.github/workflows/automated-staging-test-submit.yml

name: Automated Staging Test - Submit Messages

on:
  schedule:
    - cron: "0 0 * * *"  # Midnight UTC every day
  workflow_dispatch:
  pull_request:

jobs:
  send_files:
    runs-on: ubuntu-latest
    permissions:
      id-token: write
      contents: read

    steps:
      - name: Check out the repository
        uses: actions/checkout@v4

      - name: Install jq
        run: sudo apt-get install -y jq

      - name: Install jwt-cli
        run: |
            curl --silent --location https://github.com/mike-engel/jwt-cli/releases/latest/download/jwt-linux.tar.gz | tar xvz -C /usr/local/bin/
            sudo chmod +x /usr/local/bin/jwt

      - name: Log in to Azure
        uses: azure/login@v2
        with:
          client-id: ${{ secrets.AZURE_CDC_CLIENT_ID }}
          tenant-id: ${{ secrets.AZURE_CDC_TENANT_ID }}
          subscription-id: ${{ secrets.AZURE_CDC_DMZ_C1_SUBSCRIPTION_ID }}

      - name: Upload file to Azure Blob Storage
        uses: azure/cli@v2
        with:
          inlineScript: |
            az storage blob sync \
              --container automated \
              --source ./examples/Test/Message/ \
              --account-name cdctiautomateddev

      - name: Write private key to file
        run: |
          echo "${{ secrets.TI_STAGING_PRIVATE_KEY }}" > /tmp/staging_private_key.pem
          chmod 600 /tmp/staging_private_key.pem

      - name: Send HL7 sample messages to staging RS
        run: |
            host=https://staging.prime.cdc.gov:443
            client_id=flexion
            client_sender=automated-staging-test-sender
            jwt=$(jwt encode --exp='+5min' --jti $(uuidgen) --alg RS256 \
                -k $client_id.$client_sender -i $client_id.$client_sender \
                -s $client_id.$client_sender -a $host --no-iat -S @/tmp/staging_private_key.pem)

            token=$(curl \
                    --header "Content-Type: application/x-www-form-urlencoded" \
                    --data "scope=$client_id.*.report" \
                    --data "client_assertion=$jwt" \
                    --data "client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer" \
                    --data "grant_type=client_credentials" \
                    --silent \
                    "$host/api/token" | jq -r ".access_token")

            for file in $(pwd)/examples/Test/Automated/*.hl7; do
                echo "Sending $file"
                curl \
                    --header "Content-Type: application/hl7-v2" \
                    --header "Client: $client_id.$client_sender" \
                    --header "Authorization: Bearer $token" \
                    --data-binary "@$file" \
                    --silent \
                    "$host/api/waters"
            done

      - name: Clean up private key
        if: always()
        run: |
          rm -f /tmp/staging_private_key.pem