PLT-642 Adding verify scripts and deployment verification workflow (#1402)

## 🎫 Ticket

https://jira.cms.gov/browse/PLT-642


## ℹ️ Context

This is a new addition to our github actions workflows to verify our
deployments

## 🧪 Validation

The test will be validated by github actions test runs.

---------

Co-authored-by: oluwolenpbc <[email protected]>

Author: oluwolenpbc

.github/workflows/pull-request.yml

@@ -45,3 +45,9 @@ jobs:
     with:
       environment: test
     secrets: inherit
+  verify-deployment:
+    needs: [e2e-test]
+    uses: ./.github/workflows/verify-deploy.yml
+    with:
+      environment: test
+    secrets: inherit    

.github/workflows/push-main.yml

@@ -44,3 +44,9 @@ jobs:
     with:
       environment: test
     secrets: inherit
+  verify-deployment:
+    needs: [e2e-test]
+    uses: ./.github/workflows/verify-deploy.yml
+    with:
+      environment: test
+    secrets: inherit        

.github/workflows/verify-deploy.yml

@@ -0,0 +1,70 @@
+name: Verify deployment
+
+on:
+  workflow_call:
+    inputs:
+      environment:
+        required: false
+        type: string
+  workflow_dispatch:
+    inputs:
+      environment:
+        required: true
+        type: choice
+        options:
+          - dev
+          - test
+          - sbx
+          - prod
+
+jobs:
+  test:
+    runs-on: self-hosted
+
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v4
+
+      - name: Assume role in AB2D account for this environment
+        uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502
+        env:
+          ACCOUNT: ${{ inputs.environment == '' && 'test' || inputs.environment }}
+        with:
+          aws-region: ${{ vars.AWS_REGION }}
+          role-to-assume: arn:aws:iam::${{ secrets[format('{0}_ACCOUNT_ID', env.ACCOUNT)] }}:role/delegatedadmin/developer/ab2d-${{ env.ACCOUNT }}-github-actions
+          
+      - name: Set environment-specific variables
+        run: |
+          ENVIRONMENT="${{ inputs.environment || 'test' }}"
+          if [ "$ENVIRONMENT" == "test" ]; then
+            echo "SECRET_ID=ab2d/ab2d-east-impl/jenkins-verify-api" >> $GITHUB_ENV
+            echo "BASE_URL=https://impl.ab2d.cms.gov" >> $GITHUB_ENV
+            echo "EXPORT_URL=https://impl.ab2d.cms.gov/api/v2/fhir/Patient/?_type=ExplanationOfBenefit&_since=2020-02-13T00:00:00.000-05:00&_outputFormat=application%2Ffhir%2Bndjson" >> $GITHUB_ENV
+          elif [ "$ENVIRONMENT" == "dev" ]; then
+            echo "SECRET_ID=ab2d/ab2d-dev/jenkins-verify-basic-auth" >> $GITHUB_ENV
+            echo "BASE_URL=https://dev.ab2d.cms.gov" >> $GITHUB_ENV
+            echo "EXPORT_URL=https://dev.ab2d.cms.gov/api/v2/fhir/Patient/?_type=ExplanationOfBenefit&_since=2020-02-13T00:00:00.000-05:00&_outputFormat=application%2Ffhir%2Bndjson" >> $GITHUB_ENV
+          elif [ "$ENVIRONMENT" == "sbx" ]; then
+            echo "SECRET_ID=ab2d/ab2d-sbx-sandbox/jenkins-verify-basic-auth" >> $GITHUB_ENV
+            echo "BASE_URL=https://sbx.ab2d.cms.gov" >> $GITHUB_ENV
+            echo "EXPORT_URL=https://sbx.ab2d.cms.gov/api/v2/fhir/Patient/?_type=ExplanationOfBenefit&_since=2020-02-13T00:00:00.000-05:00&_outputFormat=application%2Ffhir%2Bndjson" >> $GITHUB_ENV
+          elif [ "$ENVIRONMENT" == "prod" ]; then
+            echo "SECRET_ID=ab2d/ab2d-east-prod/jenkins-verify-basic-auth" >> $GITHUB_ENV
+            echo "BASE_URL=https://api.ab2d.cms.gov" >> $GITHUB_ENV
+            echo "EXPORT_URL=https://api.ab2d.cms.gov/api/v2/fhir/Patient/?_type=ExplanationOfBenefit&_since=2020-02-13T00:00:00.000-05:00&_outputFormat=application%2Ffhir%2Bndjson" >> $GITHUB_ENV
+          else
+            echo "Invalid environment: $ENVIRONMENT"
+            exit 1
+          fi
+
+      - name: Set script file based on environment
+        run: echo "script=./scripts/verify-deployment.sh" >> $GITHUB_ENV
+
+      - name: Run deployment verification script
+        run: |
+          chmod +x ./scripts/verify-deployment.sh
+          ./scripts/verify-deployment.sh "$SECRET_ID" "$BASE_URL" "$EXPORT_URL"
+        env:
+          SECRET_ID: ${{ env.SECRET_ID }}
+          BASE_URL: ${{ env.BASE_URL }}
+          EXPORT_URL: ${{ env.EXPORT_URL }}

scripts/verify-deployment.sh

@@ -0,0 +1,80 @@
+#!/bin/bash
+set -e
+set -x  # Enable verbose mode for debugging
+
+# Input parameters
+SECRET_ID="${1}"
+BASE_URL="${2}"
+EXPORT_URL="${3}"
+
+# Validate inputs
+if [ -z "$SECRET_ID" ] || [ -z "$BASE_URL" ] || [ -z "$EXPORT_URL" ]; then
+    echo "Usage: $0 <SECRET_ID> <BASE_URL> <EXPORT_URL>"
+    exit 1
+fi
+
+# Wait for dependencies to initialize
+sleep 30
+
+# Fetch the secret for basic authentication
+BASIC_AUTH=$(aws secretsmanager get-secret-value --secret-id "$SECRET_ID" --query SecretString --output text) || {
+    echo "Failed to retrieve secret"; exit 3;
+}
+
+# Check API status
+echo "Checking API status..."
+max_attempts=90
+STATE=""
+attempts=0
+
+while [ "$STATE" != "401" ]; do
+    if [[ $attempts -eq $max_attempts ]]; then
+        echo "Max attempts reached, timing out."
+        exit 1
+    fi
+
+    STATE=$(curl -sLk -w "%{http_code}" "$BASE_URL" -o /dev/null) || {
+        echo "Failed to reach API. Curl request failed."; exit 3;
+    }
+    echo "Current state: $STATE"
+
+    if [ "$STATE" != "401" ]; then
+        echo "API not ready. Retrying in 10 seconds..."
+        attempts=$((attempts + 1))
+        sleep 10
+    fi
+done
+
+echo "AB2D API is online."
+
+# Refresh token
+echo "Refreshing token..."
+TOKEN=$(curl -s --location --request POST 'https://test.idp.idm.cms.gov/oauth2/aus2r7y3gdaFMKBol297/v1/token?grant_type=client_credentials&scope=clientCreds' \
+--header 'Content-Type: application/x-www-form-urlencoded' \
+--header "Authorization: Basic $BASIC_AUTH" \
+--header 'Cookie: JSESSIONID=3E7BD665DE5673C73A82647BBD9E548A' \
+| jq -r '.access_token') || {
+    echo "Token refresh failed."; exit 3;
+}
+
+
+echo "Starting PDP-100 job..."
+JOB=$(curl -k -s --head --location --request GET 'https://impl.ab2d.cms.gov/api/v2/fhir/Patient/$export?_type=ExplanationOfBenefit&_since=2020-02-13T00:00:00.000-05:00&_outputFormat=application%2Ffhir%2Bndjson' \
+--header "Prefer: respond-async" \
+--header "Authorization: Bearer $TOKEN" \
+| awk -v FS=": " "/^content-location/{print \$2}" | sed 's/content-location: //' | tr -d '\r')
+
+echo "$JOB"
+
+
+# Check on job status
+echo "Checking job status..."
+STATUS=""
+while [ -z "$STATUS" ]; do
+    sleep 5
+    echo "$JOB"
+    STATUS=$(curl -k -s --location --request GET "${JOB}" \
+    --header "Authorization: Bearer $TOKEN")
+done
+
+echo "Complete"