Skip to content

Commit a9f0c43

Browse files
N0-manN0-man
committed
Revert "refactor to remvoe ABDM and AWS configurations"
This reverts commit aa91039. This fork got auto synced with primary repo - reverting the commit
1 parent aa91039 commit a9f0c43

22 files changed

+1604
-22
lines changed

.github/check_empty_reports.sh

+16
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,16 @@
1+
#!/bin/bash
2+
set -e
3+
4+
function empty_report_check {
5+
report_type=$1
6+
report_file_check=$(cat reports/${report_type}-vulnerabilities.txt | wc -m)
7+
if [ $report_file_check == 0 ];then
8+
echo "No Vulnerablity Found!" > reports/${report_type}-vulnerabilities.txt
9+
fi
10+
}
11+
12+
empty_report_check "high"
13+
empty_report_check "medium"
14+
empty_report_check "critical"
15+
empty_report_check "low"
16+
empty_report_check "unknown"

.github/setupEnvSecrets.sh

+34
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,34 @@
1+
#!/bin/bash
2+
set -e
3+
4+
function exportWithMask {
5+
SSM_PARAMETER_NAME=$1
6+
ENV_VARIABLE_NAME=$2
7+
8+
PARAMETER_VALUE=$(aws ssm get-parameter --with-decryption --name "$SSM_PARAMETER_NAME" --query "Parameter.Value" --output text)
9+
echo "::add-mask::$PARAMETER_VALUE"
10+
echo "$ENV_VARIABLE_NAME=$PARAMETER_VALUE" >> $GITHUB_ENV
11+
}
12+
13+
ENVIRONMENT=$1
14+
15+
exportWithMask "/$ENVIRONMENT/openmrs/DB_USERNAME" 'OPENMRS_DB_USERNAME'
16+
exportWithMask "/$ENVIRONMENT/openmrs/DB_PASSWORD" 'OPENMRS_DB_PASSWORD'
17+
exportWithMask "/$ENVIRONMENT/reports/DB_USERNAME" 'REPORTS_DB_USERNAME'
18+
exportWithMask "/$ENVIRONMENT/reports/DB_PASSWORD" 'REPORTS_DB_PASSWORD'
19+
exportWithMask "/$ENVIRONMENT/crater/DB_USERNAME" 'CRATER_DB_USERNAME'
20+
exportWithMask "/$ENVIRONMENT/crater/DB_PASSWORD" 'CRATER_DB_PASSWORD'
21+
exportWithMask "/$ENVIRONMENT/crater_atomfeed/DB_USERNAME" 'CRATER_ATOMFEED_DB_USERNAME'
22+
exportWithMask "/$ENVIRONMENT/crater_atomfeed/DB_PASSWORD" 'CRATER_ATOMFEED_DB_PASSWORD'
23+
exportWithMask "/$ENVIRONMENT/crater/ADMIN_PASSWORD" 'CRATER_ADMIN_PASSWORD'
24+
exportWithMask "/nonprod/rds/mysql/host" 'RDS_HOST'
25+
exportWithMask "/nonprod/rds/mysql/username" 'RDS_USERNAME'
26+
exportWithMask "/nonprod/rds/mysql/password" 'RDS_PASSWORD'
27+
exportWithMask "/nonprod/rabbitmq/USERNAME" 'MQ_USERNAME'
28+
exportWithMask "/nonprod/rabbitmq/PASSWORD" 'MQ_PASSWORD'
29+
exportWithMask "/nonprod/psql/DB_PASSWORD" 'PSQL_PASSWORD'
30+
exportWithMask "/$ENVIRONMENT/abdm/GATEWAY_CLIENT_ID" 'GATEWAY_CLIENT_ID'
31+
exportWithMask "/$ENVIRONMENT/abdm/GATEWAY_CLIENT_SECRET" 'GATEWAY_CLIENT_SECRET'
32+
exportWithMask "/nonprod/efs/file_system_id" 'EFS_FILESYSTEM_ID'
33+
exportWithMask "/smtp/access_key" 'MAIL_USER'
34+
exportWithMask "/smtp/secret" 'MAIL_PASSWORD'

.github/workflows/deploy-monitoring.yaml

+59
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,59 @@
1+
name: Deploy Monitoring and Logging
2+
3+
on:
4+
push:
5+
branches:
6+
- main
7+
paths:
8+
- values/monitoring.yaml
9+
- aws/route53/monitoring-lite.mybahmni.in.json
10+
- .github/workflows/deploy-monitoring.yaml
11+
12+
workflow_dispatch:
13+
14+
jobs:
15+
deploy-monitoring-logging:
16+
name: Deploy Monitoring & Logging
17+
runs-on: ubuntu-latest
18+
env:
19+
CLUSTER_NAME: bahmni-cluster-nonprod
20+
steps:
21+
- name: Checkout repository
22+
uses: actions/checkout@v2
23+
- name: Add helm repo
24+
run: |
25+
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
26+
helm repo add grafana https://grafana.github.io/helm-charts
27+
helm repo update
28+
- name: Configure AWS Credentials
29+
uses: aws-actions/configure-aws-credentials@v1
30+
with:
31+
aws-access-key-id: ${{ secrets.BAHMNI_AWS_ID }}
32+
aws-secret-access-key: ${{ secrets.BAHMNI_AWS_SECRET }}
33+
aws-region: ${{ secrets.BAHMNI_AWS_REGION }}
34+
role-to-assume: ${{ secrets.BAHMNI_INFRA_ADMIN_ROLE }}
35+
role-duration-seconds: 900 # 15 mins
36+
role-session-name: BahmniInfraAdminSession
37+
- name: Authorise Kubectl with EKS
38+
run: aws eks update-kubeconfig --name $CLUSTER_NAME
39+
- name: Upsert Route53 A record with INGRESS_DNS
40+
run: |
41+
INGRESS_DNS=$(kubectl -n ingress-nginx get svc ingress-nginx-controller -o jsonpath="{.status.loadBalancer.ingress[0].hostname}")
42+
jq --arg ingress_dns "$INGRESS_DNS" '.Changes[].ResourceRecordSet.AliasTarget.DNSName = $ingress_dns' aws/route53/monitoring-lite.mybahmni.in.json > recordset
43+
aws route53 change-resource-record-sets --hosted-zone-id ${{ secrets.HOSTED_ZONE_ID }} --change-batch file://recordset
44+
- name: Helm Upgrade Monitoring Stack
45+
run: |
46+
GRAFANA_ADMIN_PASSWORD=$(aws ssm get-parameter --with-decryption --name "/nonprod/grafana/ADMIN_PASSWORD" --query "Parameter.Value" --output text)
47+
GITHUB_OAUTH_CLIENT_ID=$(aws ssm get-parameter --with-decryption --name "/nonprod/grafana/oauth/github/bahmniindia/CLIENT_ID" --query "Parameter.Value" --output text)
48+
GITHUB_OAUTH_CLIENT_SECRET=$(aws ssm get-parameter --with-decryption --name "/nonprod/grafana/oauth/github/bahmniindia/CLIENT_SECRET" --query "Parameter.Value" --output text)
49+
helm upgrade monitoring prometheus-community/kube-prometheus-stack -n monitoring --create-namespace \
50+
--values=values/monitoring.yaml \
51+
--set grafana.adminPassword=$GRAFANA_ADMIN_PASSWORD \
52+
--set 'grafana.grafana\.ini.auth\.github.client_id'=$GITHUB_OAUTH_CLIENT_ID \
53+
--set 'grafana.grafana\.ini.auth\.github.client_secret'=$GITHUB_OAUTH_CLIENT_SECRET \
54+
--install
55+
56+
- name: Helm Upgrade Logging Stack
57+
run: |
58+
helm upgrade --install loki --namespace=monitoring grafana/loki-stack \
59+
--values=values/logging.yaml

.github/workflows/deploy.yaml

+194
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,194 @@
1+
name: Deploy
2+
3+
on:
4+
push:
5+
branches:
6+
- main
7+
repository_dispatch:
8+
types: ["bahmni-helm-publish-event","bahmniindia-helm-publish-event"]
9+
workflow_dispatch:
10+
inputs:
11+
enable_db_setup:
12+
description: 'Enable this to create databases'
13+
required: true
14+
type: boolean
15+
default: false
16+
environment:
17+
description: 'Environment to deploy'
18+
required: true
19+
type: choice
20+
default: dev
21+
options:
22+
- dev
23+
- qa
24+
- demo
25+
- performance
26+
env:
27+
ENVIRONMENT: ${{ github.event.inputs.environment || 'dev'}}
28+
ENVIRONMENT_DNS: ${{ (github.event.inputs.environment || 'dev') == 'demo' && 'lite.mybahmni.in' || format('{0}.{1}', github.event.inputs.environment || 'dev', 'lite.mybahmni.in') }}
29+
30+
jobs:
31+
deploy:
32+
name: Deploy to ${{ github.event.inputs.environment || 'dev'}} environment
33+
concurrency: ${{ github.event.inputs.environment || 'dev'}}
34+
environment:
35+
name: ${{ github.event.inputs.environment || 'dev'}}
36+
url: ${{ (github.event.inputs.environment || 'dev') == 'demo' && 'lite.mybahmni.in' || format('{0}.{1}', github.event.inputs.environment || 'dev', 'lite.mybahmni.in') }}
37+
runs-on: ubuntu-latest
38+
env:
39+
CLUSTER_NAME: bahmni-cluster-nonprod
40+
steps:
41+
- name: Checkout repository
42+
uses: actions/checkout@v2
43+
- name: Configure AWS Credentials
44+
uses: aws-actions/configure-aws-credentials@v1
45+
with:
46+
aws-access-key-id: ${{ secrets.BAHMNI_AWS_ID }}
47+
aws-secret-access-key: ${{ secrets.BAHMNI_AWS_SECRET }}
48+
aws-region: ${{ secrets.BAHMNI_AWS_REGION }}
49+
role-to-assume: ${{ secrets.BAHMNI_INFRA_ADMIN_ROLE }}
50+
role-duration-seconds: 900 # 15 mins
51+
role-session-name: BahmniInfraAdminSession
52+
- name: Authorise Kubectl with EKS
53+
run: aws eks update-kubeconfig --name $CLUSTER_NAME
54+
- name: Install Nginx Ingress
55+
run: |
56+
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/aws/nlb-with-tls-termination/deploy.yaml
57+
sed -i.bak "s|XXX.XXX.XXX/XX|10.0.0.0/16|" deploy.yaml
58+
sed -i.bak "s|arn:aws:acm:us-west-2:XXXXXXXX:certificate/XXXXXX-XXXXXXX-XXXXXXX-XXXXXXXX|${{ secrets.MYBAHMNI_CERT_ARN }}|" deploy.yaml
59+
kubectl apply -f deploy.yaml
60+
- name: Upsert Route53 A record with INGRESS_DNS
61+
run: |
62+
INGRESS_DNS=$(kubectl -n ingress-nginx get svc ingress-nginx-controller -o jsonpath="{.status.loadBalancer.ingress[0].hostname}")
63+
jq --arg ingress_dns "$INGRESS_DNS" \
64+
--arg environment_dns "$ENVIRONMENT_DNS" \
65+
'.Changes[].ResourceRecordSet.AliasTarget.DNSName = $ingress_dns | .Changes[0].ResourceRecordSet.Name = $environment_dns | .Changes[1].ResourceRecordSet.Name = "payments-"+$environment_dns' \
66+
aws/route53/lite.mybahmni.in.json > recordset
67+
aws route53 change-resource-record-sets --hosted-zone-id ${{ secrets.HOSTED_ZONE_ID }} --change-batch file://recordset
68+
- name: Setup Environment secrets
69+
shell: bash
70+
run: bash .github/setupEnvSecrets.sh ${{ env.ENVIRONMENT }}
71+
- name: Setup databases
72+
if: ${{ github.event.inputs.enable_db_setup == 'true' }}
73+
run: |
74+
helm install db-setup db-setup --repo https://bahmni.github.io/helm-charts --devel --wait --wait-for-jobs --atomic --timeout 1m \
75+
--namespace ${{ env.ENVIRONMENT }} --create-namespace \
76+
--set DB_HOST=$RDS_HOST \
77+
--set DB_ROOT_USERNAME=$RDS_USERNAME \
78+
--set DB_ROOT_PASSWORD=$RDS_PASSWORD \
79+
--set databases.openmrs.DB_NAME=openmrs_${{ env.ENVIRONMENT }} \
80+
--set databases.openmrs.USERNAME=$OPENMRS_DB_USERNAME \
81+
--set databases.openmrs.PASSWORD=$OPENMRS_DB_PASSWORD \
82+
--set databases.crater.DB_NAME=crater_${{ env.ENVIRONMENT }} \
83+
--set databases.crater.USERNAME=$CRATER_DB_USERNAME \
84+
--set databases.crater.PASSWORD=$CRATER_DB_PASSWORD \
85+
--set databases.crater_atomfeed.DB_NAME=crater_atomfeed_${{ env.ENVIRONMENT }} \
86+
--set databases.crater_atomfeed.USERNAME=$CRATER_ATOMFEED_DB_USERNAME \
87+
--set databases.crater_atomfeed.PASSWORD=$CRATER_ATOMFEED_DB_PASSWORD \
88+
--set databases.reports.DB_NAME=bahmni_reports_${{ env.ENVIRONMENT }} \
89+
--set databases.reports.USERNAME=$REPORTS_DB_USERNAME \
90+
--set databases.reports.PASSWORD=$REPORTS_DB_PASSWORD
91+
92+
- name: Deleting db-setup helm release
93+
if: ${{ github.event.inputs.enable_db_setup == 'true' }}
94+
run: helm uninstall db-setup --namespace ${{ env.ENVIRONMENT }}
95+
- name: Helm Dependency Update
96+
run: helm dependency update
97+
- name: List Helm Dependencies
98+
run: ls charts
99+
- name: Helm Upgrade
100+
run: |
101+
helm upgrade bahmni-${{ env.ENVIRONMENT }} . \
102+
--set openmrs.secrets.OMRS_DB_USERNAME=$OPENMRS_DB_USERNAME \
103+
--set openmrs.secrets.OMRS_DB_PASSWORD=$OPENMRS_DB_PASSWORD \
104+
--set openmrs.config.OMRS_DB_NAME=openmrs_${{ env.ENVIRONMENT }} \
105+
--set openmrs.secrets.OMRS_DB_HOSTNAME=$RDS_HOST \
106+
--set openmrs.secrets.MAIL_USER=$MAIL_USER \
107+
--set openmrs.secrets.MAIL_PASSWORD=$MAIL_PASSWORD \
108+
--set openmrs.config.SEND_MAIL=true \
109+
--set openmrs.config.MAIL_FROM=noreply@mybahmni.in \
110+
--set openmrs.config.MAIL_SMTP_HOST=email-smtp.ap-south-1.amazonaws.com \
111+
--set openmrs.config.MAIL_SMTP_PORT=587 \
112+
--set reports.secrets.OPENMRS_DB_HOST=$RDS_HOST \
113+
--set reports.secrets.OPENMRS_DB_USERNAME=$OPENMRS_DB_USERNAME \
114+
--set reports.secrets.OPENMRS_DB_PASSWORD=$OPENMRS_DB_PASSWORD \
115+
--set reports.config.OPENMRS_DB_NAME=openmrs_${{ env.ENVIRONMENT }} \
116+
--set reports.secrets.REPORTS_DB_SERVER=$RDS_HOST \
117+
--set reports.secrets.REPORTS_DB_USERNAME=$REPORTS_DB_USERNAME \
118+
--set reports.secrets.REPORTS_DB_PASSWORD=$REPORTS_DB_PASSWORD \
119+
--set reports.config.REPORTS_DB_NAME=bahmni_reports_${{ env.ENVIRONMENT }} \
120+
--set crater.config.APP_URL=https://payments-${{env.ENVIRONMENT_DNS}} \
121+
--set crater.config.DB_DATABASE=crater_${{ env.ENVIRONMENT }} \
122+
--set crater.config.DB_HOST=$RDS_HOST \
123+
--set crater.config.SANCTUM_STATEFUL_DOMAINS=payments-${{env.ENVIRONMENT_DNS}} \
124+
--set crater.config.SESSION_DOMAIN=payments-${{env.ENVIRONMENT_DNS}} \
125+
--set crater.secrets.DB_USERNAME=$CRATER_DB_USERNAME \
126+
--set crater.secrets.DB_PASSWORD=$CRATER_DB_PASSWORD \
127+
--set crater.secrets.ADMIN_PASSWORD=$CRATER_ADMIN_PASSWORD \
128+
--set hip.secrets.GATEWAY_CLIENT_ID=$GATEWAY_CLIENT_ID \
129+
--set hip.secrets.GATEWAY_CLIENT_SECRET=$GATEWAY_CLIENT_SECRET \
130+
--set hip.secrets.OPENMRS_PASSWORD=Admin123 \
131+
--set hip.config.BAHMNI_URL=https://${{env.ENVIRONMENT_DNS}}/openmrs \
132+
--set hip.config.RABBITMQ_USERNAME=$MQ_USERNAME \
133+
--set hip.config.RABBITMQ_PASSWORD=$MQ_PASSWORD \
134+
--set hiu.secrets.HIU_CLIENT_ID=$GATEWAY_CLIENT_ID \
135+
--set hiu.secrets.HIU_CLIENT_SECRET=$GATEWAY_CLIENT_SECRET \
136+
--set hiu.config.DATA_PUSH_URL=https://${{env.ENVIRONMENT_DNS}}/hiu-api/data/notification \
137+
--set hiu.config.RABBITMQ_USERNAME=$MQ_USERNAME \
138+
--set hiu.config.RABBITMQ_PASSWORD=$MQ_PASSWORD \
139+
--set hiu-ui.config.BACKEND_BASE_URL=https://${{env.ENVIRONMENT_DNS}} \
140+
--set global.postgresql.auth.postgresPassword=$PSQL_PASSWORD \
141+
--set rabbitmq.auth.username=$MQ_USERNAME \
142+
--set rabbitmq.auth.password=$MQ_PASSWORD \
143+
--set ingress.host=${{env.ENVIRONMENT_DNS}} \
144+
--set efs.fileSystemId=${{env.EFS_FILESYSTEM_ID}} \
145+
--set crater-atomfeed.config.CRATER_ATOMFEED_DB_HOST=$RDS_HOST \
146+
--set crater-atomfeed.config.CRATER_ATOMFEED_DB_NAME=crater_atomfeed_${{ env.ENVIRONMENT }} \
147+
--set crater-atomfeed.config.CRATER_URL=https://payments-${{env.ENVIRONMENT_DNS}} \
148+
--set crater-atomfeed.secrets.OPENMRS_ATOMFEED_USER=superman \
149+
--set crater-atomfeed.secrets.OPENMRS_ATOMFEED_PASSWORD=Admin123 \
150+
--set crater-atomfeed.secrets.CRATER_USERNAME=superman@bahmni.org \
151+
--set crater-atomfeed.secrets.CRATER_PASSWORD=$CRATER_ADMIN_PASSWORD \
152+
--set crater-atomfeed.secrets.CRATER_ATOMFEED_DB_USERNAME=$CRATER_ATOMFEED_DB_USERNAME \
153+
--set crater-atomfeed.secrets.CRATER_ATOMFEED_DB_PASSWORD=$CRATER_ATOMFEED_DB_PASSWORD \
154+
--values=values/${{ env.ENVIRONMENT }}.yaml \
155+
--install \
156+
--namespace ${{ env.ENVIRONMENT }} --create-namespace
157+
158+
notification:
159+
name: Slack notification
160+
needs:
161+
- deploy
162+
runs-on: ubuntu-latest
163+
if: always()
164+
steps:
165+
- name: Success
166+
if: ${{ needs.deploy.result == 'success' }}
167+
run: |
168+
curl -X POST -H 'Content-type: application/json' --data '{"text":">🟢 Bahmni India Distro deployed. \n>*Bahmni* https://${{env.ENVIRONMENT_DNS}} \n>*Payments* https://payments-${{env.ENVIRONMENT_DNS}} \n> <https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}|Umbrella Chart Job #${{github.run_id}}>"}' ${{ secrets.SLACK_WEBHOOK_URL }}
169+
- name: Failure
170+
if: ${{ needs.deploy.result == 'failure' }}
171+
run: |
172+
curl -X POST -H 'Content-type: application/json' --data '{"text":"🔴 Bahmni India Distro deployment failed!!! This is where you go look what happened → <https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}|Umbrella Chart Job #${{github.run_id}}>"}' ${{ secrets.SLACK_WEBHOOK_URL }}
173+
trigger-e2e-smoke-test-lite:
174+
name: Trigger E2E Smoke Test in Dev.Lite
175+
needs:
176+
- deploy
177+
runs-on: ubuntu-latest
178+
if: ${{ ((github.event.inputs.environment || 'dev') == 'dev') && (needs.deploy.result == 'success') }}
179+
steps:
180+
- name: Create repository_dispatch
181+
env:
182+
REPOSITORY_NAME: "bahmni-e2e-tests"
183+
ORG_NAME: "Bahmni"
184+
EVENT_TYPE: "Smoke-Test-Dev-Lite"
185+
TEST_CONTEXT: "clinic & smoke"
186+
run: |
187+
trigger_result=$(curl -s -o trigger_response.txt -w "%{http_code}" -X POST -H "Accept: application/vnd.github.v3+json" -H 'authorization: Bearer ${{ secrets.BAHMNI_PAT }}' https://api.github.com/repos/${ORG_NAME}/${REPOSITORY_NAME}/dispatches -d '{"event_type":"'"${EVENT_TYPE}"'","client_payload":{"context":"'"${TEST_CONTEXT}"'"}}')
188+
if [ $trigger_result == 204 ];then
189+
echo "Trigger to $ORG_NAME/$REPOSITORY_NAME Success"
190+
else
191+
echo "Trigger to $ORG_NAME/$REPOSITORY_NAME Failed"
192+
cat trigger_response.txt
193+
exit 1
194+
fi

0 commit comments

Comments
 (0)