|
| 1 | +# Updating HMRC Basic PAYE Tools |
| 2 | + |
| 3 | +HMRC provides free PAYE software for small businesses to download from GOV.UK. As Mainstream Publisher doesn't have the functionality for content designers to directly upload files, this has to be done as a manual task by developers. |
| 4 | + |
| 5 | +This work will come through to us as a Zendesk ticket, with a GDS content designer as our primary contact and the files available for download through the ticket. |
| 6 | + |
| 7 | +## Verifying the files |
| 8 | + |
| 9 | +We should receive three files from HMRC: |
| 10 | + |
| 11 | +A `.zip` of the project files |
| 12 | +- `BPT_{version_number}_GDS.zip` - a zip file containing: |
| 13 | + - `payetools-rti-{version_number}-{win | osx | linux}.zip` (three files, one for each OS) |
| 14 | + - `payetools-rti-patch-{version_number}-win.zip` |
| 15 | + - `realtimepayetools-update-v{xx}.xml` |
| 16 | + - `test-realtimepayetools-update-v{xx}.xml` |
| 17 | + - `deployment-instructions.xml` |
| 18 | + - `bpt-release-info.txt` |
| 19 | + |
| 20 | +Two sets of expected SHA256 sums for the provided files |
| 21 | + |
| 22 | +- `BPT_{version_number}_GDS.zip.sha256sum.txt` to verify the zip file itself |
| 23 | +- `BPT_{version_number}_GDS.sha256sum.txt` to verify the content individually |
| 24 | + |
| 25 | +Both the SHA sum files are will be formatted to be compatible with `shasum` to allow for bulk verification. |
| 26 | + |
| 27 | +1) Download all three files from the Zendesk ticket |
| 28 | +2) Verify the zip file |
| 29 | +```bash |
| 30 | +shasum -a 256 -c BPT_{version_number}_GDS.zip.sha256sum.txt |
| 31 | +``` |
| 32 | + |
| 33 | +3) Extract the contents of the zip into a new directory |
| 34 | +4) From inside that directory, verify the individual files |
| 35 | + |
| 36 | +```bash |
| 37 | +shasum -a 256 -c ../BPT_{version_number}_GDS.sha256sum.txt |
| 38 | +``` |
| 39 | + |
| 40 | +Do not extract the `paytools-rti` `.zip` files, these should be uploaded as `.zips`. |
| 41 | + |
| 42 | +## Initial upload and testing |
| 43 | + |
| 44 | +In order to place these files correctly in HMRC's download location, we must manually upload them to Asset Manager. |
| 45 | + |
| 46 | +Standard instructions for uploading assets to Asset Manager can be found [here](https://docs.publishing.service.gov.uk/manual/manage-assets.html), but the steps we need to follow for this task are different. |
| 47 | + |
| 48 | +1) Retrieve the name of an individual Asset Manager Production pod |
| 49 | +```bash |
| 50 | +POD=$(basename $(kubectl get pods -l app=asset-manager -o name | head -1)) |
| 51 | +echo $POD |
| 52 | +``` |
| 53 | +2) Upload the `test-realtimepayetools-update-v{xx}.xml` file, and the four `payetools-rti ... .zip` files |
| 54 | +```bash |
| 55 | +kubectl cp {file} apps/$POD:/tmp |
| 56 | +``` |
| 57 | +3) Open a bash session on the pod, make sure that the metadata `.xml` and the four `.zip` files are present in the `/tmp` directory, and that no other `.zip` files are present. |
| 58 | +```bash |
| 59 | +kubectl exec -it $POD -- bash |
| 60 | +``` |
| 61 | +4) Run the rake task to create the metadata file as an Asset |
| 62 | +```bash |
| 63 | +bundle exec rake govuk_assets:create_hmrc_paye_asset[tmp/test-realtimepayetools-update-v{xx}.xml] |
| 64 | +``` |
| 65 | +5) Run the rake task to bulk create the zip files as Assets |
| 66 | +```bash |
| 67 | +bundle exec rake govuk_assets:create_hmrc_paye_zips[tmp] |
| 68 | +``` |
| 69 | +6) The files should now be accessible at `https://assets.publishing.service.gov.uk/government/uploads/uploaded/hmrc/{file}`, it may take a few minutes for the larger files to be scanned by the virus checker. |
| 70 | +7) Download copies of all the files using these links, and re-check them against the SHA256 files. |
| 71 | +7) If the files all pass the SHA check, then provide the links to the Content Designer for HMRC to conduct their Pre-live testing. |
| 72 | +## Live release |
| 73 | + |
| 74 | +Once HMRC have tested the files, they will confirm they are ready to go live. |
| 75 | + |
| 76 | +The only additional step for us at this point is uploading the non-test version of the `realtimepayetools-` `.xml` file and providing the link to the Content Designer. They will then update the pages which need to use the new links. |
| 77 | + |
| 78 | +Deleting the test version of this file is not required. |
| 79 | + |
| 80 | +## Known Issues |
| 81 | + |
| 82 | +### Existing file not updating |
| 83 | + |
| 84 | +If the update involves changing the content of an existing file (such as the metadata file in the case of minor or patch versions), sometimes that file may fail to actually update the contents despite the rake task not raising an error. |
| 85 | + |
| 86 | +1) Open a Bash session with one of the Asset Manager pods |
| 87 | +```bash |
| 88 | +kubectl exec -it deploy/asset-manager --bash |
| 89 | +``` |
| 90 | +2) Get the file's asset ID |
| 91 | +```bash |
| 92 | +bundle exec rake assets:get_id_by_legacy_url_path[/government/uploads/uploaded/hmrc/{filename}] |
| 93 | +``` |
| 94 | +3) Load a Rails Console session in Asset Manager |
| 95 | +4) Check that the Asset is not stuck with a state of "unscanned" |
| 96 | +```Ruby |
| 97 | +file = Asset.find("{id}") |
| 98 | +file.state |
| 99 | +``` |
| 100 | +5) If it is, manually re-save the Asset to trigger a fresh virus scan |
| 101 | +```ruby |
| 102 | +file.save! |
| 103 | +``` |
| 104 | + |
| 105 | + |
| 106 | +### ClamAV File Size |
| 107 | + |
| 108 | +In the past we have had some issues with ClamAV failing to process these files because the contents of the individual zips are too big to unpack and scan. The size of these files has grown steadily year by year. |
| 109 | + |
| 110 | +This has been solved previously by raising the [MaxFileSize](https://github.com/alphagov/govuk-helm-charts/pull/4147) and [StreamMaxLength](https://github.com/alphagov/govuk-helm-charts/pull/4148) on Asset Manager's ClamAV configmap. If this needs doing again, a conversation will be required with the Content APIs team. |
0 commit comments