hmpps-pact-broker
This repository contains the deployment script for the Pact broker used by the interventions team in HMPPS.
It deploys the pactfoundation/pact-broker
image,
see kubectl-deploy/deployment.yml
for details.
Pre-requisites
- Access to Cloud Platform
- Access to the
pact-broker-prod
namespace (through thepact-broker-maintainers
GitHub team)
Deploy
Each main
commit deploys the application via ./deploy.sh
Create webhooks
All webhooks are in the seed
directory and are all automatically deployed
during main
build via seed/create-webhooks.sh
When to use webhooks
Webhooks can trigger builds when
- contract changes are pushed by consumers (to trigger a build: example)
- when the build result is back (to communicate the status to github PR/commit status: example)
Webhook configuration
PACT_BROKER_CIRCLECI_INTEGRATION_TOKEN
to trigger workflows with webhooks in CircleCI, used by the CircleCI v2 API. Please generate one.GH_ACCESS_TOKEN
to set the verification result as a GitHub build status on a commit. It needs a personal access token withrepo:status
permission and authorised SAML.PACT_BROKER_USERNAME
andPACT_BROKER_PASSWORD
are the basic auth username/password.
Secrets
Secret | In GitHub | In CircleCI | In Kubernetes | How to refresh |
---|---|---|---|---|
PACT_BROKER_CIRCLECI_INTEGRATION_TOKEN |
✅ yes | no | no | Generate a new CircleCI Personal API Token |
GH_ACCESS_TOKEN |
✅ yes | no | no | Generate a new GitHub PAT with repo:status permission. Please "Configure SSO" on the token. |
PACT_BROKER_PASSWORD |
✅ yes | ✅ yes, hmpps-common-vars | ✅ yes, secret/basic-auth |
Create a new random password, update the Kubernetes secret, the CircleCI context and the GitHub action secret. |
PACT_BROKER_USERNAME
is in the same place as PACT_BROKER_PASSWORD
, but it is not a secret.