Workflow to send HL7 messages to RS staging #3
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Automated Staging Test - Submit Messages | |
| on: | |
| schedule: | |
| - cron: "0 0 * * *" # Midnight UTC every day | |
| workflow_dispatch: | |
| pull_request: | |
| jobs: | |
| send_files: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - name: Check out the repository | |
| uses: actions/checkout@v4 | |
| - name: Install jq | |
| run: sudo apt-get install -y jq | |
| - name: Install jwt-cli | |
| run: | | |
| curl --silent --location https://github.com/mike-engel/jwt-cli/releases/latest/download/jwt-linux.tar.gz | tar xvz -C /usr/local/bin/ | |
| sudo chmod +x /usr/local/bin/jwt | |
| - name: Log in to Azure | |
| uses: azure/login@v2 | |
| with: | |
| client-id: ${{ secrets.AZURE_CDC_CLIENT_ID }} | |
| tenant-id: ${{ secrets.AZURE_CDC_TENANT_ID }} | |
| subscription-id: ${{ secrets.AZURE_CDC_DMZ_C1_SUBSCRIPTION_ID }} | |
| - name: Upload file to Azure Blob Storage | |
| uses: azure/cli@v2 | |
| with: | |
| inlineScript: | | |
| az storage blob sync \ | |
| --container automated \ | |
| --source ./examples/Test/Message/ \ | |
| --account-name cdctiautomateddev | |
| - name: Write private key to file | |
| run: | | |
| echo "${{ secrets.TI_STAGING_PRIVATE_KEY }}" > /tmp/staging_private_key.pem | |
| chmod 600 /tmp/staging_private_key.pem | |
| - name: Send HL7 sample messages to staging RS | |
| run: | | |
| host=https://staging.prime.cdc.gov:443 | |
| client_id=flexion | |
| client_sender=automated-staging-test-sender | |
| jwt=$(jwt encode --exp='+5min' --jti $(uuidgen) --alg RS256 \ | |
| -k $client_id.$client_sender -i $client_id.$client_sender \ | |
| -s $client_id.$client_sender -a $host --no-iat -S @/tmp/staging_private_key.pem) | |
| token=$(curl \ | |
| --header "Content-Type: application/x-www-form-urlencoded" \ | |
| --data "scope=$client_id.*.report" \ | |
| --data "client_assertion=$jwt" \ | |
| --data "client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer" \ | |
| --data "grant_type=client_credentials" \ | |
| --silent \ | |
| "$host/api/token" | jq -r ".access_token") | |
| for file in $(pwd)/examples/Test/Automated/*.hl7; do | |
| echo "Sending $file" | |
| curl \ | |
| --header "Content-Type: application/hl7-v2" \ | |
| --header "Client: $client_id.$client_sender" \ | |
| --header "Authorization: Bearer $token" \ | |
| --data-binary "@$file" \ | |
| --silent \ | |
| "$host/api/waters" | |
| done | |
| - name: Clean up private key | |
| if: always() | |
| run: | | |
| rm -f /tmp/staging_private_key.pem |