From 446ff1d8d2752c22c607a7c5555a0c9a118c929b Mon Sep 17 00:00:00 2001
From: Khalim Conn-Kowlessar <kconnkowlessar@gmail.com>
Date: Mon, 31 Jul 2023 11:30:14 +0100
Subject: [PATCH] Adding secrets to fastapi deployment pipeline

---
 .github/workflows/deploy_fastapi_backend.yml | 22 +++++++++++++++++++-
 serverless.yml                               |  5 +++++
 2 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/deploy_fastapi_backend.yml b/.github/workflows/deploy_fastapi_backend.yml
index aefd3d07..0ea40014 100644
--- a/.github/workflows/deploy_fastapi_backend.yml
+++ b/.github/workflows/deploy_fastapi_backend.yml
@@ -51,6 +51,13 @@ jobs:
         id: set_auth_token
         run: echo "::set-output name=auth_token::${{ secrets[format('{0}_EPC_AUTH_TOKEN', github.ref_name)] }}"
 
+      # Store port, name and host in github secrets
+      - name: Set DB credentials
+        id: set_db_credentials
+        run: |
+          echo "::set-output name=db_host::${{ secrets[format('{0}DB_HOST', github.ref_name)] }}"
+          echo "::set-output name=db_port::${{ secrets[format('{0}DB_PORT', github.ref_name)] }}"
+          echo "::set-output name=db_name::${{ secrets[format('{0}DB_NAME', github.ref_name)] }}"
 
       #      - name: Build Lambda Layer
       #        run: |
@@ -71,4 +78,17 @@ jobs:
           PLAN_TRIGGER_BUCKET: 'retrofit-plan-inputs-${{ github.ref_name }}'
           DOMAIN_NAME: ${{ steps.set_domain.outputs.domain }}
           EPC_AUTH_TOKEN: ${{ steps.set_auth_token.outputs.auth_token }}
-        run: sls deploy --stage ${{ github.ref_name }} --verbose
+          DB_HOST: ${{ steps.set_db_credentials.outputs.db_host }}
+          DB_PORT: ${{ steps.set_db_credentials.outputs.db_port }}
+          DB_NAME: ${{ steps.set_db_credentials.outputs.db_name }}
+        run: |
+          # Fetch database credentials from AWS Secrets Manager
+          DB_USER=$(aws secretsmanager get-secret-value --secret-id dev/assessment_model/db_credentials --query SecretString | jq -r '.db_assessment_model_username')
+          DB_PASSWORD=$(aws secretsmanager get-secret-value --secret-id dev/assessment_model/db_credentials --query SecretString | jq -r '.db_assessment_model_password')
+
+          # Set the database credentials as environment variables
+          export DB_USER
+          export DB_PASSWORD
+          
+          # Deploy to AWS Lambda via Serverless
+          sls deploy --stage ${{ github.ref_name }} --verbose
diff --git a/serverless.yml b/serverless.yml
index ab863355..0d8a052f 100644
--- a/serverless.yml
+++ b/serverless.yml
@@ -12,6 +12,11 @@ provider:
     PLAN_TRIGGER_BUCKET: ${env:PLAN_TRIGGER_BUCKET}
     DOMAIN_NAME: ${env:DOMAIN_NAME}
     EPC_AUTH_TOKEN: ${env:EPC_AUTH_TOKEN}
+    DB_HOST: ${env:DB_HOST}
+    DB_NAME: ${env:DB_NAME}
+    DB_USER: ${env:DB_USER}
+    DB_PASSWORD: ${env:DB_PASSWORD}
+    DB_PORT: ${env:DB_PORT}
   # Give lambda access to read from the bucket
   iam:
     role: