4646 ansible_config : operations/playbooks/ansible.cfg
4747 command : ansible-playbook operations/playbooks/oracle_password_rotation/password_rotation.yml
4848 inventory : inventory/ansible
49+ target_oem_environment : " ${{ github.event.inputs.TargetEnvironment == 'delius-core-dev' && 'hmpps-oem-development' }}"
50+
4951
5052jobs :
5153 oracle_password_rotation :
5254 name : oracle-password-rotation
53- environment : ${{ github.event.inputs.TargetEnvironment }}
55+ # environment: ${{ github.event.inputs.TargetEnvironment }}
5456 runs-on : ubuntu-latest
5557 container :
5658 image : ghcr.io/ministryofjustice/hmpps-delius-operational-automation:0.1
5759 timeout-minutes : 1440
5860 continue-on-error : false
59- outputs :
60- TargetOemEnvironment : ${{ steps.definetargets.outputs.TargetOemEnvironment }}
61- Runner : ${{ runner.name }}
61+ # outputs:
62+ # TargetOemEnvironment: ${{ steps.definetargets.outputs.TargetOemEnvironment }}
63+ # Runner: ${{ runner.name }}
64+ strategy :
65+ matrix :
66+ environment : [ ${{ github.event.inputs.TargetEnvironment }}, ${target_oem_environment} ]
67+ environment : ${{ matrix.environment }}
6268 steps :
6369
6470 - name : Checkout Ansible Playbooks and Roles From hmpps-delius-operation-automation
@@ -100,6 +106,7 @@ jobs:
100106 fetch-depth : 0
101107
102108 - name : Define Targets
109+ if : ${{ ! contains(matrix.environment,'hmpps-oem') }}
103110 id : definetargets
104111 working-directory : ${{ env.inventory }}
105112 run : |
@@ -120,21 +127,21 @@ jobs:
120127 echo "targets=$targets"
121128 echo "targets=$targets" >> $GITHUB_OUTPUT
122129
123- case ${{ github.event.inputs.TargetEnvironment}} in
124- delius-core-dev)
125- TargetOemEnvironment=hmpps-oem-development
126- ;;
127- delius-core-test|delius-core-training)
128- TargetOemEnvironment=hmpps-oem-test
129- ;;
130- delius-core-stage|delius-core-pre-prod)
131- TargetOemEnvironment=hmpps-oem-preproduction
132- ;;
133- delius-core-prod)
134- TargetOemEnvironment=hmpps-oem-production
135- ;;
136- esac
137- echo "TargetOemEnvironment=$TargetOemEnvironment" >> $GITHUB_OUTPUT
130+ # case ${{ github.event.inputs.TargetEnvironment}} in
131+ # delius-core-dev)
132+ # TargetOemEnvironment=hmpps-oem-development
133+ # ;;
134+ # delius-core-test|delius-core-training)
135+ # TargetOemEnvironment=hmpps-oem-test
136+ # ;;
137+ # delius-core-stage|delius-core-pre-prod)
138+ # TargetOemEnvironment=hmpps-oem-preproduction
139+ # ;;
140+ # delius-core-prod)
141+ # TargetOemEnvironment=hmpps-oem-production
142+ # ;;
143+ # esac
144+ # echo "TargetOemEnvironment=$TargetOemEnvironment" >> $GITHUB_OUTPUT
138145
139146name : Configure AWS Credentials
140147 id : login-aws
@@ -144,81 +151,96 @@ jobs:
144151 role-session-name : " hmpps-delius-operational-automation-${{ github.run_number }}"
145152 aws-region : " eu-west-2"
146153
147- - name : Start Ansible Password Rotation
154+ - name : Start Ansible Database Password Rotation
155+ if : ${{ ! contains(matrix.environment,'hmpps-oem') }}
148156 shell : bash
149157 run : |
150158 export ANSIBLE_CONFIG=$ansible_config
151159 ln -s $PWD/roles/ansible/roles $PWD/operations/playbooks/oracle_password_rotation/roles
152160 echo "$command -i $inventory \
153161 -e rotate_groups=${{ steps.definetargets.outputs.targets }} \
154- -e environment_name=${{ github.events .inputs.TargetEnvironment }} ${{ github.events.inputs.VerboseOutput }} ${{ github.events.inputs.AnsibleForks }}"
162+ -e environment_name=${{ github.event .inputs.TargetEnvironment }} ${{ github.events.inputs.VerboseOutput }} ${{ github.events.inputs.AnsibleForks }}"
155163
156- oracle_update_oem_targets :
157- name : oracle_update_oem_targets
158- needs : oracle_password_rotation
159- environment : ${{ needs.oracle_password_rotation.outputs.TargetOEMEnvironment }}
160- runs-on : ubuntu-latest
161- container :
162- image : ghcr.io/ministryofjustice/hmpps-delius-operational-automation:0.1
163- timeout-minutes : 1440
164- continue-on-error : false
165- steps :
166-
167- - name : Checkout Ansible Playbooks and Roles From hmpps-delius-operation-automation
168- uses : actions/checkout@v4
169- with :
170- sparse-checkout-cone-mode : false
171- sparse-checkout : |
172- playbooks/oracle_password_rotation
173- playbooks/oem_blackout
174- playbooks/oracle_ha
175- playbooks/ansible.cfg
176- path : operations
177- ref : ${{ github.event.inputs.SourceCodeVersion }}
178- fetch-depth : 0
179-
180- - name : Checkout Ansible Inventory From modernisation-platform-configuration-management
181- uses : actions/checkout@v4
182- with :
183- repository : ministryofjustice/modernisation-platform-configuration-management
184- sparse-checkout-cone-mode : false
185- sparse-checkout : |
186- ansible/hosts
187- ansible/group_vars
188- path : inventory
189- ref : ${{ github.event.inputs.SourceConfigVersion }}
190- fetch-depth : 0
191-
192- - name : Checkout Ansible Required Roles From modernisation-platform-configuration-management
193- uses : actions/checkout@v4
194- with :
195- repository : ministryofjustice/modernisation-platform-configuration-management
196- sparse-checkout-cone-mode : false
197- sparse-checkout : |
198- ansible/roles/secretsmanager-passwords
199- ansible/roles/get-modernisation-platform-facts
200- path : roles
201- ref : ${{ github.event.inputs.SourceConfigVersion }}
202- fetch-depth : 0
203-
204- - name : Configure AWS Credentials
205- id : login-aws
206- uses : aws-actions/configure-aws-credentials@v4
207- with :
208- role-to-assume : " arn:aws:iam::${{ vars.AWS_ACCOUNT_ID }}:role/modernisation-platform-oidc-cicd"
209- role-session-name : " hmpps-delius-operational-automation-${{ github.run_number }}"
210- aws-region : " eu-west-2"
211-
212- - name : Start Ansible Password Rotation
164+ name : Start Ansible Update OEM Targets
165+ if : ${{ contains(matrix.environment,'hmpps-oem') }}
213166 shell : bash
214167 run : |
215168 echo "$command -i $inventory \
216169 -e rotate_groups=NONE \
217- -e oem_target=environment_name_$(echo ${{ needs.oracle_password_rotation.outputs.TargetOemEnvironment }} | sed 's/-/_/g') \
218- -e environment_name=${{ needs.oracle_password_rotation.outputs.TargetOemEnvironment }} \
170+ -e oem_target=environment_name_$(echo ${{ matrix.environment }} | sed 's/-/_/g') \
171+ -e environment_name=${{ matrix.environment }} \
219172 -e target_environment_name=${{ github.event.inputs.TargetEnvironment }} \
220173 -e sync_monitoring_passwords=yes \
221174 -e sync_audit_wallet_password=no \
222175 -e rotate_rman_password=no \
223176 -e rotate_oem_passwords=no \
224- -e rotate_database_passwords=no ${{ github.event.inputs.VerboseOutput }}"
177+ -e rotate_database_passwords=no ${{ github.event.inputs.VerboseOutput }}"
178+
179+ # oracle_update_oem_targets:
180+ # name: oracle_update_oem_targets
181+ # needs: oracle_password_rotation
182+ # environment: ${{ needs.oracle_password_rotation.outputs.TargetOEMEnvironment }}
183+ # runs-on: ubuntu-latest
184+ # container:
185+ # image: ghcr.io/ministryofjustice/hmpps-delius-operational-automation:0.1
186+ # timeout-minutes: 1440
187+ # continue-on-error: false
188+ # steps:
189+
190+ # - name: Checkout Ansible Playbooks and Roles From hmpps-delius-operation-automation
191+ # uses: actions/checkout@v4
192+ # with:
193+ # sparse-checkout-cone-mode: false
194+ # sparse-checkout: |
195+ # playbooks/oracle_password_rotation
196+ # playbooks/oem_blackout
197+ # playbooks/ansible.cfg
198+ # path: operations
199+ # ref: ${{ github.event.inputs.SourceCodeVersion }}
200+ # fetch-depth: 0
201+
202+ # - name: Checkout Ansible Inventory From modernisation-platform-configuration-management
203+ # uses: actions/checkout@v4
204+ # with:
205+ # repository: ministryofjustice/modernisation-platform-configuration-management
206+ # sparse-checkout-cone-mode: false
207+ # sparse-checkout: |
208+ # ansible/hosts
209+ # ansible/group_vars
210+ # path: inventory
211+ # ref: ${{ github.event.inputs.SourceConfigVersion }}
212+ # fetch-depth: 0
213+
214+ # - name: Checkout Ansible Required Roles From modernisation-platform-configuration-management
215+ # uses: actions/checkout@v4
216+ # with:
217+ # repository: ministryofjustice/modernisation-platform-configuration-management
218+ # sparse-checkout-cone-mode: false
219+ # sparse-checkout: |
220+ # ansible/roles/secretsmanager-passwords
221+ # ansible/roles/get-modernisation-platform-facts
222+ # path: roles
223+ # ref: ${{ github.event.inputs.SourceConfigVersion }}
224+ # fetch-depth: 0
225+
226+ # - name: Configure AWS Credentials
227+ # id: login-aws
228+ # uses: aws-actions/configure-aws-credentials@v4
229+ # with:
230+ # role-to-assume: "arn:aws:iam::${{ vars.AWS_ACCOUNT_ID }}:role/modernisation-platform-oidc-cicd"
231+ # role-session-name: "hmpps-delius-operational-automation-${{ github.run_number }}"
232+ # aws-region: "eu-west-2"
233+
234+ # - name: Start Ansible Update OEM Targets
235+ # shell: bash
236+ # run: |
237+ # echo "$command -i $inventory \
238+ # -e rotate_groups=NONE \
239+ # -e oem_target=environment_name_$(echo ${{ needs.oracle_password_rotation.outputs.TargetOemEnvironment }} | sed 's/-/_/g') \
240+ # -e environment_name=${{ needs.oracle_password_rotation.outputs.TargetOemEnvironment }} \
241+ # -e target_environment_name=${{ github.event.inputs.TargetEnvironment }} \
242+ # -e sync_monitoring_passwords=yes \
243+ # -e sync_audit_wallet_password=no \
244+ # -e rotate_rman_password=no \
245+ # -e rotate_oem_passwords=no \
246+ # -e rotate_database_passwords=no ${{ github.event.inputs.VerboseOutput }}"
0 commit comments