This repository has been archived by the owner on Apr 13, 2023. It is now read-only.
docs: update readme (#855) #337
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. | |
# SPDX-License-Identifier: Apache-2.0 | |
# | |
name: Unit Tests, Deploy, Integration Test | |
on: | |
push: | |
branches: | |
- develop | |
jobs: | |
build-validate: | |
name: Build and validate | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v2 | |
- name: Use Node.js | |
uses: actions/setup-node@v1 | |
with: | |
node-version: 14 | |
- uses: actions/setup-java@v1 | |
with: | |
java-version: 1.8 | |
- name: Install dependencies | |
run: | | |
cd auditLogMover | |
yarn install | |
cd .. | |
yarn install | |
env: | |
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
- name: Build, lint, and run unit tests | |
run: | | |
cd auditLogMover | |
yarn release | |
cd .. | |
yarn release | |
- name: Build Hapi validator | |
run: | | |
cd javaHapiValidatorLambda | |
mvn --batch-mode --update-snapshots --no-transfer-progress clean install | |
cd .. | |
pre-deployment-check: | |
needs: build-validate | |
runs-on: ubuntu-latest | |
timeout-minutes: 10 | |
steps: | |
- name: 'Block Concurrent Deployments' | |
uses: softprops/turnstyle@v1 | |
with: | |
poll-interval-seconds: 10 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
deploy: | |
needs: pre-deployment-check | |
name: Deploy to Dev - enableMultiTenancy=${{ matrix.enableMultiTenancy }} | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
include: | |
- enableMultiTenancy: false | |
region: us-west-2 | |
- enableMultiTenancy: true | |
region: us-west-1 | |
permissions: | |
id-token: write | |
contents: read | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v2 | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
aws-region: ${{ matrix.region }} | |
role-to-assume: ${{ secrets.AWS_ACCESS_ROLE_ARN }} | |
role-duration-seconds: 7200 | |
- name: Use Node.js | |
uses: actions/setup-node@v1 | |
with: | |
node-version: 14 | |
- uses: actions/setup-java@v1 | |
with: | |
java-version: 1.8 | |
- name: Setup config file | |
env: | |
DEV_AWS_USER_ACCOUNT_ARN: ${{ secrets.DEV_AWS_USER_ACCOUNT_ARN }} | |
run: sed "s#<dev-arn>#$DEV_AWS_USER_ACCOUNT_ARN#g" serverless_config.template.json > serverless_config.json | |
- name: Install npm dependencies | |
run: yarn install | |
- name: Download US Core IG | |
# NOTE if updating the IG version. Please see update implementationGuides.test.ts test too. | |
run: | | |
mkdir -p implementationGuides | |
curl http://hl7.org/fhir/us/core/STU3.1.1/package.tgz | tar xz -C implementationGuides | |
- name: Compile IGs | |
run: yarn run compile-igs | |
- name: Setup allowList for Subscriptions integ tests | |
run: cp integration-tests/infrastructure/allowList-integTests.ts src/subscriptions/allowList.ts | |
- name: Install serverless | |
run: npm install -g serverless@2.64.1 | |
- name: Deploy Hapi validator | |
run: | | |
cd javaHapiValidatorLambda | |
mvn --batch-mode --update-snapshots --no-transfer-progress clean install | |
serverless deploy --stage dev --region ${{ matrix.region }} --conceal | |
cd .. | |
- name: Deploy FHIR Server and ddbToEs | |
env: | |
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
run: | | |
serverless deploy --stage dev --region ${{ matrix.region }} --useHapiValidator true --enableMultiTenancy ${{ matrix.enableMultiTenancy }} --enableSubscriptions true --conceal | |
- name: Deploy auditLogMover | |
run: | | |
cd auditLogMover | |
yarn install | |
serverless deploy --stage dev --region ${{ matrix.region }} --conceal | |
# Get credentials for CDK Account | |
- name: Configure AWS Credentials CDK | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
aws-region: ${{ matrix.region }} | |
role-to-assume: ${{ secrets.CDK_AWS_ACCESS_ROLE_ARN }} | |
role-duration-seconds: 7200 | |
- name: Deploy FHIR Server and Hapi Validator with CDK | |
env: | |
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
run: | | |
yarn deploy -c region=${{ matrix.region }} -c useHapiValidator=true -c enableMultiTenancy=${{ matrix.enableMultiTenancy }} -c enableSubscriptions=true --all --require-approval never | |
crucible-test: | |
needs: deploy | |
name: Run Crucible Tests - enableMultiTenancy=${{ matrix.enableMultiTenancy }} | |
runs-on: ubuntu-20.04 | |
strategy: | |
matrix: | |
include: | |
- enableMultiTenancy: false | |
region: us-west-2 | |
serviceUrlSuffix: '' | |
serviceUrlSecretName: SERVICE_URL | |
cognitoClientIdSecretName: COGNITO_CLIENT_ID | |
apiKeySecretName: API_KEY | |
- enableMultiTenancy: true | |
region: us-west-1 | |
serviceUrlSuffix: /tenant/tenant1 | |
serviceUrlSecretName: MULTITENANCY_SERVICE_URL | |
cognitoClientIdSecretName: MULTITENANCY_COGNITO_CLIENT_ID | |
apiKeySecretName: MULTITENANCY_API_KEY | |
permissions: | |
id-token: write | |
contents: read | |
steps: | |
- uses: actions/checkout@v2 | |
with: | |
repository: nguyen102/plan_executor | |
ref: r4-aws-fhir-solution | |
- uses: actions/setup-ruby@v1 | |
with: | |
ruby-version: '2.6' | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
aws-region: ${{ matrix.region }} | |
role-to-assume: ${{ secrets.AWS_ACCESS_ROLE_ARN }} | |
role-duration-seconds: 7200 | |
- name: Install dependency | |
run: | | |
gem install bundler | |
bundle install | |
- name: Execute tests | |
env: | |
SERVICE_URL: ${{ secrets[matrix.serviceUrlSecretName] }}${{ matrix.serviceUrlSuffix }} | |
API_KEY: ${{ secrets[matrix.apiKeySecretName] }} | |
COGNITO_CLIENT_ID: ${{ secrets[matrix.cognitoClientIdSecretName] }} | |
COGNITO_USERNAME: ${{ secrets.COGNITO_USERNAME_PRACTITIONER }} | |
COGNITO_PASSWORD: ${{ secrets.COGNITO_PASSWORD }} | |
run: | | |
ACCESS_TOKEN=$(aws cognito-idp initiate-auth --region ${{ matrix.region }} --client-id $COGNITO_CLIENT_ID \ | |
--auth-flow USER_PASSWORD_AUTH --auth-parameters USERNAME=$COGNITO_USERNAME,PASSWORD=$COGNITO_PASSWORD | \ | |
python -c 'import json,sys;obj=json.load(sys.stdin);print(obj["AuthenticationResult"]["IdToken"])') | |
bundle exec rake crucible:execute_hearth_tests[$SERVICE_URL,$API_KEY,$ACCESS_TOKEN] | |
- name: Configure AWS Credentials CDK | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
aws-region: ${{ matrix.region }} | |
role-to-assume: ${{ secrets.CDK_AWS_ACCESS_ROLE_ARN }} | |
role-duration-seconds: 7200 | |
- name: Execute tests on CDK | |
env: | |
SERVICE_URL: ${{ secrets.CDK_SERVICE_URL }} | |
API_KEY: ${{ secrets.CDK_API_KEY }} | |
COGNITO_CLIENT_ID: ${{ secrets.CDK_COGNITO_CLIENT_ID }} | |
COGNITO_USERNAME: ${{ secrets.CDK_COGNITO_USERNAME_PRACTITIONER }} | |
COGNITO_PASSWORD: ${{ secrets.CDK_COGNITO_PASSWORD }} | |
run: | | |
ACCESS_TOKEN=$(aws cognito-idp initiate-auth --region us-west-2 --client-id $COGNITO_CLIENT_ID \ | |
--auth-flow USER_PASSWORD_AUTH --auth-parameters USERNAME=$COGNITO_USERNAME,PASSWORD=$COGNITO_PASSWORD | \ | |
python -c 'import json,sys;obj=json.load(sys.stdin);print(obj["AuthenticationResult"]["IdToken"])') | |
bundle exec rake crucible:execute_hearth_tests[$SERVICE_URL,$API_KEY,$ACCESS_TOKEN] | |
custom-integration-tests: | |
needs: crucible-test | |
name: Run custom integration tests - enableMultiTenancy=${{ matrix.enableMultiTenancy }} | |
runs-on: ubuntu-20.04 | |
strategy: | |
matrix: | |
include: | |
- enableMultiTenancy: false | |
region: us-west-2 | |
serviceUrlSecretName: SERVICE_URL | |
cognitoClientIdSecretName: COGNITO_CLIENT_ID | |
apiKeySecretName: API_KEY | |
subscriptionsNotificationsTableSecretName: SUBSCRIPTIONS_NOTIFICATIONS_TABLE | |
subscriptionsEndpointSecretName: SUBSCRIPTIONS_ENDPOINT | |
subscriptionsApiKeySecretName: SUBSCRIPTIONS_API_KEY | |
cdk_serviceUrlSecretName: CDK_SERVICE_URL | |
cdk_cognitoClientIdSecretName: CDK_COGNITO_CLIENT_ID | |
cdk_apiKeySecretName: CDK_API_KEY | |
cdk_subscriptionsNotificationsTableSecretName: CDK_SUBSCRIPTIONS_NOTIFICATIONS_TABLE | |
cdk_subscriptionsEndpointSecretName: CDK_SUBSCRIPTIONS_ENDPOINT | |
cdk_subscriptionsApiKeySecretName: CDK_SUBSCRIPTIONS_API_KEY | |
- enableMultiTenancy: true | |
region: us-west-1 | |
serviceUrlSecretName: MULTITENANCY_SERVICE_URL | |
cognitoClientIdSecretName: MULTITENANCY_COGNITO_CLIENT_ID | |
apiKeySecretName: MULTITENANCY_API_KEY | |
subscriptionsNotificationsTableSecretName: MULTITENANCY_SUBSCRIPTIONS_NOTIFICATIONS_TABLE | |
subscriptionsEndpointSecretName: MULTITENANCY_SUBSCRIPTIONS_ENDPOINT | |
subscriptionsApiKeySecretName: MULTITENANCY_SUBSCRIPTIONS_API_KEY | |
cdk_serviceUrlSecretName: CDK_MT_SERVICE_URL | |
cdk_cognitoClientIdSecretName: CDK_MT_COGNITO_CLIENT_ID | |
cdk_apiKeySecretName: CDK_MT_API_KEY | |
cdk_subscriptionsNotificationsTableSecretName: CDK_MT_SUBSCRIPTIONS_NOTIFICATIONS_TABLE | |
cdk_subscriptionsEndpointSecretName: CDK_MT_SUBSCRIPTIONS_ENDPOINT | |
cdk_subscriptionsApiKeySecretName: CDK_MT_SUBSCRIPTIONS_API_KEY | |
permissions: | |
id-token: write | |
contents: read | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v2 | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
aws-region: ${{ matrix.region }} | |
role-to-assume: ${{ secrets.AWS_ACCESS_ROLE_ARN }} | |
role-duration-seconds: 7200 | |
- name: Use Node.js | |
uses: actions/setup-node@v1 | |
with: | |
node-version: 14 | |
- name: Install dependencies | |
run: | | |
yarn install | |
- name: Execute tests | |
env: | |
API_URL: ${{ secrets[matrix.serviceUrlSecretName] }} | |
API_KEY: ${{ secrets[matrix.apiKeySecretName] }} | |
API_AWS_REGION: ${{ matrix.region }} | |
COGNITO_CLIENT_ID: ${{ secrets[matrix.cognitoClientIdSecretName] }} | |
COGNITO_USERNAME_PRACTITIONER: ${{ secrets.COGNITO_USERNAME_PRACTITIONER }} | |
COGNITO_USERNAME_AUDITOR: ${{ secrets.COGNITO_USERNAME_AUDITOR }} | |
COGNITO_USERNAME_PRACTITIONER_ANOTHER_TENANT: ${{ secrets.COGNITO_USERNAME_PRACTITIONER_ANOTHER_TENANT }} | |
COGNITO_PASSWORD: ${{ secrets.COGNITO_PASSWORD }} | |
MULTI_TENANCY_ENABLED: ${{ matrix.enableMultiTenancy }} | |
SUBSCRIPTIONS_ENABLED: 'true' | |
SUBSCRIPTIONS_NOTIFICATIONS_TABLE: ${{ secrets[matrix.subscriptionsNotificationsTableSecretName] }} | |
SUBSCRIPTIONS_ENDPOINT: ${{ secrets[matrix.subscriptionsEndpointSecretName] }} | |
SUBSCRIPTIONS_API_KEY: ${{ secrets[matrix.subscriptionsApiKeySecretName] }} | |
AWS_REGION: ${{ matrix.region }} | |
run: yarn int-test | |
- name: Configure AWS Credentials CDK | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
aws-region: ${{ matrix.region }} | |
role-to-assume: ${{ secrets.CDK_AWS_ACCESS_ROLE_ARN }} | |
role-duration-seconds: 7200 | |
- name: Execute tests on CDK | |
env: | |
API_URL: ${{ secrets[matrix.cdk_serviceUrlSecretName] }} | |
API_KEY: ${{ secrets[matrix.cdk_apiKeySecretName] }} | |
API_AWS_REGION: ${{ matrix.region }} | |
COGNITO_CLIENT_ID: ${{ secrets[matrix.cdk_cognitoClientIdSecretName] }} | |
COGNITO_USERNAME_PRACTITIONER: ${{ secrets.CDK_COGNITO_USERNAME_PRACTITIONER }} | |
COGNITO_USERNAME_AUDITOR: ${{ secrets.CDK_COGNITO_USERNAME_AUDITOR }} | |
COGNITO_USERNAME_PRACTITIONER_ANOTHER_TENANT: ${{ secrets.CDK_COGNITO_USERNAME_PRACTITIONER_ANOTHER_TENANT }} | |
COGNITO_PASSWORD: ${{ secrets.CDK_COGNITO_PASSWORD }} | |
MULTI_TENANCY_ENABLED: ${{ matrix.enableMultiTenancy }} | |
SUBSCRIPTIONS_ENABLED: 'true' | |
SUBSCRIPTIONS_NOTIFICATIONS_TABLE: ${{ secrets[matrix.cdk_subscriptionsNotificationsTableSecretName] }} | |
SUBSCRIPTIONS_ENDPOINT: ${{ secrets[matrix.cdk_subscriptionsEndpointSecretName] }} | |
SUBSCRIPTIONS_API_KEY: ${{ secrets[matrix.cdk_subscriptionsApiKeySecretName] }} | |
AWS_REGION: ${{ matrix.region }} | |
run: yarn int-test | |
merge-develop-to-mainline: | |
needs: custom-integration-tests | |
name: Merge develop to mainline | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
with: | |
token: ${{secrets.MERGE_TOKEN}} | |
fetch-depth: 0 | |
# There's no way for github actions to push to a protected branch. This is a workaround | |
# See https://github.community/t/how-to-push-to-protected-branches-in-a-github-action/16101/30 | |
- name: Temporarily disable branch protection | |
uses: octokit/request-action@v2.x | |
with: | |
route: DELETE /repos/{owner}/{repo}/branches/{branch}/protection/enforce_admins | |
owner: awslabs | |
repo: fhir-works-on-aws-deployment | |
branch: mainline | |
env: | |
GITHUB_TOKEN: ${{ secrets.MERGE_TOKEN }} | |
- name: Merge to mainline | |
run: | | |
git checkout mainline | |
echo | |
echo " Attempting to merge the 'develop' branch ($(git log -1 --pretty=%H develop))" | |
echo " into the 'mainline' branch ($(git log -1 --pretty=%H mainline))" | |
echo | |
git merge --ff-only --no-edit develop | |
git push origin mainline | |
- name: Enable branch protection | |
uses: octokit/request-action@v2.x | |
if: always() # Make sure to enable branch protection even if other steps fail | |
with: | |
route: POST /repos/{owner}/{repo}/branches/{branch}/protection/enforce_admins | |
owner: awslabs | |
repo: fhir-works-on-aws-deployment | |
branch: mainline | |
env: | |
GITHUB_TOKEN: ${{ secrets.MERGE_TOKEN }} |