hmpps-pact-broker
This repository contains the deployment script for the Pact broker used by the interventions team in HMPPS.
It deploys the pactfoundation/pact-broker image,
see kubectl-deploy/deployment.yml for details.
Pre-requisites
- Access to Cloud Platform
- Access to the
pact-broker-prodnamespace (through thepact-broker-maintainersGitHub team)
Deploy
Each main commit deploys the application via ./deploy.sh
Create webhooks
All webhooks are in the seed directory and are all automatically deployed
during main build via seed/create-webhooks.sh
When to use webhooks
Webhooks can trigger builds when
- contract changes are pushed by consumers (to trigger a build: example)
- when the build result is back (to communicate the status to github PR/commit status: example)
Webhook configuration
PACT_BROKER_CIRCLECI_INTEGRATION_TOKENto trigger workflows with webhooks in CircleCI, used by the CircleCI v2 API. Please generate one.GH_ACCESS_TOKENto set the verification result as a GitHub build status on a commit. It needs a personal access token withrepo:statuspermission and authorised SAML.PACT_BROKER_USERNAMEandPACT_BROKER_PASSWORDare the basic auth username/password.
Secrets
| Secret | In GitHub | In CircleCI | In Kubernetes | How to refresh |
|---|---|---|---|---|
PACT_BROKER_CIRCLECI_INTEGRATION_TOKEN |
✅ yes | no | no | Generate a new CircleCI Personal API Token |
GH_ACCESS_TOKEN |
✅ yes | no | no | Generate a new GitHub PAT with repo:status permission. Please "Configure SSO" on the token. |
PACT_BROKER_PASSWORD |
✅ yes | ✅ yes, hmpps-common-vars | ✅ yes, secret/basic-auth |
Create a new random password, update the Kubernetes secret, the CircleCI context and the GitHub action secret. |
PACT_BROKER_USERNAME is in the same place as PACT_BROKER_PASSWORD, but it is not a secret.