Merge branch 'main' into mike/6079-refactor-test-card

# Conflicts:
#	frontend/src/app/testQueue/__snapshots__/QueueItem.test.tsx.snap

.github/actions/build-and-push/action.yml

@@ -0,0 +1,25 @@
+name: Build and Push
+description: Build and push Docker image to the registry
+inputs:
+  acr_registry:
+    description: Azure Container Registry to push the image to
+    required: true
+  acr_username:
+    description: Azure Container Registry username
+    required: true
+  acr_password:
+    description: Azure Container Registry password
+    required: true
+
+runs:
+  using: composite
+  steps:
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v2
+    - name: Login to ACR
+      shell: bash
+      run: docker login ${{ inputs.acr_registry }} -u ${{ inputs.acr_username }} -p ${{ inputs.acr_password }}
+    - name: Build and push Docker images
+      working-directory: ./backend
+      shell: bash
+      run: ./build_and_push.sh

.github/actions/build-frontend/action.yml

@@ -1,33 +1,48 @@
 name: Build SimpleReport Front End
 description: Build the React application
 inputs:
-  deploy-env:
+  deploy_env:
     description: The environment being deployed (e.g. "prod" or "test")
     required: true
-  smarty-streets-key:
+  smarty_streets_key:
     description: The Smarty-Streets API token for this environment. (Should be fetched from vault but is not)
     required: true
-  base-domain-name:
+  base_domain_name:
     description: The domain where the application is deployed (e.g. "simplereport.gov" or "test.simplereport.gov")
     required: false
-  client-tarball:
+  client_tarball:
     description: The path to the tar file containing the client code to deploy
     required: true
-  is-training-site:
+  is_training_site:
     description: If this is set, special training branding will be applied.
     required: false
-  okta-enabled:
+  okta_enabled:
     description: If this is set, the app will redirect to Okta if no one is logged in.
     required: true
-  okta-url:
+  okta_url:
     description: The Okta instance to redirect to.
     required: false
-  okta-client-id:
+  okta_client_id:
     description: The Okta client ID for this environment.
     required: false
+  azure_creds:
+    description: The Azure credentials for this environment.
+    required: true
 runs:
   using: composite
   steps:
+    - uses: actions/[email protected]
+      with:
+        node-version: ${{ env.NODE_VERSION }}
+    - name: Use cache for node_modules
+      uses: actions/[email protected]
+      with:
+        path: |
+          ./frontend/node_modules
+        key: npm-${{ env.NODE_VERSION }}-${{ hashFiles('frontend/yarn.lock', 'frontend/package.json') }}
+    - uses: azure/login@v1
+      with:
+        creds: ${{ inputs.azure_creds }}
     - name: Install dependencies
       working-directory: ./frontend
       shell: bash
@@ -40,34 +55,34 @@ runs:
       working-directory: ./frontend
       run: |
           echo "::group::Set build variables"
-          ENVLVL=${{inputs.deploy-env}}
+          ENVLVL=${{ inputs.deploy_env }}
           ENVLVL=${ENVLVL//[[:digit:]]/}
           echo "Environment level: $ENVLVL"
           az config set extension.use_dynamic_install=yes_without_prompt
           INSIGHTS_CONNECTION_STRING=$(
             az monitor app-insights component show \
               -g prime-simple-report-$ENVLVL \
-              -a prime-simple-report-${{inputs.deploy-env}}-insights \
+              -a prime-simple-report-${{ inputs.deploy_env }}-insights \
             | jq -r '.connectionString')
           echo "REACT_APP_APPLICATIONINSIGHTS_CONNECTION_STRING=${INSIGHTS_CONNECTION_STRING}" > .env.production.local
-          if [[ -n "${{ inputs.base-domain-name }}" ]]
-            then echo "REACT_APP_BASE_URL=https://${{inputs.base-domain-name}}" >> .env.production.local
+          if [[ -n "${{ inputs.base_domain_name }}" ]]
+            then echo "REACT_APP_BASE_URL=https://${{ inputs.base_domain_name }}" >> .env.production.local
           fi
-          if [[ "true" == "${{ inputs.is-training-site }}" ]]
+          if [[ "true" == "${{ inputs.is_training_site }}" ]]
             then echo "REACT_APP_IS_TRAINING_SITE=true" >> .env.production.local
           fi
-          if [[ "true" == "${{ inputs.okta-enabled }}" ]]; then 
+          if [[ "true" == "${{ inputs.okta_enabled }}" ]]; then 
             echo "REACT_APP_OKTA_ENABLED=true" >> .env.production.local
-            echo "REACT_APP_OKTA_URL=${{inputs.okta-url}}" >> .env.production.local
-            echo "REACT_APP_OKTA_CLIENT_ID=${{inputs.okta-client-id}}" >> .env.production.local
+            echo "REACT_APP_OKTA_URL=${{ inputs.okta_url }}" >> .env.production.local
+            echo "REACT_APP_OKTA_CLIENT_ID=${{ inputs.okta_client_id }}" >> .env.production.local
           fi
           echo "::endgroup::"
     - name: Build deployable application
       shell: bash
       working-directory: ./frontend
       env:
-        REACT_APP_SMARTY_STREETS_KEY: ${{ inputs.smarty-streets-key }}
-        DEPLOY_ENV: ${{ inputs.deploy-env }}
+        REACT_APP_SMARTY_STREETS_KEY: ${{ inputs.smarty_streets_key }}
+        DEPLOY_ENV: ${{ inputs.deploy_env }}
       run: |
         echo "::group::Build application"
         yarn run build
@@ -76,5 +91,12 @@ runs:
       shell: bash
       run: |
         echo "::group::Create application archive"
-        tar -C ./frontend/build -czf ${{inputs.client-tarball}} .
+        tar -C ./frontend/build -czf ${{ inputs.client_tarball }} .
         echo "::endgroup::"
+    - name: Save compiled frontend application
+      uses: actions/upload-artifact@v3
+      if: success()
+      with:
+        name: frontend-tarball
+        path: client.tgz
+        retention-days: 1

.github/actions/deploy-application/action.yml

@@ -1,28 +1,39 @@
 name: Deploy SimpleReport Application
 description: Promote API from secondary slot, and deploy client from tarball
 inputs:
-  deploy-env:
+  deploy_env:
     description: The environment being deployed (e.g. "prod" or "test")
     required: true
-  client-tarball:
+  client_tarball:
     description: The path to the tar file containing the client code to deploy
     required: true
+  azure_creds:
+    description: The Azure credentials for this environment.
+    required: true
+
 runs:
   using: composite
   steps:
+    - uses: azure/login@v1
+      with:
+        creds: ${{ inputs.azure_creds }}
+    - name: Retrieve frontend build
+      uses: actions/download-artifact@v3
+      with:
+        name: frontend-tarball
     - name: Unpack client
       shell: bash
       run: |
         echo "::group::Unpack client"
         mkdir client-build;
-        tar -C client-build -zxvf ${{inputs.client-tarball}}
+        tar -C client-build -zxvf ${{ inputs.client_tarball }}
         echo "::endgroup::"
     - name: Promote API to production and verify that it is ready
       shell: bash
       working-directory: ./ops
       run: |
         echo "::group::Promote API and verify readiness"
-        make promote-${{ env.DEPLOY_ENV }} check-${{ env.DEPLOY_ENV }}-readiness
+        make promote-${{ inputs.deploy_env }} check-${{ inputs.deploy_env }}-readiness
         echo "::endgroup::"
     - name: Check for production app readiness
       shell: bash
@@ -33,7 +44,7 @@ runs:
       run: |
         echo "::group::Deploy frontend app"
         az storage blob upload-batch -s client-build/ -d '$web' \
-        --account-name simplereport${{ inputs.deploy-env }}app \
+        --account-name simplereport${{ inputs.deploy_env }}app \
         --destination-path '/app' \
         --overwrite
         echo "::endgroup::"

.github/actions/build-docker-image/action.yml → .github/actions/docker-buildx/action.yml

@@ -1,27 +1,20 @@
 name: Build Docker Image
 description: Build and push Docker image to the registry
 inputs:
-  acr_registry:
-    description: Azure Container Registry to push the image to
-    required: true
-  acr_username:
-    description: Azure Container Registry username
-    required: true
-  acr_password:
-    description: Azure Container Registry password
-    required: true
   build_args:
     description: Build arguments to pass to the Docker build
     required: false
   context:
     description: Path to the build context
-    required: true
+    required: false
+    default: ./
   file:
     description: Path to the Dockerfile
     required: true
   gh_registry:
     description: Registry to push the image to
-    required: true
+    required: false
+    default: ghcr.io
   gh_username:
     description: Github username
     required: true
@@ -33,10 +26,8 @@ inputs:
     required: true
   platform:
     description: Platform to build the image for
-    required: true
-  version_tag:
-    description: Version tag to use for the image
     required: false
+    default: linux/amd64
 outputs:
   version:
     description: Version of the image that was built

.github/actions/stg-wait-for-slot-commit/action.yml

@@ -0,0 +1,14 @@
+name: Terraform Action wait for slot commit
+description: Build and push Docker image to the registry
+inputs:
+  deploy_env:
+    description: The environment to deploy to
+    required: true
+
+runs:
+  using: composite
+  steps:
+    - name: Wait for correct commit to be deployed in staging slot
+      working-directory: ./ops
+      shell: bash
+      run: make wait-for-${{ inputs.deploy_env }}-slot-commit

.github/actions/stg-wait-for-slot-readiness/action.yml

@@ -0,0 +1,14 @@
+name: Terraform Action wait for slot readiness
+description: Build and push Docker image to the registry
+inputs:
+  deploy_env:
+    description: The environment to deploy to
+    required: true
+
+runs:
+  using: composite
+  steps:
+    - name: Wait for staging deploy to be ready
+      working-directory: ./ops
+      shell: bash
+      run: make wait-for-${{ inputs.deploy_env }}-slot-readiness

.github/actions/tf-deploy/action.yml

@@ -0,0 +1,58 @@
+name: Terraform Action Deployment
+description: Build and push Docker image to the registry
+inputs:
+  azure_creds:
+    description: Azure credentials
+    required: true
+  deploy_env:
+    description: The environment to deploy to
+    required: true
+  terraform_arm_client_id:
+    description: Terraform ARM client ID
+    required: true
+  terraform_arm_client_secret:
+    description: Terraform ARM client secret
+    required: true
+  terraform_arm_subscription_id:
+    description: Terraform ARM subscription ID
+    required: true
+  terraform_arm_tenant_id:
+    description: Terraform ARM tenant ID
+    required: true
+  okta_api_token:
+    description: Okta API token
+    required: true
+
+runs:
+  using: composite
+  steps:
+    - uses: azure/login@v1
+      with:
+        creds: ${{ inputs.azure_creds }}
+    - uses: hashicorp/[email protected]
+      with:
+        terraform_version: 1.3.3
+    - name: Build ReportStream function app
+      uses: ./.github/actions/build-reportstream-functions
+      with:
+        deploy-env: ${{ inputs.deploy_env }}
+    - name: Terraform Init
+      working-directory: ./ops
+      env: # all Azure interaction is through Terraform
+        ARM_CLIENT_ID: ${{ inputs.terraform_arm_client_id }}
+        ARM_CLIENT_SECRET: ${{ inputs.terraform_arm_client_secret }}
+        ARM_SUBSCRIPTION_ID: ${{ inputs.terraform_arm_subscription_id }}
+        ARM_TENANT_ID: ${{ inputs.terraform_arm_tenant_id }}
+        OKTA_API_TOKEN: ${{ inputs.okta_api_token }}
+      shell: bash
+      run: make init-${{ inputs.deploy_env }}
+    - name: Terraform deploy (infrastructure and staging slot)
+      working-directory: ./ops
+      env: # all Azure interaction is through Terraform
+        ARM_CLIENT_ID: ${{ inputs.terraform_arm_client_id }}
+        ARM_CLIENT_SECRET: ${{ inputs.terraform_arm_client_secret }}
+        ARM_SUBSCRIPTION_ID: ${{ inputs.terraform_arm_subscription_id }}
+        ARM_TENANT_ID: ${{ inputs.terraform_arm_tenant_id }}
+        OKTA_API_TOKEN: ${{ inputs.okta_api_token }}
+      shell: bash
+      run: make deploy-${{ inputs.deploy_env }}