Update: [AEA-5929] - Copy KB Docs from INT to PROD (#315)

kieran-wilkinson-4 · bencegadanyi1-nhs · web-flow · commit e77df1b33f3c · 2026-02-11T14:53:35.000Z
## Summary - Purge documents in prod before syncing --- <img width="628" height="1050" alt="image" src="https://github.com/user-attachments/assets/d4f00b79-229c-4f92-8268-04fac16fe598" /> --------- Co-authored-by: bencegadanyi1-nhs <bence.gadanyi1@nhs.net>
diff --git a/.github/actions/sync_documents/action.yml b/.github/actions/sync_documents/action.yml
@@ -14,6 +14,10 @@ inputs:
   TARGET_CLOUD_FORMATION_DEPLOY_ROLE:
     required: true
     description: "The role to assume for the target account"
+  PURGE_ENVIRONMENT:
+    required: false
+    description: "Whether to remove all existing files in the target environment before syncing (true/false)"
+    default: "false"
 
 runs:
   using: "composite"
@@ -76,6 +80,18 @@ runs:
         fi
         printf "\n"
 
+    - name: Clear Target Environment
+      shell: bash
+      run: |
+        if [ "$PURGE_ENVIRONMENT" == "true" ]; then
+          echo "Purging s3://${{ steps.find-destination-bucket.outputs.BUCKET_NAME }}..."
+          aws s3 rm s3://${{ steps.find-destination-bucket.outputs.BUCKET_NAME }} --recursive
+        else
+          echo "Purge disabled. Skipping deletion of files in target bucket."
+          exit 0
+        fi
+        printf "\n"
+
     - name: Upload Files to Target S3
       shell: bash
       run: |
diff --git a/.github/workflows/release_all_stacks.yml b/.github/workflows/release_all_stacks.yml
@@ -199,14 +199,15 @@ jobs:
         env:
           TARGET_ENVIRONMENT: ${{ inputs.TARGET_ENVIRONMENT }}
 
-      - name: Sync Documents - INT to lower environments
+      - name: Sync Documents
         uses: ./.github/actions/sync_documents
-        if: ${{ (inputs.TARGET_ENVIRONMENT == 'dev' || inputs.TARGET_ENVIRONMENT == 'qa' || inputs.TARGET_ENVIRONMENT == 'dev-pr') && (inputs.DEPLOY_CODE == true || inputs.IS_PULL_REQUEST == true) }}
+        if: ${{ (inputs.TARGET_ENVIRONMENT != 'int') && (inputs.DEPLOY_CODE == true || inputs.IS_PULL_REQUEST == true) }}
         with:
           TARGET_ENVIRONMENT: ${{ inputs.TARGET_ENVIRONMENT }}
           STACK: ${{ inputs.STACK_NAME }}
           INT_ASSIST_ME_DOCUMENT_SYNC_ROLE: ${{ secrets.INT_ASSIST_ME_DOCUMENT_SYNC_ROLE }}
           TARGET_CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.CLOUD_FORMATION_DEPLOY_ROLE }}
+          PURGE_ENVIRONMENT: ${{ inputs.TARGET_ENVIRONMENT == 'prod' }}
 
       - name: create_int_release_notes
         uses: ./.github/actions/update_confluence_jira
diff --git a/packages/cdk/constructs/S3Bucket.ts b/packages/cdk/constructs/S3Bucket.ts
@@ -66,7 +66,9 @@ export class S3Bucket extends Construct {
         "s3:PutObjectLegalHold",
         "s3:PutObjectRetention",
         "s3:PutObjectTagging",
-        "s3:PutObjectVersionTagging"
+        "s3:PutObjectVersionTagging",
+        "s3:DeleteObject",
+        "s3:DeleteObjectVersion"
       ],
       resources: [
         bucket.bucketArn,
