Ppha 417 create infra as code for hub resources

.azuredevops/pipelines/deploy.yml

@@ -0,0 +1,77 @@
+trigger: none
+pr: none
+
+parameters:
+  - name: commitSHA
+    displayName: Commit SHA
+    type: string
+  - name: environment
+    displayName: Environment
+    type: string
+  - name: prNumber
+    displayName: Pull request number
+    type: string
+    default: ''
+  - name: pool
+    displayName: ADO management pool
+    type: string
+
+stages:
+  - stage: ${{ parameters.environment }}
+    displayName: Deploy to ${{ parameters.environment }} environment
+    pool:
+      name: ${{ parameters.pool }}
+    lockBehavior: sequential
+    isSkippable: false
+
+    jobs:
+      - deployment: DeployApp
+        displayName: Deploy application
+        environment: ${{ parameters.environment }}
+        strategy:
+          runOnce:
+            deploy:
+              steps:
+                - checkout: self
+
+                - task: UsePythonVersion@0
+                  inputs:
+                    versionSpec: '3.x'
+                    architecture: 'x64'
+
+                - task: TerraformInstaller@1
+                  displayName: Install terraform
+                  inputs:
+                    terraformVersion: 1.7.0
+
+                - task: AzureCLI@2
+                  displayName: Run terraform
+                  inputs:
+                    azureSubscription: lung-${{ parameters.environment }}
+                    scriptType: bash
+                    scriptLocation: inlineScript
+                    addSpnToEnvironment: true
+                    inlineScript: |
+                      export ARM_TENANT_ID="$tenantId"
+                      export ARM_CLIENT_ID="$servicePrincipalId"
+                      export ARM_OIDC_TOKEN="$idToken"
+                      export ARM_USE_OIDC=true
+                      make ci ${{ parameters.environment }} terraform-apply DOCKER_IMAGE_TAG=git-sha-${{ parameters.commitSHA }} PR_NUMBER=${{ parameters.prNumber }}
+
+                # - task: AzureCLI@2
+                #   displayName: Run database setup
+                #   inputs:
+                #     azureSubscription: lungcs-${{ parameters.environment }}
+                #     scriptType: bash
+                #     scriptLocation: inlineScript
+                #     addSpnToEnvironment: true
+                #     inlineScript: make ci ${{ parameters.environment }} db-setup PR_NUMBER=${{ parameters.prNumber }}
+
+                # - task: AzureCLI@2
+                #   displayName: Run notifications smoke test
+                #   inputs:
+                #     azureSubscription: lungcs-${{ parameters.environment }}
+                #     scriptType: bash
+                #     scriptLocation: inlineScript
+                #     addSpnToEnvironment: true
+                #     inlineScript: make ci ${{ parameters.environment }} notifications-smoke-test PR_NUMBER=${{ parameters.prNumber }}

.azuredevops/pipelines/hub-infrastructure-dev.yaml

@@ -0,0 +1,78 @@
+---
+name: $(Build.SourceBranchName)-$(Date:yyyyMMdd)_$(Rev:r)
+trigger: none
+pr: none
+
+pool:
+  name: private-pool-hub-nonlive-uks
+  # vmImage: ubuntu-latest
+
+resources:
+  repositories:
+    - repository: dtos-devops-templates
+      type: github
+      name: NHSDigital/dtos-devops-templates
+      ref: main
+      endpoint: NHSDigital
+
+variables:
+  - group: NON_LIVE_hub_backend
+  - name: TF_DIRECTORY
+    value: $(System.DefaultWorkingDirectory)/lung_cancer_screening/infrastructure/terraform/hub
+  - name: TF_VERSION
+    value: 1.14.3
+  - name: TF_PLAN_ARTIFACT
+    value: tf_plan_hub_art_NONLIVE_dev
+  - name: ENVIRONMENT
+    value: nonlive-hub
+
+stages:
+  - stage: terraform_plan
+    displayName: Terraform Plan
+    condition: eq(variables['Build.Reason'], 'Manual')
+    variables:
+      tfVarsFile: ../../environments/$(ENVIRONMENT)/variables.tfvars
+    jobs:
+      - job: init_and_plan
+        displayName: Init, plan, store artifact
+        steps:
+          - checkout: self
+          - checkout: dtos-devops-templates
+          - task: Bash@3
+            displayName: 'Debug Terraform directory'
+            inputs:
+              targetType: 'inline'
+              script: |
+                find . -type d | grep dtos-devops-templates
+                pwd
+                ls -la
+                echo "TF_DIRECTORY=$(TF_DIRECTORY)"
+                # cd $(TF_DIRECTORY)
+                ls -ltr
+                find .
+                terraform --version || true
+          - template: .azuredevops/templates/steps/tf_plan.yaml@dtos-devops-templates
+
+  - stage: terraform_apply
+    displayName: Terraform Apply
+    dependsOn: [terraform_plan]
+    condition: and(eq(dependencies.terraform_plan.outputs['init_and_plan.TerraformPlan.changesPresent'], 'true'), eq(variables['Build.Reason'], 'Manual'))
+    jobs:
+      - deployment: terraform_apply
+        displayName: Init, get plan artifact, apply
+        environment: $(ENVIRONMENT)
+        strategy:
+          runOnce:
+            deploy:
+              steps:
+                - checkout: self
+                - checkout: dtos-devops-templates
+                - template: .azuredevops/templates/steps/tf_apply.yaml@dtos-devops-templates
+                  # parameters:
+                  #   # The Application Gateway Config null resource needs an authenticated PowerShell context, hence our shell is pscore
+                  #   # AzureCLI@2 task is used rather than AzurePowerShell@5 because Terraform is unable to use a PowerShell authentication context directly
+                  #   tfApplyShell: pscore
+                  #   tfApplyScript: |
+                  #     if (-not (Get-Module -ListAvailable -Name Az)) { Install-Module -Name Az -AllowClobber -Scope CurrentUser -Force -SkipPublisherCheck }
+                  #     $token = az account get-access-token --resource https://management.azure.com/ --query accessToken --output tsv
+                  #     Connect-AzAccount -AccessToken $token -AccountId $env:servicePrincipalId -Tenant $env:tenantId -Subscription $(TF_VAR_TARGET_SUBSCRIPTION_ID) -ErrorAction Stop

.github/workflows/stage-1-commit.yaml

@@ -77,7 +77,7 @@ jobs:
           fetch-depth: 0 # Full history is needed to compare branches
       - name: "Check English usage"
         uses: ./.github/actions/check-english-usage
-  # Github actiuons dont have terrafomr installed at the moment
+  # GitHub actions dont have terraform installed at the moment
   # lint-terraform:
   #   name: "Lint Terraform"
   #   runs-on: ubuntu-latest

.gitleaksignore

@@ -1,16 +1,16 @@
 # SEE: https://github.com/gitleaks/gitleaks/blob/master/README.md#gitleaksignore
 
 cd9c0efec38c5d63053dd865e5d4e207c0760d91:docs/guides/Perform_static_analysis.md:generic-api-key:37
-infrastructure/terraform/resource_group_init/core.bicep:generic-api-key:10
-infrastructure/terraform/resource_group_init/core.bicep:generic-api-key:11
-infrastructure/terraform/resource_group_init/core.bicep:generic-api-key:12
-infrastructure/terraform/resource_group_init/main.bicep:generic-api-key:29
-infrastructure/terraform/resource_group_init/main.bicep:generic-api-key:30
-infrastructure/terraform/resource_group_init/main.bicep:generic-api-key:31
-infrastructure/terraform/resource_group_init/main.bicep:generic-api-key:32
-infrastructure/terraform/resource_group_init/main.bicep:generic-api-key:33
-infrastructure/terraform/resource_group_init/storage.bicep:generic-api-key:59
-infrastructure/terraform/resource_group_init/keyVault.bicep:generic-api-key:10
+infrastructure/terraform/spoke/resource_group_init/core.bicep:generic-api-key:10
+infrastructure/terraform/spoke/resource_group_init/core.bicep:generic-api-key:11
+infrastructure/terraform/spoke/resource_group_init/core.bicep:generic-api-key:12
+infrastructure/terraform/spoke/resource_group_init/main.bicep:generic-api-key:29
+infrastructure/terraform/spoke/resource_group_init/main.bicep:generic-api-key:30
+infrastructure/terraform/spoke/resource_group_init/main.bicep:generic-api-key:31
+infrastructure/terraform/spoke/resource_group_init/main.bicep:generic-api-key:32
+infrastructure/terraform/spoke/resource_group_init/main.bicep:generic-api-key:33
+infrastructure/terraform/spoke/resource_group_init/storage.bicep:generic-api-key:59
+infrastructure/terraform/spoke/resource_group_init/keyVault.bicep:generic-api-key:10
 infrastructure/bootstrap/core.bicep:generic-api-key:10
 infrastructure/bootstrap/core.bicep:generic-api-key:11
 infrastructure/bootstrap/core.bicep:generic-api-key:12
@@ -21,10 +21,12 @@ infrastructure/bootstrap/hub.bicep:generic-api-key:56
 infrastructure/bootstrap/hub.bicep:generic-api-key:57
 infrastructure/bootstrap/hub.bicep:generic-api-key:58
 infrastructure/bootstrap/hub.bicep:generic-api-key:59
+infrastructure/bootstrap/hub.bicep:generic-api-key:60
+infrastructure/bootstrap/hub.bicep:generic-api-key:61
 infrastructure/bootstrap/main.bicep:generic-api-key:29
 infrastructure/bootstrap/main.bicep:generic-api-key:30
 infrastructure/bootstrap/main.bicep:generic-api-key:31
 infrastructure/bootstrap/main.bicep:generic-api-key:32
-infrastructure/bootstrap/main.bicep:generic-api-key:33
+infrastructure/bootstrap/modules/storage.bicep:generic-api-key:59
 infrastructure/bootstrap/modules/keyVault.bicep:generic-api-key:10
 infrastructure/bootstrap/modules/storage.bicep:generic-api-key:59

docs/infrastructure/bootstrap.md

@@ -0,0 +1 @@
+make hub-nonlive bootstrap