diff --git a/.github/workflows/cron-daily-health-check.yml b/.github/workflows/cron-daily-health-check-spinup.yml similarity index 88% rename from .github/workflows/cron-daily-health-check.yml rename to .github/workflows/cron-daily-health-check-spinup.yml index b75313306..ec2cd0505 100644 --- a/.github/workflows/cron-daily-health-check.yml +++ b/.github/workflows/cron-daily-health-check-spinup.yml @@ -1,11 +1,11 @@ -name: 'Z-CRON: Daily health check' +name: "Z-CRON: Daily health check - Spinup" on: schedule: - cron: 30 4 * * 1-5 permissions: - actions: read # Required for anchore/sbom-action + actions: read # Required for anchore/sbom-action contents: write # Required for anchore/sbom-action pull-requests: write id-token: write @@ -19,13 +19,13 @@ jobs: steps: - name: Set Output id: set-output - run: echo 'workspace=ndrd' >> $GITHUB_OUTPUT + run: echo 'workspace=ndrd' >> $GITHUB_OUTPUT terraform_plan_apply: name: Terraform Plan/Apply (ndrd) runs-on: ubuntu-latest environment: development - needs: ['set_workspace'] + needs: ["set_workspace"] steps: - name: Checkout uses: actions/checkout@v5 @@ -79,7 +79,7 @@ jobs: with: python_version: "3.11" build_branch: main - + run_ui_unit_tests: name: Run UI Unit Tests uses: NHSDigital/national-document-repository/.github/workflows/base-vitest-test.yml@main @@ -88,7 +88,7 @@ jobs: run_cypress_tests: name: Run Cypress Tests - runs-on: ubuntu-latest + runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v5 @@ -107,9 +107,9 @@ jobs: IDENTITY_PROVIDER_POOL_ID: not provided yet MONITOR_ACCOUNT_ID: not provided yet BUILD_ENV: development - IMAGE_VERSION: 'not-required' + IMAGE_VERSION: "not-required" run: | - ./react-environment-config.sh + ./react-environment-config.sh working-directory: ./app - name: Cypress Build @@ -119,7 +119,7 @@ jobs: runTests: false build: npm run build working-directory: ./app - + - name: npm install serve -g run: npm install serve -g @@ -132,8 +132,8 @@ jobs: working-directory: ./app env: CYPRESS_BASE_URL: http://localhost:3000 - CYPRESS_grepTags: 'regression' - + CYPRESS_grepTags: "regression" + - name: Upload Artifacts (Screenshots) uses: actions/upload-artifact@v4 if: failure() @@ -152,7 +152,7 @@ jobs: publish_lambda_layers: name: Publish Lambda Layers - needs: ['set_workspace', 'terraform_plan_apply'] + needs: ["set_workspace", "terraform_plan_apply"] uses: NHSDigital/national-document-repository/.github/workflows/base-lambda-layer-reusable-publish-all.yml@main with: build_branch: main @@ -161,11 +161,11 @@ jobs: python_version: "3.11" secrets: AWS_ASSUME_ROLE: ${{ secrets.AWS_ASSUME_ROLE }} - + deploy_lambdas: name: Deploy Lambdas uses: NHSDigital/national-document-repository/.github/workflows/base-lambdas-reusable-deploy-all.yml@main - needs: ['set_workspace', 'publish_lambda_layers'] + needs: ["set_workspace", "publish_lambda_layers"] with: build_branch: main sandbox: ${{ needs.set_workspace.outputs.workspace }} @@ -178,7 +178,7 @@ jobs: deploy_ui: name: Deploy UI uses: NHSDigital/national-document-repository/.github/workflows/base-deploy-ui.yml@main - needs: ['terraform_plan_apply', 'set_workspace'] + needs: ["terraform_plan_apply", "set_workspace"] with: build_branch: main sandbox: ${{ needs.set_workspace.outputs.workspace }} @@ -186,22 +186,32 @@ jobs: secrets: AWS_ASSUME_ROLE: ${{ secrets.AWS_ASSUME_ROLE }} - destroy_test_environment: - if: always() - name: Destroy Sandbox (ndrd) - needs: ['set_workspace', 'deploy_ui', 'deploy_lambdas'] - uses: ./.github/workflows/tear-down-sandbox.yml + bulk_upload: + name: Run Bulk Upload + uses: NHSDigital/national-document-repository/.github/workflows/daily-health-check-run-bulk-upload.yml@PRMP-631 + needs: ["terraform_plan_apply", "set_workspace", "deploy_lambdas"] with: - git_ref: main - sandbox_name: ${{ needs.set_workspace.outputs.workspace }} + build_branch: PRMP-631 + sandbox: ${{ needs.set_workspace.outputs.workspace }} environment: development - secrets: inherit + secrets: + AWS_ASSUME_ROLE: ${{ secrets.AWS_ASSUME_ROLE }} notify-slack: name: Notify Slack on Failure runs-on: ubuntu-latest environment: development - needs: [terraform_plan_apply, run_lambda_unit_tests, run_ui_unit_tests, run_cypress_tests, publish_lambda_layers, deploy_lambdas, deploy_ui] + needs: + [ + terraform_plan_apply, + run_lambda_unit_tests, + run_ui_unit_tests, + run_cypress_tests, + publish_lambda_layers, + deploy_lambdas, + deploy_ui, + bulk_upload, + ] if: failure() steps: - name: Configure AWS Credentials @@ -268,4 +278,4 @@ jobs: ] } ] - } \ No newline at end of file + } diff --git a/.github/workflows/cron-tear-down-sandbox.yml b/.github/workflows/cron-tear-down-sandbox.yml index 90bbed306..6577c782e 100644 --- a/.github/workflows/cron-tear-down-sandbox.yml +++ b/.github/workflows/cron-tear-down-sandbox.yml @@ -1,4 +1,4 @@ -name: 'Z-CRON: Tear down - Sandboxes' +name: "Z-CRON: Tear down - Sandboxes" on: schedule: diff --git a/.github/workflows/daily-health-check-teardown.yml b/.github/workflows/daily-health-check-teardown.yml new file mode 100644 index 000000000..8f12ffe2d --- /dev/null +++ b/.github/workflows/daily-health-check-teardown.yml @@ -0,0 +1,104 @@ +name: "Z-AUTOMATED: Daily health check - Teardown" + +on: + workflow_call: + +permissions: + actions: read # Required for anchore/sbom-action + contents: write # Required for anchore/sbom-action + pull-requests: write + id-token: write + +jobs: + set_workspace: + name: Set Workspace (ndrd) + runs-on: ubuntu-latest + outputs: + workspace: ${{ steps.set-output.outputs.workspace }} + steps: + - name: Set Output + id: set-output + run: echo 'workspace=ndrd' >> $GITHUB_OUTPUT + + destroy_test_environment: + name: Destroy Sandbox (ndrd) + needs: ["set_workspace"] + uses: ./.github/workflows/tear-down-sandbox.yml + with: + git_ref: main + sandbox_name: ${{ needs.set_workspace.outputs.workspace }} + environment: development + secrets: inherit + + notify-slack: + name: Notify Slack on Failure + runs-on: ubuntu-latest + environment: development + needs: [destroy_test_environment] + if: failure() + steps: + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v5 + with: + role-to-assume: ${{ secrets.AWS_ASSUME_ROLE }} + role-skip-session-tagging: true + aws-region: ${{ vars.AWS_REGION }} + mask-aws-account-id: true + + - name: Get slack bot token from SSM parameter store + run: | + slack_bot_token=$(aws ssm get-parameter --name "/ndr/alerting/slack/bot_token" --with-decryption --query "Parameter.Value" --output text) + echo "::add-mask::$slack_bot_token" + echo "SLACK_BOT_TOKEN=$slack_bot_token" >> $GITHUB_ENV + + - name: Send Slack Notification + uses: slackapi/slack-github-action@v2.1.1 + with: + method: chat.postMessage + token: ${{ env.SLACK_BOT_TOKEN }} + payload: | + { + "channel": "${{ vars.ALERTS_SLACK_CHANNEL_ID }}", + "attachments": [ + { + "color": "#ff0000", + "blocks": [ + { + "type": "header", + "text": { + "type": "plain_text", + "text": "❌ Workflow `${{ github.workflow }}` failed" + } + }, + { + "type": "section", + "text": { + "type": "mrkdwn", + "text": "*Triggered by:* `Scheduled Job`\n*Workflow:* <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|${{ github.workflow }}>" + } + }, + { + "type": "divider" + }, + { + "type": "section", + "fields": [ + { "type": "mrkdwn", "text": "*terraform_plan_apply:* ${{ needs.terraform_plan_apply.result == 'success' && ':white_check_mark:' || ':x:' }}" }, + { "type": "mrkdwn", "text": "*run_lambda_unit_tests:* ${{ needs.run_lambda_unit_tests.result == 'success' && ':white_check_mark:' || ':x:' }}" }, + { "type": "mrkdwn", "text": "*run_ui_unit_tests:* ${{ needs.run_ui_unit_tests.result == 'success' && ':white_check_mark:' || ':x:' }}" }, + { "type": "mrkdwn", "text": "*run_cypress_tests:* ${{ needs.run_cypress_tests.result == 'success' && ':white_check_mark:' || ':x:' }}" }, + { "type": "mrkdwn", "text": "*publish_lambda_layers:* ${{ needs.publish_lambda_layers.result == 'success' && ':white_check_mark:' || ':x:' }}" }, + { "type": "mrkdwn", "text": "*deploy_lambdas:* ${{ needs.deploy_lambdas.result == 'success' && ':white_check_mark:' || ':x:' }}" }, + { "type": "mrkdwn", "text": "*deploy_ui:* ${{ needs.deploy_ui.result == 'success' && ':white_check_mark:' || ':x:' }}" } + ] + }, + { + "type": "context", + "elements": [ + { "type": "mrkdwn", "text": "Environment: `development` | Sandbox: `${{ needs.set_workspace.outputs.workspace }}`" } + ] + } + ] + } + ] + }