From 2a695f0626b2d75ced1c9d2d614b7a6fbd4c9a69 Mon Sep 17 00:00:00 2001 From: robg-test <106234256+robg-test@users.noreply.github.com> Date: Thu, 27 Nov 2025 11:08:48 +0000 Subject: [PATCH 1/8] [PRMP-631] Buffer between destory and spinup --- ...yml => cron-daily-health-check-spinup.yml} | 47 ++++---- .../cron-daily-health-check-teardown.yml | 105 ++++++++++++++++++ 2 files changed, 133 insertions(+), 19 deletions(-) rename .github/workflows/{cron-daily-health-check.yml => cron-daily-health-check-spinup.yml} (91%) create mode 100644 .github/workflows/cron-daily-health-check-teardown.yml diff --git a/.github/workflows/cron-daily-health-check.yml b/.github/workflows/cron-daily-health-check-spinup.yml similarity index 91% rename from .github/workflows/cron-daily-health-check.yml rename to .github/workflows/cron-daily-health-check-spinup.yml index b75313306..79493b60a 100644 --- a/.github/workflows/cron-daily-health-check.yml +++ b/.github/workflows/cron-daily-health-check-spinup.yml @@ -1,11 +1,11 @@ -name: 'Z-CRON: Daily health check' +name: "Z-CRON: Daily health check - Spinup" on: schedule: - cron: 30 4 * * 1-5 permissions: - actions: read # Required for anchore/sbom-action + actions: read # Required for anchore/sbom-action contents: write # Required for anchore/sbom-action pull-requests: write id-token: write @@ -19,13 +19,13 @@ jobs: steps: - name: Set Output id: set-output - run: echo 'workspace=ndrd' >> $GITHUB_OUTPUT + run: echo 'workspace=ndrd' >> $GITHUB_OUTPUT terraform_plan_apply: name: Terraform Plan/Apply (ndrd) runs-on: ubuntu-latest environment: development - needs: ['set_workspace'] + needs: ["set_workspace"] steps: - name: Checkout uses: actions/checkout@v5 @@ -79,7 +79,7 @@ jobs: with: python_version: "3.11" build_branch: main - + run_ui_unit_tests: name: Run UI Unit Tests uses: NHSDigital/national-document-repository/.github/workflows/base-vitest-test.yml@main @@ -88,7 +88,7 @@ jobs: run_cypress_tests: name: Run Cypress Tests - runs-on: ubuntu-latest + runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v5 @@ -107,9 +107,9 @@ jobs: IDENTITY_PROVIDER_POOL_ID: not provided yet MONITOR_ACCOUNT_ID: not provided yet BUILD_ENV: development - IMAGE_VERSION: 'not-required' + IMAGE_VERSION: "not-required" run: | - ./react-environment-config.sh + ./react-environment-config.sh working-directory: ./app - name: Cypress Build @@ -119,7 +119,7 @@ jobs: runTests: false build: npm run build working-directory: ./app - + - name: npm install serve -g run: npm install serve -g @@ -132,8 +132,8 @@ jobs: working-directory: ./app env: CYPRESS_BASE_URL: http://localhost:3000 - CYPRESS_grepTags: 'regression' - + CYPRESS_grepTags: "regression" + - name: Upload Artifacts (Screenshots) uses: actions/upload-artifact@v4 if: failure() @@ -152,7 +152,7 @@ jobs: publish_lambda_layers: name: Publish Lambda Layers - needs: ['set_workspace', 'terraform_plan_apply'] + needs: ["set_workspace", "terraform_plan_apply"] uses: NHSDigital/national-document-repository/.github/workflows/base-lambda-layer-reusable-publish-all.yml@main with: build_branch: main @@ -161,11 +161,11 @@ jobs: python_version: "3.11" secrets: AWS_ASSUME_ROLE: ${{ secrets.AWS_ASSUME_ROLE }} - + deploy_lambdas: name: Deploy Lambdas uses: NHSDigital/national-document-repository/.github/workflows/base-lambdas-reusable-deploy-all.yml@main - needs: ['set_workspace', 'publish_lambda_layers'] + needs: ["set_workspace", "publish_lambda_layers"] with: build_branch: main sandbox: ${{ needs.set_workspace.outputs.workspace }} @@ -178,7 +178,7 @@ jobs: deploy_ui: name: Deploy UI uses: NHSDigital/national-document-repository/.github/workflows/base-deploy-ui.yml@main - needs: ['terraform_plan_apply', 'set_workspace'] + needs: ["terraform_plan_apply", "set_workspace"] with: build_branch: main sandbox: ${{ needs.set_workspace.outputs.workspace }} @@ -188,8 +188,8 @@ jobs: destroy_test_environment: if: always() - name: Destroy Sandbox (ndrd) - needs: ['set_workspace', 'deploy_ui', 'deploy_lambdas'] + name: Destroy Sandbox (ndrd) + needs: ["set_workspace", "deploy_ui", "deploy_lambdas"] uses: ./.github/workflows/tear-down-sandbox.yml with: git_ref: main @@ -201,7 +201,16 @@ jobs: name: Notify Slack on Failure runs-on: ubuntu-latest environment: development - needs: [terraform_plan_apply, run_lambda_unit_tests, run_ui_unit_tests, run_cypress_tests, publish_lambda_layers, deploy_lambdas, deploy_ui] + needs: + [ + terraform_plan_apply, + run_lambda_unit_tests, + run_ui_unit_tests, + run_cypress_tests, + publish_lambda_layers, + deploy_lambdas, + deploy_ui, + ] if: failure() steps: - name: Configure AWS Credentials @@ -268,4 +277,4 @@ jobs: ] } ] - } \ No newline at end of file + } diff --git a/.github/workflows/cron-daily-health-check-teardown.yml b/.github/workflows/cron-daily-health-check-teardown.yml new file mode 100644 index 000000000..7b40e03c0 --- /dev/null +++ b/.github/workflows/cron-daily-health-check-teardown.yml @@ -0,0 +1,105 @@ +name: "Z-CRON: Daily health check - Teardown" + +on: + schedule: + - cron: 30 6 * * 1-5 + +permissions: + actions: read # Required for anchore/sbom-action + contents: write # Required for anchore/sbom-action + pull-requests: write + id-token: write + +jobs: + set_workspace: + name: Set Workspace (ndrd) + runs-on: ubuntu-latest + outputs: + workspace: ${{ steps.set-output.outputs.workspace }} + steps: + - name: Set Output + id: set-output + run: echo 'workspace=ndrd' >> $GITHUB_OUTPUT + + destroy_test_environment: + name: Destroy Sandbox (ndrd) + needs: ["set_workspace", "deploy_ui", "deploy_lambdas"] + uses: ./.github/workflows/tear-down-sandbox.yml + with: + git_ref: main + sandbox_name: ${{ needs.set_workspace.outputs.workspace }} + environment: development + secrets: inherit + + notify-slack: + name: Notify Slack on Failure + runs-on: ubuntu-latest + environment: development + needs: [destroy_test_environment] + if: failure() + steps: + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v5 + with: + role-to-assume: ${{ secrets.AWS_ASSUME_ROLE }} + role-skip-session-tagging: true + aws-region: ${{ vars.AWS_REGION }} + mask-aws-account-id: true + + - name: Get slack bot token from SSM parameter store + run: | + slack_bot_token=$(aws ssm get-parameter --name "/ndr/alerting/slack/bot_token" --with-decryption --query "Parameter.Value" --output text) + echo "::add-mask::$slack_bot_token" + echo "SLACK_BOT_TOKEN=$slack_bot_token" >> $GITHUB_ENV + + - name: Send Slack Notification + uses: slackapi/slack-github-action@v2.1.1 + with: + method: chat.postMessage + token: ${{ env.SLACK_BOT_TOKEN }} + payload: | + { + "channel": "${{ vars.ALERTS_SLACK_CHANNEL_ID }}", + "attachments": [ + { + "color": "#ff0000", + "blocks": [ + { + "type": "header", + "text": { + "type": "plain_text", + "text": "❌ Workflow `${{ github.workflow }}` failed" + } + }, + { + "type": "section", + "text": { + "type": "mrkdwn", + "text": "*Triggered by:* `Scheduled Job`\n*Workflow:* <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|${{ github.workflow }}>" + } + }, + { + "type": "divider" + }, + { + "type": "section", + "fields": [ + { "type": "mrkdwn", "text": "*terraform_plan_apply:* ${{ needs.terraform_plan_apply.result == 'success' && ':white_check_mark:' || ':x:' }}" }, + { "type": "mrkdwn", "text": "*run_lambda_unit_tests:* ${{ needs.run_lambda_unit_tests.result == 'success' && ':white_check_mark:' || ':x:' }}" }, + { "type": "mrkdwn", "text": "*run_ui_unit_tests:* ${{ needs.run_ui_unit_tests.result == 'success' && ':white_check_mark:' || ':x:' }}" }, + { "type": "mrkdwn", "text": "*run_cypress_tests:* ${{ needs.run_cypress_tests.result == 'success' && ':white_check_mark:' || ':x:' }}" }, + { "type": "mrkdwn", "text": "*publish_lambda_layers:* ${{ needs.publish_lambda_layers.result == 'success' && ':white_check_mark:' || ':x:' }}" }, + { "type": "mrkdwn", "text": "*deploy_lambdas:* ${{ needs.deploy_lambdas.result == 'success' && ':white_check_mark:' || ':x:' }}" }, + { "type": "mrkdwn", "text": "*deploy_ui:* ${{ needs.deploy_ui.result == 'success' && ':white_check_mark:' || ':x:' }}" } + ] + }, + { + "type": "context", + "elements": [ + { "type": "mrkdwn", "text": "Environment: `development` | Sandbox: `${{ needs.set_workspace.outputs.workspace }}`" } + ] + } + ] + } + ] + } From af9321236675802903f7843b90aee44ab8ea5c92 Mon Sep 17 00:00:00 2001 From: robg-test <106234256+robg-test@users.noreply.github.com> Date: Thu, 27 Nov 2025 11:09:52 +0000 Subject: [PATCH 2/8] [PRMP-631] Remove destroy from spinup --- .../cron-daily-health-check-spinup.yml | 269 ++++++++++++++++++ 1 file changed, 269 insertions(+) create mode 100644 github/workflows/cron-daily-health-check-spinup.yml diff --git a/github/workflows/cron-daily-health-check-spinup.yml b/github/workflows/cron-daily-health-check-spinup.yml new file mode 100644 index 000000000..eceeb79d1 --- /dev/null +++ b/github/workflows/cron-daily-health-check-spinup.yml @@ -0,0 +1,269 @@ +name: "Z-CRON: Daily health check - Spinup" + +on: + schedule: + - cron: 30 4 * * 1-5 + +permissions: + actions: read # Required for anchore/sbom-action + contents: write # Required for anchore/sbom-action + pull-requests: write + id-token: write + +jobs: + set_workspace: + name: Set Workspace (ndrd) + runs-on: ubuntu-latest + outputs: + workspace: ${{ steps.set-output.outputs.workspace }} + steps: + - name: Set Output + id: set-output + run: echo 'workspace=ndrd' >> $GITHUB_OUTPUT + + terraform_plan_apply: + name: Terraform Plan/Apply (ndrd) + runs-on: ubuntu-latest + environment: development + needs: ["set_workspace"] + steps: + - name: Checkout + uses: actions/checkout@v5 + with: + ref: main + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v5 + with: + role-to-assume: ${{ secrets.AWS_ASSUME_ROLE }} + role-skip-session-tagging: true + aws-region: ${{ vars.AWS_REGION }} + mask-aws-account-id: true + + - name: Setup Terraform + uses: hashicorp/setup-terraform@v3 + with: + terraform_version: 1.13.3 + terraform_wrapper: false + + - name: Initialise Terraform + id: init + run: terraform init -backend-config=backend.conf + working-directory: ./infrastructure + shell: bash + + - name: Select Terraform Workspace + id: workspace + run: terraform workspace select -or-create ${{ needs.set_workspace.outputs.workspace }} + working-directory: ./infrastructure + shell: bash + + - name: Check Terraform Formatting + run: terraform fmt -check + working-directory: ./infrastructure + + - name: Run Terraform Plan + id: plan + run: | + terraform plan -input=false -no-color -var-file="${{vars.TF_VARS_FILE}}" -out tf.plan + working-directory: ./infrastructure + shell: bash + + - name: Run Terraform Apply + run: terraform apply -auto-approve -input=false tf.plan + working-directory: ./infrastructure + + run_lambda_unit_tests: + name: Run Lambda Unit Tests + uses: NHSDigital/national-document-repository/.github/workflows/base-lambdas-reusable-test.yml@main + with: + python_version: "3.11" + build_branch: main + + run_ui_unit_tests: + name: Run UI Unit Tests + uses: NHSDigital/national-document-repository/.github/workflows/base-vitest-test.yml@main + with: + build_branch: main + + run_cypress_tests: + name: Run Cypress Tests + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v5 + with: + repository: NHSDigital/national-document-repository + + - name: npm install + run: npm install --legacy-peer-deps + working-directory: ./app + + - name: Configure React Environment Vars + env: + ENDPOINT_DOC_STORE_API: http://localhost:3000 + AWS_REGION: test region + OIDC_PROVIDER_ID: not provided yet + IDENTITY_PROVIDER_POOL_ID: not provided yet + MONITOR_ACCOUNT_ID: not provided yet + BUILD_ENV: development + IMAGE_VERSION: "not-required" + run: | + ./react-environment-config.sh + working-directory: ./app + + - name: Cypress Build + uses: cypress-io/github-action@v6 + with: + install: false + runTests: false + build: npm run build + working-directory: ./app + + - name: npm install serve -g + run: npm install serve -g + + - name: Run Cypress Tests (Chrome) + uses: cypress-io/github-action@v6 + with: + install: false + start: serve -s dist + browser: chrome + working-directory: ./app + env: + CYPRESS_BASE_URL: http://localhost:3000 + CYPRESS_grepTags: "regression" + + - name: Upload Artifacts (Screenshots) + uses: actions/upload-artifact@v4 + if: failure() + with: + name: cypress-screenshots-chrome + path: /home/runner/work/national-document-repository/national-document-repository/app/cypress/screenshots + if-no-files-found: ignore + + - name: Upload Artifacts (Videos) + uses: actions/upload-artifact@v4 + if: failure() + with: + name: cypress-videos-chrome + path: /home/runner/work/national-document-repository/national-document-repository/app/cypress/videos + if-no-files-found: ignore + + publish_lambda_layers: + name: Publish Lambda Layers + needs: ["set_workspace", "terraform_plan_apply"] + uses: NHSDigital/national-document-repository/.github/workflows/base-lambda-layer-reusable-publish-all.yml@main + with: + build_branch: main + sandbox: ${{ needs.set_workspace.outputs.workspace }} + environment: development + python_version: "3.11" + secrets: + AWS_ASSUME_ROLE: ${{ secrets.AWS_ASSUME_ROLE }} + + deploy_lambdas: + name: Deploy Lambdas + uses: NHSDigital/national-document-repository/.github/workflows/base-lambdas-reusable-deploy-all.yml@main + needs: ["set_workspace", "publish_lambda_layers"] + with: + build_branch: main + sandbox: ${{ needs.set_workspace.outputs.workspace }} + environment: development + python_version: "3.11" + is_sandbox: true + secrets: + AWS_ASSUME_ROLE: ${{ secrets.AWS_ASSUME_ROLE }} + + deploy_ui: + name: Deploy UI + uses: NHSDigital/national-document-repository/.github/workflows/base-deploy-ui.yml@main + needs: ["terraform_plan_apply", "set_workspace"] + with: + build_branch: main + sandbox: ${{ needs.set_workspace.outputs.workspace }} + environment: development + secrets: + AWS_ASSUME_ROLE: ${{ secrets.AWS_ASSUME_ROLE }} + + notify-slack: + name: Notify Slack on Failure + runs-on: ubuntu-latest + environment: development + needs: + [ + terraform_plan_apply, + run_lambda_unit_tests, + run_ui_unit_tests, + run_cypress_tests, + publish_lambda_layers, + deploy_lambdas, + deploy_ui, + ] + if: failure() + steps: + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v5 + with: + role-to-assume: ${{ secrets.AWS_ASSUME_ROLE }} + role-skip-session-tagging: true + aws-region: ${{ vars.AWS_REGION }} + mask-aws-account-id: true + + - name: Get slack bot token from SSM parameter store + run: | + slack_bot_token=$(aws ssm get-parameter --name "/ndr/alerting/slack/bot_token" --with-decryption --query "Parameter.Value" --output text) + echo "::add-mask::$slack_bot_token" + echo "SLACK_BOT_TOKEN=$slack_bot_token" >> $GITHUB_ENV + + - name: Send Slack Notification + uses: slackapi/slack-github-action@v2.1.1 + with: + method: chat.postMessage + token: ${{ env.SLACK_BOT_TOKEN }} + payload: | + { + "channel": "${{ vars.ALERTS_SLACK_CHANNEL_ID }}", + "attachments": [ + { + "color": "#ff0000", + "blocks": [ + { + "type": "header", + "text": { + "type": "plain_text", + "text": "❌ Workflow `${{ github.workflow }}` failed" + } + }, + { + "type": "section", + "text": { + "type": "mrkdwn", + "text": "*Triggered by:* `Scheduled Job`\n*Workflow:* <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|${{ github.workflow }}>" + } + }, + { + "type": "divider" + }, + { + "type": "section", + "fields": [ + { "type": "mrkdwn", "text": "*terraform_plan_apply:* ${{ needs.terraform_plan_apply.result == 'success' && ':white_check_mark:' || ':x:' }}" }, + { "type": "mrkdwn", "text": "*run_lambda_unit_tests:* ${{ needs.run_lambda_unit_tests.result == 'success' && ':white_check_mark:' || ':x:' }}" }, + { "type": "mrkdwn", "text": "*run_ui_unit_tests:* ${{ needs.run_ui_unit_tests.result == 'success' && ':white_check_mark:' || ':x:' }}" }, + { "type": "mrkdwn", "text": "*run_cypress_tests:* ${{ needs.run_cypress_tests.result == 'success' && ':white_check_mark:' || ':x:' }}" }, + { "type": "mrkdwn", "text": "*publish_lambda_layers:* ${{ needs.publish_lambda_layers.result == 'success' && ':white_check_mark:' || ':x:' }}" }, + { "type": "mrkdwn", "text": "*deploy_lambdas:* ${{ needs.deploy_lambdas.result == 'success' && ':white_check_mark:' || ':x:' }}" }, + { "type": "mrkdwn", "text": "*deploy_ui:* ${{ needs.deploy_ui.result == 'success' && ':white_check_mark:' || ':x:' }}" } + ] + }, + { + "type": "context", + "elements": [ + { "type": "mrkdwn", "text": "Environment: `development` | Sandbox: `${{ needs.set_workspace.outputs.workspace }}`" } + ] + } + ] + } + ] + } From fa1767711f3fefadbe8ec6e3a4c952dc4e33be32 Mon Sep 17 00:00:00 2001 From: robg-test <106234256+robg-test@users.noreply.github.com> Date: Thu, 27 Nov 2025 11:13:02 +0000 Subject: [PATCH 3/8] [PRMP-631] Folders wrong --- .../cron-daily-health-check-spinup.yml | 11 - .../cron-daily-health-check-spinup.yml | 269 ------------------ 2 files changed, 280 deletions(-) delete mode 100644 github/workflows/cron-daily-health-check-spinup.yml diff --git a/.github/workflows/cron-daily-health-check-spinup.yml b/.github/workflows/cron-daily-health-check-spinup.yml index 79493b60a..eceeb79d1 100644 --- a/.github/workflows/cron-daily-health-check-spinup.yml +++ b/.github/workflows/cron-daily-health-check-spinup.yml @@ -186,17 +186,6 @@ jobs: secrets: AWS_ASSUME_ROLE: ${{ secrets.AWS_ASSUME_ROLE }} - destroy_test_environment: - if: always() - name: Destroy Sandbox (ndrd) - needs: ["set_workspace", "deploy_ui", "deploy_lambdas"] - uses: ./.github/workflows/tear-down-sandbox.yml - with: - git_ref: main - sandbox_name: ${{ needs.set_workspace.outputs.workspace }} - environment: development - secrets: inherit - notify-slack: name: Notify Slack on Failure runs-on: ubuntu-latest diff --git a/github/workflows/cron-daily-health-check-spinup.yml b/github/workflows/cron-daily-health-check-spinup.yml deleted file mode 100644 index eceeb79d1..000000000 --- a/github/workflows/cron-daily-health-check-spinup.yml +++ /dev/null @@ -1,269 +0,0 @@ -name: "Z-CRON: Daily health check - Spinup" - -on: - schedule: - - cron: 30 4 * * 1-5 - -permissions: - actions: read # Required for anchore/sbom-action - contents: write # Required for anchore/sbom-action - pull-requests: write - id-token: write - -jobs: - set_workspace: - name: Set Workspace (ndrd) - runs-on: ubuntu-latest - outputs: - workspace: ${{ steps.set-output.outputs.workspace }} - steps: - - name: Set Output - id: set-output - run: echo 'workspace=ndrd' >> $GITHUB_OUTPUT - - terraform_plan_apply: - name: Terraform Plan/Apply (ndrd) - runs-on: ubuntu-latest - environment: development - needs: ["set_workspace"] - steps: - - name: Checkout - uses: actions/checkout@v5 - with: - ref: main - - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v5 - with: - role-to-assume: ${{ secrets.AWS_ASSUME_ROLE }} - role-skip-session-tagging: true - aws-region: ${{ vars.AWS_REGION }} - mask-aws-account-id: true - - - name: Setup Terraform - uses: hashicorp/setup-terraform@v3 - with: - terraform_version: 1.13.3 - terraform_wrapper: false - - - name: Initialise Terraform - id: init - run: terraform init -backend-config=backend.conf - working-directory: ./infrastructure - shell: bash - - - name: Select Terraform Workspace - id: workspace - run: terraform workspace select -or-create ${{ needs.set_workspace.outputs.workspace }} - working-directory: ./infrastructure - shell: bash - - - name: Check Terraform Formatting - run: terraform fmt -check - working-directory: ./infrastructure - - - name: Run Terraform Plan - id: plan - run: | - terraform plan -input=false -no-color -var-file="${{vars.TF_VARS_FILE}}" -out tf.plan - working-directory: ./infrastructure - shell: bash - - - name: Run Terraform Apply - run: terraform apply -auto-approve -input=false tf.plan - working-directory: ./infrastructure - - run_lambda_unit_tests: - name: Run Lambda Unit Tests - uses: NHSDigital/national-document-repository/.github/workflows/base-lambdas-reusable-test.yml@main - with: - python_version: "3.11" - build_branch: main - - run_ui_unit_tests: - name: Run UI Unit Tests - uses: NHSDigital/national-document-repository/.github/workflows/base-vitest-test.yml@main - with: - build_branch: main - - run_cypress_tests: - name: Run Cypress Tests - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v5 - with: - repository: NHSDigital/national-document-repository - - - name: npm install - run: npm install --legacy-peer-deps - working-directory: ./app - - - name: Configure React Environment Vars - env: - ENDPOINT_DOC_STORE_API: http://localhost:3000 - AWS_REGION: test region - OIDC_PROVIDER_ID: not provided yet - IDENTITY_PROVIDER_POOL_ID: not provided yet - MONITOR_ACCOUNT_ID: not provided yet - BUILD_ENV: development - IMAGE_VERSION: "not-required" - run: | - ./react-environment-config.sh - working-directory: ./app - - - name: Cypress Build - uses: cypress-io/github-action@v6 - with: - install: false - runTests: false - build: npm run build - working-directory: ./app - - - name: npm install serve -g - run: npm install serve -g - - - name: Run Cypress Tests (Chrome) - uses: cypress-io/github-action@v6 - with: - install: false - start: serve -s dist - browser: chrome - working-directory: ./app - env: - CYPRESS_BASE_URL: http://localhost:3000 - CYPRESS_grepTags: "regression" - - - name: Upload Artifacts (Screenshots) - uses: actions/upload-artifact@v4 - if: failure() - with: - name: cypress-screenshots-chrome - path: /home/runner/work/national-document-repository/national-document-repository/app/cypress/screenshots - if-no-files-found: ignore - - - name: Upload Artifacts (Videos) - uses: actions/upload-artifact@v4 - if: failure() - with: - name: cypress-videos-chrome - path: /home/runner/work/national-document-repository/national-document-repository/app/cypress/videos - if-no-files-found: ignore - - publish_lambda_layers: - name: Publish Lambda Layers - needs: ["set_workspace", "terraform_plan_apply"] - uses: NHSDigital/national-document-repository/.github/workflows/base-lambda-layer-reusable-publish-all.yml@main - with: - build_branch: main - sandbox: ${{ needs.set_workspace.outputs.workspace }} - environment: development - python_version: "3.11" - secrets: - AWS_ASSUME_ROLE: ${{ secrets.AWS_ASSUME_ROLE }} - - deploy_lambdas: - name: Deploy Lambdas - uses: NHSDigital/national-document-repository/.github/workflows/base-lambdas-reusable-deploy-all.yml@main - needs: ["set_workspace", "publish_lambda_layers"] - with: - build_branch: main - sandbox: ${{ needs.set_workspace.outputs.workspace }} - environment: development - python_version: "3.11" - is_sandbox: true - secrets: - AWS_ASSUME_ROLE: ${{ secrets.AWS_ASSUME_ROLE }} - - deploy_ui: - name: Deploy UI - uses: NHSDigital/national-document-repository/.github/workflows/base-deploy-ui.yml@main - needs: ["terraform_plan_apply", "set_workspace"] - with: - build_branch: main - sandbox: ${{ needs.set_workspace.outputs.workspace }} - environment: development - secrets: - AWS_ASSUME_ROLE: ${{ secrets.AWS_ASSUME_ROLE }} - - notify-slack: - name: Notify Slack on Failure - runs-on: ubuntu-latest - environment: development - needs: - [ - terraform_plan_apply, - run_lambda_unit_tests, - run_ui_unit_tests, - run_cypress_tests, - publish_lambda_layers, - deploy_lambdas, - deploy_ui, - ] - if: failure() - steps: - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v5 - with: - role-to-assume: ${{ secrets.AWS_ASSUME_ROLE }} - role-skip-session-tagging: true - aws-region: ${{ vars.AWS_REGION }} - mask-aws-account-id: true - - - name: Get slack bot token from SSM parameter store - run: | - slack_bot_token=$(aws ssm get-parameter --name "/ndr/alerting/slack/bot_token" --with-decryption --query "Parameter.Value" --output text) - echo "::add-mask::$slack_bot_token" - echo "SLACK_BOT_TOKEN=$slack_bot_token" >> $GITHUB_ENV - - - name: Send Slack Notification - uses: slackapi/slack-github-action@v2.1.1 - with: - method: chat.postMessage - token: ${{ env.SLACK_BOT_TOKEN }} - payload: | - { - "channel": "${{ vars.ALERTS_SLACK_CHANNEL_ID }}", - "attachments": [ - { - "color": "#ff0000", - "blocks": [ - { - "type": "header", - "text": { - "type": "plain_text", - "text": "❌ Workflow `${{ github.workflow }}` failed" - } - }, - { - "type": "section", - "text": { - "type": "mrkdwn", - "text": "*Triggered by:* `Scheduled Job`\n*Workflow:* <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|${{ github.workflow }}>" - } - }, - { - "type": "divider" - }, - { - "type": "section", - "fields": [ - { "type": "mrkdwn", "text": "*terraform_plan_apply:* ${{ needs.terraform_plan_apply.result == 'success' && ':white_check_mark:' || ':x:' }}" }, - { "type": "mrkdwn", "text": "*run_lambda_unit_tests:* ${{ needs.run_lambda_unit_tests.result == 'success' && ':white_check_mark:' || ':x:' }}" }, - { "type": "mrkdwn", "text": "*run_ui_unit_tests:* ${{ needs.run_ui_unit_tests.result == 'success' && ':white_check_mark:' || ':x:' }}" }, - { "type": "mrkdwn", "text": "*run_cypress_tests:* ${{ needs.run_cypress_tests.result == 'success' && ':white_check_mark:' || ':x:' }}" }, - { "type": "mrkdwn", "text": "*publish_lambda_layers:* ${{ needs.publish_lambda_layers.result == 'success' && ':white_check_mark:' || ':x:' }}" }, - { "type": "mrkdwn", "text": "*deploy_lambdas:* ${{ needs.deploy_lambdas.result == 'success' && ':white_check_mark:' || ':x:' }}" }, - { "type": "mrkdwn", "text": "*deploy_ui:* ${{ needs.deploy_ui.result == 'success' && ':white_check_mark:' || ':x:' }}" } - ] - }, - { - "type": "context", - "elements": [ - { "type": "mrkdwn", "text": "Environment: `development` | Sandbox: `${{ needs.set_workspace.outputs.workspace }}`" } - ] - } - ] - } - ] - } From 15f5214313bf72c1628e02024b27942c33d2f7c9 Mon Sep 17 00:00:00 2001 From: robg-test <106234256+robg-test@users.noreply.github.com> Date: Mon, 1 Dec 2025 11:44:03 +0000 Subject: [PATCH 4/8] [PRMP-631] Test --- .github/workflows/cron-daily-health-check-spinup.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/cron-daily-health-check-spinup.yml b/.github/workflows/cron-daily-health-check-spinup.yml index eceeb79d1..71ac3d4a1 100644 --- a/.github/workflows/cron-daily-health-check-spinup.yml +++ b/.github/workflows/cron-daily-health-check-spinup.yml @@ -1,6 +1,9 @@ name: "Z-CRON: Daily health check - Spinup" on: + push: + branches: + - PRMP-631 schedule: - cron: 30 4 * * 1-5 From 39578069be47cd578314b56f6cc5c11c8b87fc26 Mon Sep 17 00:00:00 2001 From: robg-test <106234256+robg-test@users.noreply.github.com> Date: Mon, 1 Dec 2025 12:51:27 +0000 Subject: [PATCH 5/8] [PRMP-631] Run teardown --- .github/workflows/cron-daily-health-check-spinup.yml | 3 --- .github/workflows/cron-daily-health-check-teardown.yml | 3 +++ 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/cron-daily-health-check-spinup.yml b/.github/workflows/cron-daily-health-check-spinup.yml index 71ac3d4a1..eceeb79d1 100644 --- a/.github/workflows/cron-daily-health-check-spinup.yml +++ b/.github/workflows/cron-daily-health-check-spinup.yml @@ -1,9 +1,6 @@ name: "Z-CRON: Daily health check - Spinup" on: - push: - branches: - - PRMP-631 schedule: - cron: 30 4 * * 1-5 diff --git a/.github/workflows/cron-daily-health-check-teardown.yml b/.github/workflows/cron-daily-health-check-teardown.yml index 7b40e03c0..9b5376acb 100644 --- a/.github/workflows/cron-daily-health-check-teardown.yml +++ b/.github/workflows/cron-daily-health-check-teardown.yml @@ -1,6 +1,9 @@ name: "Z-CRON: Daily health check - Teardown" on: + push: + branches: + - PRMP-631 schedule: - cron: 30 6 * * 1-5 From 9c77661a518c8ab23e59d78495832ba4bd59e2ab Mon Sep 17 00:00:00 2001 From: robg-test <106234256+robg-test@users.noreply.github.com> Date: Mon, 1 Dec 2025 12:52:22 +0000 Subject: [PATCH 6/8] [PRMP-631] Fix dependencies --- .github/workflows/cron-daily-health-check-teardown.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cron-daily-health-check-teardown.yml b/.github/workflows/cron-daily-health-check-teardown.yml index 9b5376acb..5c0bcfe5a 100644 --- a/.github/workflows/cron-daily-health-check-teardown.yml +++ b/.github/workflows/cron-daily-health-check-teardown.yml @@ -26,7 +26,7 @@ jobs: destroy_test_environment: name: Destroy Sandbox (ndrd) - needs: ["set_workspace", "deploy_ui", "deploy_lambdas"] + needs: ["set_workspace"] uses: ./.github/workflows/tear-down-sandbox.yml with: git_ref: main From 6acf536554c610bb9795245cccf168808a894095 Mon Sep 17 00:00:00 2001 From: robg-test <106234256+robg-test@users.noreply.github.com> Date: Mon, 1 Dec 2025 14:10:48 +0000 Subject: [PATCH 7/8] [PRMP-631] Remove on push deployment --- .github/workflows/cron-daily-health-check-teardown.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/cron-daily-health-check-teardown.yml b/.github/workflows/cron-daily-health-check-teardown.yml index 5c0bcfe5a..e77fb78f9 100644 --- a/.github/workflows/cron-daily-health-check-teardown.yml +++ b/.github/workflows/cron-daily-health-check-teardown.yml @@ -1,9 +1,6 @@ name: "Z-CRON: Daily health check - Teardown" on: - push: - branches: - - PRMP-631 schedule: - cron: 30 6 * * 1-5 From b8b0aa75b8cfebb28287b23bef99af48f67258f6 Mon Sep 17 00:00:00 2001 From: robg-test <106234256+robg-test@users.noreply.github.com> Date: Mon, 1 Dec 2025 15:48:43 +0000 Subject: [PATCH 8/8] [PRMP-631] Ready for testing --- .github/workflows/cron-daily-health-check-spinup.yml | 12 ++++++++++++ .github/workflows/cron-tear-down-sandbox.yml | 2 +- ...-teardown.yml => daily-health-check-teardown.yml} | 5 ++--- 3 files changed, 15 insertions(+), 4 deletions(-) rename .github/workflows/{cron-daily-health-check-teardown.yml => daily-health-check-teardown.yml} (98%) diff --git a/.github/workflows/cron-daily-health-check-spinup.yml b/.github/workflows/cron-daily-health-check-spinup.yml index eceeb79d1..ec2cd0505 100644 --- a/.github/workflows/cron-daily-health-check-spinup.yml +++ b/.github/workflows/cron-daily-health-check-spinup.yml @@ -186,6 +186,17 @@ jobs: secrets: AWS_ASSUME_ROLE: ${{ secrets.AWS_ASSUME_ROLE }} + bulk_upload: + name: Run Bulk Upload + uses: NHSDigital/national-document-repository/.github/workflows/daily-health-check-run-bulk-upload.yml@PRMP-631 + needs: ["terraform_plan_apply", "set_workspace", "deploy_lambdas"] + with: + build_branch: PRMP-631 + sandbox: ${{ needs.set_workspace.outputs.workspace }} + environment: development + secrets: + AWS_ASSUME_ROLE: ${{ secrets.AWS_ASSUME_ROLE }} + notify-slack: name: Notify Slack on Failure runs-on: ubuntu-latest @@ -199,6 +210,7 @@ jobs: publish_lambda_layers, deploy_lambdas, deploy_ui, + bulk_upload, ] if: failure() steps: diff --git a/.github/workflows/cron-tear-down-sandbox.yml b/.github/workflows/cron-tear-down-sandbox.yml index 90bbed306..6577c782e 100644 --- a/.github/workflows/cron-tear-down-sandbox.yml +++ b/.github/workflows/cron-tear-down-sandbox.yml @@ -1,4 +1,4 @@ -name: 'Z-CRON: Tear down - Sandboxes' +name: "Z-CRON: Tear down - Sandboxes" on: schedule: diff --git a/.github/workflows/cron-daily-health-check-teardown.yml b/.github/workflows/daily-health-check-teardown.yml similarity index 98% rename from .github/workflows/cron-daily-health-check-teardown.yml rename to .github/workflows/daily-health-check-teardown.yml index e77fb78f9..8f12ffe2d 100644 --- a/.github/workflows/cron-daily-health-check-teardown.yml +++ b/.github/workflows/daily-health-check-teardown.yml @@ -1,8 +1,7 @@ -name: "Z-CRON: Daily health check - Teardown" +name: "Z-AUTOMATED: Daily health check - Teardown" on: - schedule: - - cron: 30 6 * * 1-5 + workflow_call: permissions: actions: read # Required for anchore/sbom-action