Deploy to Test Env on merge to mainline (#35)

Author: nguyen102

.github/workflows/deploy.yml

@@ -0,0 +1,64 @@
+name: Unit Tests and Deploy
+on:
+  push:
+    branches:
+      - mainline
+jobs:
+  unit-test:
+    name: Unit Test and Linting
+    runs-on: ubuntu-18.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Use Node.js
+        uses: actions/setup-node@v1
+        with:
+          node-version: 12
+
+      - name: Install dependencies
+        run: |
+          cd auditLogMover
+          yarn install
+          cd ..
+          yarn install
+      - name: Lint
+        run: |
+          cd auditLogMover
+          yarn lint
+          cd ..
+          yarn lint
+      - name: Unit tests
+        run: yarn test
+  deploy:
+    needs: unit-test
+    name: Deploy to Dev
+    runs-on: ubuntu-18.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Use Node.js
+        uses: actions/setup-node@v1
+        with:
+          node-version: 12
+      - name: Setup config file
+        env:
+          DEV_AWS_USER_ACCOUNT_ARN: ${{ secrets.DEV_AWS_USER_ACCOUNT_ARN }}
+        run: sed "s#<dev-arn>#$DEV_AWS_USER_ACCOUNT_ARN#g" serverless_config.template.json > serverless_config.json
+      - name: Install serverless
+        run: npm install -g serverless
+      - name: Deploy FHIR Server and ddbToEs
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID}}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        run: |
+          yarn install
+          serverless deploy --stage dev --region us-west-2 --conceal
+      - name: Deploy auditLogMover
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID}}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        run: |
+          cd auditLogMover
+          yarn install
+          serverless deploy --stage dev --region us-west-2 --conceal

.github/workflows/test.yml .github/workflows/unit-test.yml

@@ -1,15 +1,12 @@
-name: Test
+name: Unit Test
 on:
-  push:
-    branches:
-      - mainline
   pull_request:
     branches:
       - mainline
 jobs:
   unit-test:
     name: Unit Test and Linting
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-18.04
     steps:
       - name: Checkout
         uses: actions/checkout@v2
@@ -18,8 +15,16 @@ jobs:
         with:
           node-version: 12
       - name: Install dependencies
-        run: yarn install
-      - name: linter
-        run: yarn lint
+        run: |
+          cd auditLogMover
+          yarn install
+          cd ..
+          yarn install
+      - name: Lint
+        run: |
+          cd auditLogMover
+          yarn lint
+          cd ..
+          yarn lint
       - name: Unit tests
         run: yarn test

auditLogMover/serverless.yml

@@ -98,7 +98,7 @@ resources:
       Type: AWS::CloudWatch::Alarm
       Properties:
         AlarmDescription: Alarm when there is a exportCloudwatchLogs-Failure'
-        AlarmName: FhirSolution.AuditLogMover.ExportFailureAlarm
+        AlarmName: FhirSolution.${self:custom.stage}.AuditLogMover.ExportFailureAlarm
         ActionsEnabled: False
         ComparisonOperator: GreaterThanOrEqualToThreshold
         EvaluationPeriods: 1
@@ -117,7 +117,7 @@ resources:
       Type: AWS::CloudWatch::Alarm
       Properties:
         AlarmDescription: Alarm when there is a deleteCloudwatchLogs-Failure'
-        AlarmName: FhirSolution.AuditLogMover.DeleteFailureAlarm
+        AlarmName: FhirSolution.${self:custom.stage}.AuditLogMover.DeleteFailureAlarm
         ActionsEnabled: False
         ComparisonOperator: GreaterThanOrEqualToThreshold
         EvaluationPeriods: 1

cloudformation/alarms.yaml

@@ -4,7 +4,7 @@ Resources:
     Type: AWS::CloudWatch::Alarm
     Properties:
       AlarmDescription: Alarm when the Stream errors is more than 1 unit for 15 minutes out of the past 25 minutes. Streams do have retry logic
-      AlarmName: FhirSolution.High.DDBToESLambdaErrorAlarm
+      AlarmName: FhirSolution.${self:custom.stage}.High.DDBToESLambdaErrorAlarm
       ActionsEnabled: False
       ComparisonOperator: GreaterThanOrEqualToThreshold
       EvaluationPeriods: 5
@@ -24,7 +24,7 @@ Resources:
     Type: AWS::CloudWatch::Alarm
     Properties:
       AlarmDescription: Alarm when Fhir errors is more than 1
-      AlarmName: FhirSolution.High.FhirLambdaErrorAlarm
+      AlarmName: FhirSolution.${self:custom.stage}.High.FhirLambdaErrorAlarm
       ActionsEnabled: False
       ComparisonOperator: GreaterThanOrEqualToThreshold
       EvaluationPeriods: 2
@@ -44,7 +44,7 @@ Resources:
     Type: AWS::CloudWatch::Alarm
     Properties:
       AlarmDescription: Alarm when Fhir average latency is more than 2.5s; 2 times
-      AlarmName: FhirSolution.Low.FhirLambdaLatencyAlarm
+      AlarmName: FhirSolution.${self:custom.stage}.Low.FhirLambdaLatencyAlarm
       ActionsEnabled: False
       ComparisonOperator: GreaterThanOrEqualToThreshold
       EvaluationPeriods: 5
@@ -64,7 +64,7 @@ Resources:
     Type: AWS::CloudWatch::Alarm
     Properties:
       AlarmDescription: Alarm when Api GW has more than 1 5xx errors; 3 times
-      AlarmName: FhirSolution.High.ApiGateway5XXErrorAlarm
+      AlarmName: FhirSolution.${self:custom.stage}.High.ApiGateway5XXErrorAlarm
       ActionsEnabled: False
       ComparisonOperator: GreaterThanOrEqualToThreshold
       EvaluationPeriods: 5
@@ -84,7 +84,7 @@ Resources:
     Type: AWS::CloudWatch::Alarm
     Properties:
       AlarmDescription: Alarm when Api GW has more than 1 4xx errors; 3 times
-      AlarmName: FhirSolution.Low.ApiGateway4XXErrorAlarm
+      AlarmName: FhirSolution.${self:custom.stage}.Low.ApiGateway4XXErrorAlarm
       ActionsEnabled: False
       ComparisonOperator: GreaterThanOrEqualToThreshold
       EvaluationPeriods: 5
@@ -104,7 +104,7 @@ Resources:
     Type: AWS::CloudWatch::Alarm
     Properties:
       AlarmDescription: Alarm when Api GW average latency is more than 3s; 2 times
-      AlarmName: FhirSolution.Low.ApiGatewayLatencyAlarm
+      AlarmName: FhirSolution.${self:custom.stage}.Low.ApiGatewayLatencyAlarm
       ActionsEnabled: False
       ComparisonOperator: GreaterThanOrEqualToThreshold
       EvaluationPeriods: 5
@@ -122,7 +122,7 @@ Resources:
   ClusterStatusRedAlarm:
     Type: 'AWS::CloudWatch::Alarm'
     Properties:
-      AlarmName: FhirSolution.High.FhirESClusterStatusRedAlarm
+      AlarmName: FhirSolution.${self:custom.stage}.High.FhirESClusterStatusRedAlarm
       AlarmDescription: 'Primary and replica shards of at least one index are not allocated to nodes in a cluster.'
       ComparisonOperator: GreaterThanThreshold
       Dimensions:
@@ -141,7 +141,7 @@ Resources:
     Type: 'AWS::CloudWatch::Alarm'
     Condition: isNotDev
     Properties:
-      AlarmName: FhirSolution.Low.FhirESClusterStatusYellowAlarm
+      AlarmName: FhirSolution.${self:custom.stage}.Low.FhirESClusterStatusYellowAlarm
       AlarmDescription: 'Replica shards for at least one index are not allocated to 2 nodes in a cluster.'
       ComparisonOperator: GreaterThanThreshold
       Dimensions:
@@ -158,7 +158,7 @@ Resources:
   ClusterCPUUtilizationTooHighAlarm:
     Type: 'AWS::CloudWatch::Alarm'
     Properties:
-      AlarmName: FhirSolution.High.FhirESClusterCPUUtilAlarm
+      AlarmName: FhirSolution.${self:custom.stage}.High.FhirESClusterCPUUtilAlarm
       AlarmDescription: 'Average CPU utilization over last 10 minutes too high.'
       ComparisonOperator: GreaterThanThreshold
       Dimensions:
@@ -176,7 +176,7 @@ Resources:
     Type: 'AWS::CloudWatch::Alarm'
     Condition: isNotDev
     Properties:
-      AlarmName: FhirSolution.Low.FhirESClusterMasterCPUUtilAlarm
+      AlarmName: FhirSolution.${self:custom.stage}.Low.FhirESClusterMasterCPUUtilAlarm
       AlarmDescription: 'Average CPU utilization over last 10 minutes too high.'
       ComparisonOperator: GreaterThanThreshold
       Dimensions:
@@ -193,7 +193,7 @@ Resources:
   ClusterFreeStorageSpaceTooLowAlarm:
     Type: 'AWS::CloudWatch::Alarm'
     Properties:
-      AlarmName: FhirSolution.Low.FhirESClusterFreeStorageSpaceTooLowAlarm
+      AlarmName: FhirSolution.${self:custom.stage}.Low.FhirESClusterFreeStorageSpaceTooLowAlarm
       AlarmDescription: 'Cluster is running out of storage space.'
       ComparisonOperator: LessThanThreshold
       Dimensions:
@@ -210,7 +210,7 @@ Resources:
   ClusterIndexWritesBlockedTooHighAlarm:
     Type: 'AWS::CloudWatch::Alarm'
     Properties:
-      AlarmName: FhirSolution.Low.FhirESClusterIndexWritesBlockedTooHighAlarm
+      AlarmName: FhirSolution.${self:custom.stage}.Low.FhirESClusterIndexWritesBlockedTooHighAlarm
       AlarmDescription: 'Cluster is blocking incoming write requests.'
       ComparisonOperator: GreaterThanThreshold
       Dimensions:
@@ -227,7 +227,7 @@ Resources:
   ClusterJVMMemoryPressureTooHighAlarm:
     Type: 'AWS::CloudWatch::Alarm'
     Properties:
-      AlarmName: FhirSolution.Low.FhirESClusterJVMMemoryAlarm
+      AlarmName: FhirSolution.${self:custom.stage}.Low.FhirESClusterJVMMemoryAlarm
       AlarmDescription: 'Average JVM memory pressure over last 10 minutes too high.'
       ComparisonOperator: GreaterThanThreshold
       Dimensions:
@@ -245,7 +245,7 @@ Resources:
     Type: 'AWS::CloudWatch::Alarm'
     Condition: isNotDev
     Properties:
-      AlarmName: FhirSolution.Low.FhirESClusterMasterJVMMemoryAlarm
+      AlarmName: FhirSolution.${self:custom.stage}.Low.FhirESClusterMasterJVMMemoryAlarm
       AlarmDescription: 'Average JVM memory pressure over last 10 minutes too high.'
       ComparisonOperator: GreaterThanThreshold
       Dimensions:
@@ -263,7 +263,7 @@ Resources:
     Type: 'AWS::CloudWatch::Alarm'
     Condition: isNotDev
     Properties:
-      AlarmName: FhirSolution.Low.FhirESClusterMasterNotReachableFromNodeAlarm
+      AlarmName: FhirSolution.${self:custom.stage}.Low.FhirESClusterMasterNotReachableFromNodeAlarm
       AlarmDescription: 'Master node stopped or not reachable. Usually the result of a network connectivity issue or AWS dependency problem.'
       ComparisonOperator: LessThanThreshold
       Dimensions:
@@ -281,7 +281,7 @@ Resources:
     Type: 'AWS::CloudWatch::Alarm'
     Condition: isNotDev
     Properties:
-      AlarmName: FhirSolution.Low.FhirESClusterSnapshotFailureAlarm
+      AlarmName: FhirSolution.${self:custom.stage}.Low.FhirESClusterSnapshotFailureAlarm
       AlarmDescription: 'No automated snapshot was taken for the domain in the previous 36 hours.'
       ComparisonOperator: GreaterThanThreshold
       Dimensions:
@@ -299,7 +299,7 @@ Resources:
     Type: 'AWS::CloudWatch::Alarm'
     Condition: isDev
     Properties:
-      AlarmName: FhirSolution.Low.FhirESClusterKibanaAlarm
+      AlarmName: FhirSolution.${self:custom.stage}.Low.FhirESClusterKibanaAlarm
       AlarmDescription: 'Kibana is inaccessible.'
       ComparisonOperator: LessThanThreshold
       Dimensions:
@@ -316,7 +316,7 @@ Resources:
   ClusterKMSKeyErrorAlarm:
     Type: 'AWS::CloudWatch::Alarm'
     Properties:
-      AlarmName: FhirSolution.High.FhirESClusterKMSErrorAlarm
+      AlarmName: FhirSolution.${self:custom.stage}.High.FhirESClusterKMSErrorAlarm
       AlarmDescription: 'KMS customer master key used to encrypt data at rest has been disabled.'
       ComparisonOperator: GreaterThanThreshold
       Dimensions:
@@ -333,7 +333,7 @@ Resources:
   ClusterKMSKeyInaccessibleAlarm:
     Type: 'AWS::CloudWatch::Alarm'
     Properties:
-      AlarmName: FhirSolution.High.FhirESClusterKMSInaccessibleAlarm
+      AlarmName: FhirSolution.${self:custom.stage}.High.FhirESClusterKMSInaccessibleAlarm
       AlarmDescription: 'KMS customer master key used to encrypt data at rest has been deleted or revoked its grants to Amazon ES.'
       ComparisonOperator: GreaterThanThreshold
       Dimensions:

serverless.yaml

@@ -28,7 +28,7 @@ provider:
     ELASTICSEARCH_DOMAIN_ENDPOINT: !Join ['', ['https://', !GetAtt ElasticSearchDomain.DomainEndpoint]]
     OAUTH2_DOMAIN_ENDPOINT: !Join ['', ['https://', !Ref UserPoolDomain, '.auth.${self:custom.region}.amazoncognito.com/oauth2']]
   apiKeys:
-    - name: developer-key
+    - name: 'developer-key-${self:custom.stage}'
       description: Key for developer to access the FHIR Api
   usagePlan:
     throttle:

serverless_config.template.json

@@ -0,0 +1,3 @@
+{
+  "devAwsUserAccountArn": "<dev-arn>"
+}