Fixed bug in get_next_mapping_aks file and dfe signin

WHY: The DFE signin links were not working
HOW: By fixing the routine that gets existing DFE signin ingresses
and also introduced a switch create_dsi_ingress in the variable section
if this is true then the new ingress is created using the terraform routine and
linked to the service. if false the static value in variables is used
the routine determines whether to create a new ingress for DFE Signin if it doesnt
exist or to return an existing one if already linked to existing service

.github/workflows/actions/deploy_v2/action.yml

@@ -18,6 +18,8 @@ inputs:
 outputs:
   deploy-url:
     value: ${{ steps.set_env_var.outputs.deploy_url }}
+  dsi-hostname:
+    value: ${{ steps.dsi_hostname.outputs.dsi_hostname }}
 runs:
   using: composite
   steps:
@@ -42,6 +44,7 @@ runs:
       uses: hashicorp/setup-terraform@v2
       with:
         terraform_version: ${{ env.TERRAFORM_VERSION }}
+        terraform_wrapper: false
 
     - uses: DFE-Digital/github-actions/set-arm-environment-variables@master
       with:
@@ -52,13 +55,10 @@ runs:
       shell: bash
       run: echo "short=$(echo "${{ inputs.sha }}" | cut -c -7)" >> $GITHUB_OUTPUT
 
-    - name: Print Sha
-      id: print-sha-environment
+    - name: K8 setup
       shell: bash
       run: |
-        echo "${{ inputs.sha }}"
-        echo "the passed in environment is ${{ inputs.environment  }}"
-        echo terraform version
+        az aks get-credentials -g s189t01-tsc-ts-rg -n s189t01-tsc-test-aks
 
     - name: Terraform init, plan & apply
       shell: bash
@@ -68,3 +68,10 @@ runs:
         make ci ${envval} terraform-apply-aks PR_NUMBER=${{ inputs.pr }}
       env:
         IMAGE_TAG: ${{ steps.sha.outputs.short }}
+
+    - name: Retrieve DSI hostname
+      id: dsi_hostname
+      shell: bash
+      run: |
+        dsi_hostname=$(terraform -chdir=terraform/aks output -raw dsi_hostname)
+        echo "dsi_hostname=${dsi_hostname}" >> "$GITHUB_OUTPUT"

.github/workflows/build.yml

@@ -395,12 +395,6 @@ jobs:
         with:
             creds: ${{ secrets.AZURE_CREDENTIALS }}
 
-      - name: Get dsi_hostname AKS
-        if: matrix.environment == 'Review'
-        run: |
-              dsi_static_hostname=$( ${GITHUB_WORKSPACE}/script/get_next_mapping_aks.sh ${{github.event.number}} get-school-experience-review-pr-${{github.event.number}}.test.teacherservices.cloud )
-              echo "dsi_static_hostname=${dsi_static_hostname}" >> $GITHUB_ENV
-
       - name: Trigger Deployment to ${{matrix.environment}}
         id: deploy-aks
         uses: ./.github/workflows/actions/deploy_v2
@@ -416,8 +410,8 @@ jobs:
         uses: haya14busa/action-cond@v1
         id: dsiMessage
         with:
-          cond: ${{ env.dsi_static_hostname != '' }}
-          if_true: ':white_check_mark: DfE AKS sign in route obtained: https://${{ env.dsi_static_hostname }}'
+          cond: ${{ steps.deploy-aks.outputs.dsi-hostname != '' }}
+          if_true: ':white_check_mark: DfE AKS sign in route obtained: https://${{ steps.deploy-aks.outputs.dsi-hostname }}'
           if_false: ':warning: **DfE AKS sign in route pool for AKS exhausted (close some open PRs!)**'
 
       - name: Post sticky pull request comment
@@ -427,8 +421,9 @@ jobs:
           recreate: true
           header: AKS
           message: |
-                   Review app deployed  to https://${{env.AKS_REVIEW_APPLICATION}}-${{github.event.number}}.${{env.REVIEW_AKS_DOMAIN}}
-                   ${{ steps.dsiMessage.outputs.value }}
+            Review app deployed to https://${{env.AKS_REVIEW_APPLICATION}}-${{github.event.number}}.${{env.REVIEW_AKS_DOMAIN}}
+            ${{ steps.dsiMessage.outputs.value }}
+
       - name: Add Review Label
         if: matrix.environment == 'Review' && contains(github.event.pull_request.user.login, 'dependabot') == false
         uses: actions-ecosystem/action-add-labels@v1
@@ -465,7 +460,7 @@ jobs:
         uses: rtCamp/action-slack-notify@master
         env:
           SLACK_COLOR: ${{env.SLACK_SUCCESS}}
-          SLACK_MESSAGE:  ${{ fromJson( steps.tag_id.outputs.release_body) }}
+          SLACK_MESSAGE:  ${{ fromJson(steps.tag_id.outputs.release_body) }}
           SLACK_TITLE: "Release Published: ${{steps.tag_id.outputs.release_name}}"
           SLACK_WEBHOOK: "${{steps.fetch-slack-secret.outputs.SLACK-WEBHOOK}}"
           MSG_MINIMAL: true

Makefile

@@ -67,6 +67,7 @@ review_aks:
 	$(if $(PR_NUMBER), , $(error Missing environment variable "PR_NUMBER"))
 	$(eval export PR_NAME=get-school-experience-review-pr-${PR_NUMBER}.test.teacherservices.cloud)
 	$(eval export TF_VAR_paas_application_name=${PR_NAME})
+
 	$(eval export TF_VAR_dsi_hostname=$(shell script/get_next_mapping_aks.sh ${PR_NUMBER}  ${PR_NAME}))
 	$(eval export TF_VAR_environment=review-pr-$(PR_NUMBER))
 
@@ -93,6 +94,7 @@ production_aks:
 .PHONY: ci
 ci:
 	$(eval AUTO_APPROVE=-auto-approve)
+	$(eval SKIP_AZURE_LOGIN=true)
 
 clean:
 	[ ! -f fetch_config.rb ]  \

script/get_next_mapping_aks.sh

@@ -1,35 +1,40 @@
+#!/usr/bin/env bash
+
+set -eu
+set -o pipefail
+
 pr_number=${1}
-pr_name=${2}
+non_dsi_hostname=${2}
 maximun_ing_num=20
 
 get_all_relevant_ingresses() {
   # Find if it is already in the list of ingresses
-  ings=($(kubectl get ing -n git-development -o json | \
-    jq -r '.items[] | select(.metadata.name | startswith("get-school-experience-review-pr")) | .metadata.name'))
+  ings=$(kubectl get ing -n git-development -o json | jq -r '.items[] | select(.metadata.name | startswith("get-school-experience-review-pr")) | .metadata.name')
 
   echo "${ings[@]}"
 }
 
 check_existing_dsi_ingress() {
   # Find if it is already in the list of existing linked DSI  ingresses
   servicename="get-school-experience-review-pr-${pr_number}"
-  ings=($(kubectl get ing -o=custom-columns='NAME:.metadata.name,SVCs:..service.name'  -n git-development | grep  "${servicename}" | grep  -v "${pr_name}"))
-  echo "${ings}"
+  ings=$(kubectl get ing -o=custom-columns='NAME:.metadata.name,SVCs:..service.name'  -n git-development | grep  "\b${servicename}\b" | grep  -v "${non_dsi_hostname}")
+
+  echo "${ings}" | awk '{print $1}'
 }
 
 extract_numbers_from_list() {
   local all_existing_ings=$1
   local pattern="get-school-experience-review-pr-([0-9]+)\.test\.teacherservices\.cloud"
-  local all_existing_review_ings=()
+  local all_existing_review_ings=""
   for input_string in ${all_existing_ings}; do
     if [[ "$input_string" =~ $pattern ]]; then
       itemval="${BASH_REMATCH[1]}"
-      if ((1 <= itemval && itemval <= maximun_ing_num)); then
-        all_existing_review_ings+=("${BASH_REMATCH[1]}")
+      if [ 1 -le $itemval ] && [ $itemval -le $maximun_ing_num ]; then
+        all_existing_review_ings+=" ${BASH_REMATCH[1]}"
       fi
     fi
   done
-  echo "${all_existing_review_ings[@]}"
+  echo "${all_existing_review_ings}"
 }
 
 is_number_in_list() {

terraform/aks/application.tf

@@ -11,8 +11,9 @@ module "application_configuration" {
   is_rails_application = true
 
   config_variables = {
-    ENVIRONMENT_NAME = var.environment
-    PGSSLMODE        = local.postgres_ssl_mode
+    ENVIRONMENT_NAME    = var.environment
+    PGSSLMODE           = local.postgres_ssl_mode
+    DFE_SIGNIN_BASE_URL = "https://${var.dsi_hostname}"
   }
   secret_variables = {
     DB_HOST     = var.deploy_postgres ? module.postgres[0].host : "${data.azurerm_key_vault_secret.db_host[0].value}"
@@ -28,18 +29,18 @@ module "web_application" {
 
   is_web = true
 
-  namespace    = var.namespace
-  environment  = var.environment
-  service_name = var.service_name
-  replicas  = var.app_replicas
+  namespace                  = var.namespace
+  environment                = var.environment
+  service_name               = var.service_name
+  replicas                   = var.app_replicas
   cluster_configuration_map  = module.cluster_data.configuration_map
   kubernetes_config_map_name = module.application_configuration.kubernetes_config_map_name
   kubernetes_secret_name     = module.application_configuration.kubernetes_secret_name
 
-  docker_image = var.docker_image
-  command      = ["/app/docker-entrypoint.sh", "-m", "-f"]
-  probe_path   = null
-  web_external_hostnames = local.web_external_hostnames
+  docker_image           = var.docker_image
+  command                = ["/app/docker-entrypoint.sh", "-m", "-f"]
+  probe_path             = null
+  web_external_hostnames = var.create_dsi_ingress ? [var.dsi_hostname] : []
 }
 
 module "worker_application" {

terraform/aks/config/development.tfvars.json

@@ -8,6 +8,6 @@
     "azure_enable_backup_storage": false,
     "enable_monitoring": false,
     "sidekiq_replicas" : 1,
-    "sidekiq_memory_max" : "1Gi"
-
+    "sidekiq_memory_max" : "1Gi",
+    "dsi_hostname": "development.schoolexperience.education.gov.uk"
 }

terraform/aks/config/production.tfvars.json

@@ -23,5 +23,6 @@
         "website_url": [ "https://get-school-experience-production.teacherservices.cloud/healthcheck.json" ],
         "contact_group": [282783]
       }
-    }
+    },
+    "dsi_hostname": "schoolexperience.education.gov.uk"
 }

terraform/aks/config/review.tfvars.json

@@ -16,5 +16,6 @@
     "review_url_redis_name": "review-redis-url",
     "statuscake_password_name": "SC-PASSWORD",
     "sidekiq_replicas" : 1,
-    "sidekiq_memory_max" : "1Gi"
+    "sidekiq_memory_max" : "1Gi",
+    "create_dsi_ingress": true
 }

terraform/aks/config/staging.tfvars.json

@@ -14,5 +14,6 @@
           "website_url": [ "https://get-school-experience-staging.test.teacherservices.cloud/healthcheck.json" ],
           "contact_group": [282783]
         }
-      }
+      },
+    "dsi_hostname": "staging.schoolexperience.education.gov.uk"
 }

terraform/aks/variables.tf

@@ -141,6 +141,7 @@ variable "review_url_redis_name" {
   default     = null
   description = "The name of the secret storing review redis url"
 }
+
 variable "statuscake_password_name" {
   default     = "SC-PASSWORD"
   description = "The name of the statuscake password"
@@ -149,9 +150,12 @@ variable "dsi_hostname" {
   description = "The static hostname for DFE sign-in "
   default = ""
 }
+variable "create_dsi_ingress" {
+  description = "Optional additional ingress for DSI hostname when front door is not used"
+  default = false
+}
 locals {
   azure_credentials = try(jsondecode(var.azure_credentials_json), null)
   postgres_ssl_mode = var.enable_postgres_ssl ? "require" : "disable"
   app_name_suffix   = var.app_name == null ? var.environment : var.app_name
-  web_external_hostnames = var.dsi_hostname == "" ? [] : [var.dsi_hostname]
 }