upgrade GitHub version 1 source action to a GitHub version 2 source action

[juddin927]

User Story

Currently we are using Github version 1 to connect to all of our source repos in Github this is no longer a recommended way of connecting to the source code and AWS code pipeline may force us from continue using this in future.

Not recommended: The GitHub version 1 action uses OAuth tokens to authenticate with GitHub and uses a separate webhook to detect changes. This is no longer the recommended method.

Recommended: The GitHub version 2 action uses Github app-based auth backed by a [CodeStarSourceConnection for GitHub It installs an AWS CodeStar Connections application into your GitHub organization so that you can manage access in GitHub.

Value / Purpose

To be compliant and enabling secure integration of source to AWS code pipelines.

Useful Contacts

No response

Additional Information

https://docs.aws.amazon.com/codepipeline/latest/userguide/update-github-action-connections.html https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/differences-between-github-apps-and-oauth-apps

Definition of Done

• [x] Migrated all existing pipeline to use Github version 2 action to connect.
• [x] staff-infrastructure-smtp-relay-server
• [x] Staff-Device-DNS-Server
• [x] Staff-Device-Admin-Portal
• [ ] ~staff-infrastructure-network-services~ **internal could not upgrade TODO
• [x] network-access-control-admin
• [ ] ~staff-device-private-dns-zone~ **internal could not upgrade TODO
• [x] Staff-Device-Logging
• [x] network-access-control-infrastructure
• [x] network-access-control-server
• [x] Staff-Device-DNS-DHCP-Infrastructure
• [x] Staff-Device-DHCP-Server
• [x] Staff-Device-Logging-Syslog-To-Cloudwatch
• [x] Documentation has been written / updated
• [x] README has been updated
• [x] Another team member has reviewed
• [x] Tests are green

[juddin927]

updated the list of pipelines that we need to roll out this change to

[smjmoj]

staff-device-private-dns-zone This one has two issues

1. When the changes were made to use Codestar connection the source task failed.
2. This repo was the first to have GitHub Actions added for deployment, so has two pipelines.

We've now established that the AWS CodePipeline should have been decommisioned after the Github Actions were added and working. We will add a ticket to remove the AWS CodePipeline

[smjmoj]

staff-infrastructure-network-services https://eu-west-2.console.aws.amazon.com/codesuite/codepipeline/pipelines/staff-infrastructure-network-services/view?region=eu-west-2

This pipeline is not listed to work with the existing GitHub Codestar Connection

[smjmoj]

Change reverted so the pipeline is not disabled. I have reached out to Ask-Engineering-Services about this again.

[juddin927]

to disable "staff-device-private-dns-zone" - pipeline a separate ticket has been raised on 66

[juddin927]

pipeline " staff-infrastructure-network-services " need AWS codestar connection with access to internal GitHub repo. awaiting for the new connection to be approved by the MOJ GitHub owner. a separate ticket has been raised to deal with that issue

[smjmoj]

Complete