-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathMakefile
243 lines (188 loc) · 12.5 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
.DEFAULT_GOAL :=help
SHELL :=/bin/bash
KEY_VAULT_PURGE_PROTECTION=false
ARM_TEMPLATE_TAG=1.1.6
SERVICE_NAME=apply-for-qts
SERVICE_SHORT=afqts
.PHONY: help
help: ## Show this help
@grep -E '^[a-zA-Z\._\-]+:.*?## .*$$' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
.PHONY: development
development: test-cluster ## Specify development configuration
$(eval include global_config/development.sh)
$(eval DOMAINS_TERRAFORM_BACKEND_KEY=afqtsdomains_dev.tfstate)
.PHONY: review
review: test-cluster ## Specify review configuration
$(if ${PULL_REQUEST_NUMBER},,$(error Missing PULL_REQUEST_NUMBER))
$(eval ENVIRONMENT=pr-${PULL_REQUEST_NUMBER})
$(eval include global_config/review.sh)
$(eval TERRAFORM_BACKEND_KEY=terraform-$(PULL_REQUEST_NUMBER).tfstate)
$(eval export TF_VAR_app_suffix=-$(PULL_REQUEST_NUMBER))
$(eval export TF_VAR_uploads_storage_account_name=$(AZURE_RESOURCE_PREFIX)afqtsrv$(PULL_REQUEST_NUMBER)sa)
.PHONY: test
test: test-cluster ## Specify test configuration
$(eval include global_config/test.sh)
.PHONY: preproduction
preproduction: set-test-azure-subscription test-cluster ## Specify preproduction configuration
$(eval include global_config/preprod.sh)
$(eval DOMAINS_TERRAFORM_BACKEND_KEY=afqtsdomains_preprod.tfstate)
.PHONY: production
production: set-production-azure-subscription production-cluster ## Specify production configuration
$(eval include global_config/production.sh)
$(eval KEY_VAULT_PURGE_PROTECTION=true)
.PHONY: set-test-azure-subscription
set-test-azure-subscription:
$(eval AZURE_SUBSCRIPTION=s189-teacher-services-cloud-test)
$(eval AZURE_RESOURCE_PREFIX=s189t01)
$(eval AZURE_ENV_TAG=Test)
.PHONY: set-production-azure-subscription
set-production-azure-subscription:
$(eval AZURE_SUBSCRIPTION=s189-teacher-services-cloud-production)
$(eval AZURE_RESOURCE_PREFIX=s189p01)
$(eval AZURE_ENV_TAG=Prod)
.PHONY: set-key-vault-names
set-key-vault-names:
$(eval KEY_VAULT_APPLICATION_NAME=$(AZURE_RESOURCE_PREFIX)-$(SERVICE_SHORT)-$(CONFIG_SHORT)-app-kv)
$(eval KEY_VAULT_INFRASTRUCTURE_NAME=$(AZURE_RESOURCE_PREFIX)-$(SERVICE_SHORT)-$(CONFIG_SHORT)-inf-kv)
.PHONY: print-application-key-vault-name
print-application-key-vault-name: set-key-vault-names ## Print the name of the application key vault
echo ${KEY_VAULT_APPLICATION_NAME}
.PHONY: print-infrastructure-key-vault-name
print-infrastructure-key-vault-name: set-key-vault-names ## Print the name of the infrastructure key vault
echo ${KEY_VAULT_INFRASTRUCTURE_NAME}
.PHONY: set-resource-group-name
set-resource-group-name:
$(eval RESOURCE_GROUP_NAME=$(AZURE_RESOURCE_PREFIX)-$(SERVICE_SHORT)-$(CONFIG_SHORT)-rg)
.PHONY: print-resource-group-name
print-resource-group-name: set-resource-group-name
echo ${RESOURCE_GROUP_NAME}
.PHONY: set-azure-account
set-azure-account:
[ "${SKIP_AZURE_LOGIN}" != "true" ] && az account set -s ${AZURE_SUBSCRIPTION} || true
.PHONY: ci
ci: ## Run in automation environment
$(eval AUTO_APPROVE=-auto-approve)
$(eval SKIP_AZURE_LOGIN=true)
$(eval CONFIRM_PRODUCTION=true)
composed-variables: ## Compose variables needed for deployments
$(eval RESOURCE_GROUP_NAME=${AZURE_RESOURCE_PREFIX}-${SERVICE_SHORT}-${CONFIG_SHORT}-rg)
$(eval KEYVAULT_NAMES='("${AZURE_RESOURCE_PREFIX}-${SERVICE_SHORT}-${CONFIG_SHORT}-app-kv", "${AZURE_RESOURCE_PREFIX}-${SERVICE_SHORT}-${CONFIG_SHORT}-inf-kv")')
$(eval STORAGE_ACCOUNT_NAME=$(AZURE_RESOURCE_PREFIX)$(SERVICE_SHORT)tfstate$(CONFIG_SHORT)sa)
$(eval LOG_ANALYTICS_WORKSPACE_NAME=${AZURE_RESOURCE_PREFIX}-${SERVICE_SHORT}-${CONFIG_SHORT}-log)
bin/konduit.sh:
curl -s https://raw.githubusercontent.com/DFE-Digital/teacher-services-cloud/main/scripts/konduit.sh -o bin/konduit.sh \
&& chmod +x bin/konduit.sh
.PHONY: install-konduit
install-konduit: bin/konduit.sh ## Install the konduit script, for accessing backend services
.PHONY: vendor-modules
vendor-modules:
rm -rf terraform/application/vendor/modules
git -c advice.detachedHead=false clone --depth=1 --single-branch --branch ${TERRAFORM_MODULES_TAG} https://github.com/DFE-Digital/terraform-modules.git terraform/application/vendor/modules/dfe-terraform-modules
terraform-init: composed-variables vendor-modules set-azure-account ## Initialize terraform for AKS
$(if $(DOCKER_IMAGE), , $(error Missing environment variable "DOCKER_IMAGE"))
$(eval TERRAFORM_BACKEND_KEY=$(or ${TERRAFORM_BACKEND_KEY},terraform.tfstate))
terraform -chdir=terraform/application init -upgrade -reconfigure \
-backend-config=resource_group_name=${RESOURCE_GROUP_NAME} \
-backend-config=storage_account_name=${STORAGE_ACCOUNT_NAME} \
-backend-config=key=${TERRAFORM_BACKEND_KEY}
$(eval export TF_VAR_environment=${ENVIRONMENT})
$(eval export TF_VAR_azure_resource_prefix=${AZURE_RESOURCE_PREFIX})
$(eval export TF_VAR_config=${CONFIG})
$(eval export TF_VAR_config_short=${CONFIG_SHORT})
$(eval export TF_VAR_service_name=${SERVICE_NAME})
$(eval export TF_VAR_service_short=${SERVICE_SHORT})
$(eval export TF_VAR_docker_image=$(DOCKER_IMAGE))
$(eval export TF_VAR_resource_group_name=${RESOURCE_GROUP_NAME})
.PHONY: terraform-plan
terraform-plan: terraform-init
terraform -chdir=terraform/application plan -var-file config/$(CONFIG)/variables.tfvars.json
.PHONY: terraform-refresh
terraform-refresh: terraform-init
terraform -chdir=terraform/application refresh -var-file config/$(CONFIG)/variables.tfvars.json
.PHONY: terraform-apply
terraform-apply: terraform-init
terraform -chdir=terraform/application apply -var-file config/$(CONFIG)/variables.tfvars.json ${AUTO_APPROVE}
.PHONY: terraform-destroy
terraform-destroy: terraform-init
terraform -chdir=terraform/application destroy -var-file config/$(CONFIG)/variables.tfvars.json ${AUTO_APPROVE}
.PHONY: set-azure-resource-group-tags
set-azure-resource-group-tags: ##Tags that will be added to resource group on its creation in ARM template
$(eval RG_TAGS=$(shell echo '{"Portfolio": "Early years and Schools Group", "Parent Business":"Teaching Regulation Agency", "Product" : "Apply for QTS in England", "Service Line": "Teaching Workforce", "Service": "Teacher Services", "Service Offering": "Apply for QTS in England", "Environment" : "$(AZURE_ENV_TAG)"}' | jq . ))
.PHONY: set-what-if
set-what-if:
$(eval WHAT_IF=--what-if)
.PHONY: check-auto-approve
check-auto-approve:
$(if $(AUTO_APPROVE), , $(error can only run with AUTO_APPROVE))
.PHONY: arm-deployment
arm-deployment: composed-variables set-azure-account
$(if ${DISABLE_KEYVAULTS},, $(eval KV_ARG=keyVaultNames=${KEYVAULT_NAMES}))
$(if ${ENABLE_KV_DIAGNOSTICS}, $(eval KV_DIAG_ARG=enableDiagnostics=${ENABLE_KV_DIAGNOSTICS} logAnalyticsWorkspaceName=${LOG_ANALYTICS_WORKSPACE_NAME}),)
az deployment sub create --name "resourcedeploy-tsc-$(shell date +%Y%m%d%H%M%S)" \
-l "${REGION}" --template-uri "https://raw.githubusercontent.com/DFE-Digital/tra-shared-services/${ARM_TEMPLATE_TAG}/azure/resourcedeploy.json" \
--parameters "resourceGroupName=${RESOURCE_GROUP_NAME}" 'tags=${RG_TAGS}' \
"tfStorageAccountName=${STORAGE_ACCOUNT_NAME}" "tfStorageContainerName=terraform-state" \
${KV_ARG} \
${KV_DIAG_ARG} \
"enableKVPurgeProtection=${KV_PURGE_PROTECTION}" \
${WHAT_IF}
deploy-arm-resources: arm-deployment ## Validate ARM resource deployment. Usage: make domains validate-arm-resources
validate-arm-resources: set-what-if arm-deployment ## Validate ARM resource deployment. Usage: make domains validate-arm-resources
.PHONY: deploy-azure-resources
deploy-azure-resources: check-auto-approve arm-deployment # make development deploy-azure-resources AUTO_APPROVE=1
.PHONY: validate-azure-resources
validate-azure-resources: set-what-if arm-deployment # make development validate-azure-resources
.PHONY: domains-arm-deployment
domains-arm-deployment: set-azure-account set-azure-resource-group-tags
az deployment sub create -l "UK South" --template-uri "https://raw.githubusercontent.com/DFE-Digital/tra-shared-services/${ARM_TEMPLATE_TAG}/azure/resourcedeploy.json" \
--name "afqtsdomains-$(shell date +%Y%m%d%H%M%S)" --parameters "resourceGroupName=${AZURE_RESOURCE_PREFIX}-afqtsdomains-rg" 'tags=${RG_TAGS}' \
"tfStorageAccountName=${AZURE_RESOURCE_PREFIX}afqtsdomainstf" "tfStorageContainerName=afqtsdomains-tf" "keyVaultName=${AZURE_RESOURCE_PREFIX}-afqtsdomains-kv" ${WHAT_IF}
.PHONY: validate-azure-domains-resources
validate-azure-domains-resources: set-production-azure-subscription set-what-if domains-arm-deployment # make deploy-azure-domains-resources AUTO_APPROVE=1
.PHONY: deploy-azure-domains-resources
deploy-azure-domains-resources: set-production-azure-subscription check-auto-approve domains-arm-deployment # make validate-azure-domains-resources
.PHONY: vendor-domain-infra-modules
vendor-domain-infra-modules:
rm -rf terraform/domains/infrastructure/vendor/modules/domains
TERRAFORM_MODULES_TAG=stable
git -c advice.detachedHead=false clone --depth=1 --single-branch --branch ${TERRAFORM_MODULES_TAG} https://github.com/DFE-Digital/terraform-modules.git terraform/domains/infrastructure/vendor/modules/domains
domains-infra-init: set-production-azure-subscription vendor-domain-infra-modules set-azure-account ## make domains-infra-init - terraform init for dns core resources, eg Main FrontDoor resource
terraform -chdir=terraform/domains/infrastructure init -reconfigure -upgrade
domains-infra-plan: domains-infra-init ## terraform plan for dns core resources
terraform -chdir=terraform/domains/infrastructure plan -var-file config/zones.tfvars.json
domains-infra-apply: domains-infra-init ## terraform apply for dns core resources
terraform -chdir=terraform/domains/infrastructure apply -var-file config/zones.tfvars.json ${AUTO_APPROVE}
.PHONY: vendor-domain-modules
vendor-domain-modules:
rm -rf terraform/domains/environment_domains/vendor/modules/domains
git -c advice.detachedHead=false clone --depth=1 --single-branch --branch ${TERRAFORM_MODULES_TAG} https://github.com/DFE-Digital/terraform-modules.git terraform/domains/environment_domains/vendor/modules/domains
domains-init: set-production-azure-subscription vendor-domain-modules set-azure-account ## terraform init for dns resources: make <env> domains-init
terraform -chdir=terraform/domains/environment_domains init -upgrade -reconfigure -backend-config=key=$(or $(DOMAINS_TERRAFORM_BACKEND_KEY),afqtsdomains_$(CONFIG).tfstate)
domains-plan: domains-init ## terraform plan for dns resources, eg dev.<domain_name> dns records and frontdoor routing
terraform -chdir=terraform/domains/environment_domains plan -var-file config/$(CONFIG).tfvars.json
domains-apply: domains-init ## terraform apply for dns resources
terraform -chdir=terraform/domains/environment_domains apply -var-file config/$(CONFIG).tfvars.json ${AUTO_APPROVE}
domains-destroy: domains-init ## terraform destroy for dns resources
terraform -chdir=terraform/domains/environment_domains destroy -var-file config/$(CONFIG).tfvars.json
test-cluster:
$(eval CLUSTER_RESOURCE_GROUP_NAME=s189t01-tsc-ts-rg)
$(eval CLUSTER_NAME=s189t01-tsc-test-aks)
production-cluster:
$(eval CLUSTER_RESOURCE_GROUP_NAME=s189p01-tsc-pd-rg)
$(eval CLUSTER_NAME=s189p01-tsc-production-aks)
get-cluster-credentials: set-azure-account
az aks get-credentials --overwrite-existing -g ${CLUSTER_RESOURCE_GROUP_NAME} -n ${CLUSTER_NAME}
kubelogin convert-kubeconfig -l $(if ${GITHUB_ACTIONS},spn,azurecli)
maintenance-image-push: ## Build and push maintenance page image: make production maintenance-image-push GITHUB_TOKEN=x [MAINTENANCE_IMAGE_TAG=y]
$(if ${GITHUB_TOKEN},, $(error Provide a valid Github token with write:packages permissions as GITHUB_TOKEN variable))
$(if ${MAINTENANCE_IMAGE_TAG},, $(eval export MAINTENANCE_IMAGE_TAG=$(shell date +%s)))
docker build -t ghcr.io/dfe-digital/apply-for-qualified-teacher-status-maintenance:${MAINTENANCE_IMAGE_TAG} maintenance_page
echo ${GITHUB_TOKEN} | docker login ghcr.io -u USERNAME --password-stdin
docker push ghcr.io/dfe-digital/apply-for-qualified-teacher-status-maintenance:${MAINTENANCE_IMAGE_TAG}
maintenance-fail-over: get-cluster-credentials ## Fail main app over to the maintenance page. Requires an existing maintenance docker image: make production maintenance-fail-over MAINTENANCE_IMAGE_TAG=y. See https://github.com/DFE-Digital/teacher-services-cloud/blob/main/documentation/maintenance-page.md#github-token
$(eval export CONFIG)
./maintenance_page/scripts/failover.sh
enable-maintenance: maintenance-image-push maintenance-fail-over ## Build, push, fail over: make production enable-maintenance GITHUB_TOKEN=x [MAINTENANCE_IMAGE_TAG=y]
disable-maintenance: get-cluster-credentials ## Fail back to the main app: make production disable-maintenance
$(eval export CONFIG)
./maintenance_page/scripts/failback.sh