-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathMakefile
111 lines (89 loc) · 7.05 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
.DEFAULT_GOAL :=help
SHELL :=/bin/bash
.PHONY: help # default target
help: ## Show this help
@grep -E '^[a-zA-Z\.\-]+:.*?## .*$$' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
.PHONY: dev
dev:
$(eval DEPLOY_ENV=dev)
$(eval AZURE_SUBSCRIPTION=s165-teachingqualificationsservice-development)
$(eval RESOURCE_NAME_PREFIX=s165d01)
$(eval ENV_SHORT=dv)
$(eval ENV_TAG=dev)
.PHONY: preprod
preprod:
$(eval DEPLOY_ENV=preprod)
$(eval AZURE_SUBSCRIPTION=s165-teachingqualificationsservice-test)
$(eval RESOURCE_NAME_PREFIX=s165t01)
$(eval ENV_SHORT=pp)
$(eval ENV_TAG=pre-prod)
.PHONY: production
production:
$(eval DEPLOY_ENV=production)
$(eval AZURE_SUBSCRIPTION=s165-teachingqualificationsservice-production)
$(eval RESOURCE_NAME_PREFIX=s165p01)
$(eval ENV_SHORT=pd)
$(eval ENV_TAG=prod)
$(eval AZURE_BACKUP_STORAGE_ACCOUNT_NAME=s165p01getaniddbbackuppd)
$(eval AZURE_BACKUP_STORAGE_CONTAINER_NAME=get-an-identity)
.PHONY: domain
domain:
$(eval DEPLOY_ENV=production)
$(eval AZURE_SUBSCRIPTION=s165-teachingqualificationsservice-production)
$(eval RESOURCE_NAME_PREFIX=s165p01)
$(eval ENV_SHORT=pd)
$(eval ENV_TAG=prod)
read-keyvault-config:
$(eval KEY_VAULT_NAME=$(shell jq -r '.key_vault_name' terraform/workspace_variables/$(DEPLOY_ENV).tfvars.json))
$(eval KEY_VAULT_SECRET_NAME=INFRASTRUCTURE)
read-deployment-config:
$(eval POSTGRES_DATABASE_NAME="$(RESOURCE_NAME_PREFIX)-getanid-$(DEPLOY_ENV)${var.app_suffix}-psql-db")
$(eval POSTGRES_SERVER_NAME="$(RESOURCE_NAME_PREFIX)-getanid-$(DEPLOY_ENV)${var.app_suffix}-psql.postgres.database.azure.com")
set-azure-account: ${environment}
echo "Logging on to ${AZURE_SUBSCRIPTION}"
az account set -s ${AZURE_SUBSCRIPTION}
ci: ## Run in automation environment
$(eval DISABLE_PASSCODE=true)
$(eval AUTO_APPROVE=-auto-approve)
$(eval SP_AUTH=true)
tags: ##Tags that will be added to resource group on it's creation in ARM template
$(eval RG_TAGS=$(shell echo '{"Portfolio": "Early years and Schools Group", "Parent Business":"Teaching Regulation Agency", "Product" : "Get an Identity", "Service Line": "Teaching Workforce", "Service": "Teacher Services", "Service Offering": "Get an Identity", "Environment" : "$(ENV_TAG)"}' | jq . ))
.PHONY: install-fetch-config
install-fetch-config: ## Install the fetch-config script, for viewing/editing secrets in Azure Key Vault
[ ! -f bin/fetch_config.rb ] \
&& curl -s https://raw.githubusercontent.com/DFE-Digital/bat-platform-building-blocks/master/scripts/fetch_config/fetch_config.rb -o bin/fetch_config.rb \
&& chmod +x bin/fetch_config.rb \
|| true
edit-keyvault-secret: read-keyvault-config install-fetch-config set-azure-account
bin/fetch_config.rb -s azure-key-vault-secret:${KEY_VAULT_NAME}/${KEY_VAULT_SECRET_NAME} \
-e -d azure-key-vault-secret:${KEY_VAULT_NAME}/${KEY_VAULT_SECRET_NAME} -f yaml -c
print-keyvault-secret: read-keyvault-config install-fetch-config set-azure-account
bin/fetch_config.rb -s azure-key-vault-secret:${KEY_VAULT_NAME}/${KEY_VAULT_SECRET_NAME} -f yaml
validate-keyvault-secret: read-keyvault-config install-fetch-config set-azure-account
bin/fetch_config.rb -s azure-key-vault-secret:${KEY_VAULT_NAME}/${KEY_VAULT_SECRET_NAME} -d quiet \
&& echo Data in ${KEY_VAULT_NAME}/${KEY_VAULT_SECRET_NAME} looks valid
restore-data-from-backup: read-keyvault-config read-deployment-config # make production restore-data-from-backup CONFIRM_RESTORE=YES BACKUP_FILENAME="get-an-identity-production-pg-svc-2022-07-06-01"
@if [[ "$(CONFIRM_RESTORE)" != YES ]]; then echo "Please enter "CONFIRM_RESTORE=YES" to run workflow"; exit 1; fi
$(eval export AZURE_BACKUP_STORAGE_ACCOUNT_NAME=$(AZURE_BACKUP_STORAGE_ACCOUNT_NAME))
$(if $(BACKUP_FILENAME), , $(error can only run with BACKUP_FILENAME, eg BACKUP_FILENAME="get-an-identity-production-pg-svc-2022-04-28-01"))
pwsh ./Restore-Postgres-Backup.ps1 -BackupStorageAccountName ${AZURE_BACKUP_STORAGE_ACCOUNT_NAME} -BackupStorageContainerName ${AZURE_BACKUP_STORAGE_CONTAINER_NAME} -VaultName ${KEY_VAULT_NAME} -Subscription $(AZURE_SUBSCRIPTION) -SecretName "INFRASTRUCTURE" -BackupFileName ${BACKUP_FILENAME} -PostgresDatabaseName ${POSTGRES_DATABASE_NAME} -PostgresServerName ${POSTGRES_SERVER_NAME} -ConfirmRestore ${CONFIRM_RESTORE}
terraform-init:
$(if $(IMAGE_TAG), , $(eval export IMAGE_TAG=main))
$(eval export TF_VAR_authserver_tag=authserver-$(IMAGE_TAG))
$(eval export TF_VAR_testclient_tag=testclient-$(IMAGE_TAG))
[[ "${SP_AUTH}" != "true" ]] && az account show && az account set -s $(AZURE_SUBSCRIPTION) || true
terraform -chdir=terraform init -backend-config workspace_variables/${DEPLOY_ENV}.backend.tfvars $(backend_config) -upgrade -reconfigure
terraform-plan: terraform-init
terraform -chdir=terraform plan -var-file workspace_variables/${DEPLOY_ENV}.tfvars.json
terraform-apply: terraform-init
terraform -chdir=terraform apply -var-file workspace_variables/${DEPLOY_ENV}.tfvars.json ${AUTO_APPROVE}
terraform-destroy: terraform-init
terraform -chdir=terraform destroy -var-file workspace_variables/${DEPLOY_ENV}.tfvars.json ${AUTO_APPROVE}
deploy-azure-resources: set-azure-account tags # make dev deploy-azure-resources CONFIRM_DEPLOY=1
$(if $(CONFIRM_DEPLOY), , $(error can only run with CONFIRM_DEPLOY))
az deployment sub create -l "West Europe" --template-uri "https://raw.githubusercontent.com/DFE-Digital/tra-shared-services/main/azure/resourcedeploy.json" --parameters "resourceGroupName=${RESOURCE_NAME_PREFIX}-getanid-${ENV_SHORT}-rg" 'tags=${RG_TAGS}' "environment=${DEPLOY_ENV}" "tfStorageAccountName=${RESOURCE_NAME_PREFIX}getanidtfstate${ENV_SHORT}" "tfStorageContainerName=getanid-tfstate" "dbBackupStorageAccountName=${AZURE_BACKUP_STORAGE_ACCOUNT_NAME}" "dbBackupStorageContainerName=${AZURE_BACKUP_STORAGE_CONTAINER_NAME}" "keyVaultName=${RESOURCE_NAME_PREFIX}-getanid-${ENV_SHORT}-kv"
validate-azure-resources: set-azure-account tags# make dev validate-azure-resources
az deployment sub create -l "West Europe" --template-uri "https://raw.githubusercontent.com/DFE-Digital/tra-shared-services/main/azure/resourcedeploy.json" --parameters "resourceGroupName=${RESOURCE_NAME_PREFIX}-getanid-${ENV_SHORT}-rg" 'tags=${RG_TAGS}' "environment=${DEPLOY_ENV}" "tfStorageAccountName=${RESOURCE_NAME_PREFIX}getanidtfstate${ENV_SHORT}" "tfStorageContainerName=getanid-tfstate" "dbBackupStorageAccountName=${AZURE_BACKUP_STORAGE_ACCOUNT_NAME}" "dbBackupStorageContainerName=${AZURE_BACKUP_STORAGE_CONTAINER_NAME}" "keyVaultName=${RESOURCE_NAME_PREFIX}-getanid-${ENV_SHORT}-kv" --what-if
domain-azure-resources: set-azure-account tags # make domain deploy-custom-domain CONFIRM_DEPLOY=1
$(if $(CONFIRM_DEPLOY), , $(error can only run with CONFIRM_DEPLOY))
az deployment sub create -l "West Europe" --template-uri "https://raw.githubusercontent.com/DFE-Digital/tra-shared-services/main/azure/resourcedeploy.json" --parameters "resourceGroupName=${RESOURCE_NAME_PREFIX}-getaniddomains-rg" 'tags=${RG_TAGS}' "environment=${DEPLOY_ENV}" "tfStorageAccountName=${RESOURCE_NAME_PREFIX}getaniddomainstf" "tfStorageContainerName=getaniddomains-tf" "keyVaultName=${RESOURCE_NAME_PREFIX}-getaniddomain-kv"