From 2d1721837d7d5095bfa010156fdee2ea2ef5c6ab Mon Sep 17 00:00:00 2001 From: NogaNHS Date: Mon, 12 Aug 2024 11:18:15 +0100 Subject: [PATCH] [PRMP-639] - remove gocd pipeline --- .../workflows/base-gp-registrations-mi.yml | 2 +- Dojofile | 1 - README.md | 47 +--- environment.json | 16 -- gocd/base-networking.pipeline.gocd.yaml | 114 ---------- .../container-repositories.pipeline.gocd.yaml | 114 ---------- gocd/ecs-cluster.pipeline.gocd.yaml | 114 ---------- gocd/gp-registrations-mi.pipeline.gocd.yaml | 207 ------------------ tasks | 130 ----------- 9 files changed, 2 insertions(+), 743 deletions(-) delete mode 100644 Dojofile delete mode 100644 environment.json delete mode 100644 gocd/base-networking.pipeline.gocd.yaml delete mode 100644 gocd/container-repositories.pipeline.gocd.yaml delete mode 100644 gocd/ecs-cluster.pipeline.gocd.yaml delete mode 100644 gocd/gp-registrations-mi.pipeline.gocd.yaml delete mode 100755 tasks diff --git a/.github/workflows/base-gp-registrations-mi.yml b/.github/workflows/base-gp-registrations-mi.yml index 4567a23..03a54e6 100644 --- a/.github/workflows/base-gp-registrations-mi.yml +++ b/.github/workflows/base-gp-registrations-mi.yml @@ -32,7 +32,7 @@ jobs: if: inputs.environment == 'prod' && inputs.is_deployment run: | aws ecr get-login-password --region ${{ vars.AWS_REGION }} | docker login --username AWS --password-stdin ${{ secrets.AWS_ECR_DEV_REPOSITORY }} - IMAGE_TAG=$(aws ecr describe-images --registy-id 123456789 --repository-name ${{ secrets.ECR_REPOSITORY_NAME }} --query 'sort_by(imageDetails,& imagePushedAt)[-1].imageTags[0]') + IMAGE_TAG=$(aws ecr describe-images --registy-id ${{ secrets.AWS_DEV_ACCOUNT_ID }} --repository-name ${{ secrets.ECR_REPOSITORY_NAME }} --query 'sort_by(imageDetails,& imagePushedAt)[-1].imageTags[0]') source_repo=${{ secrets.AWS_ECR_DEV_REPOSITORY }}/${{ secrets.ECR_REPOSITORY_DEV_NAME }}:${IMAGE_TAG//\"} destination_repo=${{ secrets.AWS_ECR_PROD_REPOSITORY}}/${{ secrets.ECR_REPOSITORY_NAME }}:${IMAGE_TAG//\"} docker pull $source_repo diff --git a/Dojofile b/Dojofile deleted file mode 100644 index b2a4ec7..0000000 --- a/Dojofile +++ /dev/null @@ -1 +0,0 @@ -DOJO_DOCKER_IMAGE="nhsdev/deductions-infra-dojo:24-47f9f50f" \ No newline at end of file diff --git a/README.md b/README.md index 9ba0a31..ed838c1 100644 --- a/README.md +++ b/README.md @@ -1,54 +1,9 @@ # prm-gp-registrations-mi-infra -## Setup - -These instructions assume you are using: - -- [aws-vault](https://github.com/99designs/aws-vault) to validate your AWS credentials. -- [dojo](https://github.com/kudulab/dojo) to provide an execution environment -- [colima](https://github.com/abiosoft/colima) to run the docker dojo images ## Applying terraform -Rolling out terraform against each environment is managed by the GoCD pipeline. If you'd like to test it locally, run the following commands: - -1. Enter the container: - -`aws-vault exec -- dojo` - - -2. Invoke terraform locally - -``` - ./tasks validate - ./tasks plan -``` - -The stack name denotes the specific stack you would like to validate. -The environment can be `dev` or `prod`. - -To run the formatting, run `./tasks format ` - -## Troubleshooting -Error: `Too many command line arguments. Did you mean to use -chdir?` - -If you are unable to validate/plan, make sure you doing it inside the dojo container by typing -``` - dojo (then running command inside) - or - ./tasks dojo-validate - -``` - -Error: `Error: Error inspecting states in the "s3" backend: -S3 bucket does not exist.` - -Try deleting the .terraform and the plans (dev.tfplan/prod.tfplan) +Rolling out terraform against each environment is managed by the GitHub Actions pipeline. The workflow files can be found in `.github/workflows` -Error: `docker: Cannot connect to the Docker daemon at unix:///Users/jnewman/.colima/docker.sock. Is the docker daemon running?.` -You need to install and start colima: -``` -colima start -``` diff --git a/environment.json b/environment.json deleted file mode 100644 index 4cc3638..0000000 --- a/environment.json +++ /dev/null @@ -1,16 +0,0 @@ -{ - "dev": { - "name": "dev", - "bucket_name": "prm-gp2gp-terraform-state-dev", - "dynamo_table": "prm-gp2gp-terraform-table", - "role_arn_param": "/registrations/dev/user-input/cross-account-admin-role", - "state_key_prefix": "gp-registrations-mi/" - }, - "prod": { - "name": "prod", - "bucket_name": "prm-gp2gp-terraform-state-prod", - "dynamo_table": "prm-gp2gp-terraform-table", - "role_arn_param": "/registrations/prod/user-input/cross-account-admin-role", - "state_key_prefix": "gp-registrations-mi/" - } -} \ No newline at end of file diff --git a/gocd/base-networking.pipeline.gocd.yaml b/gocd/base-networking.pipeline.gocd.yaml deleted file mode 100644 index 68b741b..0000000 --- a/gocd/base-networking.pipeline.gocd.yaml +++ /dev/null @@ -1,114 +0,0 @@ -format_version: 4 -pipelines: - "gp-registrations-mi-base-networking": - group: gp-registrations-mi-infra - label_template: "${gp_registrations_mi_base_networking[:8]}" - materials: - gp_registrations_mi_base_networking: - plugin_configuration: - id: git-path - options: - url: https://github.com/nhsconnect/prm-gp-registrations-mi-infra.git - path: stacks/base-networking - stages: - - validate: - clean_workspace: true - jobs: - test: - resources: - - docker - tasks: - - exec: - command: /bin/bash - arguments: - - -c - - ./tasks dojo-validate base-networking dev - - plan_dev: - clean_workspace: true - jobs: - plan: - resources: - - docker - artifacts: - - build: - source: stacks/base-networking/terraform/dev.tfplan - destination: stacks/base-networking/terraform - - build: - source: stacks/base-networking/terraform/.terraform.lock.hcl - destination: stacks/base-networking/terraform - tasks: - - exec: - command: /bin/bash - arguments: - - -c - - ./tasks dojo-plan base-networking dev - - apply_dev: - clean_workspace: true - jobs: - apply: - resources: - - docker - tasks: - - fetch: - stage: plan_dev - job: plan - source: stacks/base-networking/terraform/dev.tfplan - destination: stacks/base-networking/terraform - is_file: yes - - fetch: - stage: plan_dev - job: plan - source: stacks/base-networking/terraform/.terraform.lock.hcl - destination: stacks/base-networking/terraform - is_file: yes - - exec: - command: /bin/bash - arguments: - - -c - - ./tasks dojo-apply base-networking dev - - plan_prod: - clean_workspace: true - jobs: - plan: - resources: - - docker - artifacts: - - build: - source: stacks/base-networking/terraform/prod.tfplan - destination: stacks/base-networking/terraform - - build: - source: stacks/base-networking/terraform/.terraform.lock.hcl - destination: stacks/base-networking/terraform - tasks: - - exec: - command: /bin/bash - arguments: - - -c - - ./tasks dojo-plan base-networking prod - - apply_prod: - clean_workspace: true - approval: - type: manual - allow_only_on_success: true - jobs: - apply: - resources: - - docker - tasks: - - fetch: - stage: plan_prod - job: plan - source: stacks/base-networking/terraform/prod.tfplan - destination: stacks/base-networking/terraform - is_file: yes - - fetch: - stage: plan_prod - job: plan - source: stacks/base-networking/terraform/.terraform.lock.hcl - destination: stacks/base-networking/terraform - is_file: yes - - exec: - command: /bin/bash - arguments: - - -c - - ./tasks dojo-apply base-networking prod diff --git a/gocd/container-repositories.pipeline.gocd.yaml b/gocd/container-repositories.pipeline.gocd.yaml deleted file mode 100644 index 2e23ba9..0000000 --- a/gocd/container-repositories.pipeline.gocd.yaml +++ /dev/null @@ -1,114 +0,0 @@ -format_version: 4 -pipelines: - "gp-registrations-mi-container-repositories": - group: gp-registrations-mi-infra - label_template: "${gp_registrations_mi_container_repositories[:8]}" - materials: - gp_registrations_mi_container_repositories: - plugin_configuration: - id: git-path - options: - url: https://github.com/nhsconnect/prm-gp-registrations-mi-infra.git - path: stacks/container-repositories - stages: - - validate: - clean_workspace: true - jobs: - test: - resources: - - docker - tasks: - - exec: - command: /bin/bash - arguments: - - -c - - ./tasks dojo-validate container-repositories dev - - plan_dev: - clean_workspace: true - jobs: - plan: - resources: - - docker - artifacts: - - build: - source: stacks/container-repositories/terraform/dev.tfplan - destination: stacks/container-repositories/terraform - - build: - source: stacks/container-repositories/terraform/.terraform.lock.hcl - destination: stacks/container-repositories/terraform - tasks: - - exec: - command: /bin/bash - arguments: - - -c - - ./tasks dojo-plan container-repositories dev - - apply_dev: - clean_workspace: true - jobs: - apply: - resources: - - docker - tasks: - - fetch: - stage: plan_dev - job: plan - source: stacks/container-repositories/terraform/dev.tfplan - destination: stacks/container-repositories/terraform - is_file: yes - - fetch: - stage: plan_dev - job: plan - source: stacks/container-repositories/terraform/.terraform.lock.hcl - destination: stacks/container-repositories/terraform - is_file: yes - - exec: - command: /bin/bash - arguments: - - -c - - ./tasks dojo-apply container-repositories dev - - plan_prod: - clean_workspace: true - jobs: - plan: - resources: - - docker - artifacts: - - build: - source: stacks/container-repositories/terraform/prod.tfplan - destination: stacks/container-repositories/terraform - - build: - source: stacks/container-repositories/terraform/.terraform.lock.hcl - destination: stacks/container-repositories/terraform - tasks: - - exec: - command: /bin/bash - arguments: - - -c - - ./tasks dojo-plan container-repositories prod - - apply_prod: - clean_workspace: true - approval: - type: manual - allow_only_on_success: true - jobs: - apply: - resources: - - docker - tasks: - - fetch: - stage: plan_prod - job: plan - source: stacks/container-repositories/terraform/prod.tfplan - destination: stacks/container-repositories/terraform - is_file: yes - - fetch: - stage: plan_prod - job: plan - source: stacks/container-repositories/terraform/.terraform.lock.hcl - destination: stacks/container-repositories/terraform - is_file: yes - - exec: - command: /bin/bash - arguments: - - -c - - ./tasks dojo-apply container-repositories prod diff --git a/gocd/ecs-cluster.pipeline.gocd.yaml b/gocd/ecs-cluster.pipeline.gocd.yaml deleted file mode 100644 index d083ba2..0000000 --- a/gocd/ecs-cluster.pipeline.gocd.yaml +++ /dev/null @@ -1,114 +0,0 @@ -format_version: 4 -pipelines: - "gp-registrations-mi-ecs-cluster": - group: gp-registrations-mi-infra - label_template: "${gp_registrations_mi_ecs_cluster[:8]}" - materials: - gp_registrations_mi_ecs_cluster: - plugin_configuration: - id: git-path - options: - url: https://github.com/nhsconnect/prm-gp-registrations-mi-infra.git - path: stacks/ecs-cluster - stages: - - validate: - clean_workspace: true - jobs: - test: - resources: - - docker - tasks: - - exec: - command: /bin/bash - arguments: - - -c - - ./tasks dojo-validate ecs-cluster dev - - plan_dev: - clean_workspace: true - jobs: - plan: - resources: - - docker - artifacts: - - build: - source: stacks/ecs-cluster/terraform/dev.tfplan - destination: stacks/ecs-cluster/terraform - - build: - source: stacks/ecs-cluster/terraform/.terraform.lock.hcl - destination: stacks/ecs-cluster/terraform - tasks: - - exec: - command: /bin/bash - arguments: - - -c - - ./tasks dojo-plan ecs-cluster dev - - apply_dev: - clean_workspace: true - jobs: - apply: - resources: - - docker - tasks: - - fetch: - stage: plan_dev - job: plan - source: stacks/ecs-cluster/terraform/dev.tfplan - destination: stacks/ecs-cluster/terraform - is_file: yes - - fetch: - stage: plan_dev - job: plan - source: stacks/ecs-cluster/terraform/.terraform.lock.hcl - destination: stacks/ecs-cluster/terraform - is_file: yes - - exec: - command: /bin/bash - arguments: - - -c - - ./tasks dojo-apply ecs-cluster dev - - plan_prod: - clean_workspace: true - jobs: - plan: - resources: - - docker - artifacts: - - build: - source: stacks/ecs-cluster/terraform/prod.tfplan - destination: stacks/ecs-cluster/terraform - - build: - source: stacks/ecs-cluster/terraform/.terraform.lock.hcl - destination: stacks/ecs-cluster/terraform - tasks: - - exec: - command: /bin/bash - arguments: - - -c - - ./tasks dojo-plan ecs-cluster prod - - apply_prod: - clean_workspace: true - approval: - type: manual - allow_only_on_success: true - jobs: - apply: - resources: - - docker - tasks: - - fetch: - stage: plan_prod - job: plan - source: stacks/ecs-cluster/terraform/prod.tfplan - destination: stacks/ecs-cluster/terraform - is_file: yes - - fetch: - stage: plan_prod - job: plan - source: stacks/ecs-cluster/terraform/.terraform.lock.hcl - destination: stacks/ecs-cluster/terraform - is_file: yes - - exec: - command: /bin/bash - arguments: - - -c - - ./tasks dojo-apply ecs-cluster prod \ No newline at end of file diff --git a/gocd/gp-registrations-mi.pipeline.gocd.yaml b/gocd/gp-registrations-mi.pipeline.gocd.yaml deleted file mode 100644 index cba60bc..0000000 --- a/gocd/gp-registrations-mi.pipeline.gocd.yaml +++ /dev/null @@ -1,207 +0,0 @@ -format_version: 4 -pipelines: - "gp-registrations-mi-task": - group: gp-registrations-mi-infra - label_template: "${gp_registrations_mi_task[:8]}" - materials: - gp_registrations_mi_task: - plugin_configuration: - id: git-path - options: - url: https://github.com/nhsconnect/prm-gp-registrations-mi-infra.git - path: stacks/gp-registrations-mi, lambda/error-alarm-alert,lambda/splunk-cloud-event-uploader, lambda/event-enrichment, lambda/s3-event-uploader - gp_registrations_mi_image: - pipeline: prm-gp-registrations-mi - stage: publish_docker - stages: - - validate: - clean_workspace: true - jobs: - test: - resources: - - docker - tasks: - - exec: - command: /bin/bash - arguments: - - -c - - ./tasks dojo-validate gp-registrations-mi dev - - plan_dev: - clean_workspace: true - jobs: - plan: - resources: - - docker - artifacts: - - build: - source: stacks/gp-registrations-mi/terraform/dev.tfplan - destination: stacks/gp-registrations-mi/terraform - - build: - source: stacks/gp-registrations-mi/terraform/.terraform.lock.hcl - destination: stacks/gp-registrations-mi/terraform - - build: - source: lambda/build/error-alarm-alert.zip - destination: lambda/build/ - - build: - source: lambda/build/splunk-cloud-event-uploader.zip - destination: lambda/build/ - - build: - source: lambda/build/event-enrichment.zip - destination: lambda/build/ - - build: - source: lambda/build/s3-event-uploader.zip - destination: lambda/build/ - tasks: - - exec: - command: /bin/bash - arguments: - - -c - - TF_VAR_gp_registrations_mi_image_tag=$GO_DEPENDENCY_LABEL_GP_REGISTRATIONS_MI_IMAGE ./tasks dojo-plan gp-registrations-mi dev - - apply_dev: - clean_workspace: true - approval: - type: manual - allow_only_on_success: true - jobs: - apply: - resources: - - docker - tasks: - - fetch: - stage: plan_dev - job: plan - source: stacks/gp-registrations-mi/terraform/dev.tfplan - destination: stacks/gp-registrations-mi/terraform - is_file: yes - - fetch: - stage: plan_dev - job: plan - source: stacks/gp-registrations-mi/terraform/.terraform.lock.hcl - destination: stacks/gp-registrations-mi/terraform - is_file: yes - - fetch: - stage: plan_dev - job: plan - source: lambda/build/error-alarm-alert.zip - destination: lambda/build/ - is_file: yes - - fetch: - stage: plan_dev - job: plan - source: lambda/build/splunk-cloud-event-uploader.zip - destination: lambda/build/ - is_file: yes - - fetch: - stage: plan_dev - job: plan - source: lambda/build/event-enrichment.zip - destination: lambda/build/ - is_file: yes - - fetch: - stage: plan_dev - job: plan - source: lambda/build/s3-event-uploader.zip - destination: lambda/build/ - is_file: yes - - exec: - command: /bin/bash - arguments: - - -c - - ./tasks dojo-apply gp-registrations-mi dev - - promote_to_prod: - clean_workspace: true - approval: - type: manual - allow_only_on_success: true - jobs: - apply: - resources: - - docker - tasks: - - exec: - command: /bin/bash - arguments: - - -c - - ./scripts/promote-image dev prod mi-api $GO_DEPENDENCY_LABEL_GP_REGISTRATIONS_MI_IMAGE - - plan_prod: - clean_workspace: true - jobs: - plan: - resources: - - docker - artifacts: - - build: - source: stacks/gp-registrations-mi/terraform/prod.tfplan - destination: stacks/gp-registrations-mi/terraform - - build: - source: stacks/gp-registrations-mi/terraform/.terraform.lock.hcl - destination: stacks/gp-registrations-mi/terraform - - build: - source: lambda/build/error-alarm-alert.zip - destination: lambda/build/ - - build: - source: lambda/build/splunk-cloud-event-uploader.zip - destination: lambda/build/ - - build: - source: lambda/build/event-enrichment.zip - destination: lambda/build/ - - build: - source: lambda/build/s3-event-uploader.zip - destination: lambda/build/ - tasks: - - exec: - command: /bin/bash - arguments: - - -c - - TF_VAR_gp_registrations_mi_image_tag=$GO_DEPENDENCY_LABEL_GP_REGISTRATIONS_MI_IMAGE ./tasks dojo-plan gp-registrations-mi prod - - apply_prod: - clean_workspace: true - approval: - type: manual - allow_only_on_success: true - jobs: - apply: - resources: - - docker - tasks: - - fetch: - stage: plan_prod - job: plan - source: stacks/gp-registrations-mi/terraform/prod.tfplan - destination: stacks/gp-registrations-mi/terraform - is_file: yes - - fetch: - stage: plan_prod - job: plan - source: stacks/gp-registrations-mi/terraform/.terraform.lock.hcl - destination: stacks/gp-registrations-mi/terraform - is_file: yes - - fetch: - stage: plan_prod - job: plan - source: lambda/build/error-alarm-alert.zip - destination: lambda/build/ - is_file: yes - - fetch: - stage: plan_prod - job: plan - source: lambda/build/splunk-cloud-event-uploader.zip - destination: lambda/build/ - is_file: yes - - fetch: - stage: plan_prod - job: plan - source: lambda/build/event-enrichment.zip - destination: lambda/build/ - is_file: yes - - fetch: - stage: plan_prod - job: plan - source: lambda/build/s3-event-uploader.zip - destination: lambda/build/ - is_file: yes - - exec: - command: /bin/bash - arguments: - - -c - - ./tasks dojo-apply gp-registrations-mi prod diff --git a/tasks b/tasks deleted file mode 100755 index d76cf02..0000000 --- a/tasks +++ /dev/null @@ -1,130 +0,0 @@ -#!/bin/bash - -set -Eeo pipefail - -if [ "$#" -ne 3 ]; then - echo "Usage: $0 TASK STACK STACK-ENVIRONMENT" - exit 1 -fi - -task="$1" -stack_name="$2" -stack_env="$3" -state_region="eu-west-2" -tf_dir=stacks/${stack_name}/terraform -env_name=$(jq -r .${stack_env}.name environment.json) -state_lock_table=$(jq -r .${stack_env}.dynamo_table environment.json) -state_bucket=$(jq -r .${stack_env}.bucket_name environment.json) -s3_state_key=$(jq -r .${stack_env}.state_key_prefix environment.json)${stack_name}/terraform.tfstate - -function assume_role() { - role_arn_param=$(jq -r .${stack_env}.role_arn_param environment.json) - if [ "$role_arn_param" != "null" ]; then - role_arn=$(aws ssm get-parameters --region ${state_region} --names ${role_arn_param} --query 'Parameters[0].Value' --output text) - session_name="gp-registrations-mi-${env_name}-session" - - - - sts=$( - aws sts assume-role \ - --role-arn $role_arn \ - --role-session-name $session_name \ - --output json - ) - - export AWS_ACCESS_KEY_ID=$(echo $sts | jq -r .Credentials.AccessKeyId) - export AWS_SECRET_ACCESS_KEY=$(echo $sts | jq -r .Credentials.SecretAccessKey) - export AWS_SESSION_TOKEN=$(echo $sts | jq -r .Credentials.SessionToken) - fi - -} - -export TF_DATA_DIR=.terraform/${stack_env}/${stack_name} - -function tf_init() { - assume_role - terraform -chdir=${tf_dir} init \ - -backend-config key=${s3_state_key} \ - -backend-config bucket=${state_bucket} \ - -backend-config dynamodb_table=${state_lock_table} \ - -backend-config region=${state_region} -} - - -function build_lambda { - lambda_name=$1 - lambda_services=$2 - - build_dir=lambda/build/$lambda_name - rm -rf $build_dir - mkdir -p $build_dir - - requirements_file=lambda/$lambda_name/requirements.txt - if test -f "$requirements_file"; then - pip install -r $requirements_file -t $build_dir - fi - - if test "$lambda_services"; then - cp -r ./$lambda_services $build_dir - fi - cp lambda/$lambda_name/*.py $build_dir - - pushd $build_dir - zip -r -X ../$lambda_name.zip . - popd -} - - -echo "--- ${task} ---" -case "${task}" in -validate) - tf_init - terraform -chdir=${tf_dir} validate - ;; -dojo-validate) - dojo "./tasks validate ${stack_name} ${stack_env}" - ;; -plan) - build_lambda error-alarm-alert - build_lambda splunk-cloud-event-uploader - build_lambda event-enrichment services - build_lambda s3-event-uploader - tf_init - var_file=$(eval "pwd")/stacks/${stack_name}/vars/${stack_env}.tfvars - plan_output=$(eval "pwd")/stacks/${stack_name}/terraform/${stack_env}.tfplan - terraform -chdir=${tf_dir} plan -var environment=$env_name \ - -var-file=${var_file} \ - -out=${plan_output} - ;; -dojo-plan) - dojo "./tasks plan ${stack_name} ${stack_env}" - ;; -apply) - tf_init - terraform -chdir=${tf_dir} apply ${stack_env}.tfplan - ;; -dojo-apply) - dojo "./tasks apply ${stack_name} ${stack_env}" - ;; -format) - terraform -chdir=${tf_dir} fmt - ;; -destroy) - tf_init - var_file=$(eval "pwd")/stacks/${stack_name}/vars/${stack_env}.tfvars - terraform -chdir=${tf_dir} destroy -var environment=$env_name \ - -var-file=${var_file} - ;; -build-lambda) - build_lambda error-alarm-alert - build_lambda splunk-cloud-event-uploader - build_lambda event-enrichment services - build_lambda s3-event-uploader -;; -*) - echo "Invalid task: '${task}'" - exit 1 - ;; -esac - -set +e