Test: Automation Task #158
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test automation task | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| TargetEnvironment: | |
| description: "Target environment" | |
| required: true | |
| type: choice | |
| options: | |
| - "delius-core-dev" | |
| - "delius-core-test" | |
| - "delius-core-training" | |
| - "delius-core-stage" | |
| - "delius-core-pre-prod" | |
| - "delius-core-prod" | |
| SourceCodeVersion: | |
| description: "Source version for the hmpps-delius-operation-automation. Enter a pull request, branch, commit ID, tag, or reference." | |
| type: string | |
| default: "main" | |
| SourceConfigVersion: | |
| description: "Source version for the modernisation-platform-configuration-management. Enter a pull request, branch, commit ID, tag, or reference." | |
| type: string | |
| default: "main" | |
| # push: | |
| # branches: | |
| # - main | |
| # paths: | |
| # - ansible/** | |
| # - .github/workflows/test-automation-task.yml | |
| # pull_request: | |
| # branches: | |
| # - main | |
| # types: [opened, edited, reopened, synchronize] | |
| # paths: | |
| # - ansible/** | |
| # - .github/workflows/test-automation-task.yml | |
| permissions: | |
| contents: read | |
| packages: read | |
| id-token: write | |
| env: | |
| ansible_config: operations/playbooks/ansible.cfg | |
| command: ansible-playbook operations/playbooks/oracle_password_rotation/password_rotation.yml | |
| inventory: inventory/ansible | |
| jobs: | |
| oracle_password_rotation: | |
| name: oracle-password-rotation | |
| environment: ${{ github.event.inputs.TargetEnvironment}} | |
| runs-on: ubuntu-latest | |
| container: | |
| image: ghcr.io/ministryofjustice/hmpps-delius-operational-automation:0.1 | |
| timeout-minutes: 1440 | |
| continue-on-error: false | |
| outputs: | |
| TargetOemEnvironment: ${{ steps.definetargets.outputs.TargetOemEnvironment }} | |
| Runner: ${{ runner.name }} | |
| steps: | |
| - name: Checkout Ansible Playbooks and Roles From hmpps-delius-operation-automation | |
| uses: actions/checkout@v4 | |
| with: | |
| sparse-checkout-cone-mode: false | |
| sparse-checkout: | | |
| playbooks/oracle_password_rotation | |
| playbooks/oem_blackout | |
| playbooks/oracle_ha | |
| playbooks/alfresco_wallet | |
| playbooks/ansible.cfg | |
| path: operations | |
| ref: ${{ github.event.inputs.SourceCodeVersion }} | |
| fetch-depth: 0 | |
| - name: Checkout Ansible Inventory From modernisation-platform-configuration-management | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: ministryofjustice/modernisation-platform-configuration-management | |
| sparse-checkout-cone-mode: false | |
| sparse-checkout: | | |
| ansible/hosts | |
| ansible/group_vars | |
| path: inventory | |
| ref: ${{ github.event.inputs.SourceConfigVersion }} | |
| fetch-depth: 0 | |
| - name: Checkout Ansible Required Roles From modernisation-platform-configuration-management | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: ministryofjustice/modernisation-platform-configuration-management | |
| sparse-checkout-cone-mode: false | |
| sparse-checkout: | | |
| ansible/roles/secretsmanager-passwords | |
| ansible/roles/get-modernisation-platform-facts | |
| path: roles | |
| ref: ${{ github.event.inputs.SourceConfigVersion }} | |
| fetch-depth: 0 | |
| - name: Define Targets | |
| id: definetargets | |
| working-directory: ${{ env.inventory }} | |
| run: | | |
| targets="" | |
| prefix="environment_name_$(echo ${{ github.event.inputs.TargetEnvironment}} | sed 's/delius-core-dev/delius_core_development_dev/;s/delius-core-test/delius_core_test_test/;s/delius-core-training/delius_core_test_training/;s/delius-core-stage/delius_core_preproduction_stage/;s/delius-core-pre-prod/delius_core_preproduction_pre_prod/;s/delius-core-prod/delius_core_production_prod/')" | |
| build_targets() { | |
| databasetype=${1} | |
| if [[ -e group_vars/${prefix}_${databasetype}_primarydb.yml ]] | |
| then | |
| targets="${targets}${environment}_${databasetype}_dbs," | |
| fi | |
| echo | |
| } | |
| build_targets delius | |
| build_targets mis | |
| build_targets misboe | |
| build_targets misdsd | |
| echo "targets=$targets" | |
| echo "targets=$targets" >> $GITHUB_OUTPUT | |
| case ${{ github.event.inputs.TargetEnvironment}} in | |
| delius-core-dev) | |
| TargetOemEnvironment=hmpps-oem-development | |
| ;; | |
| delius-core-test|delius-core-training) | |
| TargetOemEnvironment=hmpps-oem-test | |
| ;; | |
| delius-core-stage|delius-core-pre-prod) | |
| TargetOemEnvironment=hmpps-oem-preproduction | |
| ;; | |
| delius-core-prod) | |
| TargetOemEnvironment=hmpps-oem-production | |
| ;; | |
| esac | |
| echo "TargetOemEnvironment=$TargetOemEnvironment" >> $GITHUB_OUTPUT | |
| echo "TargetOemHost=environment_name_$(echo ${TargetOemEnvironment} | sed 's/-/_/g')" >> $GITHUB_OUTPUT | |
| - name: Configure AWS Credentials | |
| id: login-aws | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: "arn:aws:iam::${{ vars.AWS_ACCOUNT_ID }}:role/modernisation-platform-oidc-cicd" | |
| role-session-name: "hmpps-delius-operational-automation-${{ github.run_number }}" | |
| aws-region: "eu-west-2" | |
| - name: Start Ansible Password Rotation | |
| shell: bash | |
| run: | | |
| export ANSIBLE_CONFIG=$ansible_config | |
| ln -s $PWD/roles/ansible/roles $PWD/operations/playbooks/oracle_password_rotation/roles | |
| echo "$command -i $inventory \ | |
| -e rotate_groups=${{ steps.definetargets.outputs.targets }} \ | |
| -e environment_name ${{ github.events.inputs.TargetEnvironment }} ${{ github.events.inputs.VerboseOutput }} ${{ github.events.inputs.AnsibleForks }}" | |
| oracle_update_oem_targets: | |
| name: oracle-update-oem-targets | |
| needs: oracle_password_rotation | |
| runs-on: ${{needs.oracle_password_rotation.outputs.Runner }} | |
| environment: ${{ needs.oracle_password_rotation.outputs.TargetOemEnvironment }} | |
| steps: | |
| - name: Start Ansible Password Rotation | |
| shell: bash | |
| run: | | |
| echo "$command -i $inventory \ | |
| -e rotate_groups=NONE \ | |
| -e oem_target=${{ needs.oracle_password_rotation.outputs.TargetOemHost }} \ | |
| -e environment_name=${{ needs.oracle_password_rotation.outputs.TargetOemEnvironment }} \ | |
| -e target_environment_name=${{ github.event.inputs.TargetEnvironment }} \ | |
| -e sync_monitoring_passwords=yes \ | |
| -e sync_audit_wallet_password=no \ | |
| -e rotate_rman_password=no \ | |
| -e rotate_oem_passwords=no \ | |
| -e rotate_database_passwords=no ${{ github.event.inputs.VerboseOutput }}" |