Merge pull request #5787 from nhsuk/next

Version 6.12

Author: thomasleese

.github/workflows/create_dockerized_db.yml

@@ -16,9 +16,6 @@ permissions:
   id-token: write
   contents: read
 
-env:
-  github_ref: ${{ inputs.github_ref || github.ref_name == 'next' && 'next' || github.ref_name }}
-
 jobs:
   setup-development-database:
     name: Setup Development Database
@@ -34,7 +31,7 @@ jobs:
     steps:
       - uses: actions/checkout@v6
         with:
-          ref: ${{ env.github_ref }}
+          ref: ${{ inputs.github_ref || github.ref_name == 'next' && 'next' || github.ref_name }}
           repository: nhsuk/manage-vaccinations-in-schools
       - uses: actions/setup-node@v6
         with:
@@ -75,8 +72,13 @@ jobs:
       - name: Login to ECR
         id: login-ecr
         uses: aws-actions/amazon-ecr-login@v2
+      - name: get github ref short
+        id: github-ref
+        run: |
+          git_ref=$(git rev-parse ${{ inputs.github_ref || github.ref_name == 'next' && 'origin/next' || github.ref_name }} )
+          echo "ref=$git_ref" >> $GITHUB_OUTPUT
       - name: Commit postgres container with database
         run: |
-          docker commit database "${{ steps.login-ecr.outputs.registry }}/mavis/development/postgres_db:$github_ref"
+          docker commit database "${{ steps.login-ecr.outputs.registry }}/mavis/development/postgres_db:${{ steps.github-ref.outputs.ref }}"
       - name: Push image
-        run: docker push "${{ steps.login-ecr.outputs.registry }}/mavis/development/postgres_db:$github_ref"
+        run: docker push "${{ steps.login-ecr.outputs.registry }}/mavis/development/postgres_db:${{ steps.github-ref.outputs.ref }}"

.github/workflows/end-to-end-tests.yml

@@ -12,7 +12,7 @@ on:
         description: The environment to build the base image against
         type: string
         required: false
-        default: "origin/next"
+        default: "next"
     secrets:
       HTTP_AUTH_TOKEN_FOR_TESTS:
         description: HTTP Basic Auth token for the environment under test
@@ -30,7 +30,7 @@ on:
         description: The environment to build the base image against
         type: string
         required: false
-        default: "origin/next"
+        default: "next"
 
 permissions: { }
 
@@ -42,7 +42,7 @@ jobs:
     steps:
       - uses: actions/checkout@v6
         with:
-          ref: ${{ inputs.git_reference_for_application_image || github.event.pull_request.head.sha ||  github.sha }}
+          ref: ${{ github.event.pull_request.head.sha }}
           repository: nhsuk/manage-vaccinations-in-schools
       - name: Check if end-to-end tests need to run
         id: check
@@ -56,16 +56,24 @@ jobs:
       id-token: write
     outputs:
       build-needed: ${{ steps.check-image.outputs.build-needed }}
+      application-image-git-ref: ${{ steps.check-image.outputs.GIT_REF_SHA }}
     steps:
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v5
         with:
           role-to-assume: arn:aws:iam::393416225559:role/GitHubAssuranceTestRole
           aws-region: eu-west-2
+      - uses: actions/checkout@v6
+        with:
+          fetch-depth: 0
       - name: Check if image exists
         id: check-image
+        env:
+          GIT_REF: ${{ (inputs.git_reference_for_application_image == 'next' && 'origin/next') || github.event.pull_request.head.sha ||  github.sha }}
         run: |
-          if aws ecr describe-images --repository-name mavis/development --image-ids imageTag=${{ inputs.git_reference_for_application_image || github.event.pull_request.head.sha ||  github.sha }} > /dev/null 2>&1; then
+          GIT_REF_SHA=$(git rev-parse $GIT_REF)
+          echo "GIT_REF_SHA=$GIT_REF_SHA" >> $GITHUB_OUTPUT
+          if aws ecr describe-images --repository-name mavis/development --image-ids imageTag=$GIT_REF_SHA > /dev/null 2>&1; then
             echo "Docker image with given tag already exists"
             echo "build-needed=false" >> $GITHUB_OUTPUT
           else
@@ -82,7 +90,7 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v6
         with:
-          ref: ${{ inputs.git_reference_for_application_image || github.event.pull_request.head.sha ||  github.sha }}
+          ref: ${{ needs.check-development-image-presence.outputs.application-image-git-ref }}
           repository: nhsuk/manage-vaccinations-in-schools
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v5
@@ -97,16 +105,17 @@ jobs:
           docker build \
             --build-arg BUNDLE_WITHOUT=test \
             --build-arg RAILS_ENV=development \
-            -t "393416225559.dkr.ecr.eu-west-2.amazonaws.com/mavis/development:${{ github.sha }}" \
+            -t "393416225559.dkr.ecr.eu-west-2.amazonaws.com/mavis/development:${{ needs.check-development-image-presence.outputs.application-image-git-ref }}" \
             .
-          docker push "393416225559.dkr.ecr.eu-west-2.amazonaws.com/mavis/development:${{ github.sha }}"
+          docker push "393416225559.dkr.ecr.eu-west-2.amazonaws.com/mavis/development:${{ needs.check-development-image-presence.outputs.application-image-git-ref }}"
   check-database-image-presence:
     name: Check if database docker image already exists
     runs-on: ubuntu-latest
     permissions:
       id-token: write
     outputs:
       build-needed: ${{ steps.check-image.outputs.build-needed }}
+      db_git_ref_sha: ${{ steps.check-image.outputs.GIT_REF_SHA }}
     steps:
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v5
@@ -119,9 +128,11 @@ jobs:
       - name: Check if image exists
         id: check-image
         env:
-          GIT_REF: ${{ inputs.git_reference_for_database_image || (github.event_name == 'pull_request' && github.event.pull_request.base.sha) || github.sha }}
+          GIT_REF: ${{ ( inputs.git_reference_for_database_image == 'next' && 'origin/next' ) || github.event.pull_request.base.sha || github.sha }}
         run: |
-          if aws ecr describe-images --repository-name mavis/development --image-ids imageTag=$GIT_REF > /dev/null 2>&1; then
+          GIT_REF_SHA=$(git rev-parse $GIT_REF)
+          echo "GIT_REF_SHA=$GIT_REF_SHA" >> $GITHUB_OUTPUT
+          if aws ecr describe-images --repository-name mavis/development --image-ids imageTag=$GIT_REF_SHA > /dev/null 2>&1; then
             echo "Docker image with given tag already exists"
             echo "build-needed=false" >> $GITHUB_OUTPUT
           else
@@ -136,7 +147,7 @@ jobs:
       contents: read
     uses: ./.github/workflows/create_dockerized_db.yml
     with:
-      github_ref: ${{ inputs.git_reference_for_database_image }}
+      github_ref: ${{ needs.check-database-image-presence.outputs.db_git_ref_sha }}
   launch-dockerized-devimage:
     needs: [ check-development-image-presence,
              build-and-push-development-image,
@@ -166,28 +177,27 @@ jobs:
         with:
           task-definition-family: "assurance-testing-mavis-development-task-definition-template"
           container-name: "mavis-development-web"
-          image: "393416225559.dkr.ecr.eu-west-2.amazonaws.com/mavis/development:${{ github.sha }}"
+          image: "393416225559.dkr.ecr.eu-west-2.amazonaws.com/mavis/development:${{ needs.check-development-image-presence.outputs.application-image-git-ref }}"
       - name: Render task definition database
         id: render-task-definition-database
         uses: aws-actions/amazon-ecs-render-task-definition@v1
         with:
           task-definition: ${{ steps.render-task-definition-web.outputs.task-definition }}
           container-name: "mavis-development-db"
-          image: "393416225559.dkr.ecr.eu-west-2.amazonaws.com/mavis/development/postgres_db:${{ github.event.pull_request.base.ref }}"
+          image: "393416225559.dkr.ecr.eu-west-2.amazonaws.com/mavis/development/postgres_db:${{ needs.check-database-image-presence.outputs.db_git_ref_sha }}"
       - name: Render task definition sidekiq
         id: render-task-definition-sidekiq
         uses: aws-actions/amazon-ecs-render-task-definition@v1
         with:
           task-definition: ${{ steps.render-task-definition-database.outputs.task-definition }}
           container-name: "mavis-development-sidekiq"
-          image: "393416225559.dkr.ecr.eu-west-2.amazonaws.com/mavis/development:${{ github.sha }}"
+          image: "393416225559.dkr.ecr.eu-west-2.amazonaws.com/mavis/development:${{ needs.check-development-image-presence.outputs.application-image-git-ref }}"
       - name: Prepare deployment
         id: prepare-deployment
         run: |
           file_path="assurance-testing-mavis-development-task-definition.json"
           family_name="assurance-testing-mavis-development-task-definition"
           echo "$(jq --arg f "$family_name" '.family = $f' "${{ steps.render-task-definition-sidekiq.outputs.task-definition }}")" > "$file_path"
-          cat "$file_path" #TODO: Debugging, remove later
 
           subnet_id=$(aws ec2 describe-subnets --filters Name=tag:Name,Values=assurance-testing-subnet --query 'Subnets[0].SubnetId' --output text)
           security_group_id=$(aws ec2 describe-security-groups --filters Name=group-name,Values=assurance-testing-mavis-development-sg --query 'SecurityGroups[0].GroupId' --output text)

Gemfile

@@ -52,6 +52,9 @@ gem "omniauth_openid_connect"
 gem "omniauth-rails_csrf_protection"
 gem "pagy"
 gem "phonelib"
+gem "prometheus_exporter",
+    github: "discourse/prometheus_exporter",
+    branch: "main" #TODO: replace with version > 2.3.1 when released
 gem "pstore"
 gem "pundit"
 gem "rails_semantic_logger"

Gemfile.lock

@@ -1,6 +1,6 @@
 GIT
   remote: https://github.com/alphagov/rubocop-govuk.git
-  revision: a6d2aedf0262e633076d23b47069957f843f6e52
+  revision: 58ff3290bf5c267d0228d0910fa0bc92a405ec81
   branch: main
   specs:
     rubocop-govuk (5.1.20)
@@ -18,6 +18,14 @@ GIT
     capybara_accessible_selectors (0.15.0)
       capybara (~> 3.36)
 
+GIT
+  remote: https://github.com/discourse/prometheus_exporter.git
+  revision: ddf5c9b5446bd66b39390a6e07d4660ebca56d41
+  branch: main
+  specs:
+    prometheus_exporter (2.3.1)
+      webrick
+
 GIT
   remote: https://github.com/tvararu/audited.git
   revision: e089773f10f8ef5e5e92a2052a2fea55f83091d2
@@ -128,7 +136,7 @@ GEM
     ast (2.4.3)
     attr_required (1.0.2)
     aws-eventstream (1.4.0)
-    aws-partitions (1.1202.0)
+    aws-partitions (1.1205.0)
     aws-sdk-accessanalyzer (1.84.0)
       aws-sdk-core (~> 3, >= 3.241.3)
       aws-sigv4 (~> 1.5)
@@ -140,7 +148,7 @@ GEM
       bigdecimal
       jmespath (~> 1, >= 1.6.1)
       logger
-    aws-sdk-ec2 (1.589.0)
+    aws-sdk-ec2 (1.590.0)
       aws-sdk-core (~> 3, >= 3.241.3)
       aws-sigv4 (~> 1.5)
     aws-sdk-ecr (1.118.0)
@@ -152,7 +160,7 @@ GEM
     aws-sdk-kms (1.120.0)
       aws-sdk-core (~> 3, >= 3.241.3)
       aws-sigv4 (~> 1.5)
-    aws-sdk-rds (1.304.0)
+    aws-sdk-rds (1.305.0)
       aws-sdk-core (~> 3, >= 3.241.3)
       aws-sigv4 (~> 1.5)
     aws-sdk-s3 (1.211.0)
@@ -170,7 +178,7 @@ GEM
     bigdecimal (4.0.1)
     bindata (2.5.1)
     bindex (0.8.1)
-    bootsnap (1.21.0)
+    bootsnap (1.21.1)
       msgpack (~> 1.2)
     brakeman (7.1.2)
       racc
@@ -452,7 +460,7 @@ GEM
     parallel (1.27.0)
     parallel_tests (5.5.0)
       parallel
-    parser (3.3.10.0)
+    parser (3.3.10.1)
       ast (~> 2.4.1)
       racc
     pg (1.6.3-arm64-darwin)
@@ -547,7 +555,7 @@ GEM
       ffi (~> 1.0)
     rbs (3.10.2)
       logger
-    rdoc (7.0.3)
+    rdoc (7.1.0)
       erb
       psych (>= 4.0.0)
       tsort
@@ -646,14 +654,14 @@ GEM
     securerandom (0.4.1)
     semantic_logger (4.17.0)
       concurrent-ruby (~> 1.0)
-    sentry-rails (6.2.0)
+    sentry-rails (6.3.0)
       railties (>= 5.2.0)
-      sentry-ruby (~> 6.2.0)
-    sentry-ruby (6.2.0)
+      sentry-ruby (~> 6.3.0)
+    sentry-ruby (6.3.0)
       bigdecimal
       concurrent-ruby (~> 1.0, >= 1.0.2)
-    sentry-sidekiq (6.2.0)
-      sentry-ruby (~> 6.2.0)
+    sentry-sidekiq (6.3.0)
+      sentry-ruby (~> 6.3.0)
       sidekiq (>= 5.0)
     shoulda-matchers (7.0.1)
       activesupport (>= 7.1)
@@ -852,6 +860,7 @@ DEPENDENCIES
   pg
   phonelib
   prettier_print
+  prometheus_exporter!
   propshaft
   pry-rails
   pstore