feat: use the same acr with a prefix in image tag for devtest

MacMur85 · MacMur85 · commit f50ab7cff31b · 2026-01-13T12:42:13.000Z
diff --git a/.github/workflows/cicd-1-pull-request-devtest.yaml b/.github/workflows/cicd-1-pull-request-devtest.yaml
@@ -123,41 +123,43 @@ jobs:
     secrets:
       client_id: ${{ secrets.AZURE_CLIENT_ID }}
       tenant_id: ${{ secrets.AZURE_TENANT_ID }}
-      #subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
-      subscription_id_dev: ${{ secrets.AZURE_SUBSCRIPTION_ID_DEV }}
-      acr_devtest_name: ${{ secrets.ACR_DEVTEST_NAME }}
+      subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+      acr_name: ${{ secrets.ACR_NAME }}
     with:
       docker_compose_file: application/CohortManager/compose.yaml
       excluded_containers_csv_list: azurite,azurite-setup,sql-server
       environment_tag: ${{ needs.metadata.outputs.environment_tag }}
       function_app_source_code_path: application/CohortManager/src
       project_name: cohort-manager
       build_all_images: true
-  # deploy-stage:
-  #   if: contains(github.event.pull_request.labels.*.name, 'deploy')
-  #   name: Deploy review app pr-${{ github.event.pull_request.number }}
-  #   needs: [build-image-stage]
-  #   permissions:
-  #     id-token: write
-  #     contents: read
-  #   uses: ./.github/workflows/stage-4-deploy.yaml
-  #   with:
-  #     environments: '["review"]'
-  #     commit_sha: ${{ github.event.pull_request.head.sha }}
-  #     pr_number: ${{ github.event.pull_request.number }}
-  #   secrets: inherit
-  # post-url:
-  #   if: contains(github.event.pull_request.labels.*.name, 'deploy')
-  #   name: Post URL pr-${{ github.event.pull_request.number }} to PR comments
-  #   runs-on: ubuntu-latest
-  #   needs: [deploy-stage]
-  #   permissions:
-  #     pull-requests: write
-  #   steps:
-  #     - name: Post URL to PR comments
-  #       uses: marocchino/sticky-pull-request-comment@5060d4700a91de252c87eeddd2da026382d9298a
-  #       with:
-  #         message: |
-  #           The review app is available at this URL:
-  #           https://pr-${{ github.event.pull_request.number }}.manage-breast-screening.non-live.screening.nhs.uk
-  #           You must authenticate with HTTP basic authentication. Ask the team for credentials.
+  deploy-stage:
+    if: github.event_name == 'push'
+    name: Deploy DevTest environment for commit ${{ github.sha }}
+    needs: [metadata, build-image-stage]
+    permissions:
+      id-token: write
+      contents: read
+    uses: ./.github/workflows/stage-4-deploy-devtest.yaml
+    secrets:
+      client_id: ${{ secrets.AZURE_CLIENT_ID }}
+      tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+      subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+    with:
+      environments: "[\"development\"]"
+      commit_sha: ${{ github.sha }}
+  validate-title-stage:
+    name: Validate PR title
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+    env:
+      GITHUB_TOKEN: ${{ github.token }}
+    if: github.event_name == 'push'
+    steps:
+      - uses: amannn/action-semantic-pull-request@v5
+        id: validate
+      - uses: thollander/actions-comment-pull-request@v2
+        if: ${{ failure() && steps.validate.conclusion == 'failure' }}
+        with:
+          message: |
+            Your Pull Request title must meet the conventional commit standards, please see the following documentation - https://www.conventionalcommits.org/en/v1.0.0/#specification
diff --git a/.github/workflows/stage-3-build-images-devtest.yaml b/.github/workflows/stage-3-build-images-devtest.yaml
@@ -37,13 +37,10 @@ on:
       tenant_id:
         description: 'The Azure Tenant ID.'
         required: true
-      # subscription_id:
-      #   description: 'The Azure Subscription ID.'
-      #   required: true
-      subscription_id_dev:
-        description: 'The Azure Development Subscription ID.'
+      subscription_id:
+        description: 'The Azure Subscription ID.'
         required: true
-      acr_devtest_name:
+      acr_name:
         description: 'The name of the Azure Container Registry.'
         required: true
 
@@ -94,6 +91,7 @@ jobs:
     outputs:
       pr_num_tag: ${{ env.PR_NUM_TAG }}
       short_commit_hash: ${{ env.COMMIT_HASH_TAG }}
+      devtest_commit_hash: ${{ env.DEVTEST_HASH_TAG }}
     steps:
       - uses: actions/checkout@v4
         with:
@@ -113,12 +111,12 @@ jobs:
         with:
           client-id: ${{ secrets.client_id }}
           tenant-id: ${{ secrets.tenant_id }}
-          subscription-id: ${{ secrets.subscription_id_dev }}
+          subscription-id: ${{ secrets.subscription_id }}
 
       - name: Azure Container Registry login
         env:
-          ACR_DEVTEST_NAME: ${{ secrets.acr_devtest_name }}
-        run: az acr login --name ${ACR_DEVTEST_NAME}
+          ACR_NAME: ${{ secrets.acr_name }}
+        run: az acr login --name ${ACR_NAME}
 
       - name: Create Tags
         env:
@@ -144,6 +142,10 @@ jobs:
           echo "Commit hash tag: ${SHORT_COMMIT_HASH}"
           echo "COMMIT_HASH_TAG=${SHORT_COMMIT_HASH}" >> ${GITHUB_ENV}
 
+          DEVTEST_COMMIT_HASH="devtest_${SHORT_COMMIT_HASH}"
+          echo "Commit devtest hash tag: ${DEVTEST_COMMIT_HASH}"
+          echo "DEVTEST_HASH_TAG=${DEVTEST_COMMIT_HASH}" >> ${GITHUB_ENV}
+
           echo "ENVIRONMENT_TAG=${ENVIRONMENT_TAG}" >> ${GITHUB_ENV}
 
       - name: Build and Push Image
@@ -152,7 +154,7 @@ jobs:
         env:
           COMPOSE_FILE: ${{ inputs.docker_compose_file }}
           PROJECT_NAME: ${{ inputs.project_name }}
-          ACR_DEVTEST_NAME: ${{ secrets.acr_devtest_name }}
+          ACR_NAME: ${{ secrets.acr_name }}
         run: |
           function=${{ matrix.function }}
 
@@ -166,14 +168,14 @@ jobs:
           # Build the image
           docker compose -f ${COMPOSE_FILE//,/ -f } -p ${PROJECT_NAME} --profile "*" build --no-cache --pull ${function}
 
-          repo_name="${ACR_DEVTEST_NAME}.azurecr.io/${PROJECT_NAME}-${function}"
+          repo_name="${ACR_NAME}.azurecr.io/${PROJECT_NAME}-${function}"
           echo $(repo_name)
 
           # Tag the image
           echo "Tag the image:"
-          docker tag ${PROJECT_NAME}-${function}:latest "$repo_name:${COMMIT_HASH_TAG}"
-          docker tag ${PROJECT_NAME}-${function}:latest "$repo_name:${PR_NUM_TAG}"
-          docker tag ${PROJECT_NAME}-${function}:latest "$repo_name:${ENVIRONMENT_TAG}"
+          docker tag ${PROJECT_NAME}-${function}:latest "$repo_name:${DEVTEST_HASH_TAG}"
+          # docker tag ${PROJECT_NAME}-${function}:latest "$repo_name:${PR_NUM_TAG}"
+          # docker tag ${PROJECT_NAME}-${function}:latest "$repo_name:${ENVIRONMENT_TAG}"
 
           # If this variable is set, the create-sbom-report.sh script will scan this docker image instead.
           export CHECK_DOCKER_IMAGE=${PROJECT_NAME}-${function}:latest
@@ -183,22 +185,18 @@ jobs:
           echo "PR_NUM_TAG=${PR_NUM_TAG}" >> ${GITHUB_ENV}
 
           # Push the image to the repository
-          docker push "${repo_name}:${COMMIT_HASH_TAG}"
-          if [ "${PR_NUM_TAG}" != 'pr' ]; then
-            docker push "${repo_name}:${PR_NUM_TAG}"
-          fi
-          docker push "${repo_name}:${ENVIRONMENT_TAG}"
+          docker push "${repo_name}:${DEVTEST_HASH_TAG}"
 
       - name: Cleanup the docker images
         env:
           PROJECT_NAME: ${{ inputs.project_name }}
-          ACR_DEVTEST_NAME: ${{ secrets.acr_devtest_name }}
+          ACR_NAME: ${{ secrets.acr_name }}
         run: |
           function=${{ matrix.function }}
-          repo_name="${ACR_DEVTEST_NAME}.azurecr.io/${PROJECT_NAME}-${function}"
+          repo_name="${ACR_NAME}.azurecr.io/${PROJECT_NAME}-${function}"
 
           # Remove the images
-          docker rmi "${repo_name}:${COMMIT_HASH_TAG}"
+          docker rmi "${repo_name}:${DEVTEST_HASH_TAG}"
           docker rmi "${repo_name}:${PR_NUM_TAG}"
           docker rmi "${repo_name}:${ENVIRONMENT_TAG}"
           docker rmi ${PROJECT_NAME}-${function}:latest
diff --git a/.github/workflows/stage-4-deploy-devtest.yaml b/.github/workflows/stage-4-deploy-devtest.yaml
@@ -0,0 +1,118 @@
+name: Deployment stage
+
+on:
+  workflow_call:
+    inputs:
+      environments:
+        description: List of environments to deploy to (String array)
+        required: true
+        type: string
+      commit_sha:
+        description: Commit SHA used to fetch ADO pipeline and docker image
+        required: true
+        type: string
+      pr_number:
+        description: Pull request number when used in a pull request
+        required: false
+        type: string
+
+    secrets:
+      client_id:
+        description: 'The Azure Client ID.'
+        required: true
+      tenant_id:
+        description: 'The Azure Tenant ID.'
+        required: true
+      subscription_id:
+        description: 'The Azure Subscription ID.'
+        required: true
+
+  workflow_dispatch:
+    inputs:
+      environments:
+        description: List of environments to deploy to (String array)
+        required: true
+        type: string
+      commit_sha:
+        description: Commit SHA used to fetch ADO pipeline and docker image
+        required: true
+        type: string
+      pr_number:
+        description: Pull request number when used in a pull request
+        required: false
+        type: string
+
+    secrets:
+      client_id:
+        description: 'The Azure Client ID.'
+        required: true
+      tenant_id:
+        description: 'The Azure Tenant ID.'
+        required: true
+      subscription_id:
+        description: 'The Azure Subscription ID.'
+        required: true
+
+jobs:
+  deploy:
+    name: Deploy
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+    strategy:
+      matrix:
+        environment: ${{ fromJson(inputs.environments) }}
+      max-parallel: 1
+    environment: ${{ matrix.environment }}
+    concurrency: deploy-${{ matrix.environment }}-${{ github.ref }}
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v5
+
+      - uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5
+        with:
+          client-id: ${{ secrets.client_id }}
+          tenant-id: ${{ secrets.tenant_id }}
+          subscription-id: ${{ secrets.subscription_id }}
+
+      - name: Make script executable
+        run: chmod +x scripts/bash/wait_ado_pipeline.sh
+
+      - name: Call deployment pipeline
+        shell: bash
+        env:
+          COMMIT_SHA: ${{ inputs.commit_sha }}
+          ENVIRONMENT_NAME: ${{ matrix.environment }}
+        run: |
+          set -euo pipefail
+          # Define common variables
+          organisation='https://dev.azure.com/nhse-dtos'
+          project_name='dtos-cohort-manager'
+
+          # Define which tests to run based on the environment
+          declare -A test_types=(
+            ["development"]=""
+          )
+
+          # Derive the short SHA from the provided commit
+          git_short_sha=$(git rev-parse --short "$COMMIT_SHA")
+          devtest_short_sha="devtest_${git_short_sha}"
+
+          # Prepare parameters as separate key=value tokens
+          param_image="dockerImageTag=${devtest_short_sha}"
+          param_tests="testTypes=[${test_types[$ENVIRONMENT_NAME]}]"
+
+          echo "Starting Azure devops pipeline \"Deploy to Azure - Core ${ENVIRONMENT_NAME}\"..."
+          RUN_ID=$(az pipelines run \
+            --commit-id "$COMMIT_SHA" \
+            --name "Deploy to Azure - Core ${ENVIRONMENT_NAME}" \
+            --org "${organisation}" \
+            --project "${project_name}" \
+            --parameters "$param_image" "$param_tests" \
+            --output tsv --query id)
+
+          echo "Click here to view the ADO pipeline: ${organisation}/${project_name}/_build/results?buildId=${RUN_ID}"
+
+          scripts/bash/wait_ado_pipeline.sh "$RUN_ID" "${organisation}" "${project_name}" 1800
