From f78df741907e0b45b56706feca3005c120f583bc Mon Sep 17 00:00:00 2001 From: Matt Jarvis Date: Tue, 14 Oct 2025 09:47:03 +0100 Subject: [PATCH 01/29] VED-812: Add e2e test pipeline. --- .github/workflows/run-e2e-tests.yml | 96 +++++++++++++++++++++++++++++ 1 file changed, 96 insertions(+) create mode 100644 .github/workflows/run-e2e-tests.yml diff --git a/.github/workflows/run-e2e-tests.yml b/.github/workflows/run-e2e-tests.yml new file mode 100644 index 000000000..59f3f8db6 --- /dev/null +++ b/.github/workflows/run-e2e-tests.yml @@ -0,0 +1,96 @@ +name: Run e2e Tests + +on: + workflow_call: + inputs: + apigee_environment: + required: true + type: string + environment: + required: true + type: string + sub_environment: + required: true + type: string + workflow_dispatch: + inputs: + apigee_environment: + type: choice + description: Select the Apigee proxy environment + options: + - internal-dev + - int + - ref + - prod + environment: + type: string + description: Select the backend environment + options: + - dev + - preprod + - prod + sub_environment: + type: string + description: Set the sub environment name e.g. pr-xxx, or green/blue in higher environments + +jobs: + e2e-tests: + runs-on: ubuntu-latest + environment: + name: ${{ inputs.environment }} + env: # Sonarcloud - do not allow direct usage of untrusted data + APIGEE_ENVIRONMENT: ${{ inputs.apigee_environment }} + BACKEND_ENVIRONMENT: ${{ inputs.environment }} + BACKEND_SUB_ENVIRONMENT: ${{ inputs.sub_environment }} + APIGEE_USERNAME: ${{ vars.APIGEE_USERNAME }} + permissions: + id-token: write + contents: read + steps: + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + + - name: Install poetry + run: pip install poetry==2.1.4 + + - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c + with: + python-version: 3.11 + cache: "poetry" + + - name: Install e2e test dependencies + run: poetry install --no-root + working-directory: e2e + + - name: Install oathtool + run: sudo apt-get update && sudo apt-get install -y oathtool + + - name: Get Apigee access token + env: + APIGEE_PASSWORD: ${{ secrets.APIGEE_PASSWORD }} + APIGEE_OAUTH_TOKEN: ${{ secrets.APIGEE_BASIC_AUTH_TOKEN }} + APIGEE_OTP_SECRET: ${{ secrets.APIGEE_OTP_KEY }} + run: | + CODE=$(oathtool --totp -b "$APIGEE_OTP_SECRET") + echo "::add-mask::$CODE" + echo "Requesting access token from Apigee..." + response=$(curl -s -X POST "https://login.apigee.com/oauth/token" \ + -H "Content-Type: application/x-www-form-urlencoded" \ + -H "Accept: application/json;charset=utf-8" \ + -H "Authorization: Basic $APIGEE_BASIC_AUTH_TOKEN" \ + -d "username=$APIGEE_USERNAME&password=$APIGEE_PASSWORD&mfa_token=$CODE&grant_type=password") + token=$(echo "$response" | jq -e -r '.access_token') + if [[ -z "$token" ]]; then + echo "Failed to retrieve access token" + exit 1 + fi + echo "::add-mask::$token" + echo "APIGEE_ACCESS_TOKEN=$token" >> $GITHUB_ENV + + - name: Run e2e tests + working-directory: e2e + run: | + # export PROXY_NAME=immunisation-fhir-api-${{ inputs.sub_environment }} + # export SERVICE_BASE_PATH=immunisation-fhir-api/FHIR/R4-${{ inputs.sub_environment }} + export PROXY_NAME=immunisation-fhir-api-internal-dev + export SERVICE_BASE_PATH=immunisation-fhir-api/FHIR/R4 + make run-immunization From 42d1ab4afd7fcaae1c414862ca05b2d14fcd16b0 Mon Sep 17 00:00:00 2001 From: Matt Jarvis Date: Tue, 14 Oct 2025 10:03:01 +0100 Subject: [PATCH 02/29] VED-812: Add test pipeline trigger. --- .github/workflows/run-e2e-tests.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/run-e2e-tests.yml b/.github/workflows/run-e2e-tests.yml index 59f3f8db6..fc3fbfc12 100644 --- a/.github/workflows/run-e2e-tests.yml +++ b/.github/workflows/run-e2e-tests.yml @@ -32,6 +32,9 @@ on: sub_environment: type: string description: Set the sub environment name e.g. pr-xxx, or green/blue in higher environments + # TODO - remove + pull_request: + types: [opened] jobs: e2e-tests: @@ -39,9 +42,9 @@ jobs: environment: name: ${{ inputs.environment }} env: # Sonarcloud - do not allow direct usage of untrusted data - APIGEE_ENVIRONMENT: ${{ inputs.apigee_environment }} - BACKEND_ENVIRONMENT: ${{ inputs.environment }} - BACKEND_SUB_ENVIRONMENT: ${{ inputs.sub_environment }} + APIGEE_ENVIRONMENT: internal-dev + BACKEND_ENVIRONMENT: dev + BACKEND_SUB_ENVIRONMENT: internal-dev APIGEE_USERNAME: ${{ vars.APIGEE_USERNAME }} permissions: id-token: write From 4658af49a737aa490f687a2a8dc944c5ed08877f Mon Sep 17 00:00:00 2001 From: Matt Jarvis Date: Tue, 14 Oct 2025 10:26:05 +0100 Subject: [PATCH 03/29] VED-812: Add debug logging. --- .github/workflows/run-e2e-tests.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/run-e2e-tests.yml b/.github/workflows/run-e2e-tests.yml index fc3fbfc12..e85d49f68 100644 --- a/.github/workflows/run-e2e-tests.yml +++ b/.github/workflows/run-e2e-tests.yml @@ -81,6 +81,10 @@ jobs: -H "Accept: application/json;charset=utf-8" \ -H "Authorization: Basic $APIGEE_BASIC_AUTH_TOKEN" \ -d "username=$APIGEE_USERNAME&password=$APIGEE_PASSWORD&mfa_token=$CODE&grant_type=password") + + # TODO - REMOVE + echo "$response" + token=$(echo "$response" | jq -e -r '.access_token') if [[ -z "$token" ]]; then echo "Failed to retrieve access token" From 88fac1f145dca87cdd8a5e67036b11035712b0d8 Mon Sep 17 00:00:00 2001 From: Matt Jarvis Date: Tue, 14 Oct 2025 10:37:35 +0100 Subject: [PATCH 04/29] VED-812: Fix Sonar errors. --- .github/workflows/run-e2e-tests.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/run-e2e-tests.yml b/.github/workflows/run-e2e-tests.yml index e85d49f68..4c1578936 100644 --- a/.github/workflows/run-e2e-tests.yml +++ b/.github/workflows/run-e2e-tests.yml @@ -96,8 +96,6 @@ jobs: - name: Run e2e tests working-directory: e2e run: | - # export PROXY_NAME=immunisation-fhir-api-${{ inputs.sub_environment }} - # export SERVICE_BASE_PATH=immunisation-fhir-api/FHIR/R4-${{ inputs.sub_environment }} export PROXY_NAME=immunisation-fhir-api-internal-dev export SERVICE_BASE_PATH=immunisation-fhir-api/FHIR/R4 make run-immunization From 0c8af427524ad822946b80e3257735046f882ac1 Mon Sep 17 00:00:00 2001 From: Matt Jarvis Date: Tue, 14 Oct 2025 10:39:34 +0100 Subject: [PATCH 05/29] VED-812: Update test trigger. --- .github/workflows/run-e2e-tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/run-e2e-tests.yml b/.github/workflows/run-e2e-tests.yml index 4c1578936..f9e673b47 100644 --- a/.github/workflows/run-e2e-tests.yml +++ b/.github/workflows/run-e2e-tests.yml @@ -34,7 +34,7 @@ on: description: Set the sub environment name e.g. pr-xxx, or green/blue in higher environments # TODO - remove pull_request: - types: [opened] + types: [labeled, opened, synchronize, reopened, unlabeled] jobs: e2e-tests: From 5c71f49c9a2a3a6461ebeb79d206a8ef0b12758a Mon Sep 17 00:00:00 2001 From: Matt Jarvis Date: Tue, 14 Oct 2025 10:53:24 +0100 Subject: [PATCH 06/29] VED-812: Fix variable name. --- .github/workflows/run-e2e-tests.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/run-e2e-tests.yml b/.github/workflows/run-e2e-tests.yml index f9e673b47..509718afa 100644 --- a/.github/workflows/run-e2e-tests.yml +++ b/.github/workflows/run-e2e-tests.yml @@ -70,10 +70,10 @@ jobs: - name: Get Apigee access token env: APIGEE_PASSWORD: ${{ secrets.APIGEE_PASSWORD }} - APIGEE_OAUTH_TOKEN: ${{ secrets.APIGEE_BASIC_AUTH_TOKEN }} - APIGEE_OTP_SECRET: ${{ secrets.APIGEE_OTP_KEY }} + APIGEE_BASIC_AUTH_TOKEN: ${{ secrets.APIGEE_BASIC_AUTH_TOKEN }} + APIGEE_OTP_KEY: ${{ secrets.APIGEE_OTP_KEY }} run: | - CODE=$(oathtool --totp -b "$APIGEE_OTP_SECRET") + CODE=$(oathtool --totp -b "$APIGEE_OTP_KEY") echo "::add-mask::$CODE" echo "Requesting access token from Apigee..." response=$(curl -s -X POST "https://login.apigee.com/oauth/token" \ From eff76afaa6ef843a89792b1abdf75aadd6d66e48 Mon Sep 17 00:00:00 2001 From: Matt Jarvis Date: Tue, 14 Oct 2025 15:30:19 +0100 Subject: [PATCH 07/29] VED-812: Use Python library for TOTP code generation. Add some missing env vars. --- .github/workflows/run-e2e-tests.yml | 25 ++++++++++++------------- e2e/poetry.lock | 16 ++++++++++++++-- e2e/pyproject.toml | 1 + e2e/utils/compute_totp_code.py | 13 +++++++++++++ 4 files changed, 40 insertions(+), 15 deletions(-) create mode 100644 e2e/utils/compute_totp_code.py diff --git a/.github/workflows/run-e2e-tests.yml b/.github/workflows/run-e2e-tests.yml index 509718afa..b0f602917 100644 --- a/.github/workflows/run-e2e-tests.yml +++ b/.github/workflows/run-e2e-tests.yml @@ -61,20 +61,19 @@ jobs: cache: "poetry" - name: Install e2e test dependencies - run: poetry install --no-root working-directory: e2e - - - name: Install oathtool - run: sudo apt-get update && sudo apt-get install -y oathtool + run: poetry install --no-root - name: Get Apigee access token + working-directory: e2e env: APIGEE_PASSWORD: ${{ secrets.APIGEE_PASSWORD }} APIGEE_BASIC_AUTH_TOKEN: ${{ secrets.APIGEE_BASIC_AUTH_TOKEN }} APIGEE_OTP_KEY: ${{ secrets.APIGEE_OTP_KEY }} run: | - CODE=$(oathtool --totp -b "$APIGEE_OTP_KEY") + CODE=$(poetry run python utils/compute_totp_code.py "$APIGEE_OTP_KEY") echo "::add-mask::$CODE" + echo "Requesting access token from Apigee..." response=$(curl -s -X POST "https://login.apigee.com/oauth/token" \ -H "Content-Type: application/x-www-form-urlencoded" \ @@ -82,14 +81,7 @@ jobs: -H "Authorization: Basic $APIGEE_BASIC_AUTH_TOKEN" \ -d "username=$APIGEE_USERNAME&password=$APIGEE_PASSWORD&mfa_token=$CODE&grant_type=password") - # TODO - REMOVE - echo "$response" - - token=$(echo "$response" | jq -e -r '.access_token') - if [[ -z "$token" ]]; then - echo "Failed to retrieve access token" - exit 1 - fi + token=$(jq -e -r '.access_token' <<<"$response") echo "::add-mask::$token" echo "APIGEE_ACCESS_TOKEN=$token" >> $GITHUB_ENV @@ -98,4 +90,11 @@ jobs: run: | export PROXY_NAME=immunisation-fhir-api-internal-dev export SERVICE_BASE_PATH=immunisation-fhir-api/FHIR/R4 + + export IMMS_DELTA_TABLE_NAME=imms-internal-dev-delta + export AWS_DOMAIN_NAME=internal-dev.imms.dev.vds.platform.nhs.uk + export DYNAMODB_TABLE_NAME=imms-internal-dev-imms-events + export AWS_SQS_QUEUE_NAME=imms-internal-dev-delta-dlq + export AWS_SNS_TOPIC_NAME=imms-internal-dev-delta-sns + make run-immunization diff --git a/e2e/poetry.lock b/e2e/poetry.lock index 14541eead..26ba906c6 100644 --- a/e2e/poetry.lock +++ b/e2e/poetry.lock @@ -1,4 +1,4 @@ -# This file is automatically @generated by Poetry 2.2.0 and should not be changed by hand. +# This file is automatically @generated by Poetry 2.1.4 and should not be changed by hand. [[package]] name = "boto3" @@ -441,6 +441,18 @@ files = [ [package.dependencies] typing-extensions = {version = "*", markers = "python_version < \"3.12\""} +[[package]] +name = "oath" +version = "1.4.4" +description = "Python implementation of the three main OATH specifications: HOTP, TOTP and OCRA" +optional = false +python-versions = "*" +groups = ["dev"] +files = [ + {file = "oath-1.4.4-py3-none-any.whl", hash = "sha256:503092f388f041f91737f6b3bd5b83e8cf3f40c7d9bc87bcfbfac33e0ae6d685"}, + {file = "oath-1.4.4.tar.gz", hash = "sha256:bd6b20d20f2c4e3f53523ee900211dca75aeeca72f4f5a9fd8dcacc175fe1c0b"}, +] + [[package]] name = "pycparser" version = "2.22" @@ -692,4 +704,4 @@ zstd = ["zstandard (>=0.18.0)"] [metadata] lock-version = "2.1" python-versions = "~3.11" -content-hash = "0d1be173bfbb153ae83a671d561ff8d8d84d459171a0644f0ccb9d93ed0b1005" +content-hash = "ed1e155a448d3908e4b17b9a7b26c2162e903d709cb0ba6ee94ddbfe28a6fe3c" diff --git a/e2e/pyproject.toml b/e2e/pyproject.toml index ae94d1de3..8240b05c0 100644 --- a/e2e/pyproject.toml +++ b/e2e/pyproject.toml @@ -17,6 +17,7 @@ requests = "^2.32.5" pyjwt = "^2.10.1" cryptography = "^42.0.3" lxml = "~4.9.0" +oath = "^1.4.4" [build-system] requires = ["poetry-core"] diff --git a/e2e/utils/compute_totp_code.py b/e2e/utils/compute_totp_code.py new file mode 100644 index 000000000..437d11707 --- /dev/null +++ b/e2e/utils/compute_totp_code.py @@ -0,0 +1,13 @@ +import base64 +import sys + +import oath + + +def compute_totp_code(key_base32: str) -> str: + key_hex = base64.b32decode(key_base32).hex() + return oath.totp(key_hex) + + +if __name__ == "__main__": + print(compute_totp_code(sys.argv[1])) From e3629f26a5dc71bbe32460238c6c97fc881a5ab6 Mon Sep 17 00:00:00 2001 From: Matt Jarvis Date: Tue, 14 Oct 2025 15:34:25 +0100 Subject: [PATCH 08/29] VED-812: Change test command. --- .github/workflows/run-e2e-tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/run-e2e-tests.yml b/.github/workflows/run-e2e-tests.yml index b0f602917..a798a3488 100644 --- a/.github/workflows/run-e2e-tests.yml +++ b/.github/workflows/run-e2e-tests.yml @@ -97,4 +97,4 @@ jobs: export AWS_SQS_QUEUE_NAME=imms-internal-dev-delta-dlq export AWS_SNS_TOPIC_NAME=imms-internal-dev-delta-sns - make run-immunization + poetry run python -m unittest -c -v From 11ad0b484deecf632d233c9e30d0125a45642285 Mon Sep 17 00:00:00 2001 From: Matt Jarvis Date: Tue, 14 Oct 2025 15:44:14 +0100 Subject: [PATCH 09/29] VED-812: Obtain AWS credentials before running e2e tests. --- .github/workflows/run-e2e-tests.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/run-e2e-tests.yml b/.github/workflows/run-e2e-tests.yml index a798a3488..4d331a4e2 100644 --- a/.github/workflows/run-e2e-tests.yml +++ b/.github/workflows/run-e2e-tests.yml @@ -50,6 +50,13 @@ jobs: id-token: write contents: read steps: + - name: Connect to AWS + uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 + with: + aws-region: eu-west-2 + role-to-assume: arn:aws:iam::${{ vars.AWS_ACCOUNT_ID }}:role/auto-ops + role-session-name: github-actions + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 - name: Install poetry From 8e2c7d65d06613a88adbfac7be76f1e8b8526084 Mon Sep 17 00:00:00 2001 From: Matt Jarvis Date: Tue, 14 Oct 2025 15:57:28 +0100 Subject: [PATCH 10/29] VED-812: Hard code environment for testing. --- .github/workflows/run-e2e-tests.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/run-e2e-tests.yml b/.github/workflows/run-e2e-tests.yml index 4d331a4e2..a7c98b385 100644 --- a/.github/workflows/run-e2e-tests.yml +++ b/.github/workflows/run-e2e-tests.yml @@ -40,7 +40,8 @@ jobs: e2e-tests: runs-on: ubuntu-latest environment: - name: ${{ inputs.environment }} + # name: ${{ inputs.environment }} + name: internal-dev env: # Sonarcloud - do not allow direct usage of untrusted data APIGEE_ENVIRONMENT: internal-dev BACKEND_ENVIRONMENT: dev From ed635bf6b32c285d8d926907ac9df35843a00d8b Mon Sep 17 00:00:00 2001 From: Matt Jarvis Date: Tue, 14 Oct 2025 16:52:18 +0100 Subject: [PATCH 11/29] VED-812: Use input parameters. Add batch e2e tests. --- .github/workflows/deploy-backend.yml | 12 ++-- .github/workflows/pr-teardown.yml | 4 +- .github/workflows/run-e2e-tests.yml | 78 +++++++++++++++++++----- .github/workflows/test-run-e2e-tests.yml | 12 ++++ 4 files changed, 84 insertions(+), 22 deletions(-) create mode 100644 .github/workflows/test-run-e2e-tests.yml diff --git a/.github/workflows/deploy-backend.yml b/.github/workflows/deploy-backend.yml index b9790a68b..e3c2d10f7 100644 --- a/.github/workflows/deploy-backend.yml +++ b/.github/workflows/deploy-backend.yml @@ -73,18 +73,18 @@ jobs: terraform_version: "1.12.2" - name: Terraform Init - working-directory: ${{ vars.TERRAFORM_DIR_PATH }} + working-directory: terraform run: make init apigee_environment=$APIGEE_ENVIRONMENT environment=$BACKEND_ENVIRONMENT sub_environment=$BACKEND_SUB_ENVIRONMENT - name: Terraform Plan - working-directory: ${{ vars.TERRAFORM_DIR_PATH }} + working-directory: terraform run: make plan-ci apigee_environment=$APIGEE_ENVIRONMENT environment=$BACKEND_ENVIRONMENT sub_environment=$BACKEND_SUB_ENVIRONMENT - name: Save Terraform Plan uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 with: name: tfplan - path: ${{ vars.TERRAFORM_DIR_PATH }}/tfplan + path: terraform/tfplan terraform-apply: needs: terraform-plan @@ -116,14 +116,14 @@ jobs: uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 with: name: tfplan - path: ${{ vars.TERRAFORM_DIR_PATH }} + path: terraform - name: Terraform Init - working-directory: ${{ vars.TERRAFORM_DIR_PATH }} + working-directory: terraform run: make init apigee_environment=$APIGEE_ENVIRONMENT environment=$BACKEND_ENVIRONMENT sub_environment=$BACKEND_SUB_ENVIRONMENT - name: Terraform Apply - working-directory: ${{ vars.TERRAFORM_DIR_PATH }} + working-directory: terraform run: | make apply-ci apigee_environment=$APIGEE_ENVIRONMENT environment=$BACKEND_ENVIRONMENT sub_environment=$BACKEND_SUB_ENVIRONMENT echo "ID_SYNC_QUEUE_ARN=$(make -s output name=id_sync_queue_arn)" >> $GITHUB_ENV diff --git a/.github/workflows/pr-teardown.yml b/.github/workflows/pr-teardown.yml index 8830234ff..320df30e6 100644 --- a/.github/workflows/pr-teardown.yml +++ b/.github/workflows/pr-teardown.yml @@ -43,7 +43,7 @@ jobs: terraform_version: "1.12.2" - name: Terraform Init and extract MNS SQS QUEUE ARN - working-directory: ${{ vars.TERRAFORM_DIR_PATH }} + working-directory: terraform run: | make init apigee_environment=$APIGEE_ENVIRONMENT environment=$BACKEND_ENVIRONMENT sub_environment=$BACKEND_SUB_ENVIRONMENT make workspace apigee_environment=$APIGEE_ENVIRONMENT environment=$BACKEND_ENVIRONMENT sub_environment=$BACKEND_SUB_ENVIRONMENT @@ -68,6 +68,6 @@ jobs: make unsubscribe - name: Terraform Destroy - working-directory: ${{ vars.TERRAFORM_DIR_PATH }} + working-directory: terraform run: | make destroy apigee_environment=$APIGEE_ENVIRONMENT environment=$BACKEND_ENVIRONMENT sub_environment=$BACKEND_SUB_ENVIRONMENT diff --git a/.github/workflows/run-e2e-tests.yml b/.github/workflows/run-e2e-tests.yml index a7c98b385..cea8dd704 100644 --- a/.github/workflows/run-e2e-tests.yml +++ b/.github/workflows/run-e2e-tests.yml @@ -32,20 +32,16 @@ on: sub_environment: type: string description: Set the sub environment name e.g. pr-xxx, or green/blue in higher environments - # TODO - remove - pull_request: - types: [labeled, opened, synchronize, reopened, unlabeled] jobs: e2e-tests: runs-on: ubuntu-latest environment: - # name: ${{ inputs.environment }} - name: internal-dev + name: ${{ inputs.environment }} env: # Sonarcloud - do not allow direct usage of untrusted data - APIGEE_ENVIRONMENT: internal-dev - BACKEND_ENVIRONMENT: dev - BACKEND_SUB_ENVIRONMENT: internal-dev + APIGEE_ENVIRONMENT: ${{ inputs.apigee_environment }} + BACKEND_ENVIRONMENT: ${{ inputs.environment }} + BACKEND_SUB_ENVIRONMENT: ${{ inputs.sub_environment }} APIGEE_USERNAME: ${{ vars.APIGEE_USERNAME }} permissions: id-token: write @@ -60,6 +56,14 @@ jobs: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd + with: + terraform_version: "1.12.2" + + - name: Terraform Init + working-directory: terraform + run: make init apigee_environment=$APIGEE_ENVIRONMENT environment=$BACKEND_ENVIRONMENT sub_environment=$BACKEND_SUB_ENVIRONMENT + - name: Install poetry run: pip install poetry==2.1.4 @@ -99,10 +103,56 @@ jobs: export PROXY_NAME=immunisation-fhir-api-internal-dev export SERVICE_BASE_PATH=immunisation-fhir-api/FHIR/R4 - export IMMS_DELTA_TABLE_NAME=imms-internal-dev-delta - export AWS_DOMAIN_NAME=internal-dev.imms.dev.vds.platform.nhs.uk - export DYNAMODB_TABLE_NAME=imms-internal-dev-imms-events - export AWS_SQS_QUEUE_NAME=imms-internal-dev-delta-dlq - export AWS_SNS_TOPIC_NAME=imms-internal-dev-delta-sns + # export IMMS_DELTA_TABLE_NAME=imms-internal-dev-delta + # export AWS_DOMAIN_NAME=internal-dev.imms.dev.vds.platform.nhs.uk + # export DYNAMODB_TABLE_NAME=imms-internal-dev-imms-events + # export AWS_SQS_QUEUE_NAME=imms-internal-dev-delta-dlq + # export AWS_SNS_TOPIC_NAME=imms-internal-dev-delta-sns + + # poetry run python -m unittest -c -v + make run + + batch-e2e-tests: + runs-on: ubuntu-latest + environment: + name: ${{ inputs.environment }} + env: # Sonarcloud - do not allow direct usage of untrusted data + APIGEE_ENVIRONMENT: ${{ inputs.apigee_environment }} + BACKEND_ENVIRONMENT: ${{ inputs.environment }} + BACKEND_SUB_ENVIRONMENT: ${{ inputs.sub_environment }} + APIGEE_USERNAME: ${{ vars.APIGEE_USERNAME }} + permissions: + id-token: write + contents: read + steps: + - name: Connect to AWS + uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 + with: + aws-region: eu-west-2 + role-to-assume: arn:aws:iam::${{ vars.AWS_ACCOUNT_ID }}:role/auto-ops + role-session-name: github-actions + + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + + - name: Install poetry + run: pip install poetry==2.1.4 + + - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c + with: + python-version: 3.11 + cache: "poetry" + + - name: Install e2e test dependencies + working-directory: e2e_batch + run: poetry install --no-root + + - name: Run batch e2e tests + working-directory: e2e_batch + env: + ENVIRONMENT: ${{ inputs.sub_environment }} + run: | + # export PROXY_NAME=immunisation-fhir-api-internal-dev + # export SERVICE_BASE_PATH=immunisation-fhir-api/FHIR/R4 - poetry run python -m unittest -c -v + # poetry run python -m unittest -c -v + make test diff --git a/.github/workflows/test-run-e2e-tests.yml b/.github/workflows/test-run-e2e-tests.yml new file mode 100644 index 000000000..338fef794 --- /dev/null +++ b/.github/workflows/test-run-e2e-tests.yml @@ -0,0 +1,12 @@ +# TODO - delete +name: Test "Run e2e Tests" pipeline +on: + pull_request: + types: [labeled, opened, synchronize, reopened, unlabeled] +jobs: + call-pipeline: + uses: ./.github/workflows/run-e2e-tests.yml + with: + environment: dev + sub_environment: internal-dev + apigee_environment: internal-dev From b87043bd5d4472bb739b948fb7d7d08425b1427b Mon Sep 17 00:00:00 2001 From: Matt Jarvis Date: Tue, 14 Oct 2025 17:01:28 +0100 Subject: [PATCH 12/29] VED-812: Pass secrets to reusable pipeline. Fix batch e2e test command. --- .github/workflows/run-e2e-tests.yml | 4 ++-- .github/workflows/test-run-e2e-tests.yml | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/run-e2e-tests.yml b/.github/workflows/run-e2e-tests.yml index cea8dd704..b50f6da51 100644 --- a/.github/workflows/run-e2e-tests.yml +++ b/.github/workflows/run-e2e-tests.yml @@ -113,6 +113,7 @@ jobs: make run batch-e2e-tests: + needs: [e2e-tests] runs-on: ubuntu-latest environment: name: ${{ inputs.environment }} @@ -154,5 +155,4 @@ jobs: # export PROXY_NAME=immunisation-fhir-api-internal-dev # export SERVICE_BASE_PATH=immunisation-fhir-api/FHIR/R4 - # poetry run python -m unittest -c -v - make test + poetry run python -m unittest -c -v diff --git a/.github/workflows/test-run-e2e-tests.yml b/.github/workflows/test-run-e2e-tests.yml index 338fef794..5684c4ede 100644 --- a/.github/workflows/test-run-e2e-tests.yml +++ b/.github/workflows/test-run-e2e-tests.yml @@ -10,3 +10,4 @@ jobs: environment: dev sub_environment: internal-dev apigee_environment: internal-dev + secrets: inherit From eadad72b01332c6411f044ca40170ad5c85fd238 Mon Sep 17 00:00:00 2001 From: Matt Jarvis Date: Tue, 14 Oct 2025 17:23:05 +0100 Subject: [PATCH 13/29] VED-812: Read outputs from Terraform. Some tidying up. --- .github/workflows/run-e2e-tests.yml | 42 ++++++++++++++--------------- terraform/.terraform.lock.hcl | 32 +++++++++++----------- 2 files changed, 36 insertions(+), 38 deletions(-) diff --git a/.github/workflows/run-e2e-tests.yml b/.github/workflows/run-e2e-tests.yml index b50f6da51..fa335c55b 100644 --- a/.github/workflows/run-e2e-tests.yml +++ b/.github/workflows/run-e2e-tests.yml @@ -33,15 +33,17 @@ on: type: string description: Set the sub environment name e.g. pr-xxx, or green/blue in higher environments +env: + APIGEE_ENVIRONMENT: ${{ inputs.apigee_environment }} + BACKEND_ENVIRONMENT: ${{ inputs.environment }} + BACKEND_SUB_ENVIRONMENT: ${{ inputs.sub_environment }} + jobs: e2e-tests: runs-on: ubuntu-latest environment: name: ${{ inputs.environment }} env: # Sonarcloud - do not allow direct usage of untrusted data - APIGEE_ENVIRONMENT: ${{ inputs.apigee_environment }} - BACKEND_ENVIRONMENT: ${{ inputs.environment }} - BACKEND_SUB_ENVIRONMENT: ${{ inputs.sub_environment }} APIGEE_USERNAME: ${{ vars.APIGEE_USERNAME }} permissions: id-token: write @@ -64,6 +66,15 @@ jobs: working-directory: terraform run: make init apigee_environment=$APIGEE_ENVIRONMENT environment=$BACKEND_ENVIRONMENT sub_environment=$BACKEND_SUB_ENVIRONMENT + - name: Read Terraform outputs + working-directory: terraform + run: | + echo "IMMS_DELTA_TABLE_NAME=$(make -s output name=imms_delta_table_name)" >> $GITHUB_ENV + echo "AWS_DOMAIN_NAME=$(make -s output name=service_domain_name)" >> $GITHUB_ENV + echo "DYNAMODB_TABLE_NAME=$(make -s output name=dynamodb_table_name)" >> $GITHUB_ENV + echo "AWS_SQS_QUEUE_NAME=$(make -s output name=aws_sqs_queue_name)" >> $GITHUB_ENV + echo "AWS_SNS_TOPIC_NAME=$(make -s output name=aws_sns_topic_name)" >> $GITHUB_ENV + - name: Install poetry run: pip install poetry==2.1.4 @@ -99,29 +110,20 @@ jobs: - name: Run e2e tests working-directory: e2e + env: + SOURCE_COMMIT_ID: ${{ github.sha }} + # STATUS_API_KEY: ${{ secrets.STATUS_API_KEY }} run: | - export PROXY_NAME=immunisation-fhir-api-internal-dev + # TODO - handle PR deployments export SERVICE_BASE_PATH=immunisation-fhir-api/FHIR/R4 - # export IMMS_DELTA_TABLE_NAME=imms-internal-dev-delta - # export AWS_DOMAIN_NAME=internal-dev.imms.dev.vds.platform.nhs.uk - # export DYNAMODB_TABLE_NAME=imms-internal-dev-imms-events - # export AWS_SQS_QUEUE_NAME=imms-internal-dev-delta-dlq - # export AWS_SNS_TOPIC_NAME=imms-internal-dev-delta-sns - - # poetry run python -m unittest -c -v - make run + poetry run python -m unittest -c -v batch-e2e-tests: needs: [e2e-tests] runs-on: ubuntu-latest environment: name: ${{ inputs.environment }} - env: # Sonarcloud - do not allow direct usage of untrusted data - APIGEE_ENVIRONMENT: ${{ inputs.apigee_environment }} - BACKEND_ENVIRONMENT: ${{ inputs.environment }} - BACKEND_SUB_ENVIRONMENT: ${{ inputs.sub_environment }} - APIGEE_USERNAME: ${{ vars.APIGEE_USERNAME }} permissions: id-token: write contents: read @@ -151,8 +153,4 @@ jobs: working-directory: e2e_batch env: ENVIRONMENT: ${{ inputs.sub_environment }} - run: | - # export PROXY_NAME=immunisation-fhir-api-internal-dev - # export SERVICE_BASE_PATH=immunisation-fhir-api/FHIR/R4 - - poetry run python -m unittest -c -v + run: poetry run python -m unittest -c -v diff --git a/terraform/.terraform.lock.hcl b/terraform/.terraform.lock.hcl index 810c99eaa..da2a93a2e 100644 --- a/terraform/.terraform.lock.hcl +++ b/terraform/.terraform.lock.hcl @@ -2,25 +2,25 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/aws" { - version = "6.15.0" + version = "6.16.0" constraints = ">= 6.0.0, ~> 6.0" hashes = [ - "h1:nP988jNuJMcQIB3HLzVK7EfLk5mgWmoWgOsdZDZpIOs=", - "zh:05a3d3b268761cd90cabd6106bff2bf27f480ab31305cd8ef8c749060855f84d", - "zh:0edae750ebaee784624e41b1e18fe6179a513d63c5bb8fbffab4631391092b4f", - "zh:17f3d20951662ffd6a610d9c7f44afa281db6f220685796147e4ffb6374cc8b8", - "zh:373a5446fca3aeff76bc5637babd732d6c78d9a66c82a828a1b009e8b21f33bc", - "zh:3ce69866d23b7d0bb5bfa06f5407147ed90713924cd65246858c414313a96ffc", - "zh:40ab0ca19845890df706784bb62d9fc9961a15c23c894f0e9f89b66524c4be55", - "zh:66bd5554c582c1f01c1a509eedf4a81c861065b48a49d1be3e3ea98a89b1f801", - "zh:798b66f98cc8d8ff9c6844a8238d2639f951ef3956d412fb438708ba3e4ae9e3", - "zh:943e5f918d3b470fbfb9ea1c8bcc3b97a8218a0842e77a0fdbac0941dd461cdf", + "h1:NvE2p1246fuy8CkSn9urzNg1XuXmlQkjeUJsL9Gjd6A=", + "zh:11b5c11fc47aa7537d3acfb3156c9206ce465c2c0db4478914d1ba9493a27f38", + "zh:1de5c4ef8096ab6a4fe8e528c5a1d772a57de74ef4de98996071987d0d6a7696", + "zh:1eaaaa02503e34e57494831ea32b3327482857b01011b40753ec37c502719ee0", + "zh:367159ac72b344802e72631505894b1e7c04211f59d17c137cc9528acfb3b940", + "zh:449bb91e861d16ce80aabe148b40fa20ee4250c934cf467f6c21cf2206be1b5f", + "zh:45b4757e15a9887bf1d6dce07cbbbff365399759bb920456cf30cae47f0b0170", + "zh:4d2824050f8f2d3916a3363e0eeeab6c2c5a0912323029c4c7dc6e93ff3cfbc1", + "zh:6f363f811d20d7bd3e558d6da2cff0506c78ccea5956f919e531b22fdc7300c8", + "zh:7ab0990fc172a1343e4af6d7540be43adba989ee1b422b9d54c3369247155cea", "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:9e95f017fae84d07d6cd627949715dbe8749d4d819c13c8b0bef1a679a26671b", - "zh:aac7e07599a17fccbdd21b092a7741534af5bec60b492299f2bcd3d7279be4a9", - "zh:c6292faaf05a6dc45e170f67f251aaad9b7e1159b5946219908dd11025f4146b", - "zh:df892b9eca5ecfb3c0a0e829511aea7e6b30f08b862c7fba9de67d2ae9729983", - "zh:fb8c5ff7296d01bf60d983c64f45969ec664a40bdd768d90a35a6afe7df1aeb7", + "zh:9eaae66cc57aa07a392eb9cb3fc115a5f446ffe9f51a7f45ffaefc7a64c17b31", + "zh:aee7dbba84823ed9ca93afb0579c78605588f9355e23ec1aafa22ac4a77c45c3", + "zh:be18792d2a52bbc06e6d21dc69c7ec7134e7aaf9e8bca5fd48d2edc8c1f9085e", + "zh:d2fb28162a6ed080fefe1d16b20be86652568e930aa777f186ecfcac66af6c43", + "zh:e1ffb80f46b64c26742417abe454af9c0d3920a8636698574c0a558e66cad535", ] } From 63d0c46a771ee0f6474fe3ba11033573b056fcdc Mon Sep 17 00:00:00 2001 From: Matt Jarvis Date: Tue, 14 Oct 2025 17:26:18 +0100 Subject: [PATCH 14/29] VED-812: Select workspace before running Terraform output. --- terraform/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/Makefile b/terraform/Makefile index 4483f9f9d..117c9cc15 100644 --- a/terraform/Makefile +++ b/terraform/Makefile @@ -53,7 +53,7 @@ destroy: workspace $(tf_cmd) workspace select default $(tf_cmd) workspace delete $(sub_environment) -output: +output: workspace $(tf_cmd) output -raw $(name) #Make lambda zip file in /terraform/zips directory. Whenever code gets changed in lamdba_typescript directory , new zip file gets uploaded to s3. For local,you can you this make target From a058e781e3a0b6fe1dcdd7515edc53285485c03c Mon Sep 17 00:00:00 2001 From: Matt Jarvis Date: Tue, 14 Oct 2025 17:28:52 +0100 Subject: [PATCH 15/29] VED-812: Fix env var names --- .github/workflows/run-e2e-tests.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/run-e2e-tests.yml b/.github/workflows/run-e2e-tests.yml index fa335c55b..014bfcd59 100644 --- a/.github/workflows/run-e2e-tests.yml +++ b/.github/workflows/run-e2e-tests.yml @@ -35,8 +35,8 @@ on: env: APIGEE_ENVIRONMENT: ${{ inputs.apigee_environment }} - BACKEND_ENVIRONMENT: ${{ inputs.environment }} - BACKEND_SUB_ENVIRONMENT: ${{ inputs.sub_environment }} + ENVIRONMENT: ${{ inputs.environment }} + SUB_ENVIRONMENT: ${{ inputs.sub_environment }} jobs: e2e-tests: @@ -64,7 +64,7 @@ jobs: - name: Terraform Init working-directory: terraform - run: make init apigee_environment=$APIGEE_ENVIRONMENT environment=$BACKEND_ENVIRONMENT sub_environment=$BACKEND_SUB_ENVIRONMENT + run: make init - name: Read Terraform outputs working-directory: terraform From ab4c0e348c71f1d8f7f331c7c325dcd1374b633d Mon Sep 17 00:00:00 2001 From: Matt Jarvis Date: Tue, 14 Oct 2025 17:30:55 +0100 Subject: [PATCH 16/29] VED-812: Set workspace explicitly. --- .github/workflows/run-e2e-tests.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/run-e2e-tests.yml b/.github/workflows/run-e2e-tests.yml index 014bfcd59..c4692d7cf 100644 --- a/.github/workflows/run-e2e-tests.yml +++ b/.github/workflows/run-e2e-tests.yml @@ -66,6 +66,10 @@ jobs: working-directory: terraform run: make init + - name: Set Terraform workspace + working-directory: terraform + run: make workspace + - name: Read Terraform outputs working-directory: terraform run: | From 1f54c44473e61b313fd1a04a4c1f5e3f6ced6753 Mon Sep 17 00:00:00 2001 From: Matt Jarvis Date: Tue, 14 Oct 2025 17:33:04 +0100 Subject: [PATCH 17/29] VED-812: Revert previous change. --- terraform/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/Makefile b/terraform/Makefile index 117c9cc15..4483f9f9d 100644 --- a/terraform/Makefile +++ b/terraform/Makefile @@ -53,7 +53,7 @@ destroy: workspace $(tf_cmd) workspace select default $(tf_cmd) workspace delete $(sub_environment) -output: workspace +output: $(tf_cmd) output -raw $(name) #Make lambda zip file in /terraform/zips directory. Whenever code gets changed in lamdba_typescript directory , new zip file gets uploaded to s3. For local,you can you this make target From 44ebcb44070d9eefef77fb4ec8ee473198cf35dd Mon Sep 17 00:00:00 2001 From: Matt Jarvis Date: Tue, 14 Oct 2025 17:36:46 +0100 Subject: [PATCH 18/29] VED-812: Add missing env var. --- .github/workflows/run-e2e-tests.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/run-e2e-tests.yml b/.github/workflows/run-e2e-tests.yml index c4692d7cf..3a0ed431d 100644 --- a/.github/workflows/run-e2e-tests.yml +++ b/.github/workflows/run-e2e-tests.yml @@ -120,6 +120,7 @@ jobs: run: | # TODO - handle PR deployments export SERVICE_BASE_PATH=immunisation-fhir-api/FHIR/R4 + export PROXY_NAME=immunisation-fhir-api-internal-dev poetry run python -m unittest -c -v From 443aaf9ede6c0f9d2bc070ab71404ab6dcba02f9 Mon Sep 17 00:00:00 2001 From: Matt Jarvis Date: Wed, 15 Oct 2025 10:30:30 +0100 Subject: [PATCH 19/29] VED-812: Only restore relevant caches. Always run batch e2e tests. --- .github/workflows/deploy-backend.yml | 3 +++ .github/workflows/pr-teardown.yml | 3 +++ .github/workflows/run-e2e-tests.yml | 13 +++++++------ 3 files changed, 13 insertions(+), 6 deletions(-) diff --git a/.github/workflows/deploy-backend.yml b/.github/workflows/deploy-backend.yml index e3c2d10f7..11bbac298 100644 --- a/.github/workflows/deploy-backend.yml +++ b/.github/workflows/deploy-backend.yml @@ -137,6 +137,9 @@ jobs: with: python-version: 3.11 cache: "poetry" + cache-dependency-path: | + lambdas/mns_subscription/poetry.lock + lambdas/shared/poetry.lock - name: Create MNS Subscription if: ${{ inputs.environment == 'dev' && inputs.create_mns_subscription }} diff --git a/.github/workflows/pr-teardown.yml b/.github/workflows/pr-teardown.yml index 320df30e6..4a0d2691d 100644 --- a/.github/workflows/pr-teardown.yml +++ b/.github/workflows/pr-teardown.yml @@ -56,6 +56,9 @@ jobs: with: python-version: 3.11 cache: "poetry" + cache-dependency-path: | + lambdas/mns_subscription/poetry.lock + lambdas/shared/poetry.lock - name: Unsubscribe MNS working-directory: "./lambdas/mns_subscription" diff --git a/.github/workflows/run-e2e-tests.yml b/.github/workflows/run-e2e-tests.yml index 3a0ed431d..864c00548 100644 --- a/.github/workflows/run-e2e-tests.yml +++ b/.github/workflows/run-e2e-tests.yml @@ -38,6 +38,10 @@ env: ENVIRONMENT: ${{ inputs.environment }} SUB_ENVIRONMENT: ${{ inputs.sub_environment }} +permissions: + id-token: write + contents: read + jobs: e2e-tests: runs-on: ubuntu-latest @@ -45,9 +49,6 @@ jobs: name: ${{ inputs.environment }} env: # Sonarcloud - do not allow direct usage of untrusted data APIGEE_USERNAME: ${{ vars.APIGEE_USERNAME }} - permissions: - id-token: write - contents: read steps: - name: Connect to AWS uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 @@ -86,6 +87,7 @@ jobs: with: python-version: 3.11 cache: "poetry" + cache-dependency-path: "e2e/poetry.lock" - name: Install e2e test dependencies working-directory: e2e @@ -126,12 +128,10 @@ jobs: batch-e2e-tests: needs: [e2e-tests] + if: ${{ always() }} runs-on: ubuntu-latest environment: name: ${{ inputs.environment }} - permissions: - id-token: write - contents: read steps: - name: Connect to AWS uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 @@ -149,6 +149,7 @@ jobs: with: python-version: 3.11 cache: "poetry" + cache-dependency-path: "e2e_batch/poetry.lock" - name: Install e2e test dependencies working-directory: e2e_batch From 0197736526c8d080ee694e4b3096b621525df6c7 Mon Sep 17 00:00:00 2001 From: Matt Jarvis Date: Wed, 15 Oct 2025 11:09:22 +0100 Subject: [PATCH 20/29] VED-812: Wait for API to be available before running tests. --- .github/workflows/run-e2e-tests.yml | 60 +++++++++++++++++++++++------ 1 file changed, 49 insertions(+), 11 deletions(-) diff --git a/.github/workflows/run-e2e-tests.yml b/.github/workflows/run-e2e-tests.yml index 864c00548..33900a981 100644 --- a/.github/workflows/run-e2e-tests.yml +++ b/.github/workflows/run-e2e-tests.yml @@ -37,17 +37,59 @@ env: APIGEE_ENVIRONMENT: ${{ inputs.apigee_environment }} ENVIRONMENT: ${{ inputs.environment }} SUB_ENVIRONMENT: ${{ inputs.sub_environment }} + # TODO - handle PR deployments + SERVICE_BASE_PATH: "immunisation-fhir-api/FHIR/R4" + STATUS_API_KEY: ${{ secrets.STATUS_API_KEY }} permissions: id-token: write contents: read jobs: + wait-for-deployment: + runs-on: ubuntu-latest + environment: ${{ inputs.environment }} + steps: + - name: Wait for API to be available + run: | + set -ex + + endpoint="" + if [[ $APIGEE_ENVIRONMENT =~ "prod" ]]; then + endpoint="https://api.service.nhs.uk/${SERVICE_BASE_PATH}/_status" + else + endpoint="https://${APIGEE_ENVIRONMENT}.api.service.nhs.uk/${SERVICE_BASE_PATH}/_status" + fi + + counter=0 + while [[ $counter -lt 31 ]]; do + response=$(curl -H "apikey: ${STATUS_API_KEY}" -s "$endpoint") + response_code=$(jq -r '.checks.healthcheck.responseCode' <<< "$response") + response_body=$(jq -r '.checks.healthcheck.outcome' <<< "$response") + status=$(jq -r '.status' <<< "$response") + if [ "$response_code" -eq 200 ] && [ "$response_body" == "OK" ] && [ "$status" == "pass" ]; then + echo "Status test successful" + break + else + echo "Waiting for $endpoint to return a 200 response with 'OK' body..." + ((counter=counter+1)) # Increment counter by 1 + echo "Attempt $counter" + sleep 30 + fi + done + + if [ $counter -eq 31 ]; then + echo "Status test failed: Maximum number of attempts reached" + echo "Last response received:" + echo "$response" + exit 1 + fi + e2e-tests: runs-on: ubuntu-latest - environment: - name: ${{ inputs.environment }} - env: # Sonarcloud - do not allow direct usage of untrusted data + needs: [wait-for-deployment] + environment: ${{ inputs.environment }} + env: APIGEE_USERNAME: ${{ vars.APIGEE_USERNAME }} steps: - name: Connect to AWS @@ -118,20 +160,16 @@ jobs: working-directory: e2e env: SOURCE_COMMIT_ID: ${{ github.sha }} - # STATUS_API_KEY: ${{ secrets.STATUS_API_KEY }} - run: | # TODO - handle PR deployments - export SERVICE_BASE_PATH=immunisation-fhir-api/FHIR/R4 - export PROXY_NAME=immunisation-fhir-api-internal-dev - + PROXY_NAME: "immunisation-fhir-api-internal-dev" + run: | poetry run python -m unittest -c -v batch-e2e-tests: needs: [e2e-tests] - if: ${{ always() }} + if: ${{ !cancelled() && jobs.wait-for-deployment.result == 'success' }} runs-on: ubuntu-latest - environment: - name: ${{ inputs.environment }} + environment: ${{ inputs.environment }} steps: - name: Connect to AWS uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 From 0806304e892608f18c70c5e70914a8077dcdb2e9 Mon Sep 17 00:00:00 2001 From: Matt Jarvis Date: Wed, 15 Oct 2025 11:19:49 +0100 Subject: [PATCH 21/29] VED-812: Replace use of unavailable context. --- .github/workflows/run-e2e-tests.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/run-e2e-tests.yml b/.github/workflows/run-e2e-tests.yml index 33900a981..a177f6e64 100644 --- a/.github/workflows/run-e2e-tests.yml +++ b/.github/workflows/run-e2e-tests.yml @@ -166,8 +166,9 @@ jobs: poetry run python -m unittest -c -v batch-e2e-tests: - needs: [e2e-tests] - if: ${{ !cancelled() && jobs.wait-for-deployment.result == 'success' }} + needs: [wait-for-deployment, e2e-tests] + # Only actually depend on wait-for-deployment, but run after e2e-tests + if: ${{ !cancelled() && needs.wait-for-deployment.result == 'success' }} runs-on: ubuntu-latest environment: ${{ inputs.environment }} steps: From 5c8213d07a8c7db58ed88fb1104ab0e87df63ac3 Mon Sep 17 00:00:00 2001 From: Matt Jarvis Date: Wed, 15 Oct 2025 12:07:25 +0100 Subject: [PATCH 22/29] VED-812: Set proxy name and service base path according to the environment. --- .github/workflows/run-e2e-tests.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.github/workflows/run-e2e-tests.yml b/.github/workflows/run-e2e-tests.yml index a177f6e64..c60e84df7 100644 --- a/.github/workflows/run-e2e-tests.yml +++ b/.github/workflows/run-e2e-tests.yml @@ -37,8 +37,8 @@ env: APIGEE_ENVIRONMENT: ${{ inputs.apigee_environment }} ENVIRONMENT: ${{ inputs.environment }} SUB_ENVIRONMENT: ${{ inputs.sub_environment }} - # TODO - handle PR deployments - SERVICE_BASE_PATH: "immunisation-fhir-api/FHIR/R4" + SERVICE_BASE_PATH: ${{ startsWith(inputs.sub_environment, 'pr-') && format('immunisation-fhir-api/FHIR/R4-{0}', inputs.sub_environment) || 'immunisation-fhir-api/FHIR/R4' }} + PROXY_NAME: ${{ startsWith(inputs.sub_environment, 'pr-') && format('immunisation-fhir-api-{0}', inputs.sub_environment) || format('immunisation-fhir-api-{0}', inputs.apigee_environment) }} STATUS_API_KEY: ${{ secrets.STATUS_API_KEY }} permissions: @@ -160,8 +160,6 @@ jobs: working-directory: e2e env: SOURCE_COMMIT_ID: ${{ github.sha }} - # TODO - handle PR deployments - PROXY_NAME: "immunisation-fhir-api-internal-dev" run: | poetry run python -m unittest -c -v From 2096d8abf1ea46c88be67b0dbfb32e3e12e5f371 Mon Sep 17 00:00:00 2001 From: Matt Jarvis Date: Wed, 15 Oct 2025 15:53:26 +0100 Subject: [PATCH 23/29] VED-812: Replicate existing e2e test commands per env. --- .github/workflows/run-e2e-tests.yml | 29 +++++++++++++++++++++-------- 1 file changed, 21 insertions(+), 8 deletions(-) diff --git a/.github/workflows/run-e2e-tests.yml b/.github/workflows/run-e2e-tests.yml index c60e84df7..4c933f143 100644 --- a/.github/workflows/run-e2e-tests.yml +++ b/.github/workflows/run-e2e-tests.yml @@ -91,6 +91,7 @@ jobs: environment: ${{ inputs.environment }} env: APIGEE_USERNAME: ${{ vars.APIGEE_USERNAME }} + SOURCE_COMMIT_ID: ${{ github.sha }} steps: - name: Connect to AWS uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 @@ -152,21 +153,33 @@ jobs: -H "Authorization: Basic $APIGEE_BASIC_AUTH_TOKEN" \ -d "username=$APIGEE_USERNAME&password=$APIGEE_PASSWORD&mfa_token=$CODE&grant_type=password") - token=$(jq -e -r '.access_token' <<<"$response") + token=$(jq -e -r '.access_token' <<< "$response") echo "::add-mask::$token" echo "APIGEE_ACCESS_TOKEN=$token" >> $GITHUB_ENV - - name: Run e2e tests + - name: Run proxy deployment e2e test suite working-directory: e2e - env: - SOURCE_COMMIT_ID: ${{ github.sha }} - run: | - poetry run python -m unittest -c -v + run: poetry run python -m unittest test_deployment + + - name: Run proxy e2e test suite + if: ${{ vars.RUN_PROXY_E2E_TESTS == 'true' }} + working-directory: e2e + run: poetry run python -m unittest test_proxy + + - name: Run sandbox e2e test suite + if: ${{ vars.RUN_SANDBOX_E2E_TESTS == 'true' }} + working-directory: e2e + run: poetry run python -m unittest test_proxy.TestProxyHealthcheck + + - name: Run full e2e test suite + if: ${{ vars.RUN_FULL_E2E_TESTS == 'true' }} + working-directory: e2e + run: poetry run python -m unittest batch-e2e-tests: needs: [wait-for-deployment, e2e-tests] # Only actually depend on wait-for-deployment, but run after e2e-tests - if: ${{ !cancelled() && needs.wait-for-deployment.result == 'success' }} + if: ${{ !cancelled() && needs.wait-for-deployment.result == 'success' && vars.RUN_BATCH_E2E_TESTS == 'true' }} runs-on: ubuntu-latest environment: ${{ inputs.environment }} steps: @@ -192,7 +205,7 @@ jobs: working-directory: e2e_batch run: poetry install --no-root - - name: Run batch e2e tests + - name: Run batch e2e test suite working-directory: e2e_batch env: ENVIRONMENT: ${{ inputs.sub_environment }} From d7b9d0c83d83bfd52c5e8e989f485102db7ca926 Mon Sep 17 00:00:00 2001 From: Matt Jarvis Date: Thu, 16 Oct 2025 11:11:12 +0100 Subject: [PATCH 24/29] VED-812: Tidy up. Use env vars associated with the Apigee environment. Make more steps conditional. --- .github/workflows/deploy-backend.yml | 41 ++++++++++---------------- .github/workflows/run-e2e-tests.yml | 44 +++++++++++++++------------- 2 files changed, 40 insertions(+), 45 deletions(-) diff --git a/.github/workflows/deploy-backend.yml b/.github/workflows/deploy-backend.yml index 11bbac298..191208dec 100644 --- a/.github/workflows/deploy-backend.yml +++ b/.github/workflows/deploy-backend.yml @@ -42,19 +42,24 @@ on: type: string description: Set the sub environment name e.g. pr-xxx, or green/blue in higher environments +env: # Sonarcloud - do not allow direct usage of untrusted data + APIGEE_ENVIRONMENT: ${{ inputs.apigee_environment }} + ENVIRONMENT: ${{ inputs.environment }} + SUB_ENVIRONMENT: ${{ inputs.sub_environment }} + +permissions: + id-token: write + contents: read + jobs: terraform-plan: runs-on: ubuntu-latest environment: name: ${{ inputs.environment }} - env: # Sonarcloud - do not allow direct usage of untrusted data - APIGEE_ENVIRONMENT: ${{ inputs.apigee_environment }} - BACKEND_ENVIRONMENT: ${{ inputs.environment }} - BACKEND_SUB_ENVIRONMENT: ${{ inputs.sub_environment }} - permissions: - id-token: write - contents: read steps: + - name: Checkout + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + - name: Connect to AWS uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 with: @@ -62,23 +67,17 @@ jobs: role-to-assume: arn:aws:iam::${{ vars.AWS_ACCOUNT_ID }}:role/auto-ops role-session-name: github-actions - - name: Whoami - run: aws sts get-caller-identity - - - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 - - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd with: terraform_version: "1.12.2" - name: Terraform Init working-directory: terraform - run: make init apigee_environment=$APIGEE_ENVIRONMENT environment=$BACKEND_ENVIRONMENT sub_environment=$BACKEND_SUB_ENVIRONMENT + run: make init - name: Terraform Plan working-directory: terraform - run: make plan-ci apigee_environment=$APIGEE_ENVIRONMENT environment=$BACKEND_ENVIRONMENT sub_environment=$BACKEND_SUB_ENVIRONMENT + run: make plan-ci - name: Save Terraform Plan uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 @@ -91,13 +90,6 @@ jobs: runs-on: ubuntu-latest environment: name: ${{ inputs.environment }} - env: # Sonarcloud - do not allow direct usage of untrusted data - APIGEE_ENVIRONMENT: ${{ inputs.apigee_environment }} - BACKEND_ENVIRONMENT: ${{ inputs.environment }} - BACKEND_SUB_ENVIRONMENT: ${{ inputs.sub_environment }} - permissions: - id-token: write - contents: read steps: - name: Checkout uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 @@ -120,12 +112,12 @@ jobs: - name: Terraform Init working-directory: terraform - run: make init apigee_environment=$APIGEE_ENVIRONMENT environment=$BACKEND_ENVIRONMENT sub_environment=$BACKEND_SUB_ENVIRONMENT + run: make init - name: Terraform Apply working-directory: terraform run: | - make apply-ci apigee_environment=$APIGEE_ENVIRONMENT environment=$BACKEND_ENVIRONMENT sub_environment=$BACKEND_SUB_ENVIRONMENT + make apply-ci echo "ID_SYNC_QUEUE_ARN=$(make -s output name=id_sync_queue_arn)" >> $GITHUB_ENV - name: Install poetry @@ -145,7 +137,6 @@ jobs: if: ${{ inputs.environment == 'dev' && inputs.create_mns_subscription }} working-directory: "./lambdas/mns_subscription" env: - APIGEE_ENVIRONMENT: ${{ inputs.apigee_environment }} SQS_ARN: ${{ env.ID_SYNC_QUEUE_ARN }} run: | poetry install --no-root diff --git a/.github/workflows/run-e2e-tests.yml b/.github/workflows/run-e2e-tests.yml index 4c933f143..77d40fdb3 100644 --- a/.github/workflows/run-e2e-tests.yml +++ b/.github/workflows/run-e2e-tests.yml @@ -48,73 +48,76 @@ permissions: jobs: wait-for-deployment: runs-on: ubuntu-latest - environment: ${{ inputs.environment }} + environment: ${{ inputs.apigee_environment }} steps: - name: Wait for API to be available run: | - set -ex - endpoint="" - if [[ $APIGEE_ENVIRONMENT =~ "prod" ]]; then + if [[ ${APIGEE_ENVIRONMENT} =~ "prod" ]]; then endpoint="https://api.service.nhs.uk/${SERVICE_BASE_PATH}/_status" else endpoint="https://${APIGEE_ENVIRONMENT}.api.service.nhs.uk/${SERVICE_BASE_PATH}/_status" fi counter=0 - while [[ $counter -lt 31 ]]; do - response=$(curl -H "apikey: ${STATUS_API_KEY}" -s "$endpoint") - response_code=$(jq -r '.checks.healthcheck.responseCode' <<< "$response") - response_body=$(jq -r '.checks.healthcheck.outcome' <<< "$response") - status=$(jq -r '.status' <<< "$response") - if [ "$response_code" -eq 200 ] && [ "$response_body" == "OK" ] && [ "$status" == "pass" ]; then + while [[ ${counter} -lt 31 ]]; do + response=$(curl -H "apikey: ${STATUS_API_KEY}" -s "${endpoint}") + response_code=$(jq -r '.checks.healthcheck.responseCode' <<< "${response}") + response_body=$(jq -r '.checks.healthcheck.outcome' <<< "${response}") + status=$(jq -r '.status' <<< "${response}") + if [[ "${response_code}" -eq 200 ]] && [[ "${response_body}" == "OK" ]] && [[ "${status}" == "pass" ]]; then echo "Status test successful" break else - echo "Waiting for $endpoint to return a 200 response with 'OK' body..." + echo "Waiting for ${endpoint} to return a 200 response with 'OK' body..." ((counter=counter+1)) # Increment counter by 1 - echo "Attempt $counter" + echo "Attempt ${counter}" sleep 30 fi done - if [ $counter -eq 31 ]; then + if [[ ${counter} -eq 31 ]]; then echo "Status test failed: Maximum number of attempts reached" echo "Last response received:" - echo "$response" + echo "${response}" exit 1 fi e2e-tests: runs-on: ubuntu-latest needs: [wait-for-deployment] - environment: ${{ inputs.environment }} + environment: ${{ inputs.apigee_environment }} env: APIGEE_USERNAME: ${{ vars.APIGEE_USERNAME }} SOURCE_COMMIT_ID: ${{ github.sha }} steps: + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + - name: Connect to AWS + if: ${{ vars.RUN_FULL_E2E_TESTS == 'true' }} uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 with: aws-region: eu-west-2 role-to-assume: arn:aws:iam::${{ vars.AWS_ACCOUNT_ID }}:role/auto-ops role-session-name: github-actions - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 - - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd + if: ${{ vars.RUN_FULL_E2E_TESTS == 'true' }} with: terraform_version: "1.12.2" - name: Terraform Init + if: ${{ vars.RUN_FULL_E2E_TESTS == 'true' }} working-directory: terraform run: make init - name: Set Terraform workspace + if: ${{ vars.RUN_FULL_E2E_TESTS == 'true' }} working-directory: terraform run: make workspace - name: Read Terraform outputs + if: ${{ vars.RUN_FULL_E2E_TESTS == 'true' }} working-directory: terraform run: | echo "IMMS_DELTA_TABLE_NAME=$(make -s output name=imms_delta_table_name)" >> $GITHUB_ENV @@ -137,6 +140,7 @@ jobs: run: poetry install --no-root - name: Get Apigee access token + if: ${{ vars.RUN_FULL_E2E_TESTS == 'true' }} working-directory: e2e env: APIGEE_PASSWORD: ${{ secrets.APIGEE_PASSWORD }} @@ -181,8 +185,10 @@ jobs: # Only actually depend on wait-for-deployment, but run after e2e-tests if: ${{ !cancelled() && needs.wait-for-deployment.result == 'success' && vars.RUN_BATCH_E2E_TESTS == 'true' }} runs-on: ubuntu-latest - environment: ${{ inputs.environment }} + environment: ${{ inputs.apigee_environment }} steps: + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + - name: Connect to AWS uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 with: @@ -190,8 +196,6 @@ jobs: role-to-assume: arn:aws:iam::${{ vars.AWS_ACCOUNT_ID }}:role/auto-ops role-session-name: github-actions - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 - - name: Install poetry run: pip install poetry==2.1.4 From 190af29fbdfa03fe33d2350065e64cee7d3acc82 Mon Sep 17 00:00:00 2001 From: Matt Jarvis Date: Thu, 16 Oct 2025 11:20:05 +0100 Subject: [PATCH 25/29] VED-812: Update test pipeline. --- .github/workflows/test-run-e2e-tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test-run-e2e-tests.yml b/.github/workflows/test-run-e2e-tests.yml index 5684c4ede..7006b1384 100644 --- a/.github/workflows/test-run-e2e-tests.yml +++ b/.github/workflows/test-run-e2e-tests.yml @@ -8,6 +8,6 @@ jobs: uses: ./.github/workflows/run-e2e-tests.yml with: environment: dev - sub_environment: internal-dev + sub_environment: pr-905 apigee_environment: internal-dev secrets: inherit From 9be2c98be98c795d8275537c85468fd7fcf91b16 Mon Sep 17 00:00:00 2001 From: Matt Jarvis Date: Thu, 16 Oct 2025 12:06:25 +0100 Subject: [PATCH 26/29] VED-812: Improve Terraform workspace Makefile commands. --- infra/Makefile | 2 +- mesh_infra/Makefile | 4 ++-- terraform/Makefile | 2 +- terraform_aws_backup/aws-backup-destination/Makefile | 6 +++--- terraform_aws_backup/aws-backup-source/Makefile | 6 +++--- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/infra/Makefile b/infra/Makefile index cb2889915..fd539f57e 100644 --- a/infra/Makefile +++ b/infra/Makefile @@ -14,7 +14,7 @@ lock-provider: $(tf_cmd) providers lock -platform=darwin_arm64 -platform=darwin_amd64 -platform=linux_amd64 -platform=windows_amd64 workspace: - $(tf_cmd) workspace new $(ENVIRONMENT) || $(tf_cmd) workspace select $(ENVIRONMENT) && echo "Switched to workspace/environment: $(ENVIRONMENT)" + $(tf_cmd) workspace select -or-create $(ENVIRONMENT) && echo "Switched to workspace/environment: $(ENVIRONMENT)" init: $(tf_cmd) init $(tf_state) -upgrade $(tf_vars) diff --git a/mesh_infra/Makefile b/mesh_infra/Makefile index 227e4c902..fd539f57e 100644 --- a/mesh_infra/Makefile +++ b/mesh_infra/Makefile @@ -14,7 +14,7 @@ lock-provider: $(tf_cmd) providers lock -platform=darwin_arm64 -platform=darwin_amd64 -platform=linux_amd64 -platform=windows_amd64 workspace: - $(tf_cmd) workspace new $(ENVIRONMENT) || $(tf_cmd) workspace select $(ENVIRONMENT) && echo "Switched to workspace/environment: $(ENVIRONMENT)" + $(tf_cmd) workspace select -or-create $(ENVIRONMENT) && echo "Switched to workspace/environment: $(ENVIRONMENT)" init: $(tf_cmd) init $(tf_state) -upgrade $(tf_vars) @@ -42,7 +42,7 @@ ifndef name endif $(tf_cmd) output -raw $(name) -import: +import: $(tf_cmd) import $(tf_vars) $(to) $(id) tf-%: diff --git a/terraform/Makefile b/terraform/Makefile index 4483f9f9d..46906d4a5 100644 --- a/terraform/Makefile +++ b/terraform/Makefile @@ -21,7 +21,7 @@ lock-provider: $(tf_cmd) providers lock -platform=darwin_arm64 -platform=darwin_amd64 -platform=linux_amd64 -platform=windows_amd64 workspace: - $(tf_cmd) workspace new $(sub_environment) || $(tf_cmd) workspace select $(sub_environment) && echo "Switched to workspace/environment: $(sub_environment)" + $(tf_cmd) workspace select -or-create $(sub_environment) && echo "Switched to workspace/environment: $(sub_environment)" init: $(tf_cmd) init $(tf_state) -upgrade $(tf_vars) diff --git a/terraform_aws_backup/aws-backup-destination/Makefile b/terraform_aws_backup/aws-backup-destination/Makefile index 1c0716087..a0adcc28c 100644 --- a/terraform_aws_backup/aws-backup-destination/Makefile +++ b/terraform_aws_backup/aws-backup-destination/Makefile @@ -20,13 +20,13 @@ lock-provider: $(tf_cmd) providers lock -platform=darwin_arm64 -platform=darwin_amd64 -platform=linux_amd64 -platform=windows_amd64 workspace: - $(tf_cmd) workspace new $(environment) || $(tf_cmd) workspace select $(environment) && echo "Switched to workspace/environment: $(environment)" + $(tf_cmd) workspace select -or-create $(environment) && echo "Switched to workspace/environment: $(environment)" init: - $(tf_cmd) init $(tf_state) -upgrade + $(tf_cmd) init $(tf_state) -upgrade plan: workspace - $(tf_cmd) plan + $(tf_cmd) plan plan-changes: workspace $(tf_cmd) plan -out=plan && $(tf_cmd) show -no-color -json plan | jq -r '.resource_changes[] | select(.change.actions[0]=="update" or .change.actions[0]=="create" or .change.actions[0]=="add") | .address' diff --git a/terraform_aws_backup/aws-backup-source/Makefile b/terraform_aws_backup/aws-backup-source/Makefile index 15bcc3235..90568762f 100644 --- a/terraform_aws_backup/aws-backup-source/Makefile +++ b/terraform_aws_backup/aws-backup-source/Makefile @@ -20,13 +20,13 @@ lock-provider: $(tf_cmd) providers lock -platform=darwin_arm64 -platform=darwin_amd64 -platform=linux_amd64 -platform=windows_amd64 workspace: - $(tf_cmd) workspace new $(environment) || $(tf_cmd) workspace select $(environment) && echo "Switched to workspace/environment: $(environment)" + $(tf_cmd) workspace select -or-create $(environment) && echo "Switched to workspace/environment: $(environment)" init: - $(tf_cmd) init $(tf_state) -upgrade + $(tf_cmd) init $(tf_state) -upgrade plan: workspace - $(tf_cmd) plan + $(tf_cmd) plan plan-changes: workspace $(tf_cmd) plan -out=plan && $(tf_cmd) show -no-color -json plan | jq -r '.resource_changes[] | select(.change.actions[0]=="update" or .change.actions[0]=="create" or .change.actions[0]=="add") | .address' From 16162da458acda40d89ac8619178eb3aeb61243a Mon Sep 17 00:00:00 2001 From: Matt Jarvis Date: Thu, 16 Oct 2025 12:12:38 +0100 Subject: [PATCH 27/29] VED-812: Add workaround for batch e2e tests conditional job. --- .github/workflows/run-e2e-tests.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/run-e2e-tests.yml b/.github/workflows/run-e2e-tests.yml index 77d40fdb3..f89e97278 100644 --- a/.github/workflows/run-e2e-tests.yml +++ b/.github/workflows/run-e2e-tests.yml @@ -49,6 +49,9 @@ jobs: wait-for-deployment: runs-on: ubuntu-latest environment: ${{ inputs.apigee_environment }} + outputs: + # Workaround for environment-level variables being unavailable in `jobs..if`. + RUN_BATCH_E2E_TESTS: ${{ vars.RUN_BATCH_E2E_TESTS }} steps: - name: Wait for API to be available run: | @@ -183,7 +186,7 @@ jobs: batch-e2e-tests: needs: [wait-for-deployment, e2e-tests] # Only actually depend on wait-for-deployment, but run after e2e-tests - if: ${{ !cancelled() && needs.wait-for-deployment.result == 'success' && vars.RUN_BATCH_E2E_TESTS == 'true' }} + if: ${{ !cancelled() && needs.wait-for-deployment.result == 'success' && needs.wait-for-deployment.outputs.RUN_BATCH_E2E_TESTS == 'true' }} runs-on: ubuntu-latest environment: ${{ inputs.apigee_environment }} steps: From d13c033a224b718a832779a1d18bc05dd594bff4 Mon Sep 17 00:00:00 2001 From: Matt Jarvis Date: Thu, 16 Oct 2025 12:25:13 +0100 Subject: [PATCH 28/29] VED-812: Wait for correct commit hash earlier in the pipeline. --- .github/workflows/run-e2e-tests.yml | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/.github/workflows/run-e2e-tests.yml b/.github/workflows/run-e2e-tests.yml index f89e97278..edd8ba2ff 100644 --- a/.github/workflows/run-e2e-tests.yml +++ b/.github/workflows/run-e2e-tests.yml @@ -40,6 +40,7 @@ env: SERVICE_BASE_PATH: ${{ startsWith(inputs.sub_environment, 'pr-') && format('immunisation-fhir-api/FHIR/R4-{0}', inputs.sub_environment) || 'immunisation-fhir-api/FHIR/R4' }} PROXY_NAME: ${{ startsWith(inputs.sub_environment, 'pr-') && format('immunisation-fhir-api-{0}', inputs.sub_environment) || format('immunisation-fhir-api-{0}', inputs.apigee_environment) }} STATUS_API_KEY: ${{ secrets.STATUS_API_KEY }} + SOURCE_COMMIT_ID: ${{ github.sha }} permissions: id-token: write @@ -65,18 +66,27 @@ jobs: counter=0 while [[ ${counter} -lt 31 ]]; do response=$(curl -H "apikey: ${STATUS_API_KEY}" -s "${endpoint}") + response_code=$(jq -r '.checks.healthcheck.responseCode' <<< "${response}") response_body=$(jq -r '.checks.healthcheck.outcome' <<< "${response}") status=$(jq -r '.status' <<< "${response}") + commitId=$(jq -r '.commitId' <<< "${response}") + if [[ "${response_code}" -eq 200 ]] && [[ "${response_body}" == "OK" ]] && [[ "${status}" == "pass" ]]; then - echo "Status test successful" + echo "Status test successful" + if [[ "${commitId}" == "${SOURCE_COMMIT_ID}" ]]; then + echo "Commit hash test successful" break + else + echo "Waiting for ${endpoint} to return the correct commit hash..." + fi else - echo "Waiting for ${endpoint} to return a 200 response with 'OK' body..." - ((counter=counter+1)) # Increment counter by 1 - echo "Attempt ${counter}" - sleep 30 + echo "Waiting for ${endpoint} to return a 200 response with 'OK' body..." fi + + ((counter=counter+1)) # Increment counter by 1 + echo "Attempt ${counter}" + sleep 30 done if [[ ${counter} -eq 31 ]]; then @@ -92,7 +102,6 @@ jobs: environment: ${{ inputs.apigee_environment }} env: APIGEE_USERNAME: ${{ vars.APIGEE_USERNAME }} - SOURCE_COMMIT_ID: ${{ github.sha }} steps: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 From 808075cbcbd7f4d8618a049fa0ddb5c2a1beda31 Mon Sep 17 00:00:00 2001 From: Matt Jarvis Date: Thu, 16 Oct 2025 14:04:58 +0100 Subject: [PATCH 29/29] VED-812: Remove testing pipeline. --- .github/workflows/test-run-e2e-tests.yml | 13 ------------- 1 file changed, 13 deletions(-) delete mode 100644 .github/workflows/test-run-e2e-tests.yml diff --git a/.github/workflows/test-run-e2e-tests.yml b/.github/workflows/test-run-e2e-tests.yml deleted file mode 100644 index 7006b1384..000000000 --- a/.github/workflows/test-run-e2e-tests.yml +++ /dev/null @@ -1,13 +0,0 @@ -# TODO - delete -name: Test "Run e2e Tests" pipeline -on: - pull_request: - types: [labeled, opened, synchronize, reopened, unlabeled] -jobs: - call-pipeline: - uses: ./.github/workflows/run-e2e-tests.yml - with: - environment: dev - sub_environment: pr-905 - apigee_environment: internal-dev - secrets: inherit