Sonar ,smoke, functional tests (#15)

* Update build.gradle

* few corrections

* Update build.gradle

* Update build.gradle

* Update build.gradle

* few changes

* Revert "few changes"

This reverts commit f7e623f.

* downgrade gradle version

* Create HealthCheckTest.java

* Revert "Create HealthCheckTest.java"

This reverts commit 202783e.

* initial commit with all the relevant changes for pods

* missing imports

* Bumping chart version/ fixing aliases

* further changes by adding tasks to build.gradle

* missing method

* correction by removing duplicate method

* rename variable

* Update add-roles.sh

* update permissions

* update permissions

* corrected scripts

* modifying the script

* Update import-ccd-definition.sh

* Update import-ccd-definition.sh

* Update import-ccd-definition.sh

* Update Jenkinsfile_CNP

* corrected url value

* changes on the test names

* adding immutable installs for yarn

* adding nvmrc files

* corrected urls

* corrected urls

---------

Co-authored-by: hmcts-jenkins-a-to-c <62422075+hmcts-jenkins-a-to-c[bot]@users.noreply.github.com>
Co-authored-by: Mounika Ammineni <mounikaammineni@Mounikas-MacBook-Pro.local>

.nvmrc

@@ -0,0 +1 @@
+18.16.0

.yarnrc.yml

@@ -0,0 +1 @@
+nodeLinker: node-modules

Jenkinsfile_CNP

@@ -1,9 +1,139 @@
 #!groovy
 
 @Library("Infrastructure")
+import uk.gov.hmcts.contino.AppPipelineConfig
+import uk.gov.hmcts.contino.AppPipelineDsl
+import uk.gov.hmcts.contino.GithubAPI
 
 def type = "java"
 def product = "civil"
 def component = "orchestrator-service"
+def yarnBuilder = new uk.gov.hmcts.contino.YarnBuilder(this)
+def camundaBranch = "master"
+def ccddefbranch = "master"
 
-withPipeline(type, product, component) {}
+def checkForEnableHelmLabel(branch_name) {
+  return new GithubAPI(this).getLabelsbyPattern(branch_name, "enableHelm").contains("enableHelm")
+}
+
+AppPipelineConfig pipelineConf
+
+static Map<String, Object> secret(String secretName, String envVariable) {
+  [$class     : 'AzureKeyVaultSecret',
+   secretType : 'Secret',
+   name       : secretName,
+   envVariable: envVariable
+  ]
+}
+
+def secrets = [
+  's2s-${env}': [
+    secret('microservicekey-ccd-gw', 'CCD_API_GATEWAY_S2S_SECRET'),
+    secret('microservicekey-ccd-data', 'CCD_DATA_STORE_S2S_SECRET'),
+    secret('microservicekey-ccd-definition', 'CCD_DEFINITION_STORE_S2S_SECRET')
+  ],
+  'ccd-${env}': [
+    secret('ccd-api-gateway-oauth2-client-secret', 'CCD_API_GATEWAY_IDAM_CLIENT_SECRET'),
+    secret('ccd-api-gateway-oauth2-client-secret', 'CCD_API_GATEWAY_OAUTH2_CLIENT_SECRET'),
+    secret('postcode-info-address-lookup-token', 'ADDRESS_LOOKUP_TOKEN'),
+    secret('ccd-admin-web-oauth2-client-secret', 'ADMIN_WEB_IDAM_SECRET'),
+    secret('idam-data-store-client-secret','IDAM_OAUTH2_DATA_STORE_CLIENT_SECRET'),
+    secret('idam-data-store-system-user-username','IDAM_DATA_STORE_SYSTEM_USER_USERNAME'),
+    secret('idam-data-store-system-user-password','IDAM_DATA_STORE_SYSTEM_USER_PASSWORD'),
+    secret('microservicekey-ccd-gw', 'CCD_API_GATEWAY_S2S_KEY')
+  ],
+  'civil-${env}': [
+    secret('microservicekey-civil-service', 'S2S_SECRET'),
+    secret('ccd-importer-username', 'CCD_CONFIGURER_IMPORTER_USERNAME'),
+    secret('ccd-importer-password', 'CCD_CONFIGURER_IMPORTER_PASSWORD'),
+    secret('postgres-user', 'POSTGRES_USER'),
+    secret('postgres-password', 'POSTGRES_PASSWORD')
+  ]
+]
+
+withPipeline(type, product, component) {
+  pipelineConf = config
+  disableLegacyDeployment()
+  enableAksStagingDeployment()
+  onPR {
+    env.YARN_ENABLE_IMMUTABLE_INSTALLS = false
+    env.ENVIRONMENT = "preview"
+    env.NODE_TLS_REJECT_UNAUTHORIZED = "0";
+    loadVaultSecrets(secrets)
+    if (!checkForEnableHelmLabel(env.BRANCH_NAME)) {
+      enableCleanupOfHelmReleaseAlways();
+    }
+    before('smoketest:preview') {
+      sh """
+      eval \$(./bin/variables/load-preview-environment-variables.sh ${CHANGE_ID})
+      ./bin/add-roles.sh
+      ./bin/pull-latest-camunda-files.sh ${camundaBranch}
+      ./bin/import-ccd-definition.sh "-e *-prod.json,*HNL-nonprod.json,*CUI-nonprod.json,*-shuttered.json" ${ccddefbranch}
+    """
+      env.IDAM_API_URL = "https://idam-api.aat.platform.hmcts.net"
+      env.CIVIL_ORCHESTRATOR_SERVICE_URL="https://civil-orchestrator-service-pr-${CHANGE_ID}.preview.platform.hmcts.net"
+      env.CCD_DATA_STORE_URL = "https://ccd-data-store-api-civil-orchestrator-service-pr-${CHANGE_ID}.preview.platform.hmcts.net"
+      env.DM_STORE_URL = "http://dm-store-aat.service.core-compute-aat.internal"
+      env.NODE_TLS_REJECT_UNAUTHORIZED = "0";
+      env.URL = "https://xui-civil-orchestrator-service-pr-${CHANGE_ID}.preview.platform.hmcts.net"
+      env.CIVIL_SERVICE_URL = "https://civil-service-civil-orchestrator-pr-${CHANGE_ID}.preview.platform.hmcts.net"
+      yarnBuilder.yarn('yarn-update')
+      yarnBuilder.yarn('install-dependencies')
+    }
+
+    afterAlways('smoketest:preview') {
+      steps.archiveArtifacts allowEmptyArchive: true, artifacts: 'test-results/smokeTest/**/*'
+    }
+
+    before('functionalTest:preview') {
+      env.IDAM_API_URL = "https://idam-api.aat.platform.hmcts.net"
+      env.CIVIL_ORCHESTRATOR_SERVICE_URL="https://civil-orchestrator-service-pr-${CHANGE_ID}.preview.platform.hmcts.net"
+      env.URL = "https://xui-civil-orchestrator-service-pr-${CHANGE_ID}.preview.platform.hmcts.net"
+      env.CIVIL_SERVICE_URL="https://civil-service-civil-orchestrator-service-pr-${CHANGE_ID}.preview.platform.hmcts.net"
+      env.SERVICE_AUTH_PROVIDER_API_BASE_URL = "http://rpe-service-auth-provider-aat.service.core-compute-aat.internal"
+      env.DM_STORE_URL = "http://dm-store-aat.service.core-compute-aat.internal"
+    }
+
+    afterAlways('functionalTest:preview') {
+      steps.archiveArtifacts allowEmptyArchive: true, artifacts: 'test-results/functional/**/*'
+    }
+
+    afterAlways('functionalTest:aat') {
+      steps.archiveArtifacts allowEmptyArchive: true, artifacts: 'test-results/functional/**/*'
+    }
+
+    before('smoketest:aat') {
+      sh """
+          eval \$(./bin/variables/load-staging-environment-variables.sh)
+          ./bin/add-roles.sh
+          ./bin/import-ccd-definition.sh "-e *-prod.json,*HNL-nonprod.json,*CUI-nonprod.json,*-shuttered.json" ${ccddefbranch}
+          ./bin/pull-latest-camunda-files.sh ${camundaBranch}
+        """
+      env.NODE_TLS_REJECT_UNAUTHORIZED = "0";
+      env.CIVIL_ORCHESTRATOR_SERVICE_URL="https://civil-orchestrator-service-staging.aat.platform.hmcts.net"
+      env.URL="https://civil-orchestrator-service-xui-staging.aat.platform.hmcts.net"
+      env.CIVIL_SERVICE_URL="https://civil-orchestrator-service-civil-service-staging-aat.service.core-compute-aat.internal"
+      env.IDAM_API_URL = "https://idam-api.aat.platform.hmcts.net"
+      env.SERVICE_AUTH_PROVIDER_API_BASE_URL = "http://rpe-service-auth-provider-aat.service.core-compute-aat.internal"
+      env.CCD_DATA_STORE_URL = "https://civil-orchestrator-service-data-store-staging-aat.service.core-compute-aat.internal"
+      env.DM_STORE_URL = "https://dm-store-aat.service.core-compute-aat.internal"
+      yarnBuilder.yarn('yarn-update')
+      yarnBuilder.yarn('install-dependencies')
+    }
+
+    afterAlways('smoketest:aat') {
+      steps.archiveArtifacts allowEmptyArchive: true, artifacts: 'test-results/smokeTest/**/*'
+    }
+  }
+
+  onMaster {
+    env.ENVIRONMENT = "aat"
+    env.YARN_ENABLE_IMMUTABLE_INSTALLS = false
+    loadVaultSecrets(secrets)
+  }
+  onDemo {
+    env.YARN_ENABLE_IMMUTABLE_INSTALLS = false
+    env.ENVIRONMENT = "demo"
+    loadVaultSecrets(secrets)
+  }
+}

bin/add-roles.sh

@@ -0,0 +1,33 @@
+#!/usr/bin/env bash
+
+# User used during the CCD import and ccd-role creation 
+./bin/utils/ccd-add-role.sh "caseworker-civil"
+./bin/utils/ccd-add-role.sh "caseworker-caa"
+./bin/utils/ccd-add-role.sh "caseworker-approver"
+./bin/utils/ccd-add-role.sh "prd-admin"
+./bin/utils/ccd-add-role.sh "judge-profile"
+./bin/utils/ccd-add-role.sh "APP-SOL-UNSPEC-PROFILE"
+./bin/utils/ccd-add-role.sh "APP-SOL-SPEC-PROFILE"
+./bin/utils/ccd-add-role.sh "RES-SOL-ONE-UNSPEC-PROFILE"
+./bin/utils/ccd-add-role.sh "RES-SOL-ONE-SPEC-PROFILE"
+./bin/utils/ccd-add-role.sh "RES-SOL-TWO-UNSPEC-PROFILE"
+./bin/utils/ccd-add-role.sh "RES-SOL-TWO-SPEC-PROFILE"
+./bin/utils/ccd-add-role.sh "ga-basic-access"
+./bin/utils/ccd-add-role.sh "caseworker-ras-validation"
+./bin/utils/ccd-add-role.sh "admin-access"
+./bin/utils/ccd-add-role.sh "full-access"
+./bin/utils/ccd-add-role.sh "legal-adviser"
+./bin/utils/ccd-add-role.sh "GS_profile"
+./bin/utils/ccd-add-role.sh "civil-administrator-standard"
+./bin/utils/ccd-add-role.sh "civil-administrator-basic"
+./bin/utils/ccd-add-role.sh "hearing-schedule-access"
+./bin/utils/ccd-add-role.sh "payment-access"
+./bin/utils/ccd-add-role.sh "caseflags-admin"
+./bin/utils/ccd-add-role.sh "caseflags-viewer"
+./bin/utils/ccd-add-role.sh "caseworker-wa-task-configuration"
+
+roles=("solicitor" "systemupdate" "admin" "staff" "judge")
+for role in "${roles[@]}"
+do
+  ./bin/utils/ccd-add-role.sh "caseworker-civil-${role}"
+done

bin/import-bpmn-diagram.sh

@@ -0,0 +1,32 @@
+#!/usr/bin/env bash
+
+set -eu
+workspace=${1}
+
+serviceToken=$($(realpath $workspace)/bin/utils/idam-lease-service-token.sh civil_service \
+  $(docker run --rm toolbelt/oathtool --totp -b ${S2S_SECRET:-AABBCCDDEEFFGGHH}))
+filepath="$(realpath $workspace)/camunda"
+
+for file in $(find ${filepath} -name '*.bpmn')
+do
+  uploadResponse=$(curl --insecure -v --silent -w "\n%{http_code}" --show-error -X POST \
+    ${CAMUNDA_BASE_URL:-http://localhost:9404}/engine-rest/deployment/create \
+    -H "Accept: application/json" \
+    -H "ServiceAuthorization: Bearer ${serviceToken}" \
+    -F "deployment-name=$(date +"%Y%m%d-%H%M%S")-$(basename ${file})" \
+    -F "tenant-id=civil" \
+    -F "file=@${filepath}/$(basename ${file})")
+
+upload_http_code=$(echo "$uploadResponse" | tail -n1)
+upload_response_content=$(echo "$uploadResponse" | sed '$d')
+
+if [[ "${upload_http_code}" == '200' ]]; then
+  echo "$(basename ${file}) diagram uploaded successfully"
+  continue;
+fi
+
+echo "$(basename ${file}) upload failed with http code ${upload_http_code} and response (${upload_response_content})"
+continue;
+
+done
+exit 0;

bin/import-ccd-definition.sh

@@ -0,0 +1,34 @@
+#!/usr/bin/env bash
+
+set -ex
+
+definition_input_dir=$(realpath 'ccd-definition')
+definition_output_file="$(realpath ".")/build/ccd-development-config/ccd-civil-dev.xlsx"
+params="$@"
+
+params="$1"
+branchName="$2"
+
+#Checkout specific branch pf  civil camunda bpmn definition
+git clone https://github.com/hmcts/civil-ccd-definition.git
+cd civil-ccd-definition
+
+echo "Switch to ${branchName} branch on civil-ccd-definition"
+git checkout ${branchName}
+cd ..
+
+#Copy ccd definition files  to civil-ccd-def which contians bpmn files
+cp -r ./civil-ccd-definition/ccd-definition .
+cp -r ./civil-ccd-definition/e2e .
+cp -r ./civil-ccd-definition/package.json .
+cp -r ./civil-ccd-definition/yarn.lock .
+cp -r ./civil-ccd-definition/codecept.conf.js .
+echo *
+
+cd civil-ccd-definition
+definition_input_dir=$(realpath './ccd-definition')
+definition_output_file="$(realpath ".")/ccd-definition/build/ccd-development-config/ccd-civil-dev.xlsx"
+
+
+./bin/utils/import-ccd-definition.sh "${definition_input_dir}" "${definition_output_file}" "${params}"
+cd ..

bin/pull-latest-camunda-files.sh

@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+
+branchName=$1
+
+#Checkout specific branch pf  civil camunda bpmn definition 
+git clone https://github.com/hmcts/civil-camunda-bpmn-definition.git
+cd civil-camunda-bpmn-definition
+
+echo "Switch to ${branchName} branch on civil-camunda-bpmn-definition"
+git checkout ${branchName}
+cd ..
+
+#Copy camunda folder to civil-ccd-def which contians bpmn files
+cp -r ./civil-camunda-bpmn-definition/src/main/resources/camunda .
+rm -rf ./civil-camunda-bpmn-definition
+
+#upload bpmn files to environment      
+./bin/import-bpmn-diagram.sh .

bin/pull-latest-release-asset.sh

@@ -0,0 +1,21 @@
+#!/usr/bin/env bash
+
+repoName=$1
+assetName=$2
+
+az login --identity
+token=$(az keyvault secret show --vault-name infra-vault-nonprod --name hmcts-github-apikey \
+ --query value -o tsv)
+
+latestAssetId=$(curl -H "Authorization: token ${token}" \
+  https://api.github.com/repos/hmcts/${repoName}/releases/latest \
+  | docker run --rm --interactive stedolan/jq ".assets[] | select(.name==\"${assetName}\") | .id")
+
+curl -L \
+  -H "Accept: application/octet-stream" \
+  -H "Authorization: token ${token}" \
+  --output $assetName \
+  https://api.github.com/repos/hmcts/${repoName}/releases/assets/${latestAssetId} \
+
+unzip $assetName
+rm $assetName

bin/utils/ccd-add-role.sh

@@ -0,0 +1,22 @@
+#!/usr/bin/env bash
+
+set -eux
+
+dir=$(dirname ${0})
+
+role=${1}
+
+userToken=$(${dir}/idam-lease-user-token.sh ${CCD_CONFIGURER_IMPORTER_USERNAME:-ccd.docker.default@hmcts.net} ${CCD_CONFIGURER_IMPORTER_PASSWORD:-Password12!})
+serviceToken=$(${dir}/idam-lease-service-token.sh ccd_gw $(docker run --rm toolbelt/oathtool --totp -b ${CCD_API_GATEWAY_S2S_SECRET:-AAAAAAAAAAAAAAAC}))
+
+echo "Creating CCD role: ${role}"
+
+curl --insecure --fail --show-error --silent --output /dev/null -X PUT \
+  ${CCD_DEFINITION_STORE_API_BASE_URL:-http://localhost:4451}/api/user-role \
+  -H "Authorization: Bearer ${userToken}" \
+  -H "ServiceAuthorization: Bearer ${serviceToken}" \
+  -H "Content-Type: application/json" \
+  -d '{
+    "role": "'${role}'",
+    "security_classification": "PUBLIC"
+  }'

bin/utils/ccd-import-definition.sh

@@ -0,0 +1,47 @@
+#!/usr/bin/env bash
+
+#export IDAM_STUB_LOCALHOST=http://localhost:5555
+
+set -eu
+
+dir=$(dirname ${0})
+filepath=${1}
+filename=$(basename ${filepath})
+uploadFilename="$(date +"%Y%m%d-%H%M%S")-${filename}"
+
+userToken=$(${dir}/idam-lease-user-token.sh ${CCD_CONFIGURER_IMPORTER_USERNAME:-ccd.docker.default@hmcts.net} ${CCD_CONFIGURER_IMPORTER_PASSWORD:-Password12!})
+serviceToken=$(${dir}/idam-lease-service-token.sh ccd_gw $(docker run --rm toolbelt/oathtool --totp -b ${CCD_API_GATEWAY_S2S_SECRET:-AAAAAAAAAAAAAAAC}))
+
+uploadResponse=$(curl --insecure --silent -w "\n%{http_code}" --show-error -X POST \
+  ${CCD_DEFINITION_STORE_API_BASE_URL:-http://localhost:4451}/import \
+  -H "Authorization: Bearer ${userToken}" \
+  -H "ServiceAuthorization: Bearer ${serviceToken}" \
+  -F "file=@${filepath};filename=${uploadFilename}")
+
+upload_http_code=$(echo "$uploadResponse" | tail -n1)
+upload_response_content=$(echo "$uploadResponse" | sed '$d')
+
+if [[ "${upload_http_code}" == '504' ]]; then
+  for try in {1..10}
+  do
+    sleep 5
+    echo "Checking status of ${filename} (${uploadFilename}) upload (Try ${try})"
+    audit_response=$(curl --insecure --silent --show-error -X GET \
+      ${CCD_DEFINITION_STORE_API_BASE_URL:-http://localhost:4451}/api/import-audits \
+      -H "Authorization: Bearer ${userToken}" \
+      -H "ServiceAuthorization: Bearer ${serviceToken}")
+
+    if [[ ${audit_response} == *"${uploadFilename}"* ]]; then
+      echo "${filename} (${uploadFilename}) uploaded"
+      exit 0
+    fi
+  done
+else
+  if [[ "${upload_response_content}" == 'Case Definition data successfully imported' ]]; then
+    echo "${filename} (${uploadFilename}) uploaded"
+    exit 0
+  fi
+fi
+
+echo "${filename} (${uploadFilename}) upload failed (${upload_response_content})"
+exit 1;

bin/utils/idam-lease-service-token.sh

@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+
+set -eu
+
+microservice=${1}
+oneTimePassword=${2}
+
+curl --insecure --fail --show-error --silent -X POST \
+  ${SERVICE_AUTH_PROVIDER_API_BASE_URL:-http://localhost:4502}/lease \
+  -H "Content-Type: application/json" \
+  -d '{
+    "microservice": "'${microservice}'",
+    "oneTimePassword": "'${oneTimePassword}'"
+  }'

bin/utils/idam-lease-user-token.sh

@@ -0,0 +1,19 @@
+#!/usr/bin/env bash
+
+set -e
+
+username=${1}
+password=${2}
+
+IDAM_API_URL=${IDAM_API_BASE_URL:-http://localhost:5000}
+IDAM_URL=${IDAM_STUB_LOCALHOST:-$IDAM_API_URL}
+
+clientSecret=${CCD_API_GATEWAY_IDAM_CLIENT_SECRET:-ccd_gateway_secret}
+redirectUri=${CCD_IDAM_REDIRECT_URL:-http://localhost:3451/oauth2redirect}
+if [ -z "$IDAM_STUB_LOCALHOST" ]; then
+  code=$(curl --insecure --fail --show-error --silent -X POST --user "${username}:${password}" "${IDAM_URL}/oauth2/authorize?redirect_uri=${redirectUri}&response_type=code&client_id=ccd_gateway" -d "" | docker run --rm --interactive stedolan/jq -r .code)
+else
+  code=stubbed-value
+fi
+
+curl --insecure --fail --show-error --silent -X POST -H "Content-Type: application/x-www-form-urlencoded" --user "ccd_gateway:${clientSecret}" "${IDAM_URL}/oauth2/token?code=${code}&redirect_uri=${redirectUri}&grant_type=authorization_code" -d "" | docker run --rm --interactive stedolan/jq -r .access_token