-
Notifications
You must be signed in to change notification settings - Fork 15
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add opt-out import and cclf-import workflows (#957)
## 🎫 Ticket https://jira.cms.gov/browse/BCDA-7899 ## 🛠 Changes Added cclf-import workflows. Added Sean's opt-out-import workflows. Added unit testing workflow for cclf and opt-out workflow. ## ℹ️ Context for reviewers Creating a merge PR in order to test run the workflows. Some things will probably have to change within the workflows themselves. ## ✅ Acceptance Validation Workflows completed: <img width="887" alt="Screenshot 2024-06-18 at 12 23 13 PM" src="https://github.com/CMSgov/bcda-app/assets/162146803/83f76cac-4b7b-4452-b13a-771b68449e76"> <img width="858" alt="Screenshot 2024-06-18 at 12 23 38 PM" src="https://github.com/CMSgov/bcda-app/assets/162146803/b1d4b064-84c9-410f-9049-69e81eb61b6c"> Lambdas updated: <img width="1198" alt="Screenshot 2024-06-18 at 12 29 49 PM" src="https://github.com/CMSgov/bcda-app/assets/162146803/4b38465c-d2ed-4cc6-94e8-95852e1ca5b9"> ## 🔒 Security Implications - [ ] This PR adds a new software dependency or dependencies. - [ ] This PR modifies or invalidates one or more of our security controls. - [ ] This PR stores or transmits data that was not stored or transmitted before. - [ ] This PR requires additional review of its security implications for other reasons. If any security implications apply, add Jason Ashbaugh (GitHub username: StewGoin) as a reviewer and do not merge this PR without his approval. --------- Co-authored-by: Sean Fern <[email protected]>
- Loading branch information
1 parent
67e8641
commit c3baf17
Showing
9 changed files
with
303 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| name: cclf-import dev deploy | ||
|
|
||
| on: | ||
| push: | ||
| branches: | ||
| - main | ||
| paths: | ||
| - cclf-import/** | ||
| - .github/workflows/cclf-import-dev-deploy.yml | ||
| workflow_dispatch: | ||
|
|
||
| jobs: | ||
| test: | ||
| permissions: | ||
| contents: read | ||
| id-token: write | ||
| runs-on: ubuntu-latest | ||
| defaults: | ||
| run: | ||
| working-directory: bcda | ||
| environment: dev | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - uses: actions/setup-go@v5 | ||
| - name: Build cclf-import zip file | ||
| run: | | ||
| go build -o bin/cclf-import ./lambda/cclf/main.go | ||
| zip function.zip bin/cclf-import | ||
| - uses: aws-actions/configure-aws-credentials@v4 | ||
| with: | ||
| aws-region: ${{ vars.AWS_REGION }} | ||
| role-to-assume: arn:aws:iam::${{ secrets.ACCOUNT_ID }}:role/delegatedadmin/developer/bcda-dev-github-actions | ||
| - name: Upload and reload | ||
| run: | | ||
| aws s3 cp --no-progress function.zip \ | ||
| s3://bcda-dev-cclf-import-function/function-${{ github.sha }}.zip | ||
| aws lambda update-function-code --function-name bcda-dev-cclf-import \ | ||
| --s3-bucket bcda-dev-cclf-import-function --s3-key function-${{ github.sha }}.zip |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,25 @@ | ||
| name: cclf-import prod deploy | ||
|
|
||
| on: | ||
| workflow_dispatch: | ||
|
|
||
| jobs: | ||
| deploy: | ||
| permissions: | ||
| contents: read | ||
| id-token: write | ||
| runs-on: ubuntu-latest | ||
| environment: prod | ||
| steps: | ||
| - uses: aws-actions/configure-aws-credentials@v4 | ||
| with: | ||
| aws-region: ${{ vars.AWS_REGION }} | ||
| role-to-assume: arn:aws:iam::${{ secrets.ACCOUNT_ID }}:role/delegatedadmin/developer/bcda-prod-github-actions | ||
| - name: Promote lambda code from test to prod | ||
| run: | | ||
| aws s3 cp --no-progress \ | ||
| s3://bcda-test-cclf-import-function/function-${{ github.sha }}.zip \ | ||
| s3://bcda-prod-cclf-import-function/function-${{ github.sha }}.zip | ||
| aws lambda update-function-code --function-name bcda-prod-cclf-import \ | ||
| --s3-bucket bcda-prod-cclf-import-function --s3-key function-${{ github.sha }}.zip | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,35 @@ | ||
| name: cclf-import test deploy | ||
|
|
||
| on: | ||
| workflow_call: | ||
| workflow_dispatch: | ||
|
|
||
| jobs: | ||
| test: | ||
| permissions: | ||
| contents: read | ||
| id-token: write | ||
| runs-on: ubuntu-latest | ||
| defaults: | ||
| run: | ||
| working-directory: bcda | ||
| environment: test | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - uses: actions/setup-go@v5 | ||
| - name: Build cclf-import zip file | ||
| env: | ||
| CGO_ENABLED: 0 | ||
| run: | | ||
| go build -o bin/cclf-import ./lambda/cclf/main.go | ||
| zip function.zip bin/cclf-import | ||
| - uses: aws-actions/configure-aws-credentials@v4 | ||
| with: | ||
| aws-region: ${{ vars.AWS_REGION }} | ||
| role-to-assume: arn:aws:iam::${{ secrets.ACCOUNT_ID }}:role/delegatedadmin/developer/bcda-test-github-actions | ||
| - name: Upload and reload | ||
| run: | | ||
| aws s3 cp --no-progress function.zip \ | ||
| s3://bcda-test-cclf-import-function/function-${{ github.sha }}.zip | ||
| aws lambda update-function-code --function-name bcda-test-cclf-import \ | ||
| --s3-bucket bcda-test-cclf-import-function --s3-key function-${{ github.sha }}.zip |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,51 @@ | ||
| name: cclf-import test integration | ||
|
|
||
| on: | ||
| pull_request: | ||
| paths: | ||
| - .github/workflows/cclf-import-test-integration.yml | ||
| - .github/workflows/cclf-import-test-deploy.yml | ||
| - cclf/** | ||
| workflow_dispatch: | ||
|
|
||
| # Ensure we have only one integration test running at a time | ||
| concurrency: | ||
| group: cclf-import-test-integration | ||
|
|
||
| jobs: | ||
| # Deploy first if triggered by pull_request | ||
| deploy: | ||
| if: ${{ github.event_name == 'pull_request' }} | ||
| uses: ./.github/workflows/cclf-import-test-deploy.yml | ||
| secrets: inherit | ||
|
|
||
| trigger: | ||
| if: ${{ always() }} | ||
| needs: deploy | ||
| permissions: | ||
| contents: read | ||
| id-token: write | ||
| runs-on: ubuntu-latest | ||
| defaults: | ||
| run: | ||
| working-directory: bcda | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - uses: aws-actions/configure-aws-credentials@v4 | ||
| with: | ||
| aws-region: ${{ vars.AWS_REGION }} | ||
| role-to-assume: arn:aws:iam::${{ secrets.ACCOUNT_ID }}:role/delegatedadmin/developer/bcda-test-cclf-import-function | ||
| - uses: aws-actions/configure-aws-credentials@v4 | ||
| with: | ||
| aws-region: ${{ vars.AWS_REGION }} | ||
| # Note that we use the BFD role with access to the bucket | ||
| role-to-assume: arn:aws:iam::${{ secrets.BFD_ACCOUNT_ID }}:role/bfd-test-eft-bcda-bucket-role | ||
| role-chaining: true | ||
| role-skip-session-tagging: true | ||
| - name: Upload test file to the BFD bucket to trigger lambda function via SNS message | ||
| run: | | ||
| aws s3 cp --no-progress ../shared_files/cclf/files/synthetic/test/small/ZC0 \ | ||
| s3://bfd-test-eft/bfdeft01/bcda/in/T.NGD.DPC.RSP.D$(date +'%y%m%d').T$(date +'%H%M%S')1.IN | ||
| # TODO Check bucket for response file | ||
| # TODO Run another job to check database for update |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| name: opt-out-import dev deploy | ||
|
|
||
| on: | ||
| push: | ||
| branches: | ||
| - main | ||
| paths: | ||
| - optout/** | ||
| - .github/workflows/opt-out-import-dev-deploy.yml | ||
| workflow_dispatch: | ||
|
|
||
| jobs: | ||
| test: | ||
| permissions: | ||
| contents: read | ||
| id-token: write | ||
| runs-on: ubuntu-latest | ||
| defaults: | ||
| run: | ||
| working-directory: bcda | ||
| environment: dev | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - uses: actions/setup-go@v5 | ||
| - name: Build opt-out-import zip file | ||
| run: | | ||
| go build -o bin/opt-out-import ./lambda/optout/main.go | ||
| zip function.zip bin/opt-out-import | ||
| - uses: aws-actions/configure-aws-credentials@v4 | ||
| with: | ||
| aws-region: ${{ vars.AWS_REGION }} | ||
| role-to-assume: arn:aws:iam::${{ secrets.ACCOUNT_ID }}:role/delegatedadmin/developer/bcda-dev-github-actions | ||
| - name: Upload and reload | ||
| run: | | ||
| aws s3 cp --no-progress function.zip \ | ||
| s3://bcda-dev-opt-out-import-function/function-${{ github.sha }}.zip | ||
| aws lambda update-function-code --function-name bcda-dev-opt-out-import \ | ||
| --s3-bucket bcda-dev-opt-out-import-function --s3-key function-${{ github.sha }}.zip |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,24 @@ | ||
| name: opt-out-import prod deploy | ||
|
|
||
| on: | ||
| workflow_dispatch: | ||
|
|
||
| jobs: | ||
| deploy: | ||
| permissions: | ||
| contents: read | ||
| id-token: write | ||
| runs-on: ubuntu-latest | ||
| environment: prod | ||
| steps: | ||
| - uses: aws-actions/configure-aws-credentials@v4 | ||
| with: | ||
| aws-region: ${{ vars.AWS_REGION }} | ||
| role-to-assume: arn:aws:iam::${{ secrets.ACCOUNT_ID }}:role/delegatedadmin/developer/bcda-prod-github-actions | ||
| - name: Promote lambda code from test to prod | ||
| run: | | ||
| aws s3 cp --no-progress \ | ||
| s3://bcda-test-opt-out-import-function/function-${{ github.sha }}.zip \ | ||
| s3://bcda-prod-opt-out-import-function/function-${{ github.sha }}.zip | ||
| aws lambda update-function-code --function-name bcda-prod-opt-out-import \ | ||
| --s3-bucket bcda-prod-opt-out-import-function --s3-key function-${{ github.sha }}.zip |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,35 @@ | ||
| name: opt-out-import test deploy | ||
|
|
||
| on: | ||
| workflow_call: | ||
| workflow_dispatch: | ||
|
|
||
| jobs: | ||
| test: | ||
| permissions: | ||
| contents: read | ||
| id-token: write | ||
| runs-on: ubuntu-latest | ||
| defaults: | ||
| run: | ||
| working-directory: bcda | ||
| environment: test | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - uses: actions/setup-go@v5 | ||
| - name: Build opt-out-import zip file | ||
| env: | ||
| CGO_ENABLED: 0 | ||
| run: | | ||
| go build -o bin/opt-out-import ./lambda/optout/main.go | ||
| zip function.zip bin/opt-out-import | ||
| - uses: aws-actions/configure-aws-credentials@v4 | ||
| with: | ||
| aws-region: ${{ vars.AWS_REGION }} | ||
| role-to-assume: arn:aws:iam::${{ secrets.ACCOUNT_ID }}:role/delegatedadmin/developer/bcda-test-github-actions | ||
| - name: Upload and reload | ||
| run: | | ||
| aws s3 cp --no-progress function.zip \ | ||
| s3://bcda-test-opt-out-import-function/function-${{ github.sha }}.zip | ||
| aws lambda update-function-code --function-name bcda-test-opt-out-import \ | ||
| --s3-bucket bcda-test-opt-out-import-function --s3-key function-${{ github.sha }}.zip |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,51 @@ | ||
| name: opt-out-import test integration | ||
|
|
||
| on: | ||
| pull_request: | ||
| paths: | ||
| - .github/workflows/opt-out-import-test-integration.yml | ||
| - .github/workflows/opt-out-import-test-deploy.yml | ||
| - optout/** | ||
| workflow_dispatch: | ||
|
|
||
| # Ensure we have only one integration test running at a time | ||
| concurrency: | ||
| group: opt-out-import-test-integration | ||
|
|
||
| jobs: | ||
| # Deploy first if triggered by pull_request | ||
| deploy: | ||
| if: ${{ github.event_name == 'pull_request' }} | ||
| uses: ./.github/workflows/opt-out-import-test-deploy.yml | ||
| secrets: inherit | ||
|
|
||
| trigger: | ||
| if: ${{ always() }} | ||
| needs: deploy | ||
| permissions: | ||
| contents: read | ||
| id-token: write | ||
| runs-on: ubuntu-latest | ||
| defaults: | ||
| run: | ||
| working-directory: ./optout | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - uses: aws-actions/configure-aws-credentials@v4 | ||
| with: | ||
| aws-region: ${{ vars.AWS_REGION }} | ||
| role-to-assume: arn:aws:iam::${{ secrets.ACCOUNT_ID }}:role/delegatedadmin/developer/bcda-test-opt-out-import-function | ||
| - uses: aws-actions/configure-aws-credentials@v4 | ||
| with: | ||
| aws-region: ${{ vars.AWS_REGION }} | ||
| # Note that we use the BFD role with access to the bucket | ||
| role-to-assume: arn:aws:iam::${{ secrets.BFD_ACCOUNT_ID }}:role/bfd-test-eft-bcda-bucket-role | ||
| role-chaining: true | ||
| role-skip-session-tagging: true | ||
| - name: Upload test file to the BFD bucket to trigger lambda function via SNS message | ||
| run: | | ||
| aws s3 cp --no-progress ../shared_files/synthetic1800MedicareFiles/test/T\#EFT.ON.ACO.NGD1800.DPRF.D181120.T1000009 \ | ||
| s3://bfd-test-eft/bfdeft01/bcda/in/T.NGD.DPC.RSP.D$(date +'%y%m%d').T$(date +'%H%M%S')1.IN | ||
| # TODO Check bucket for response file | ||
| # TODO Run another job to check database for update |