Cp build actions (#471)

* Update build scripts

* Attach basic auth to ingress

* Change wording

* Update image name to intranet

.github/workflows/build.yml

@@ -23,8 +23,8 @@ jobs:
       - name: "Configuring AWS credentials"
         uses: aws-actions/configure-aws-credentials@v4
         with:
-          role-to-assume: ${{ secrets.PRODUCTION_ECR_ROLE_TO_ASSUME }}
-          aws-region: ${{ vars.PRODUCTION_ECR_REGION }}
+          role-to-assume: ${{ secrets.ECR_ROLE_TO_ASSUME }}
+          aws-region: ${{ vars.ECR_REGION }}
 
       - name: "Logging into ECR"
         uses: aws-actions/amazon-ecr-login@v2
@@ -38,5 +38,5 @@ jobs:
           docker push $REGISTRY/$REPOSITORY:nginx-$IMAGE_TAG
         env:
           REGISTRY: ${{ steps.ecr-login.outputs.registry }}
-          REPOSITORY: ${{ vars.PRODUCTION_ECR_REPOSITORY }}
+          REPOSITORY: ${{ vars.ECR_REPOSITORY }}
           IMAGE_TAG: ${{ github.sha }}

.github/workflows/deploy.yml

@@ -25,7 +25,7 @@ jobs:
       - name: "Inject environment variables"
         env:
           TPL_PATH: "deploy/${{ inputs.environment }}"
-          ECR_URL: ${{ inputs.registry }}/${{ vars.PRODUCTION_ECR_REPOSITORY }}
+          ECR_URL: ${{ inputs.registry }}/${{ vars.ECR_REPOSITORY }}
           IMAGE_TAG_NGINX: "nginx-${{ github.sha }}"
           IMAGE_TAG_FPM: "fpm-${{ github.sha }}"
           GOV_NOTIFY_API_KEY: ${{ secrets.GOV_NOTIFY_API_KEY }}

.github/workflows/integration.yml

@@ -4,7 +4,8 @@ on:
   workflow_dispatch:
   push:
     branches:
-      - 'main'
+      # - 'main' # protect main during initial development
+      - 'develop'
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}

.github/workflows/snyk-security.yml

@@ -46,17 +46,17 @@ jobs:
         # Build the docker images for testing
       - name: Container monitor ~ build FPM & Nginx Docker images
         run: |
-          docker image build --build-arg COMPOSER_USER="$COMPOSER_USER" --build-arg COMPOSER_PASS="$COMPOSER_PASS" -t justice-fpm:snyk --target build-fpm .
-          docker image build --build-arg COMPOSER_USER="$COMPOSER_USER" --build-arg COMPOSER_PASS="$COMPOSER_PASS" -t justice-nginx:snyk --target build-nginx .
+          docker image build --build-arg COMPOSER_USER="$COMPOSER_USER" --build-arg COMPOSER_PASS="$COMPOSER_PASS" -t intranet-fpm:snyk --target build-fpm .
+          docker image build --build-arg COMPOSER_USER="$COMPOSER_USER" --build-arg COMPOSER_PASS="$COMPOSER_PASS" -t intranet-nginx:snyk --target build-nginx .
         env:
           COMPOSER_USER: ${{ secrets.COMPOSER_USER }}
           COMPOSER_PASS: ${{ secrets.COMPOSER_PASS }}
 
         # Runs Snyk Container (Container and SCA) analysis.
       - name: Container monitor ~ analyse
         run: |
-          snyk container monitor justice-fpm:snyk --file=Dockerfile
-          snyk container monitor justice-nginx:snyk --file=Dockerfile
+          snyk container monitor intranet-fpm:snyk --file=Dockerfile
+          snyk container monitor intranet-nginx:snyk --file=Dockerfile
 
         # Push the Snyk Code results into GitHub Code Scanning tab
       - name: Upload result to GitHub Code Scanning

Makefile

@@ -91,17 +91,17 @@ test-fixes:
 #####
 build-nginx:
 	@echo "\n-->  Building local Nginx  <---------------------------|\n"; sleep 3;
-	docker image build -t justice-nginx:latest --target build-nginx .
+	docker image build -t intranet-nginx:latest --target build-nginx .
 
 # FastCGI Process Manager for PHP
 # https://www.php.net/manual/en/install.fpm.php
 # https://www.plesk.com/blog/various/php-fpm-the-future-of-php-handling/
 build-fpm:
 	@echo "\n-->  Building local FPM  <---------------------------|\n"; sleep 3;
-	docker image build -t justice-fpm:latest --target build-fpm .
+	docker image build -t intranet-fpm:latest --target build-fpm .
 
 build: build-fpm build-nginx
-	@if [ ${kube} == 'kind' ]; then kind load docker-image justice-fpm:latest; kind load docker-image justice-nginx:latest; fi
+	@if [ ${kube} == 'kind' ]; then kind load docker-image intranet-fpm:latest; kind load docker-image intranet-nginx:latest; fi
 	@echo "\n-->  Done.\n"
 
 deploy: clear

deploy/development/ingress.yml

@@ -7,12 +7,9 @@ metadata:
     external-dns.alpha.kubernetes.io/set-identifier: intranet-dev-ingress-intranet-dev-green
     external-dns.alpha.kubernetes.io/aws-weight: "100"
     nginx.ingress.kubernetes.io/auth-type: basic
-    nginx.ingress.kubernetes.io/auth-secret: basic-auth-secret
-    nginx.ingress.kubernetes.io/auth-realm: 'Development User | Authentication Required'
+    nginx.ingress.kubernetes.io/auth-secret: intranet-basic-auth
+    nginx.ingress.kubernetes.io/auth-realm: 'Development Access | Authentication Required'
     nginx.ingress.kubernetes.io/server-snippet: |
-      if ($host = 'intranet-dev.apps.live.cloud-platform.service.justice.gov.uk') {
-        return 301 https://dev.justice.gov.uk;
-      }
       location = /health {
         auth_basic off;
         access_log off;
@@ -28,22 +25,9 @@ spec:
   ingressClassName: default
   tls:
   - hosts:
-    - intranet-dev.apps.live.cloud-platform.service.justice.gov.uk
-  - hosts:
-    - dev.justice.gov.uk
-    secretName: intranet-dev-cert-secret
+    - dev-intranet.apps.live.cloud-platform.service.justice.gov.uk
   rules:
-  - host: intranet-dev.apps.live.cloud-platform.service.justice.gov.uk
-    http:
-      paths:
-      - path: /
-        pathType: Prefix
-        backend:
-          service:
-            name: nginx-service
-            port:
-              number: 8080
-  - host: dev.justice.gov.uk
+  - host: dev-intranet.apps.live.cloud-platform.service.justice.gov.uk
     http:
       paths:
       - path: /

deploy/local/deployment.yml

@@ -25,7 +25,7 @@ spec:
       terminationGracePeriodSeconds: 35
       containers:
         - name: nginx
-          image: justice-nginx:latest
+          image: intranet-nginx:latest
           imagePullPolicy: Never
           resources: {}
           ports:
@@ -35,7 +35,7 @@ spec:
               mountPath: /var/run/nginx-cache
 
         - name: fpm
-          image: justice-fpm:latest
+          image: intranet-fpm:latest
           imagePullPolicy: Never
           envFrom:
             - configMapRef: