diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f236db4f..d4cd72bc 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -8,40 +8,21 @@ env: BRANCH_NAME: ${{ github.ref_name }} jobs: - get_commit_id: - runs-on: ubuntu-22.04 - outputs: - commit_id: ${{ steps.commit_id.outputs.commit_id }} - sha_short: ${{ steps.commit_id.outputs.sha_short }} - - steps: - - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - with: - ref: ${{ env.BRANCH_NAME }} - - - name: Get Commit ID - id: commit_id - run: | - # echo "commit_id=${{ github.sha }}" >> "$GITHUB_ENV" - echo "commit_id=${{ github.sha }}" >> "$GITHUB_OUTPUT" - echo "sha_short=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT" get_config_values: uses: NHSDigital/eps-common-workflows/.github/workflows/get-repo-config.yml@b0172dbdb3af4ae232873106553c316d79d784fc with: verify_published_from_main_image: true quality_checks: uses: NHSDigital/eps-common-workflows/.github/workflows/quality-checks-devcontainer.yml@352f15f692c23b18f67215ad858f27b06a878717 - needs: [get_config_values, get_commit_id] + needs: [get_config_values] with: pinned_image: ${{ needs.get_config_values.outputs.pinned_image }} - run_docker_scan: true - docker_images: "eps-cdk-utils" + run_docker_scan: false secrets: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} tag_release: - needs: [quality_checks, get_commit_id, get_config_values] + needs: [quality_checks, get_config_values] uses: NHSDigital/eps-common-workflows/.github/workflows/tag-release-devcontainer.yml@352f15f692c23b18f67215ad858f27b06a878717 with: dry_run: true @@ -51,57 +32,8 @@ jobs: tag_format: ${{ needs.get_config_values.outputs.tag_format }} secrets: inherit - package_code: - needs: [tag_release, quality_checks, get_commit_id, get_config_values] - uses: ./.github/workflows/docker_image_build.yml - with: - pinned_image: ${{ needs.get_config_values.outputs.pinned_image }} - VERSION_NUMBER: pre-release-${{ needs.get_commit_id.outputs.sha_short }} - COMMIT_ID: ${{ needs.get_commit_id.outputs.commit_id }} - - release_dev: - needs: [tag_release, package_code, get_commit_id, get_config_values] - uses: ./.github/workflows/docker_image_upload.yml - with: - pinned_image: ${{ needs.get_config_values.outputs.pinned_image }} - AWS_ENVIRONMENT: dev - VERSION_NUMBER: pre-release-${{ needs.get_commit_id.outputs.sha_short }} - COMMIT_ID: ${{ needs.get_commit_id.outputs.commit_id }} - TAG_LATEST: false - DOCKER_IMAGE_TAG: pre-release-${{ needs.get_commit_id.outputs.sha_short }} - secrets: - CDK_PUSH_IMAGE_ROLE: ${{ secrets.DEV_CDK_PUSH_IMAGE_ROLE }} - - release_qa: - needs: - [tag_release, release_dev, package_code, get_commit_id, get_config_values] - uses: ./.github/workflows/docker_image_upload.yml - with: - pinned_image: ${{ needs.get_config_values.outputs.pinned_image }} - AWS_ENVIRONMENT: qa - VERSION_NUMBER: pre-release-${{ needs.get_commit_id.outputs.sha_short }} - COMMIT_ID: ${{ needs.get_commit_id.outputs.commit_id }} - TAG_LATEST: false - DOCKER_IMAGE_TAG: pre-release-${{ needs.get_commit_id.outputs.sha_short }} - secrets: - CDK_PUSH_IMAGE_ROLE: ${{ secrets.QA_CDK_PUSH_IMAGE_ROLE }} - - release_ref: - needs: - [tag_release, release_dev, package_code, get_commit_id, get_config_values] - uses: ./.github/workflows/docker_image_upload.yml - with: - pinned_image: ${{ needs.get_config_values.outputs.pinned_image }} - AWS_ENVIRONMENT: ref - VERSION_NUMBER: pre-release-${{ needs.get_commit_id.outputs.sha_short }} - COMMIT_ID: ${{ needs.get_commit_id.outputs.commit_id }} - TAG_LATEST: false - DOCKER_IMAGE_TAG: pre-release-${{ needs.get_commit_id.outputs.sha_short }} - secrets: - CDK_PUSH_IMAGE_ROLE: ${{ secrets.REF_CDK_PUSH_IMAGE_ROLE }} - package_npm_code: - needs: [quality_checks, get_commit_id, get_config_values] + needs: [quality_checks, get_config_values] uses: ./.github/workflows/package_npm_code.yml with: pinned_image: ${{ needs.get_config_values.outputs.pinned_image }} diff --git a/.github/workflows/docker_image_build.yml b/.github/workflows/docker_image_build.yml deleted file mode 100644 index 5e7aeee7..00000000 --- a/.github/workflows/docker_image_build.yml +++ /dev/null @@ -1,51 +0,0 @@ -name: docker image build - -on: - workflow_call: - inputs: - VERSION_NUMBER: - required: true - type: string - COMMIT_ID: - required: true - type: string - pinned_image: - type: string - required: true - -jobs: - docker_image_build: - runs-on: ubuntu-22.04 - container: - image: ${{ inputs.pinned_image }} - options: --user 1001:1001 --group-add 128 - defaults: - run: - shell: bash - permissions: - id-token: write - contents: read - packages: read - steps: - - name: copy .tool-versions - run: | - cp /home/vscode/.tool-versions "$HOME/.tool-versions" - - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - with: - ref: ${{ env.BRANCH_NAME }} - - - name: Build cdk-utils-build Docker image - id: build-cdk-utils-build-image - env: - VERSION_NUMBER: ${{ inputs.VERSION_NUMBER }} - run: | - docker build -t "cdk-utils-build:${VERSION_NUMBER}" -f docker/Dockerfile --build-arg VERSION="${VERSION_NUMBER}" . - docker save "cdk-utils-build:${VERSION_NUMBER}" -o cdk-utils-build.img - - - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f - name: Upload docker images - with: - name: docker_artifact - path: | - cdk-utils-build.img diff --git a/.github/workflows/docker_image_upload.yml b/.github/workflows/docker_image_upload.yml deleted file mode 100644 index c1692744..00000000 --- a/.github/workflows/docker_image_upload.yml +++ /dev/null @@ -1,95 +0,0 @@ -name: docker image upload - -on: - workflow_call: - inputs: - VERSION_NUMBER: - required: true - type: string - COMMIT_ID: - required: true - type: string - AWS_ENVIRONMENT: - required: true - type: string - TAG_LATEST: - required: true - type: boolean - DOCKER_IMAGE_TAG: - required: true - type: string - pinned_image: - type: string - required: true - secrets: - CDK_PUSH_IMAGE_ROLE: - required: true - -jobs: - upload_docker_image: - runs-on: ubuntu-22.04 - container: - image: ${{ inputs.pinned_image }} - options: --user 1001:1001 --group-add 128 - defaults: - run: - shell: bash - environment: ${{ inputs.AWS_ENVIRONMENT }} - permissions: - id-token: write - contents: write - - steps: - - name: copy .tool-versions - run: | - cp /home/vscode/.tool-versions "$HOME/.tool-versions" - - name: Checkout local github actions - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - with: - ref: ${{ env.BRANCH_NAME }} - fetch-depth: 0 - sparse-checkout: | - .github - - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 - with: - aws-region: eu-west-2 - role-to-assume: ${{ secrets.CDK_PUSH_IMAGE_ROLE }} - role-session-name: upload-cdk-utils-build - - - name: docker_artifact download - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c - with: - name: docker_artifact - path: . - - - name: Extract cdk-utils-build docker image - id: extract-cdk-utils-build-image - run: | - docker load -i cdk-utils-build.img - - - name: Retrieve AWS Account ID - id: retrieve-account-id - run: echo "ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)" >> "$GITHUB_ENV" - - - name: Login to Amazon ECR - id: login-ecr - run: | - aws ecr get-login-password --region eu-west-2 | docker login --username AWS --password-stdin ${{ env.ACCOUNT_ID }}.dkr.ecr.eu-west-2.amazonaws.com - - - name: Push tagged version cdk-utils-build to Amazon ECR - env: - VERSION_NUMBER: ${{ inputs.VERSION_NUMBER }} - DOCKER_IMAGE_TAG: ${{ inputs.DOCKER_IMAGE_TAG }} - run: | - docker tag "cdk-utils-build:${VERSION_NUMBER}" "${ACCOUNT_ID}.dkr.ecr.eu-west-2.amazonaws.com/cdk-utils-build-repo:${DOCKER_IMAGE_TAG}" - docker push "${ACCOUNT_ID}.dkr.ecr.eu-west-2.amazonaws.com/cdk-utils-build-repo:${DOCKER_IMAGE_TAG}" - - - name: Push latest cdk-utils-build to Amazon ECR - if: ${{ inputs.TAG_LATEST == true }} - env: - VERSION_NUMBER: ${{ inputs.VERSION_NUMBER }} - run: | - docker tag "cdk-utils-build:${VERSION_NUMBER}" "${ACCOUNT_ID}.dkr.ecr.eu-west-2.amazonaws.com/cdk-utils-build-repo:latest" - docker push "${ACCOUNT_ID}.dkr.ecr.eu-west-2.amazonaws.com/cdk-utils-build-repo:latest" diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index fe5b1861..9913c9a6 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -22,11 +22,10 @@ jobs: uses: NHSDigital/eps-common-workflows/.github/workflows/pr_title_check.yml@b0172dbdb3af4ae232873106553c316d79d784fc quality_checks: uses: NHSDigital/eps-common-workflows/.github/workflows/quality-checks-devcontainer.yml@352f15f692c23b18f67215ad858f27b06a878717 - needs: [get_config_values, get_commit_id] + needs: [get_config_values] with: pinned_image: ${{ needs.get_config_values.outputs.pinned_image }} - run_docker_scan: true - docker_images: "eps-cdk-utils" + run_docker_scan: false secrets: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} @@ -57,53 +56,15 @@ jobs: } result-encoding: string - get_commit_id: - runs-on: ubuntu-22.04 - outputs: - commit_id: ${{ steps.commit_id.outputs.commit_id }} - sha_short: ${{ steps.commit_id.outputs.sha_short }} - steps: - - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - with: - ref: ${{ env.BRANCH_NAME }} - - - name: Get Commit ID - id: commit_id - run: | - echo "commit_id=${{ github.sha }}" >> "$GITHUB_OUTPUT" - echo "sha_short=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT" - - package_docker_image: - needs: [get_issue_number, quality_checks, get_commit_id, get_config_values] - uses: ./.github/workflows/docker_image_build.yml - with: - VERSION_NUMBER: PR-${{ needs.get_issue_number.outputs.issue_number }} - COMMIT_ID: ${{ needs.get_commit_id.outputs.commit_id }} - pinned_image: ${{ needs.get_config_values.outputs.pinned_image }} package_npm_code: - needs: [quality_checks, get_commit_id, get_config_values] + needs: [quality_checks, get_config_values] uses: ./.github/workflows/package_npm_code.yml with: pinned_image: ${{ needs.get_config_values.outputs.pinned_image }} - release_docker_image: - needs: - [get_issue_number, package_docker_image, get_commit_id, get_config_values] - uses: ./.github/workflows/docker_image_upload.yml - with: - AWS_ENVIRONMENT: dev - VERSION_NUMBER: PR-${{ needs.get_issue_number.outputs.issue_number }} - COMMIT_ID: ${{ needs.get_commit_id.outputs.commit_id }} - TAG_LATEST: false - DOCKER_IMAGE_TAG: PR-${{ needs.get_issue_number.outputs.issue_number }}-${{ needs.get_commit_id.outputs.sha_short }} - pinned_image: ${{ needs.get_config_values.outputs.pinned_image }} - secrets: - CDK_PUSH_IMAGE_ROLE: ${{ secrets.DEV_CDK_PUSH_IMAGE_ROLE }} - tag_release: - needs: [get_commit_id, get_config_values] + needs: [get_config_values] uses: NHSDigital/eps-common-workflows/.github/workflows/tag-release-devcontainer.yml@352f15f692c23b18f67215ad858f27b06a878717 with: dry_run: true diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index cf39f01c..be3a34cc 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -13,36 +13,17 @@ jobs: uses: NHSDigital/eps-common-workflows/.github/workflows/get-repo-config.yml@b0172dbdb3af4ae232873106553c316d79d784fc with: verify_published_from_main_image: true - get_commit_id: - runs-on: ubuntu-22.04 - outputs: - commit_id: ${{ steps.commit_id.outputs.commit_id }} - sha_short: ${{ steps.commit_id.outputs.sha_short }} - - steps: - - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - with: - ref: ${{ env.BRANCH_NAME }} - - - name: Get Commit ID - id: commit_id - run: | - # echo "commit_id=${{ github.sha }}" >> "$GITHUB_ENV" - echo "commit_id=${{ github.sha }}" >> "$GITHUB_OUTPUT" - echo "sha_short=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT" quality_checks: uses: NHSDigital/eps-common-workflows/.github/workflows/quality-checks-devcontainer.yml@352f15f692c23b18f67215ad858f27b06a878717 - needs: [get_config_values, get_commit_id] + needs: [get_config_values] with: pinned_image: ${{ needs.get_config_values.outputs.pinned_image }} - run_docker_scan: true - docker_images: "eps-cdk-utils" + run_docker_scan: false secrets: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} tag_release: - needs: [quality_checks, get_commit_id, get_config_values] + needs: [quality_checks, get_config_values] uses: NHSDigital/eps-common-workflows/.github/workflows/tag-release-devcontainer.yml@352f15f692c23b18f67215ad858f27b06a878717 with: dry_run: false @@ -51,80 +32,3 @@ jobs: publish_packages: packages/cdkConstructs,packages/deploymentUtils tag_format: ${{ needs.get_config_values.outputs.tag_format }} secrets: inherit - - package_code: - needs: [tag_release, quality_checks, get_commit_id, get_config_values] - uses: ./.github/workflows/docker_image_build.yml - with: - VERSION_NUMBER: ${{needs.tag_release.outputs.version_tag}} - COMMIT_ID: ${{ needs.get_commit_id.outputs.commit_id }} - pinned_image: ${{ needs.get_config_values.outputs.pinned_image }} - - release_dev: - needs: [tag_release, package_code, get_commit_id, get_config_values] - uses: ./.github/workflows/docker_image_upload.yml - with: - pinned_image: ${{ needs.get_config_values.outputs.pinned_image }} - AWS_ENVIRONMENT: dev - VERSION_NUMBER: ${{needs.tag_release.outputs.version_tag}} - COMMIT_ID: ${{ needs.get_commit_id.outputs.commit_id }} - TAG_LATEST: true - DOCKER_IMAGE_TAG: ${{needs.tag_release.outputs.version_tag}} - secrets: - CDK_PUSH_IMAGE_ROLE: ${{ secrets.DEV_CDK_PUSH_IMAGE_ROLE }} - - release_qa: - needs: - [tag_release, release_dev, package_code, get_commit_id, get_config_values] - uses: ./.github/workflows/docker_image_upload.yml - with: - pinned_image: ${{ needs.get_config_values.outputs.pinned_image }} - AWS_ENVIRONMENT: qa - VERSION_NUMBER: ${{needs.tag_release.outputs.version_tag}} - COMMIT_ID: ${{ needs.get_commit_id.outputs.commit_id }} - TAG_LATEST: true - DOCKER_IMAGE_TAG: ${{needs.tag_release.outputs.version_tag}} - secrets: - CDK_PUSH_IMAGE_ROLE: ${{ secrets.QA_CDK_PUSH_IMAGE_ROLE }} - - release_ref: - needs: - [tag_release, release_dev, package_code, get_commit_id, get_config_values] - uses: ./.github/workflows/docker_image_upload.yml - with: - pinned_image: ${{ needs.get_config_values.outputs.pinned_image }} - AWS_ENVIRONMENT: ref - VERSION_NUMBER: ${{needs.tag_release.outputs.version_tag}} - COMMIT_ID: ${{ needs.get_commit_id.outputs.commit_id }} - TAG_LATEST: true - DOCKER_IMAGE_TAG: ${{needs.tag_release.outputs.version_tag}} - secrets: - CDK_PUSH_IMAGE_ROLE: ${{ secrets.REF_CDK_PUSH_IMAGE_ROLE }} - - release_int: - needs: - [tag_release, release_qa, package_code, get_commit_id, get_config_values] - uses: ./.github/workflows/docker_image_upload.yml - with: - pinned_image: ${{ needs.get_config_values.outputs.pinned_image }} - AWS_ENVIRONMENT: int - VERSION_NUMBER: ${{needs.tag_release.outputs.version_tag}} - COMMIT_ID: ${{ needs.get_commit_id.outputs.commit_id }} - TAG_LATEST: true - DOCKER_IMAGE_TAG: ${{needs.tag_release.outputs.version_tag}} - secrets: - CDK_PUSH_IMAGE_ROLE: ${{ secrets.INT_CDK_PUSH_IMAGE_ROLE }} - - release_prod: - needs: - [tag_release, release_int, package_code, get_commit_id, get_config_values] - uses: ./.github/workflows/docker_image_upload.yml - with: - pinned_image: ${{ needs.get_config_values.outputs.pinned_image }} - AWS_ENVIRONMENT: prod - VERSION_NUMBER: ${{needs.tag_release.outputs.version_tag}} - COMMIT_ID: ${{ needs.get_commit_id.outputs.commit_id }} - TAG_LATEST: true - DOCKER_IMAGE_TAG: ${{needs.tag_release.outputs.version_tag}} - secrets: - CDK_PUSH_IMAGE_ROLE: ${{ secrets.PROD_CDK_PUSH_IMAGE_ROLE }} diff --git a/README.md b/README.md index de751749..e08b5fa5 100644 --- a/README.md +++ b/README.md @@ -2,9 +2,10 @@ ![Build](https://github.com/NHSDigital/eps-cdk-utils/workflows/release/badge.svg?branch=main) -This repository contains a docker image used to deploy CDK to our environments and a CDK constructs library for common EPS project patterns, plus shared deployment utilities. +This repository contains +- a CDK constructs library for common EPS project patterns +- a shared deployment utilities library. -- `docker/` Contains Dockerfile used to build image used fo for CDK deployments - `packages/cdkConstructs/` Contains common CDK constructs and CDK helpers used in EPS projects - `packages/deploymentUtils/` Contains shared code for standardising OpenAPI specifications and performing Proxygen-based deployments - `scripts/` Utilities helpful to developers of this specification @@ -14,8 +15,8 @@ This repository contains a docker image used to deploy CDK to our environments a A release of this code happens automatically every Wednesday, but can also be triggered manually by running the release workflow. The release workflow does the following - creates a new tagged version - - creates a new version of the cdk construct library and publishes it to github - - pushes the cdk-utils docker image to dev and all other environments (subject to manual release approval in github actions) + - creates a new version of the eps-cdk-construct- library and publishes it to github + - creates a new version of the eps-deployment-utils library and publishes it to github ## CDK Constructs (`packages/cdkConstructs`) diff --git a/docker/Dockerfile b/docker/Dockerfile deleted file mode 100644 index d5d838cc..00000000 --- a/docker/Dockerfile +++ /dev/null @@ -1,53 +0,0 @@ -FROM ubuntu:24.04 - -ARG TARGETARCH -ENV TARGETARCH=${TARGETARCH} - - -ARG VERSION - -RUN apt-get update \ - && export DEBIAN_FRONTEND=noninteractive \ - && apt-get -y upgrade \ - && apt-get -y install --no-install-recommends ca-certificates curl git jq make unzip wget \ - && apt-get clean - -# install aws stuff -# Download correct AWS CLI for arch -RUN if [ "$TARGETARCH" = "arm64" ] || [ "$TARGETARCH" == "aarch64" ]; then \ - wget -O /tmp/awscliv2.zip "https://awscli.amazonaws.com/awscli-exe-linux-aarch64.zip"; \ - else \ - wget -O /tmp/awscliv2.zip "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip"; \ - fi && \ - unzip /tmp/awscliv2.zip -d /tmp/aws-cli && \ - /tmp/aws-cli/aws/install && \ - rm /tmp/awscliv2.zip && rm -rf /tmp/aws-cli - -# Install ASDF -RUN ASDF_VERSION=0.18.0 && \ - if [ "$TARGETARCH" = "arm64" ] || [ "$TARGETARCH" = "aarch64" ]; then \ - wget -O /tmp/asdf.tar.gz https://github.com/asdf-vm/asdf/releases/download/v${ASDF_VERSION}/asdf-v${ASDF_VERSION}-linux-arm64.tar.gz; \ - else \ - wget -O /tmp/asdf.tar.gz https://github.com/asdf-vm/asdf/releases/download/v${ASDF_VERSION}/asdf-v${ASDF_VERSION}-linux-amd64.tar.gz; \ - fi && \ - tar -xvzf /tmp/asdf.tar.gz && \ - mv asdf /usr/bin - -RUN useradd -ms /bin/bash cdkuser -RUN chown -R cdkuser /home/cdkuser -WORKDIR /home/cdkuser -USER cdkuser - -ENV PATH="$PATH:/home/cdkuser/.asdf/shims/:/home/cdkuser/node_modules/.bin" - -# Install ASDF plugins -RUN asdf plugin add nodejs https://github.com/asdf-vm/asdf-nodejs.git -# install some common node versions that are used in builds to speed things up -RUN asdf install nodejs 24.13.0 - -# copy files needed for deployment -COPY --chown=cdkuser docker/entrypoint.sh /home/cdkuser/ - -RUN echo "${VERSION}" > version.txt - -ENTRYPOINT ["/home/cdkuser/entrypoint.sh"] diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh deleted file mode 100755 index c2bfe464..00000000 --- a/docker/entrypoint.sh +++ /dev/null @@ -1,37 +0,0 @@ -#!/usr/bin/env bash -set -e - -VERSION=$(cat version.txt) - -echo "**************************************" -echo "RUNNING CDK_UTILS VERSION ${VERSION}" -echo "**************************************" -echo -echo - -if [[ -z "${CDK_APP_PATH}" ]]; then - echo "CDK_APP_PATH is unset or set to the empty string" - exit 1 -fi - -sed -i -n '/nodejs/p' /home/cdkuser/workspace/.tool-versions -cd /home/cdkuser/workspace/ || exit - -asdf install -asdf reshim nodejs - -if [[ "${SHOW_DIFF}" = "true" ]] -then - echo "Running diff" - npx cdk diff \ - --app "npx ts-node --prefer-ts-exts ${CDK_APP_PATH}" -fi -if [[ "${DEPLOY_CODE}" = "true" ]] -then - echo "Running deploy" - npx cdk deploy \ - --app "npx ts-node --prefer-ts-exts ${CDK_APP_PATH}" \ - --all \ - --require-approval=never \ - --ci true -fi