Merge branch 'main' into feature/CCM-17208_Supplier_api_pact_tests

Author: simonlabarere

.github/workflows/cicd-3-deploy.yaml

@@ -3,112 +3,72 @@ name: "2. CD - Deploy"
 on:
   workflow_dispatch:
     inputs:
-      include_prereleases:
+      source_type:
+        description: "Deployment source type"
         type: choice
-        description: "Include pre-releases"
-        default: "true"
+        required: true
+        default: release
         options:
-          - "true"
-          - "false"
-      version:
-          type: string
-          default: latest
-          description: "Install specific version"
+          - release
+          - branch
+      source_value:
+        description: "Release tag or branch name"
+        type: string
+        required: true
+      deploy_backend:
+        description: "Deploy backend infrastructure"
+        type: boolean
+        required: false
+        default: true
+      backend_account_group:
+        description: "Target backend account group"
+        type: choice
+        required: true
+        default: dev
+        options:
+          - dev
+          - nonprod
+          - prod
+      deploy_proxy:
+        description: "Deploy APIM proxy"
+        type: boolean
+        required: false
+        default: true
+      apim_environment:
+        description: "Target APIM environment"
+        type: choice
+        required: true
+        default: internal-dev
+        options:
+          - internal-dev
+          - int
+          - prod
+      build_sandbox:
+        description: "Build sandbox container"
+        type: boolean
+        required: false
+        default: false
+
+run-name: >-
+  Deploy ${{ inputs.deploy_backend && format('backend={0}',
+  inputs.backend_account_group) || '' }} ${{ inputs.deploy_proxy &&
+  format('apim={0}', inputs.apim_environment) || '' }} source=${{
+  inputs.source_type }}:${{ inputs.source_value }} by @${{ github.actor }}
 
-run-name: "Include prerelease: ${{ inputs.include_prereleases }} Version: ${{ inputs.version }} by @${{ github.actor }}"
 permissions:
-  contents: read
-  pages: write
   id-token: write
+  contents: read
+  packages: read
 
 jobs:
-  metadata:
-    name: "Set CI/CD metadata"
-    runs-on: ubuntu-latest
-    timeout-minutes: 1
-    outputs:
-      build_datetime: ${{ steps.variables.outputs.build_datetime }}
-      build_timestamp: ${{ steps.variables.outputs.build_timestamp }}
-      build_epoch: ${{ steps.variables.outputs.build_epoch }}
-      nodejs_version: ${{ steps.variables.outputs.nodejs_version }}
-      python_version: ${{ steps.variables.outputs.python_version }}
-      terraform_version: ${{ steps.variables.outputs.terraform_version }}
-      version: ${{ steps.variables.outputs.version }}
-      # tag: ${{ steps.variables.outputs.tag }}
-    steps:
-      - name: "Checkout code"
-        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5
-      - name: "Set CI/CD variables"
-        id: variables
-        run: |
-          datetime=$(date -u +'%Y-%m-%dT%H:%M:%S%z')
-          echo "build_datetime=$datetime" >> $GITHUB_OUTPUT
-          echo "build_timestamp=$(date --date=$datetime -u +'%Y%m%d%H%M%S')" >> $GITHUB_OUTPUT
-          echo "build_epoch=$(date --date=$datetime -u +'%s')" >> $GITHUB_OUTPUT
-          echo "nodejs_version=$(grep "^nodejs\s" .tool-versions | cut -f2 -d' ')" >> $GITHUB_OUTPUT
-          echo "python_version=$(grep "^python\s" .tool-versions | cut -f2 -d' ')" >> $GITHUB_OUTPUT
-          echo "terraform_version=$(grep "^terraform\s" .tool-versions | cut -f2 -d' ')" >> $GITHUB_OUTPUT
-          echo "version=$(head -n 1 .version 2> /dev/null || echo unknown)" >> $GITHUB_OUTPUT
-          # echo "tag=${{ github.event.inputs.tag }}" >> $GITHUB_OUTPUT
-      - name: "List variables"
-        run: |
-          export BUILD_DATETIME="${{ steps.variables.outputs.build_datetime }}"
-          export BUILD_TIMESTAMP="${{ steps.variables.outputs.build_timestamp }}"
-          export BUILD_EPOCH="${{ steps.variables.outputs.build_epoch }}"
-          export NODEJS_VERSION="${{ steps.variables.outputs.nodejs_version }}"
-          export PYTHON_VERSION="${{ steps.variables.outputs.python_version }}"
-          export TERRAFORM_VERSION="${{ steps.variables.outputs.terraform_version }}"
-          export VERSION="${{ steps.variables.outputs.version }}"
-          # export TAG="${{ steps.variables.outputs.tag }}"
-          make list-variables
-
-  deploy-jekyll:
-    environment:
-      name: github-pages
-      url: ${{ steps.deployment.outputs.page_url }}
-    runs-on: ubuntu-latest
-    needs: metadata
-    steps:
-      - name: "Checkout code"
-        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5
-      - name: "Get version"
-        id: get-asset-version
-        shell: bash
-        env:
-          GH_TOKEN: ${{ github.token }}
-        run: |
-          if [[ ${{inputs.include_prereleases}} == true ]]; then
-            json=$(gh release list --json tagName --limit 1 --exclude-drafts)
-          else
-            json=$(gh release list --json tagName --limit 1 --exclude-drafts --exclude-pre-releases)
-          fi
-
-          echo $json
-
-          release_version=$(echo $json | (jq -r '.[0].tagName'))
-          if [[ $release_version == null ]]; then exit 1; else echo $release_version; fi
-
-          if [[ ${{inputs.version}} == latest ]]; then
-            echo release_version=$(echo $release_version) >> $GITHUB_OUTPUT
-          else
-            echo release_version=$(echo ${{inputs.version}}) >> $GITHUB_OUTPUT
-          fi
-
-      - name: "Get release version"
-        id: download-asset
-        shell: bash
-        env:
-          GH_TOKEN: ${{ github.token }}
-        run: |
-          gh release download ${{steps.get-asset-version.outputs.release_version}} -p jekyll-docs-*.tar --output artifact.tar
-
-      - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
-        with:
-          name: jekyll-docs-${{steps.get-asset-version.outputs.release_version}}
-          path: artifact.tar
-
-      - name: Deploy to GitHub Pages
-        id: deployment
-        uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4
-        with:
-          artifact_name: jekyll-docs-${{steps.get-asset-version.outputs.release_version}}
+  deploy:
+    uses: ./.github/workflows/deploy-supplier-api.yaml
+    secrets: inherit
+    with:
+      backend_account_group: ${{ inputs.backend_account_group }}
+      apim_environment: ${{ inputs.apim_environment }}
+      source_type: ${{ inputs.source_type }}
+      source_value: ${{ inputs.source_value }}
+      deploy_backend: ${{ inputs.deploy_backend }}
+      deploy_proxy: ${{ inputs.deploy_proxy }}
+      build_sandbox: ${{ inputs.build_sandbox }}

…ows/manual-proxy-environment-deploy.yaml …/workflows/deploy-dynamic-env-proxy.yaml.github/workflows/manual-proxy-environment-deploy.yaml renamed to .github/workflows/deploy-dynamic-env-proxy.yaml .github/workflows/manual-proxy-environment-deploy.yaml renamed to .github/workflows/deploy-dynamic-env-proxy.yaml

@@ -1,18 +1,9 @@
-name: Deploy proxy to environment
-run-name: Proxygen Deployment for ${{ inputs.proxy_environment }}
+name: Deploy dynamic PR environment proxy
+run-name: Deploy proxy for PR environment on internal-dev by @${{ github.actor }}
 
 on:
   workflow_dispatch:
     inputs:
-      proxy_environment:
-        description: Name of the proxygen environment to deploy to
-        required: true
-        type: choice
-        default: internal-dev
-        options:
-          - internal-dev
-          - int
-          - prod
       build_sandbox:
         description: Build sandbox container?
         required: false
@@ -24,35 +15,33 @@ permissions:
   packages: read
 
 jobs:
-  deploy-environment:
+  deploy-pr-proxy:
     runs-on: ubuntu-latest
-    name: Deploy to Environment
+    name: Deploy proxy to dynamic PR environment
     steps:
       - name: Checkout
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-      - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
-        with:
-          node-version: 22
 
-      - name: Npm install
+      - name: Install dependencies
         uses: ./.github/actions/node-install
         with:
-          node-version: 22
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: "Check if pull request exists for this branch and set ENVIRONMENT/APIM_ENV"
+      - name: Resolve nodejs version
+        id: toolversions
+        run: echo "nodejs_version=$(grep '^nodejs\s' .tool-versions | cut -f2 -d' ')" >>
+          "$GITHUB_OUTPUT"
+
+      - name: "Check if pull request exists for this branch and set
+          ENVIRONMENT/APIM_ENV"
         id: pr_exists
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
           branch_name=${GITHUB_HEAD_REF:-$(echo $GITHUB_REF | sed 's#refs/heads/##')}
           echo "Current branch is '$branch_name'"
 
-          if [ -z "${{ inputs.proxy_environment }}" ]; then
-            ENVIRONMENT="internal-dev"
-          else
-            ENVIRONMENT="${{ inputs.proxy_environment }}"
-          fi
+          ENVIRONMENT="internal-dev"
 
           pr_json=$(gh pr list --head "$branch_name" --state open --json number --limit 1)
           pr_number=$(echo "$pr_json" | jq -r '.[0].number // empty')
@@ -62,36 +51,37 @@ jobs:
             echo "does_pull_request_exist=true" >> $GITHUB_OUTPUT
             echo "pr_number=$pr_number" >> $GITHUB_OUTPUT
             APIM_ENV="$ENVIRONMENT-pr"
-            echo "changing environment variable so that PR number is used in proxy pipeline for setting env vars"
+            # changing environment variable so that PR number is used in proxy pipeline for setting env vars
             ENVIRONMENT="pr$pr_number"
           else
-            echo "Pull request doesn't exist, setting target env to main"
-            echo "does_pull_request_exist=false" >> $GITHUB_OUTPUT
-            echo "pr_number=" >> $GITHUB_OUTPUT
-            APIM_ENV="$ENVIRONMENT"
-            ENVIRONMENT="main"
+            echo "[ERROR] Pull request $pr_number doesn't exist."
+            exit 1
           fi
 
           echo "ENVIRONMENT=$ENVIRONMENT" >> $GITHUB_ENV
           echo "APIM_ENV=$APIM_ENV" >> $GITHUB_ENV
 
-      - name: "Build OAS spec"
+      - name: Build OAS spec
         uses: ./.github/actions/build-oas-spec
         with:
+          version: "pr${{ steps.pr_exists.outputs.pr_number }}"
           apimEnv: "${{ env.APIM_ENV }}"
           buildSandbox: ${{ inputs.build_sandbox }}
+          nodejs_version: ${{ steps.toolversions.outputs.nodejs_version }}
           NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: "Build proxies"
+      - name: Deploy proxy
         env:
           PROXYGEN_API_NAME: nhs-notify-supplier
           PR_NUMBER: ${{ steps.pr_exists.outputs.pr_number }}
           APP_CLIENT_ID: ${{ secrets.APP_CLIENT_ID }}
           APP_PEM_FILE: ${{ secrets.APP_PEM_FILE }}
         uses: ./.github/actions/build-proxies
         with:
+          targetComponent: api
           environment: "${{ env.ENVIRONMENT }}"
           apimEnv: "${{ env.APIM_ENV }}"
           runId: "${{ github.run_id }}"
           buildSandbox: ${{ inputs.build_sandbox }}
           releaseVersion: ${{ github.ref_name }}
+          version: "pr${{ steps.pr_exists.outputs.pr_number }}"

.github/workflows/deploy-static-env-backend-only.yaml

@@ -0,0 +1,46 @@
+name: Deploy backend only
+
+on:
+  workflow_dispatch:
+    inputs:
+      backend_account_group:
+        description: "Target backend account group"
+        type: choice
+        required: true
+        default: dev
+        options:
+          - dev
+          - nonprod
+          - prod
+      source_type:
+        description: "Deployment source type"
+        type: choice
+        required: true
+        default: release
+        options:
+          - release
+          - branch
+      source_value:
+        description: "Release tag or branch name"
+        type: string
+        required: true
+
+run-name: >-
+  Deploy backend=${{ inputs.backend_account_group }} source=${{
+  inputs.source_type }}:${{ inputs.source_value }} by @${{ github.actor }}
+
+permissions:
+  id-token: write
+  contents: read
+  packages: read
+
+jobs:
+  deploy:
+    uses: ./.github/workflows/deploy-supplier-api.yaml
+    secrets: inherit
+    with:
+      backend_account_group: ${{ inputs.backend_account_group }}
+      source_type: ${{ inputs.source_type }}
+      source_value: ${{ inputs.source_value }}
+      deploy_backend: true
+      deploy_proxy: false

.github/workflows/deploy-static-env-proxy-only.yaml

@@ -0,0 +1,52 @@
+name: Deploy proxy only
+
+on:
+  workflow_dispatch:
+    inputs:
+      apim_environment:
+        description: "Target APIM environment"
+        type: choice
+        required: true
+        default: internal-dev
+        options:
+          - internal-dev
+          - int
+          - prod
+      source_type:
+        description: "Deployment source type"
+        type: choice
+        required: true
+        default: release
+        options:
+          - release
+          - branch
+      source_value:
+        description: "Release tag or branch name"
+        type: string
+        required: true
+      build_sandbox:
+        description: "Build sandbox container"
+        type: boolean
+        required: false
+        default: false
+
+run-name: >-
+  Deploy proxy apim=${{ inputs.apim_environment }} source=${{ inputs.source_type
+  }}:${{ inputs.source_value }} by @${{ github.actor }}
+
+permissions:
+  id-token: write
+  contents: read
+  packages: read
+
+jobs:
+  deploy:
+    uses: ./.github/workflows/deploy-supplier-api.yaml
+    secrets: inherit
+    with:
+      apim_environment: ${{ inputs.apim_environment }}
+      source_type: ${{ inputs.source_type }}
+      source_value: ${{ inputs.source_value }}
+      deploy_backend: false
+      deploy_proxy: true
+      build_sandbox: ${{ inputs.build_sandbox }}