Skip to content
Merged
Show file tree
Hide file tree
Changes from 5 commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
56 changes: 56 additions & 0 deletions .github/workflows/pr_closed.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
name: PR Closed

on:
workflow_dispatch:
pull_request:
types: [closed]
branches:
- main

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: false

jobs:
check-merge-or-workflow-dispatch:
runs-on: ubuntu-latest
outputs:
deploy: ${{ steps.check.outputs.deploy }}
steps:
- name: Check if PR was merged or workflow is triggered by workflow_dispatch
id: check
run: |
if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then
echo "deploy=true" >> $GITHUB_OUTPUT
echo "Job triggered by workflow_dispatch - running 'deploy-main'"
elif [[ "${{ github.event_name }}" == "pull_request" && "${{ github.event.pull_request.merged }}" == "true" ]]; then
echo "deploy=true" >> $GITHUB_OUTPUT
echo "Job triggered by Merged PR - running 'deploy-main'"
else
echo "deploy=false" >> $GITHUB_OUTPUT
echo "Job not triggered by workflow_dispatch or Merged PR - Skipping 'deploy-main'"
fi

deploy-main:
needs: check-merge-or-workflow-dispatch
name: Deploy changes to main in dev AWS account
if: needs.check-merge-or-workflow-dispatch.outputs.deploy == 'true'

permissions:
id-token: write
contents: read

strategy:
max-parallel: 1
matrix:
component: [api]

uses: ./.github/workflows/reusable_internal_repo_build.yaml
secrets: inherit
with:
releaseVersion: main
targetWorkflow: "dispatch-deploy-static-notify-web-supplier-api-env.yaml"
targetEnvironment: "main"
targetAccountGroup: "nhs-notify-supplier-api-dev"
targetComponent: ${{ matrix.component }}
terraformAction: "apply"
49 changes: 49 additions & 0 deletions .github/workflows/pr_create_dynamic_env.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
name: PR Create Environment

on:
pull_request:
types: [labeled, opened, synchronize, reopened, unlabeled, edited]

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: false

jobs:
create-dynamic-environment:
name: Create Dynamic Environment
runs-on: ubuntu-latest

steps:
- name: Trigger nhs-notify-internal dynamic environment workflow
shell: bash
run: |
set -x
this_repo_name=$(echo ${{ github.repository }} | cut -d'/' -f2)

DISPATCH_EVENT=$(jq -ncM \
--arg infraRepoName "${this_repo_name}" \
--arg releaseVersion "${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" \
--arg targetEnvironment "pr${{ github.event.number }}" \
--arg targetAccountGroup "nhs-notify-supplier-api-dev" \
--arg targetComponent "branch" \
--arg terraformAction "apply" \
--arg overrides "branch_name=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" \
'{ "ref": "main",
"inputs": {
"infraRepoName": $infraRepoName,
"releaseVersion", $releaseVersion,
"targetEnvironment", $targetEnvironment,
"targetAccountGroup", $targetAccountGroup,
"targetComponent", $targetComponent,
"terraformAction", $terraformAction,
"overrides", $overrides,
}
}')

curl --fail -L \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${{ secrets.PR_TRIGGER_PAT }}" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/repos/NHSDigital/nhs-notify-internal/actions/workflows/dispatch-deploy-dynamic-env.yaml/dispatches \
-d "${DISPATCH_EVENT}"
47 changes: 47 additions & 0 deletions .github/workflows/pr_destroy_dynamic_env.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
name: PR Destroy Environment

on:
pull_request:
types: [closed]

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: false

jobs:
create-dynamic-environment:
name: Destroy Dynamic Environment
runs-on: ubuntu-latest

steps:
- name: Trigger nhs-notify-internal dynamic environment destruction
shell: bash
run: |
set -x
this_repo_name=$(echo ${{ github.repository }} | cut -d'/' -f2)

DISPATCH_EVENT=$(jq -ncM \
--arg infraRepoName "${this_repo_name}" \
--arg releaseVersion "main" \
--arg targetEnvironment "pr${{ github.event.number }}" \
--arg targetAccountGroup "nhs-notify-supplier-api-dev" \
--arg targetComponent "branch" \
--arg terraformAction "destroy" \
'{ "ref": "main",
"inputs": {
"infraRepoName": $infraRepoName,
"releaseVersion", $releaseVersion,
"targetEnvironment", $targetEnvironment,
"targetAccountGroup", $targetAccountGroup,
"targetComponent", $targetComponent,
"terraformAction", $terraformAction,
}
}')

curl --fail -L \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${{ secrets.PR_TRIGGER_PAT }}" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/repos/NHSDigital/nhs-notify-internal/actions/workflows/dispatch-deploy-dynamic-env.yaml/dispatches \
-d "${DISPATCH_EVENT}"
32 changes: 32 additions & 0 deletions .github/workflows/release_created.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
name: Github Release Created

on:
release:
types: ["published"] # Inherits all input defaults

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: false

jobs:
deploy-main:
name: Deploy changes to main in nonprod AWS Account

permissions:
id-token: write
contents: read

strategy:
max-parallel: 1
matrix:
component: [api]

uses: ./.github/workflows/reusable_internal_repo_build.yaml
secrets: inherit
with:
releaseVersion: ${{ github.event.release.tag_name }}
targetWorkflow: "dispatch-deploy-static-notify-supliers-api-env.yaml"
targetEnvironment: "main"
targetAccountGroup: "nhs-notify-supliers-api-nonprod"
targetComponent: ${{ matrix.component }}
terraformAction: "apply"
142 changes: 142 additions & 0 deletions .github/workflows/reusable_internal_repo_build.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,142 @@
name: Call Notify Internal Infrastructure Deployment
## Sub workflow which plans and deploys Notify components as part of the workflow.
## Review Gates may be required to proceed on triggered builds.

on:
workflow_call:
inputs:
releaseVersion:
type: string
description: The Github release version, commit, or tag.
default: main
targetWorkflow:
type: string
description: The name of the github workflow to call.
default: main
targetEnvironment:
type: string
description: The Terraform environment to deploy
default: main
targetComponent:
type: string
description: The Terraform component to deploy
required: true
targetAccountGroup:
type: string
description: The Terraform group to deploy
required: true
terraformAction:
type: string
description: The Terraform component to deploy
default: plan

concurrency:
group: ${{ inputs.targetEnvironment }}-${{ inputs.targetAccountGroup }}-${{ inputs.targetComponent }}-${{ inputs.terraformAction }}

jobs:
trigger:
runs-on: ubuntu-latest

permissions:
id-token: write
contents: read

steps:
- uses: actions/checkout@v4

- name: Trigger nhs-notify-internal static environment workflow deployment
shell: bash
run: |
set -x

DISPATCH_EVENT=$(jq -ncM \
--arg releaseVersion ${{ inputs.releaseVersion }} \
--arg targetEnvironment ${{ inputs.targetEnvironment }} \
--arg targetAccountGroup ${{ inputs.targetAccountGroup }} \
--arg targetComponent ${{ inputs.targetComponent }} \
--arg terraformAction ${{ inputs.terraformAction }} \
'{ "ref": "main",
"inputs": {
"releaseVersion", $releaseVersion,
"targetEnvironment", $targetEnvironment,
"targetAccountGroup", $targetAccountGroup,
"targetComponent", $targetComponent,
"terraformAction", $terraformAction
}
}')

# Trigger The workflow
curl -L \
--fail \
--silent \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${{ secrets.PR_TRIGGER_PAT }}" \
-H "X-GitHub-Api-Version: 2022-11-28" \
"https://api.github.com/repos/NHSDigital/nhs-notify-internal/actions/workflows/${{ inputs.targetWorkflow }}/dispatches" \
-d "${DISPATCH_EVENT}"

echo "Workflow triggered successfully. HTTP response. Waiting for the workflow to complete.."

# Poll GitHub API to check the workflow status
run_id=""
for i in {1..12}; do
in_progress=$(curl -s \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${{ secrets.PR_TRIGGER_PAT }}" \
-H "X-GitHub-Api-Version: 2022-11-28" \
"https://api.github.com/repos/NHSDigital/nhs-notify-internal/actions/runs?event=workflow_dispatch&status=in_progress")

run_id=$(echo "$in_progress" | jq -r \
--arg env "${{ inputs.targetEnvironment }}" \
--arg component "${{ inputs.targetComponent }}" \
--arg group "${{ inputs.targetAccountGroup }}" \
--arg releaseVersion "${{ inputs.releaseVersion }}" \
'.workflow_runs[]
| select(.name | contains($env) and contains($component) and contains($group) and contains($releaseVersion))
| .id' | head -n 1)

if [[ -n "$run_id" && "$run_id" != null ]]; then
echo "Found workflow run with ID: $run_id"
break
fi

echo "Waiting for workflow to start..."
sleep 10
done

if [[ -z "$run_id" || "$run_id" == null ]]; then
echo "Failed to get the workflow run ID. Exiting."
exit 1
fi

# Wait for workflow completion
while true; do
sleep 10
status=$(curl -s \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${{ secrets.PR_TRIGGER_PAT }}" \
-H "X-GitHub-Api-Version: 2022-11-28" \
"https://api.github.com/repos/NHSDigital/nhs-notify-internal/actions/runs/$run_id" \
| jq -r '.status')

conclusion=$(curl -s \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${{ secrets.PR_TRIGGER_PAT }}" \
-H "X-GitHub-Api-Version: 2022-11-28" \
"https://api.github.com/repos/NHSDigital/nhs-notify-internal/actions/runs/$run_id" \
| jq -r '.conclusion')

if [ "$status" == "completed" ]; then
if [ "$conclusion" == "success" ]; then
echo "Workflow completed successfully."
exit 0
else
echo "Workflow failed with conclusion: $conclusion"
exit 1
fi
fi

echo "Workflow still running..."
sleep 20
done
2 changes: 1 addition & 1 deletion infrastructure/terraform/bin/terraform.sh
Original file line number Diff line number Diff line change
Expand Up @@ -403,7 +403,7 @@ readonly component_name=$(basename ${component_path});
# verify terraform version matches .tool-versions
echo ${PWD}
tool_version=$(grep "terraform " .tool-versions | cut -d ' ' -f 2)
asdf plugin-add terraform && asdf install terraform "${tool_version}"
asdf plugin add terraform && asdf install terraform "${tool_version}"
current_version=$(terraform --version | head -n 1 | cut -d 'v' -f 2)

if [ -z "${current_version}" ] || [ "${current_version}" != "${tool_version}" ]; then
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ No requirements.
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| <a name="input_aws_account_id"></a> [aws\_account\_id](#input\_aws\_account\_id) | The AWS Account ID (numeric) | `string` | n/a | yes |
| <a name="input_component"></a> [component](#input\_component) | The variable encapsulating the name of this component | `string` | `"examplecomponent"` | no |
| <a name="input_component"></a> [component](#input\_component) | The variable encapsulating the name of this component | `string` | `"supapi"` | no |
| <a name="input_default_tags"></a> [default\_tags](#input\_default\_tags) | A map of default tags to apply to all taggable resources within the component | `map(string)` | `{}` | no |
| <a name="input_environment"></a> [environment](#input\_environment) | The name of the tfscaffold environment | `string` | n/a | yes |
| <a name="input_force_lambda_code_deploy"></a> [force\_lambda\_code\_deploy](#input\_force\_lambda\_code\_deploy) | If the lambda package in s3 has the same commit id tag as the terraform build branch, the lambda will not update automatically. Set to True if making changes to Lambda code from on the same commit for example during development | `bool` | `false` | no |
Expand Down
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
locals {
bootstrap = data.terraform_remote_state.bootstrap.outputs
acct = data.terraform_remote_state.acct.outputs
}

data "terraform_remote_state" "bootstrap" {
Expand All @@ -21,20 +20,3 @@ data "terraform_remote_state" "bootstrap" {
}
}

data "terraform_remote_state" "acct" {
backend = "s3"

config = {
bucket = local.terraform_state_bucket

key = format(
"%s/%s/%s/%s/acct.tfstate",
var.project,
var.aws_account_id,
"eu-west-2",
var.parent_acct_environment
)

region = "eu-west-2"
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,8 @@
# # It ensures all Node.js dependencies are installed, generates any required dependencies,
# # and builds all Lambda functions in the workspace before Terraform provisions infrastructure.

# npm ci
npm ci

# npm run generate-dependencies --workspaces --if-present
npm run generate-dependencies --workspaces --if-present

# npm run lambda-build --workspaces --if-present
npm run lambda-build --workspaces --if-present
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ variable "group" {
variable "component" {
type = string
description = "The variable encapsulating the name of this component"
default = "examplecomponent"
default = "supapi"
}

variable "default_tags" {
Expand Down

This file was deleted.

Loading
Loading