPSU: true
562-
DEPLOY_CHECK_PRESCRIPTION_STATUS_UPDATE: true
563-
EXPOSE_GET_STATUS_UPDATES: false
564-
RUN_REGRESSION_TEST: false
565-
STATE_MACHINE_LOG_LEVEL: ALL
566-
ENABLE_BACKUP: "False"
567-
ENABLE_NOTIFICATIONS_INTERNAL: false
568-
ENABLE_NOTIFICATIONS_EXTERNAL: false
569-
ENABLE_POST_DATED_NOTIFICATIONS: false
570-
ENABLED_SYSTEMS: "Internal Test System, Apotec Ltd - Apotec CRM - Production, CrxPatientApp, nhsPrescriptionApp, Titan PSU Prod"
571-
BLOCKED_SITE_ODS_CODES: "B3J1Z"
572-
ENABLED_SUPPLIER_APPLICATION_IDS: "XXXXX"
573-
NOTIFY_ROUTING_PLAN_ID: "e57fe5cc-0567-4854-abe2-b7dd9014a50c"
574-
NOTIFY_API_BASE_URL: "https://int.api.service.nhs.uk"
575-
MTLS_KEY: psu-mtls-1
535+
LOG_RETENTION_IN_DAYS: "30"
536+
LOG_LEVEL: DEBUG
576537
IS_PULL_REQUEST: false
577-
TEST_PRESCRIPTIONS_1: ${{ vars.TEST_PRESCRIPTIONS_1_VALUES }}
578-
TEST_PRESCRIPTIONS_2: ${{ vars.TEST_PRESCRIPTIONS_2_VALUES }}
579-
TEST_PRESCRIPTIONS_3: ${{ vars.TEST_PRESCRIPTIONS_3_VALUES }}
580-
TEST_PRESCRIPTIONS_4: ${{ vars.TEST_PRESCRIPTIONS_4_VALUES }}
538+
TRUSTSTORE_FILE: psu-sandbox-truststore.pem
539+
TRUST_STORE_VERSION: "none"
540+
ENABLE_MUTUAL_TLS: true
541+
ENABLE_SPLUNK: false
542+
ENABLE_BACKUP: false
581543
FORWARD_CSOC_LOGS: false
582544
secrets:
583545
CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.INT_CLOUD_FORMATION_DEPLOY_ROLE }}
584-
PROXYGEN_ROLE: ${{ secrets.PROXYGEN_PROD_ROLE }}
585-
REGRESSION_TESTS_PEM: ${{ secrets.REGRESSION_TESTS_PEM }}
586546

587547
release_prod:
588548
needs:

Makefile

Lines changed: 17 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,9 @@ export CDK_CONFIG_environment=dev
1111
export CDK_CONFIG_logRetentionInDays=30
1212
export CDK_CONFIG_logLevel=DEBUG
1313
export CDK_CONFIG_trustStoreFile=psu-truststore.pem
14+
export CDK_CONFIG_trustStoreVersion=none
15+
export CDK_CONFIG_enableMutualTls=false
16+
export CDK_CONFIG_enableSplunk=false
1417
export CDK_CONFIG_forwardCsocLogs=false
1518
export CDK_CONFIG_deployCheckPrescriptionStatusUpdate=true
1619
export CDK_CONFIG_exposeGetStatusUpdates=false
@@ -257,7 +260,7 @@ cdk-deploy:
257260
REQUIRE_APPROVAL="$${REQUIRE_APPROVAL:-any-change}" && \
258261
npm run cdk-deploy --workspace packages/cdk
259262

260-
cdk-synth:
263+
cdk-stateless-synth:
261264
CDK_APP_NAME=PsuApiApp \
262265
CDK_CONFIG_stackMode=stateless \
263266
CDK_CONFIG_stackName=psu-cdk \
@@ -283,6 +286,19 @@ cdk-stateful-synth:
283286
CDK_CONFIG_enableBackup=false \
284287
npm run cdk-synth --workspace packages/cdk
285288

289+
cdk-sandbox-synth:
290+
CDK_APP_NAME=PsuApiSandboxApp \
291+
CDK_CONFIG_stackName=psu-sandbox \
292+
CDK_CONFIG_logRetentionInDays=30 \
293+
CDK_CONFIG_logLevel=DEBUG \
294+
CDK_CONFIG_environment=dev \
295+
CDK_CONFIG_trustStoreFile=psu-sandbox-truststore.pem \
296+
CDK_CONFIG_trustStoreVersion=none \
297+
CDK_CONFIG_enableMutualTls=false \
298+
CDK_CONFIG_enableSplunk=false \
299+
CDK_CONFIG_enableBackup=false \
300+
npm run cdk-synth --workspace packages/cdk
301+
286302
cdk-diff:
287303
npm run cdk-diff --workspace packages/cdk
288304

package-lock.json

Lines changed: 8 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

packages/cdk/bin/PsuApiApp.ts

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -5,8 +5,8 @@ import {
55
getConfigFromEnvVar,
66
getNumberConfigFromEnvVar
77
} from "@nhsdigital/eps-cdk-constructs"
8-
import {PsuStatelessStack} from "../stacks/PsuStatelessStack"
9-
import {PsuStatefulStack} from "../stacks/PsuStatefulStack"
8+
import {PsuApiStatelessStack} from "../stacks/PsuApiStatelessStack"
9+
import {PsuApiStatefulStack} from "../stacks/PsuApiStatefulStack"
1010

1111
type StackMode = "stateless" | "stateful"
1212

@@ -31,7 +31,7 @@ async function main() {
3131
const stackMode = getStackMode()
3232

3333
if (stackMode === "stateless") {
34-
new PsuStatelessStack(app, "PsuStatelessStack", {
34+
new PsuApiStatelessStack(app, "PsuApiStatelessStack", {
3535
...props,
3636
stackName: calculateVersionedStackName(getConfigFromEnvVar("stackName"), props),
3737
samStackName: getConfigFromEnvVar("samStackName"), // TODO: REMOVE THE NEED FOR THIS
@@ -53,7 +53,7 @@ async function main() {
5353
// Stateful stacks use a stable (non-versioned) stack name so that the same
5454
// CloudFormation stack is updated in-place on every deployment rather than
5555
// creating a new stack per version.
56-
new PsuStatefulStack(app, "PsuStatefulStack", {
56+
new PsuApiStatefulStack(app, "PsuApiStatefulStack", {
5757
...props,
5858
stackName: getConfigFromEnvVar("stackName"),
5959
logRetentionInDays: getNumberConfigFromEnvVar("logRetentionInDays"),

0 commit comments

Comments
 (0)