action to update settings for rapidpro workspace

[kitsao]

Description

Auto-deployment update for RapidPro deployments as a parameterized and re-usable GitHub action

medic/app-services-team#165

Code review checklist

• Readable: Concise, well named, follows the style guide, documented if necessary.
• Documented: Added to the action's readme
• Tested: See here
• Internationalised: All user facing text
• Backwards compatible: Works with existing data and configuration or includes a migration. Any breaking changes documented in the release notes.

License

The software is provided under AGPL-3.0. Contributions to this project are accepted under the same license.

[derickl]

some quick feedback.

Glad to see this coming together @kitsao

[derickl]

Consider prefixing the secret variables with RAPIDPRO_ to avoid using the wrong secrets

[derickl]

CouchDB would not be running on 127.0.0.1. Did you intend to use ${{inputs.hostname}}

[kitsao]

Nice. Should point to the local COUCH_NODE_NAME

[eljhkrr]

Looks good overall. Some improvement recommendations shared in-line.

[eljhkrr]

It's possible to write app_settings.json directly

[kennsippell]

is jq the best way to do this? i suspect you'd really improve readability if this was (for example) a node script

const appSettings = require('./app_settings.json');
.. some stuff to generate app_settings.json

[eljhkrr]

Recommend renaming to rapid_pro url to avoid confusion

[eljhkrr]

hostname, username & password can be reused from deploy-with-medic-conf

[kitsao]

Maybe, if the two jobs are used together.

[eljhkrr]

flows.js generated in L83

[kennsippell]

Nice work

[kennsippell]

Suggested change

	This can be executed jointly with the deployment Github action.
	This can be executed jointly with other Github actions like [deploy-with-medic-conf](https://github.com/medic/cht-core/tree/master/.github/actions/deploy-with-medic-conf)

[kennsippell]

Suggested change

	username: ${{ secrets.CHT_STAGING_USERNAME }}
	couch_username: ${{ secrets.CHT_STAGING_USERNAME }}

[kennsippell]

Suggested change

	password: ${{ secrets.CHT_STAGING_PASSWORD }}
	couch_password: ${{ secrets.CHT_STAGING_PASSWORD }}

[kennsippell]

Suggested change

	url: my.rapidpro.workspace.url
	rp_hostname: my.rapidpro.workspace.url

[kennsippell]

Suggested change

	token: ${{ secrets.RAPIDPRO_STAGING_TOKEN }}
	rp_api_token: ${{ secrets.RAPIDPRO_STAGING_TOKEN }}

[kennsippell]

Suggested change

	group: ${{ secrets.RAPIDPRO_STAGING_GROUP }}
	rp_contact_group: ${{ secrets.RAPIDPRO_STAGING_GROUP }}

[kennsippell]

Suggested change

	flows: ${{ secrets.RAPIDPRO_STAGING_FLOWS }}
	rp_flows: ${{ secrets.RAPIDPRO_STAGING_FLOWS }}

[kennsippell]

is jq the best way to do this? i suspect you'd really improve readability if this was (for example) a node script

const appSettings = require('./app_settings.json');
.. some stuff to generate app_settings.json

[kennsippell]

I don't think this summary does a particularly thorough job of explaining what is happening here.

• Who is this relevant for? This is relevant only for CHT apps that have either outbound integrations with RP, or which have logic which requires RP guids in the flows. Is that right?
• Introduce the problem? I've got a dev and a production rapidpro workspace. I want my dev deployment to use the dev workspace and my prod deployment to use the prod workspace. Is that accurate?
• What are the steps you should go through to generate the dev flow.js (can they just run the script below?). Given a very basic rapidpro setup - can you provide a sample flow.js file?
• Users work with a dev version of a "flow.js" file in their repository. This script replaces the "flow.js" file with an auto-generated file created from data returned by the RP API
• What attributes are expected in your app_settings.json if any?

[kennsippell]

Suggested change

	# update-rapidpro-workspace-settings Shared GitHub Action
	# dynamic-rapidpro-workspace Shared GitHub Action

Nit - maybe rename to be about the problem that is being solved rather than the action that the tool is doing?

[kitsao]

Agreed.

[kitsao]

@kennsippell, I have following script in the same folder as the action.yml

const replace = require('replace-in-file');
const appSettings = require('app_settings.json');
const rp_hostname = process.env.rp_hostname;
const value_key = process.env.value_key;
const rp_contact_group = process.env.rp_contact_group;
const write_patient_state_flow = process.env.write_patient_state_flow;

const search = (haystack, needle) => needle in haystack ? haystack[needle] : Object.values(haystack).reduce((acc, val) => {
  if (acc !== undefined) {
    return acc;
  } 
  if (typeof val === 'object') return search(val, needle);
}, undefined);

const regex = expr => new RegExp(expr, 'g');

const options = {
  files: './app_settings.json',
  from: [regex(search(appSettings, 'base_url')), regex(search(appSettings, 'value_key')), search(appSettings, 'groups').expr, search(appSettings, 'flow').expr],
  to: [rp_hostname, value_key, `['${rp_contact_group}']`, `'${write_patient_state_flow}'`]
};

replace(options);

I tested and works. I am not sure how to run it since working-directory will not apply to the script, throwing a Error: Cannot find module ...
Thoughts?

[kennsippell]

@kitsao Does this help https://docs.github.com/en/actions/creating-actions/creating-a-javascript-action ?

[kitsao]

It does @kennsippell. From a first attempt, it requires committing node_modules here, which I think is not recommended. I'm still exploring though.

[kitsao]

remote: error: GH001: Large files detected. You may want to try Git Large File Storage - https://git-lfs.github.com.

[derickl]

If the commit with the node_modules is the most recent, you can run the following to unstage the folder

git reset --soft HEAD~1

Install GIt LFS from https://git-lfs.github.com

git lfs track node_modules
git add .gitattributes
git add node_modules
git commit -m 'your message'
git push

You'll may need to update your action to checkout with 'lfs' like actions/checkout#270 (comment)

[kitsao]

After carefully reworking this, I am blocked by Error: Cannot find module './app_settings.json'. Rightfully so, when I compile the bundle using Vercel, the expectation is that app_settings.json is accessible as provided in require('./app_settings.json'), but note that this file is available in a secondary repository that should be provided by inputs. Is there something I am missing?

See playground action here.

Looks like I so far have two options:

1. Retain the current code
2. Move the action to specific RapidPro deployment repos so that app_settings.json is available to the compiled bundle

Thoughts @kennsippell @derickl @eljhkrr

[kitsao]

Resolving the full path to the project root folder did the trick cc @derickl. On to the next, have to perform CURL and create flows.js file using the JavaScript file. It'll be done shortly.

[kennsippell]

@kitsao who are you engaging from cht-core team on this? You will need sign-off from that group.

[kennsippell]

i don't get why this is required... shouldn't the CouchDB credentials be setup once? why do they need to change with code deployment?

[kitsao]

1. value_keys might not always be the same, could be someone's preference.
2. We do this to be sure that we have the right credentials for each push to production. For instance, more recently in I-TECH Aurum, we found out that the the value_key in app settings was not matching that in CouchDB and we couldn't track to when the change occurred.

[kennsippell]

i would recommend removing this from the script for two reasons.

1. that's a weird story with I-Tech Aurum, but i'm not sure that setting the credentials in github secrets is superior than setting it in couchdb itself. the potential for password admin problems is the same, you've just moved it to a different place. or have i missed something?

2. i'd prefer actions which do one thing well, rather than cluttering the interface with details required for two coupled but unrelated activities.

[kitsao]

You might have missed something. The password given in secrets is set in CouchDB here.

[kennsippell]

this file-wide replacement seems dangerous. you're string replacing even across the compiled javascript code? how can this be more clearly targeted to only relevant areas of config. should this run on base_config before running deployment? should this be limited to specific branches of the JSON tree?

[kitsao]

This action should be executed before other actions that is is jointly executed with such as deploy-with-medic-conf, so that dependent pieces of code are updated prior to compiling app settings. Otherwise, if executed later, we'll end up with broken updates.

[kennsippell]

so doesn't this have to operate on base_settings or the code you replace in app_settings will simply be overwritten by the next compile-app-settings during deployment?

[kitsao]

By the time compile-app-settings runs, we'll have updated base settings. Meaning, we end up with the expected behavior. And yes, every compile-app-settings overwrites app_settings.json if there's a change in base settings. Does the following diagram help?

[garethbowen]

It looks like this is obsolete (solved by medic/gh-actions#1 ). Closing - please reopen if I've missed the point!