feat: dtoss 9326 trigger cd pipeline with commit

.azuredevops/pipelines/cd-infrastructure-dev-core.yaml

@@ -14,9 +14,16 @@ resources:
     - repository: dtos-devops-templates
       type: github
       name: NHSDigital/dtos-devops-templates
-      ref: cf5e22fe4614b7d077a22301d29883e86ac3defc
+      ref: main
       endpoint: NHSDigital
 
+parameters:
+  - name: imageHash
+    type: string
+    default: ''
+  - name: registryHost
+    type: string
+
 variables:
   - group: DEV_core_backend
   - group: DEV_audit_backend_remote_state
@@ -36,6 +43,8 @@ stages:
     condition: eq(variables['Build.Reason'], 'Manual')
     variables:
       tfVarsFile: environments/$(ENVIRONMENT).tfvars
+      imageHash: ${{ parameters.imageHash }}
+      registryHost: ${{ parameters.registryHost }}
     jobs:
       - job: init_and_plan
         displayName: Init, plan, store artifact

.github/workflows/cicd-1-pull-request.yaml

@@ -103,14 +103,14 @@ jobs:
   build-image-stage: # Recommended maximum execution time is 3 minutes
     name: Image build stage
     needs: [metadata, commit-stage, test-stage]
-    uses: NHSDigital/dtos-devops-templates/.github/workflows/stage-3-build.yaml@main
+    uses: NHSDigital/dtos-devops-templates/.github/workflows/stage-3-build.yaml
     if: needs.metadata.outputs.does_pull_request_exist == 'true' || github.ref == 'refs/heads/main' || (github.event_name == 'pull_request' && (github.event.action == 'opened' || github.event.action == 'reopened'))
     with:
       docker_compose_file_csv_list: ./compose.yaml
       excluded_containers_csv_list: azurite,azurite-setup,sql-database,database-setup,db
       environment_tag: ${{ needs.metadata.outputs.environment_tag }}
       function_app_source_code_path: src
-      project_name: service-layer
+      project_name: dtos-service-layer
     secrets: inherit
   acceptance-stage: # Recommended maximum execution time is 10 minutes
     name: Acceptance stage

compose.yaml

@@ -147,3 +147,5 @@ volumes:
   mesh-config-data:
     name: mesh-config-data
     driver: local
+
+

infrastructure/tf-core/function_app.tf

@@ -7,19 +7,19 @@ module "functionapp" {
   resource_group_name = azurerm_resource_group.core[each.value.region].name
   location            = each.value.region
 
-  acr_login_server                       = "https://ghcr.io/nhsdigital"
+  acr_login_server = "${var.registry_host}"
   ai_connstring                          = data.azurerm_application_insights.ai.connection_string
   always_on                              = var.function_apps.always_on
   app_service_logs_disk_quota_mb         = var.function_apps.app_service_logs_disk_quota_mb
   app_service_logs_retention_period_days = var.function_apps.app_service_logs_retention_period_days
   app_settings                           = each.value.app_settings
   asp_id                                 = module.app-service-plan["${each.value.app_service_plan_key}-${each.value.region}"].app_service_plan_id
   cont_registry_use_mi                   = var.function_apps.cont_registry_use_mi
-  # azuread_group_ids                                    = each.value.azuread_group_ids
+  # azuread_group_ids                                   = each.value.azuread_group_ids
   function_app_slots                                   = var.function_app_slots
   health_check_path                                    = var.function_apps.health_check_path
   image_name                                           = "${var.function_apps.docker_img_prefix}-${lower(each.value.name_suffix)}"
-  image_tag                                            = var.function_apps.docker_env_tag
+  image_tag                                            = "${var.image_commit_hash}"
   ip_restriction_default_action                        = var.function_apps.ip_restriction_default_action
   ip_restrictions                                      = each.value.ip_restrictions
   log_analytics_workspace_id                           = data.terraform_remote_state.audit.outputs.log_analytics_workspace_id[local.primary_region]

infrastructure/tf-core/variables.tf

@@ -211,6 +211,11 @@ variable "function_app_slots" {
   }))
 }
 
+variable "image_commit_hash" {
+  description = "The commit SHA of the Docker image generated by the CI pipeline and applied to all functions"
+  type = string
+}
+
 variable "key_vault" {
   description = "Configuration for the key vault"
   type = object({
@@ -257,6 +262,7 @@ variable "network_security_group_rules" {
       source_addresses  = ["0.0.0.0/0"]
       destination_fqdns = ["example.com"]
     },
+  ]
 */
 
 variable "regions" {
@@ -276,6 +282,12 @@ variable "regions" {
   }))
 }
 
+variable "registry_host" {
+  description = "The URL of the container registry used by the CI pipeline. Default = <GitHub URL>"
+  type = string
+  default = "https://ghcr.io/nhsdigital"
+}
+
 variable "routes" {
   description = "Routes configuration for different regions"
   type = map(object({

scripts/terraform/examples/empty.tf

@@ -0,0 +1,14 @@
+terraform {
+  required_version = ">= 1.0.0"
+
+  required_providers {
+    null = {
+      source  = "hashicorp/null"
+      version = "~> 3.0"
+    }
+  }
+}
+
+provider "null" {
+  # Does nothing, just here to satisfy provider requirement
+}

scripts/terraform/terraform.mk

@@ -41,11 +41,11 @@ clean:: # Remove Terraform files (terraform) - optional: terraform_dir|dir=[path
 		opts=$(or ${terraform_opts}, ${opts})
 
 _terraform: # Terraform command wrapper - mandatory: cmd=[command to execute]; optional: dir=[path to a directory where the command will be executed, relative to the project's top-level directory, default is one of the module variables or the example directory, if not set], opts=[options to pass to the Terraform command, default is none/empty]
-	# 'TERRAFORM_STACK' is passed to the functions as environment variable
-	TERRAFORM_STACK=$(or ${TERRAFORM_STACK}, $(or ${terraform_stack}, $(or ${STACK}, $(or ${stack}, scripts/terraform/examples/terraform-state-aws-s3))))
-	dir=$(or ${dir}, ${TERRAFORM_STACK})
-	source scripts/terraform/terraform.lib.sh
-	terraform-${cmd} # 'dir' and 'opts' are accessible by the function as environment variables, if set
+# 'TERRAFORM_STACK' is passed to the functions as environment variable
+	TERRAFORM_STACK="$${TERRAFORM_STACK:-$${terraform_stack:-$${STACK:-$${stack:-scripts/terraform/examples}}}}";
+	dir="$${dir:-$${TERRAFORM_STACK}}";
+	source scripts/terraform/terraform.lib.sh;
+	terraform-${cmd}
 
 # ==============================================================================
 # Quality checks - please DO NOT edit this section!
@@ -67,10 +67,10 @@ terraform-example-destroy-aws-infrastructure: # Destroy example of AWS infrastru
 	make terraform-destroy opts="-auto-approve"
 
 terraform-example-clean: # Remove Terraform example files @ExamplesAndTests
-	dir=$(or ${dir}, ${TERRAFORM_STACK})
-	source scripts/terraform/terraform.lib.sh
-	terraform-clean
-	rm -f ${TERRAFORM_STACK}/.terraform.lock.hcl
+	dir="$${dir:-$${TERRAFORM_STACK}}"; \
+	source scripts/terraform/terraform.lib.sh; \
+	terraform-clean; \
+	rm -f "$${TERRAFORM_STACK}/.terraform.lock.hcl" \
 
 # ==============================================================================
 # Configuration - please DO NOT edit this section!
@@ -93,4 +93,4 @@ ${VERBOSE}.SILENT: \
 	terraform-install \
 	terraform-plan \
 	terraform-shellscript-lint \
-	terraform-validate \
+	terraform-validate

src/ServiceLayer.API/Program.cs

@@ -27,3 +27,6 @@
     .Build();
 
 await host.RunAsync();
+
+
+