From 48d29476107a09ae6a1a5e335bc27eb986d1c4d9 Mon Sep 17 00:00:00 2001
From: jameslinnell <jimlinnell@gmail.com>
Date: Mon, 22 Dec 2025 16:24:50 +0000
Subject: [PATCH 1/8] [NDR-318] Build a sandbox and deploy from the cli

---
 Makefile                            |  11 +-
 scripts/build_and_deploy_sandbox.sh | 183 ++++++++++++++++++++++++++++
 2 files changed, 193 insertions(+), 1 deletion(-)
 create mode 100755 scripts/build_and_deploy_sandbox.sh

diff --git a/Makefile b/Makefile
index 4400570e9b..a6315ea233 100644
--- a/Makefile
+++ b/Makefile
@@ -18,7 +18,7 @@ ZIP_BASE_PATH = ./$(LAMBDAS_BUILD_PATH)/$(lambda_name)/tmp
 ZIP_COMMON_FILES = lambdas/utils lambdas/models lambdas/services lambdas/repositories lambdas/enums lambdas/scripts
 CONTAINER ?= false
 
-.PHONY: install clean help format list requirements ruff
+.PHONY: install clean help format list requirements ruff build-and-deploy-sandbox
 
 default: help
 
@@ -68,6 +68,15 @@ check-packages:
 	./lambdas/venv/bin/pip-audit -r $(REPORTS_REQUIREMENTS)
 	./lambdas/venv/bin/pip-audit -r $(ALERTING_REQUIREMENTS)
 
+build-and-deploy-sandbox: ## Build a sandbox and deploy code. If no SANDBOX_NAME is provided it will use your current branch as the name. All options are optional. It will default to building and deploying using 'main', You can skip building infrastructure by BUILD_INFRA=false. Usage: make build-and-deploy-sandbox SANDBOX_NAME=<sandbox_name> NDRI_WORKFLOW_BRANCH=<branch> NDRI_BRANCH=<branch> NDR_WORKFLOW_BRANCH=<branch> NDR_BRANCH=<branch> BUILD_INFRA=<true|false>
+	@./scripts/build_and_deploy_sandbox.sh \
+		$(if $(NDRI_WORKFLOW_BRANCH),--ndri_workflow_branch=$(NDRI_WORKFLOW_BRANCH)) \
+		$(if $(NDRI_BRANCH),--ndri_branch=$(NDRI_BRANCH)) \
+		$(if $(NDR_WORKFLOW_BRANCH),--ndr_workflow_branch=$(NDR_WORKFLOW_BRANCH)) \
+		$(if $(NDR_BRANCH),--ndr_branch=$(NDR_BRANCH)) \
+		$(if $(SANDBOX_NAME),--sandbox_name=$(SANDBOX_NAME)) \
+		$(if $(BUILD_INFRA),--build_infra=$(BUILD_INFRA))
+
 download-api-certs: ## Downloads mTLS certificates (use with dev envs only). Usage: make download-api-certs WORKSPACE=<workspace>
 	rm -rf ./lambdas/mtls_env_certs/$(WORKSPACE)
 	./scripts/aws/download-api-certs.sh $(WORKSPACE)
diff --git a/scripts/build_and_deploy_sandbox.sh b/scripts/build_and_deploy_sandbox.sh
new file mode 100755
index 0000000000..b8ae5f4773
--- /dev/null
+++ b/scripts/build_and_deploy_sandbox.sh
@@ -0,0 +1,183 @@
+#!/bin/bash
+set -euo pipefail
+
+NDR_DIRECTORY="$HOME/Documents/national-document-repository"
+NDRI_DIRECTORY="$HOME/Documents/national-document-repository-infrastructure"
+
+CONFIG_FILE="$HOME/.ndr_config"
+if [[ -f "$CONFIG_FILE" ]]; then
+  source "$CONFIG_FILE"
+fi
+
+# Initialize variables to track options
+BUILD_INFRA=true
+NDRI_BRANCH="main"
+NDRI_WORKFLOW_BRANCH="main"
+NDRI_WORKFLOW_FILE="deploy-sandbox.yml"
+NDR_BRANCH="main"
+NDR_WORKFLOW_BRANCH="main"
+NDR_WORKFLOW_FILE="lambdas-deploy-feature-to-sandbox.yml"
+SANDBOX_NAME=""
+START_TIME="$(date -u +"%Y-%m-%dT%H:%M:%SZ")"
+
+# Parse arguments
+for arg in "$@"; do
+  case $arg in
+  --ndri_workflow_branch=*)
+    NDRI_WORKFLOW_BRANCH="${arg#*=}"
+    ;;
+  --ndri_branch=*)
+    NDRI_BRANCH="${arg#*=}"
+    ;;
+  --ndr_workflow_branch=*)
+    NDR_WORKFLOW_BRANCH="${arg#*=}"
+    ;;
+  --ndr_branch=*)
+    NDR_BRANCH="${arg#*=}"
+    ;;
+  --sandbox_name=*)
+    SANDBOX_NAME="${arg#*=}"
+    ;;
+  --build_infra=*)
+    BUILD_INFRA="${arg#*=}"
+    ;;
+  *)
+    echo "Unknown argument: $arg"
+    echo "Usage: $0 [--ndri_workflow_branch=<branch>] [--ndri_branch=<branch>] [--ndr_branch=<branch>] [--ndr_workflow_branch=<branch>] [--sandbox_name=<sandbox_name>] [--build_infra=<boolean>]"
+    exit 1
+    ;;
+  esac
+done
+
+if [[ -z "$SANDBOX_NAME" ]]; then
+  branch=$(git rev-parse --abbrev-ref HEAD)
+  branch=$(echo "$branch" | sed 's/[^a-zA-Z0-9]//g')
+  branch="${branch,,}"
+  SANDBOX_NAME="$branch"
+fi
+
+case "$SANDBOX_NAME" in
+main | dev | ndr-dev | ndr-test | pre-prod | prod)
+  echo "Error: sandbox_name '$SANDBOX_NAME' is not allowed."
+  echo "Refusing to run against protected environments (main, dev, ndr-dev)."
+  exit 1
+  ;;
+esac
+
+if [[ "$BUILD_INFRA" == "true" ]]; then
+  echo "🏗️ Running infra build"
+  cd "$NDRI_DIRECTORY"
+  echo "🔁 Triggering workflow '$NDRI_WORKFLOW_FILE' from '$NDRI_WORKFLOW_BRANCH' with branch '$NDRI_BRANCH' to '$SANDBOX_NAME'..."
+  # Trigger the workflow and capture the run ID
+  gh workflow run "$NDRI_WORKFLOW_FILE" --ref "$NDRI_WORKFLOW_BRANCH" --field git_ref="$NDRI_BRANCH" --field sandbox_name="$SANDBOX_NAME"
+
+  for i in {1..10}; do
+    run_id=$(
+      gh run list \
+        --workflow "$NDRI_WORKFLOW_FILE" \
+        --event workflow_dispatch \
+        --json status,databaseId,createdAt,displayTitle \
+        --jq ".[]
+            | select(.displayTitle == \"$NDRI_WORKFLOW_BRANCH | $SANDBOX_NAME\")
+            | select(.createdAt >= \"$START_TIME\")
+            | select(.status == \"queued\" or .status == \"in_progress\")
+            | .databaseId" |
+        head -n1
+    )
+
+    [[ -n "$run_id" ]] && break
+    sleep 1
+  done
+
+  if [[ -z "$run_id" ]]; then
+    echo "❌ Could not find a workflow run to monitor."
+    exit 1
+  fi
+
+  echo "✅ Workflow triggered successfully (run ID: $run_id)"
+  echo "⏳ Monitoring workflow progress..."
+
+  while true; do
+    status=$(gh run view "$run_id" --json status,conclusion -q '.status')
+    conclusion=$(gh run view "$run_id" --json status,conclusion -q '.conclusion')
+
+    case "$status" in
+    queued)
+      echo "🕐 Workflow queued..."
+      ;;
+    in_progress)
+      echo "🏃 Workflow in progress..."
+      ;;
+    completed)
+      if [[ "$conclusion" == "success" ]]; then
+        echo "✅ Workflow completed successfully."
+        break
+      else
+        echo "❌ Workflow failed with conclusion: $conclusion"
+        exit 1
+      fi
+      ;;
+    esac
+
+    sleep 10
+  done
+else
+  echo "🏃 Skipping infra build"
+fi
+
+echo "🏗️ Running Lambda deploy"
+cd "$NDR_DIRECTORY"
+echo "🔁 Triggering workflow '$NDR_WORKFLOW_FILE' from '$NDR_WORKFLOW_BRANCH' with branch '$NDR_BRANCH' to '$SANDBOX_NAME'..."
+# Trigger the workflow and capture the run ID
+gh workflow run "$NDR_WORKFLOW_FILE" --ref "$NDR_WORKFLOW_BRANCH" --field build_branch="$NDR_BRANCH" --field sandbox="$SANDBOX_NAME" --field environment="development"
+
+for i in {1..10}; do
+  lambda_run_id=$(
+    gh run list \
+      --workflow "$NDR_WORKFLOW_FILE" \
+      --event workflow_dispatch \
+      --json status,databaseId,createdAt,displayTitle \
+      --jq ".[]
+          | select(.displayTitle == \"$NDR_WORKFLOW_BRANCH | $SANDBOX_NAME | development | true\")
+          | select(.createdAt >= \"$START_TIME\")
+          | select(.status == \"queued\" or .status == \"in_progress\")
+          | .databaseId" |
+      head -n1
+  )
+
+  [[ -n "$lambda_run_id" ]] && break
+  sleep 1
+done
+
+if [[ -z "$lambda_run_id" ]]; then
+  echo "❌ Could not find a workflow run to monitor."
+  exit 1
+fi
+
+echo "✅ Workflow triggered successfully (run ID: $lambda_run_id)"
+echo "⏳ Monitoring workflow progress..."
+
+while true; do
+  status=$(gh run view "$lambda_run_id" --json status,conclusion -q '.status')
+  conclusion=$(gh run view "$lambda_run_id" --json status,conclusion -q '.conclusion')
+
+  case "$status" in
+  queued)
+    echo "🕐 Workflow queued..."
+    ;;
+  in_progress)
+    echo "🏃 Workflow in progress..."
+    ;;
+  completed)
+    if [[ "$conclusion" == "success" ]]; then
+      echo "✅ Workflow completed successfully."
+      break
+    else
+      echo "❌ Workflow failed with conclusion: $conclusion"
+      exit 1
+    fi
+    ;;
+  esac
+
+  sleep 10
+done

From 756686ca405c7ee59d0fb363fa840d8675b9ba4e Mon Sep 17 00:00:00 2001
From: jameslinnell <jimlinnell@gmail.com>
Date: Mon, 22 Dec 2025 17:11:15 +0000
Subject: [PATCH 2/8] [NDR-318] progress spinner

---
 scripts/build_and_deploy_sandbox.sh | 82 ++++++++++++++++++++---------
 1 file changed, 57 insertions(+), 25 deletions(-)

diff --git a/scripts/build_and_deploy_sandbox.sh b/scripts/build_and_deploy_sandbox.sh
index b8ae5f4773..eba27b4829 100755
--- a/scripts/build_and_deploy_sandbox.sh
+++ b/scripts/build_and_deploy_sandbox.sh
@@ -20,6 +20,12 @@ NDR_WORKFLOW_FILE="lambdas-deploy-feature-to-sandbox.yml"
 SANDBOX_NAME=""
 START_TIME="$(date -u +"%Y-%m-%dT%H:%M:%SZ")"
 
+spinner=(⠋ ⠙ ⠹ ⠸ ⠼ ⠴ ⠦ ⠧ ⠇ ⠏)
+spin_i=0
+poll_interval=10
+spin_interval=0.15
+last_poll=0
+
 # Parse arguments
 for arg in "$@"; do
   case $arg in
@@ -65,11 +71,11 @@ main | dev | ndr-dev | ndr-test | pre-prod | prod)
 esac
 
 if [[ "$BUILD_INFRA" == "true" ]]; then
-  echo "🏗️ Running infra build"
+  echo "🏗️ Running infrastructure build"
   cd "$NDRI_DIRECTORY"
-  echo "🔁 Triggering workflow '$NDRI_WORKFLOW_FILE' from '$NDRI_WORKFLOW_BRANCH' with branch '$NDRI_BRANCH' to '$SANDBOX_NAME'..."
+  echo "🔁 Triggering infrastructure workflow '$NDRI_WORKFLOW_FILE' from '$NDRI_WORKFLOW_BRANCH' with branch '$NDRI_BRANCH' to '$SANDBOX_NAME'..."
   # Trigger the workflow and capture the run ID
-  gh workflow run "$NDRI_WORKFLOW_FILE" --ref "$NDRI_WORKFLOW_BRANCH" --field git_ref="$NDRI_BRANCH" --field sandbox_name="$SANDBOX_NAME"
+  gh workflow run "$NDRI_WORKFLOW_FILE" --ref "$NDRI_WORKFLOW_BRANCH" --field git_ref="$NDRI_BRANCH" --field sandbox_name="$SANDBOX_NAME" >/dev/null
 
   for i in {1..10}; do
     run_id=$(
@@ -97,39 +103,52 @@ if [[ "$BUILD_INFRA" == "true" ]]; then
   echo "✅ Workflow triggered successfully (run ID: $run_id)"
   echo "⏳ Monitoring workflow progress..."
 
+  printf "\n"
+
   while true; do
-    status=$(gh run view "$run_id" --json status,conclusion -q '.status')
-    conclusion=$(gh run view "$run_id" --json status,conclusion -q '.conclusion')
+    now=$(date +%s)
+
+    # Poll GitHub only every $poll_interval seconds
+    if ((now - last_poll >= poll_interval)); then
+      read -r status conclusion < <(
+        gh run view "$run_id" --json status,conclusion \
+          -q '.status + " " + (.conclusion // "")'
+      )
+      last_poll=$now
+    fi
 
     case "$status" in
     queued)
-      echo "🕐 Workflow queued..."
+      printf "\r🕐 Deploy - Sandbox workflow queued... %s" "${spinner[spin_i++ % ${#spinner[@]}]}"
       ;;
     in_progress)
-      echo "🏃 Workflow in progress..."
+      printf "\r🏃 Deploy - Sandbox workflow is in progress... %s" "${spinner[spin_i++ % ${#spinner[@]}]}"
       ;;
     completed)
+      printf "\r\033[K"
       if [[ "$conclusion" == "success" ]]; then
-        echo "✅ Workflow completed successfully."
+        echo "✅ Deploy - Sandbox workflow completed successfully."
+        printf "\n"
         break
       else
-        echo "❌ Workflow failed with conclusion: $conclusion"
+        echo "❌ Deploy - Sandbox workflow failed with conclusion: $conclusion"
+        printf "\n"
         exit 1
       fi
       ;;
     esac
 
-    sleep 10
+    sleep "$spin_interval"
   done
 else
-  echo "🏃 Skipping infra build"
+  echo "🏃 Skipping infrastructure build"
 fi
 
-echo "🏗️ Running Lambda deploy"
+echo "🏗️ Running Lambda deployment"
 cd "$NDR_DIRECTORY"
-echo "🔁 Triggering workflow '$NDR_WORKFLOW_FILE' from '$NDR_WORKFLOW_BRANCH' with branch '$NDR_BRANCH' to '$SANDBOX_NAME'..."
+echo "🔁 Triggering Deploy lambdas to Sandbox workflow '$NDR_WORKFLOW_FILE' from '$NDR_WORKFLOW_BRANCH' with branch '$NDR_BRANCH' to '$SANDBOX_NAME'..."
 # Trigger the workflow and capture the run ID
-gh workflow run "$NDR_WORKFLOW_FILE" --ref "$NDR_WORKFLOW_BRANCH" --field build_branch="$NDR_BRANCH" --field sandbox="$SANDBOX_NAME" --field environment="development"
+gh workflow run "$NDR_WORKFLOW_FILE" --ref "$NDR_WORKFLOW_BRANCH" --field build_branch="$NDR_BRANCH" --field sandbox="$SANDBOX_NAME" --field environment="development" >/dev/null
 
 for i in {1..10}; do
   lambda_run_id=$(
@@ -138,7 +157,7 @@ for i in {1..10}; do
       --event workflow_dispatch \
       --json status,databaseId,createdAt,displayTitle \
       --jq ".[]
-          | select(.displayTitle == \"$NDR_WORKFLOW_BRANCH | $SANDBOX_NAME | development | true\")
+          | select(.displayTitle == \"$NDR_BRANCH | $SANDBOX_NAME | development | true\")
           | select(.createdAt >= \"$START_TIME\")
           | select(.status == \"queued\" or .status == \"in_progress\")
           | .databaseId" |
@@ -150,34 +169,47 @@ for i in {1..10}; do
 done
 
 if [[ -z "$lambda_run_id" ]]; then
-  echo "❌ Could not find a workflow run to monitor."
+  echo "❌ Could not find a Deploy lambdas to Sandbox workflow run to monitor."
   exit 1
 fi
 
-echo "✅ Workflow triggered successfully (run ID: $lambda_run_id)"
-echo "⏳ Monitoring workflow progress..."
+echo "✅ Deploy lambdas to Sandbox workflow triggered successfully (run ID: $lambda_run_id)"
+echo "⏳ Monitoring Deploy lambdas to Sandbox workflow progress..."
+
+spin_i=0
+last_poll=0
+printf "\n"
 
 while true; do
-  status=$(gh run view "$lambda_run_id" --json status,conclusion -q '.status')
-  conclusion=$(gh run view "$lambda_run_id" --json status,conclusion -q '.conclusion')
+  now=$(date +%s)
+
+  # Poll GitHub only every $poll_interval seconds
+  if ((now - last_poll >= poll_interval)); then
+    read -r status conclusion < <(
+      gh run view "$lambda_run_id" --json status,conclusion \
+        -q '.status + " " + (.conclusion // "")'
+    )
+    last_poll=$now
+  fi
 
   case "$status" in
   queued)
-    echo "🕐 Workflow queued..."
+    printf "\r🕐 Deploy lambdas to Sandbox workflow queued... %s" "${spinner[spin_i++ % ${#spinner[@]}]}"
     ;;
   in_progress)
-    echo "🏃 Workflow in progress..."
+    printf "\r🏃 Deploy lambdas to Sandbox workflow in progress... %s" "${spinner[spin_i++ % ${#spinner[@]}]}"
     ;;
   completed)
+    printf "\r\033[K"
     if [[ "$conclusion" == "success" ]]; then
-      echo "✅ Workflow completed successfully."
+      echo "✅ Deploy lambdas to Sandbox workflow completed successfully."
       break
     else
-      echo "❌ Workflow failed with conclusion: $conclusion"
+      echo "❌ Deploy lambdas to Sandbox workflow failed with conclusion: $conclusion"
       exit 1
     fi
     ;;
   esac
 
-  sleep 10
+  sleep "$spin_interval"
 done

From c2a306d90bec119d2db40b5e570f5bb73e00c9ab Mon Sep 17 00:00:00 2001
From: jameslinnell <jimlinnell@gmail.com>
Date: Tue, 23 Dec 2025 10:39:56 +0000
Subject: [PATCH 3/8] [NDR-318] NDRI Directory override

---
 Makefile                            |  5 +++--
 scripts/build_and_deploy_sandbox.sh | 16 +++++++---------
 2 files changed, 10 insertions(+), 11 deletions(-)

diff --git a/Makefile b/Makefile
index a6315ea233..111d80ec68 100644
--- a/Makefile
+++ b/Makefile
@@ -68,14 +68,15 @@ check-packages:
 	./lambdas/venv/bin/pip-audit -r $(REPORTS_REQUIREMENTS)
 	./lambdas/venv/bin/pip-audit -r $(ALERTING_REQUIREMENTS)
 
-build-and-deploy-sandbox: ## Build a sandbox and deploy code. If no SANDBOX_NAME is provided it will use your current branch as the name. All options are optional. It will default to building and deploying using 'main', You can skip building infrastructure by BUILD_INFRA=false. Usage: make build-and-deploy-sandbox SANDBOX_NAME=<sandbox_name> NDRI_WORKFLOW_BRANCH=<branch> NDRI_BRANCH=<branch> NDR_WORKFLOW_BRANCH=<branch> NDR_BRANCH=<branch> BUILD_INFRA=<true|false>
+build-and-deploy-sandbox: ## Build a sandbox and deploy code. If no SANDBOX_NAME is provided it will use your current branch as the name. It will default to building and deploying using 'main', You can skip building infrastructure by BUILD_INFRA=false. Usage: make build-and-deploy-sandbox SANDBOX_NAME=<sandbox_name> NDRI_WORKFLOW_BRANCH=<branch> NDRI_BRANCH=<branch> NDR_WORKFLOW_BRANCH=<branch> NDR_BRANCH=<branch> BUILD_INFRA=<true|false> NDRI_DIR_LOC_OVERRIDE=<dir_location>
 	@./scripts/build_and_deploy_sandbox.sh \
 		$(if $(NDRI_WORKFLOW_BRANCH),--ndri_workflow_branch=$(NDRI_WORKFLOW_BRANCH)) \
 		$(if $(NDRI_BRANCH),--ndri_branch=$(NDRI_BRANCH)) \
 		$(if $(NDR_WORKFLOW_BRANCH),--ndr_workflow_branch=$(NDR_WORKFLOW_BRANCH)) \
 		$(if $(NDR_BRANCH),--ndr_branch=$(NDR_BRANCH)) \
 		$(if $(SANDBOX_NAME),--sandbox_name=$(SANDBOX_NAME)) \
-		$(if $(BUILD_INFRA),--build_infra=$(BUILD_INFRA))
+		$(if $(BUILD_INFRA),--build_infra=$(BUILD_INFRA)) \
+		$(if $(NDRI_DIR_LOC_OVERRIDE),--ndri_dir_loc_override=$(NDRI_DIR_LOC_OVERRIDE))
 
 download-api-certs: ## Downloads mTLS certificates (use with dev envs only). Usage: make download-api-certs WORKSPACE=<workspace>
 	rm -rf ./lambdas/mtls_env_certs/$(WORKSPACE)
diff --git a/scripts/build_and_deploy_sandbox.sh b/scripts/build_and_deploy_sandbox.sh
index eba27b4829..b7258462d2 100755
--- a/scripts/build_and_deploy_sandbox.sh
+++ b/scripts/build_and_deploy_sandbox.sh
@@ -1,15 +1,10 @@
 #!/bin/bash
 set -euo pipefail
 
-NDR_DIRECTORY="$HOME/Documents/national-document-repository"
-NDRI_DIRECTORY="$HOME/Documents/national-document-repository-infrastructure"
-
-CONFIG_FILE="$HOME/.ndr_config"
-if [[ -f "$CONFIG_FILE" ]]; then
-  source "$CONFIG_FILE"
-fi
-
 # Initialize variables to track options
+NDR_DIRECTORY="$(pwd)"
+PARENT_DIR="$(dirname "$NDR_DIRECTORY")"
+NDRI_DIRECTORY="$PARENT_DIR/national-document-repository-infrastructure"
 BUILD_INFRA=true
 NDRI_BRANCH="main"
 NDRI_WORKFLOW_BRANCH="main"
@@ -47,9 +42,12 @@ for arg in "$@"; do
   --build_infra=*)
     BUILD_INFRA="${arg#*=}"
     ;;
+  --ndri_dir_loc_override=*)
+    NDRI_DIRECTORY="${arg#*=}"
+    ;;
   *)
     echo "Unknown argument: $arg"
-    echo "Usage: $0 [--ndri_workflow_branch=<branch>] [--ndri_branch=<branch>] [--ndr_branch=<branch>] [--ndr_workflow_branch=<branch>] [--sandbox_name=<sandbox_name>] [--build_infra=<boolean>]"
+    echo "Usage: $0 [--ndri_workflow_branch=<branch>] [--ndri_branch=<branch>] [--ndr_branch=<branch>] [--ndr_workflow_branch=<branch>] [--sandbox_name=<sandbox_name>] [--build_infra=<true|false>]  [--ndri_dir_loc_override=<absolute_path>]"
     exit 1
     ;;
   esac

From aa6dd0ebb7d25e42858918e9a3fbe6e5f1df6201 Mon Sep 17 00:00:00 2001
From: jameslinnell <jimlinnell@gmail.com>
Date: Tue, 23 Dec 2025 10:49:32 +0000
Subject: [PATCH 4/8] [NDR-318] Add Full deploy option.

---
 Makefile                            |  1 +
 scripts/build_and_deploy_sandbox.sh | 32 +++++++++++++++++++----------
 2 files changed, 22 insertions(+), 11 deletions(-)

diff --git a/Makefile b/Makefile
index 111d80ec68..11013a969c 100644
--- a/Makefile
+++ b/Makefile
@@ -76,6 +76,7 @@ build-and-deploy-sandbox: ## Build a sandbox and deploy code. If no SANDBOX_NAME
 		$(if $(NDR_BRANCH),--ndr_branch=$(NDR_BRANCH)) \
 		$(if $(SANDBOX_NAME),--sandbox_name=$(SANDBOX_NAME)) \
 		$(if $(BUILD_INFRA),--build_infra=$(BUILD_INFRA)) \
+		$(if $(FULL_DEPLOY),--full_deploy=$(FULL_DEPLOY)) \
 		$(if $(NDRI_DIR_LOC_OVERRIDE),--ndri_dir_loc_override=$(NDRI_DIR_LOC_OVERRIDE))
 
 download-api-certs: ## Downloads mTLS certificates (use with dev envs only). Usage: make download-api-certs WORKSPACE=<workspace>
diff --git a/scripts/build_and_deploy_sandbox.sh b/scripts/build_and_deploy_sandbox.sh
index b7258462d2..2ae24ba1e9 100755
--- a/scripts/build_and_deploy_sandbox.sh
+++ b/scripts/build_and_deploy_sandbox.sh
@@ -12,6 +12,8 @@ NDRI_WORKFLOW_FILE="deploy-sandbox.yml"
 NDR_BRANCH="main"
 NDR_WORKFLOW_BRANCH="main"
 NDR_WORKFLOW_FILE="lambdas-deploy-feature-to-sandbox.yml"
+NDR_WORKFLOW_FILE_FULL="full-deploy-to-sandbox.yml"
+FULL_DEPLOY=false
 SANDBOX_NAME=""
 START_TIME="$(date -u +"%Y-%m-%dT%H:%M:%SZ")"
 
@@ -42,6 +44,9 @@ for arg in "$@"; do
   --build_infra=*)
     BUILD_INFRA="${arg#*=}"
     ;;
+  --full_deploy=*)
+    FULL_DEPLOY="${arg#*=}"
+    ;;
   --ndri_dir_loc_override=*)
     NDRI_DIRECTORY="${arg#*=}"
     ;;
@@ -144,10 +149,15 @@ fi
 
 echo "🏗️ Running Lambda deployment"
 cd "$NDR_DIRECTORY"
-echo "🔁 Triggering Deploy lambdas to Sandbox workflow '$NDR_WORKFLOW_FILE' from '$NDR_WORKFLOW_BRANCH' with branch '$NDR_BRANCH' to '$SANDBOX_NAME'..."
-# Trigger the workflow and capture the run ID
-gh workflow run "$NDR_WORKFLOW_FILE" --ref "$NDR_WORKFLOW_BRANCH" --field build_branch="$NDR_BRANCH" --field sandbox="$SANDBOX_NAME" --field environment="development" >/dev/null
-
+if [[ "$FULL_DEPLOY" == "true" ]]; then
+  echo "🔁 Triggering Full Deploy to Sandbox workflow '$NDR_WORKFLOW_FILE' from '$NDR_WORKFLOW_BRANCH' with branch '$NDR_BRANCH' to '$SANDBOX_NAME'..."
+  # Trigger the workflow and capture the run ID
+  gh workflow run "$NDR_WORKFLOW_FILE_FULL" --ref "$NDR_WORKFLOW_BRANCH" --field build_branch="$NDR_BRANCH" --field sandbox="$SANDBOX_NAME" --field environment="development" >/dev/null
+else
+  echo "🔁 Triggering Deploy lambdas to Sandbox workflow '$NDR_WORKFLOW_FILE' from '$NDR_WORKFLOW_BRANCH' with branch '$NDR_BRANCH' to '$SANDBOX_NAME'..."
+  # Trigger the workflow and capture the run ID
+  gh workflow run "$NDR_WORKFLOW_FILE" --ref "$NDR_WORKFLOW_BRANCH" --field build_branch="$NDR_BRANCH" --field sandbox="$SANDBOX_NAME" --field environment="development" >/dev/null
+fi
 for i in {1..10}; do
   lambda_run_id=$(
     gh run list \
@@ -167,12 +177,12 @@ for i in {1..10}; do
 done
 
 if [[ -z "$lambda_run_id" ]]; then
-  echo "❌ Could not find a Deploy lambdas to Sandbox workflow run to monitor."
+  echo "❌ Could not find a Deploy to Sandbox workflow run to monitor."
   exit 1
 fi
 
-echo "✅ Deploy lambdas to Sandbox workflow triggered successfully (run ID: $lambda_run_id)"
-echo "⏳ Monitoring Deploy lambdas to Sandbox workflow progress..."
+echo "✅ Deploy to Sandbox workflow triggered successfully (run ID: $lambda_run_id)"
+echo "⏳ Monitoring Deploy to Sandbox workflow progress..."
 
 spin_i=0
 last_poll=0
@@ -192,18 +202,18 @@ while true; do
 
   case "$status" in
   queued)
-    printf "\r🕐 Deploy lambdas to Sandbox workflow queued... %s" "${spinner[spin_i++ % ${#spinner[@]}]}"
+    printf "\r🕐 Deploy to Sandbox workflow queued... %s" "${spinner[spin_i++ % ${#spinner[@]}]}"
     ;;
   in_progress)
-    printf "\r🏃 Deploy lambdas to Sandbox workflow in progress... %s" "${spinner[spin_i++ % ${#spinner[@]}]}"
+    printf "\r🏃 Deploy to Sandbox workflow in progress... %s" "${spinner[spin_i++ % ${#spinner[@]}]}"
     ;;
   completed)
     printf "\r\033[K"
     if [[ "$conclusion" == "success" ]]; then
-      echo "✅ Deploy lambdas to Sandbox workflow completed successfully."
+      echo "✅ Deploy to Sandbox workflow completed successfully."
       break
     else
-      echo "❌ Deploy lambdas to Sandbox workflow failed with conclusion: $conclusion"
+      echo "❌ Deploy to Sandbox workflow failed with conclusion: $conclusion"
       exit 1
     fi
     ;;

From d78cff942957f242c2d23f447441d7248ab4eb69 Mon Sep 17 00:00:00 2001
From: jameslinnell <jimlinnell@gmail.com>
Date: Tue, 23 Dec 2025 11:08:29 +0000
Subject: [PATCH 5/8] [NDR-318] Change name of full deploy

---
 scripts/build_and_deploy_sandbox.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/scripts/build_and_deploy_sandbox.sh b/scripts/build_and_deploy_sandbox.sh
index 2ae24ba1e9..83952e4f1e 100755
--- a/scripts/build_and_deploy_sandbox.sh
+++ b/scripts/build_and_deploy_sandbox.sh
@@ -150,7 +150,7 @@ fi
 echo "🏗️ Running Lambda deployment"
 cd "$NDR_DIRECTORY"
 if [[ "$FULL_DEPLOY" == "true" ]]; then
-  echo "🔁 Triggering Full Deploy to Sandbox workflow '$NDR_WORKFLOW_FILE' from '$NDR_WORKFLOW_BRANCH' with branch '$NDR_BRANCH' to '$SANDBOX_NAME'..."
+  echo "🔁 Triggering Full Deploy to Sandbox workflow '$NDR_WORKFLOW_FILE_FULL' from '$NDR_WORKFLOW_BRANCH' with branch '$NDR_BRANCH' to '$SANDBOX_NAME'..."
   # Trigger the workflow and capture the run ID
   gh workflow run "$NDR_WORKFLOW_FILE_FULL" --ref "$NDR_WORKFLOW_BRANCH" --field build_branch="$NDR_BRANCH" --field sandbox="$SANDBOX_NAME" --field environment="development" >/dev/null
 else
@@ -158,6 +158,7 @@ else
   # Trigger the workflow and capture the run ID
   gh workflow run "$NDR_WORKFLOW_FILE" --ref "$NDR_WORKFLOW_BRANCH" --field build_branch="$NDR_BRANCH" --field sandbox="$SANDBOX_NAME" --field environment="development" >/dev/null
 fi
+
 for i in {1..10}; do
   lambda_run_id=$(
     gh run list \

From 8f3271609c82e6b7d29dee592fe48f4b1f77d7a9 Mon Sep 17 00:00:00 2001
From: jameslinnell <jimlinnell@gmail.com>
Date: Tue, 23 Dec 2025 12:00:18 +0000
Subject: [PATCH 6/8] [NDR-318] Find the running workflow

---
 scripts/build_and_deploy_sandbox.sh | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/scripts/build_and_deploy_sandbox.sh b/scripts/build_and_deploy_sandbox.sh
index 83952e4f1e..c9c6bfd9df 100755
--- a/scripts/build_and_deploy_sandbox.sh
+++ b/scripts/build_and_deploy_sandbox.sh
@@ -153,20 +153,24 @@ if [[ "$FULL_DEPLOY" == "true" ]]; then
   echo "🔁 Triggering Full Deploy to Sandbox workflow '$NDR_WORKFLOW_FILE_FULL' from '$NDR_WORKFLOW_BRANCH' with branch '$NDR_BRANCH' to '$SANDBOX_NAME'..."
   # Trigger the workflow and capture the run ID
   gh workflow run "$NDR_WORKFLOW_FILE_FULL" --ref "$NDR_WORKFLOW_BRANCH" --field build_branch="$NDR_BRANCH" --field sandbox="$SANDBOX_NAME" --field environment="development" >/dev/null
+  DISPLAY_TITLE="$NDR_BRANCH | $SANDBOX_NAME | development | false | true | true"
+  WORKFLOW_FILE="$NDR_WORKFLOW_FILE_FULL"
 else
   echo "🔁 Triggering Deploy lambdas to Sandbox workflow '$NDR_WORKFLOW_FILE' from '$NDR_WORKFLOW_BRANCH' with branch '$NDR_BRANCH' to '$SANDBOX_NAME'..."
   # Trigger the workflow and capture the run ID
   gh workflow run "$NDR_WORKFLOW_FILE" --ref "$NDR_WORKFLOW_BRANCH" --field build_branch="$NDR_BRANCH" --field sandbox="$SANDBOX_NAME" --field environment="development" >/dev/null
+  DISPLAY_TITLE="$NDR_BRANCH | $SANDBOX_NAME | development | true"
+  WORKFLOW_FILE="$NDR_WORKFLOW_FILE"
 fi
 
 for i in {1..10}; do
   lambda_run_id=$(
     gh run list \
-      --workflow "$NDR_WORKFLOW_FILE" \
+      --workflow "$WORKFLOW_FILE" \
       --event workflow_dispatch \
       --json status,databaseId,createdAt,displayTitle \
       --jq ".[]
-          | select(.displayTitle == \"$NDR_BRANCH | $SANDBOX_NAME | development | true\")
+          | select(.displayTitle == \"$DISPLAY_TITLE\")
           | select(.createdAt >= \"$START_TIME\")
           | select(.status == \"queued\" or .status == \"in_progress\")
           | .databaseId" |

From 617620dc4ed314eca9920cdd2df8812c0de60865 Mon Sep 17 00:00:00 2001
From: jameslinnell <jimlinnell@gmail.com>
Date: Tue, 23 Dec 2025 13:41:41 +0000
Subject: [PATCH 7/8] [NDR-318] GH cli running in container.

---
 .devcontainer/Dockerfile        | 18 ++++++++++++++++--
 .devcontainer/devcontainer.json |  4 +++-
 2 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile
index 42ae6df492..1e80365116 100644
--- a/.devcontainer/Dockerfile
+++ b/.devcontainer/Dockerfile
@@ -10,14 +10,28 @@ RUN apt-get update && apt-get upgrade -y && apt-get install -y \
   strip-nondeterminism \
   uuid-runtime \
   parallel \
-  bc
+  bc \
+  curl \
+  ca-certificates \
+  gnupg
+
+# Prepare github-cli install
+RUN mkdir -p /etc/apt/keyrings \
+  && curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg \
+  | gpg --dearmor \
+  | tee /etc/apt/keyrings/githubcli-archive-keyring.gpg > /dev/null \
+  && chmod go+r /etc/apt/keyrings/githubcli-archive-keyring.gpg \
+  && echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/githubcli-archive-keyring.gpg] \
+  https://cli.github.com/packages stable main" \
+  | tee /etc/apt/sources.list.d/github-cli.list > /dev/null
 
 # Install CLI tools.
 RUN apt-get update && apt-get install -y \
   vim \
   ranger \
   tmux \
-  fzf
+  fzf \
+  gh
 
 # Install base neovim
 RUN set -eux; \
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
index ce88bee614..afb1f79547 100644
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -48,7 +48,9 @@
     "source=${localEnv:HOME}/.ssh,target=/home/vscode/.ssh,type=bind,consistency=cached",
     "source=${localEnv:HOME}/.gnupg,target=/home/vscode/.gnupg,type=bind,consistency=cached",
     "source=${localWorkspaceFolder}/.devcontainer/config/nvim,target=/home/vscode/.config/nvim,type=bind",
-    "source=${env:HOME}/.gitconfig,target=/home/vscode/.gitconfig,type=bind,consistency=cached"
+    "source=${env:HOME}/.gitconfig,target=/home/vscode/.gitconfig,type=bind,consistency=cached",
+    "source=${localEnv:HOME}/.config/gh,target=/home/vscode/.config/gh,type=bind",
+    "source=${localEnv:NDRI_LOCATION},target=/workspaces/national-document-repository-infrastructure,type=bind,consistency=cached"
   ],
   "postCreateCommand": "HOST_PWD=${localWorkspaceFolder} bash -c '.devcontainer/src/create.sh' ",
   "runArgs": [

From 187238e008378fed0c43bccf9aae2e9b1c7a86f8 Mon Sep 17 00:00:00 2001
From: jameslinnell <jimlinnell@gmail.com>
Date: Tue, 23 Dec 2025 14:58:41 +0000
Subject: [PATCH 8/8] [NDR-318] Update README

---
 README.md | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/README.md b/README.md
index 9621ae9fde..5c4b0c3086 100644
--- a/README.md
+++ b/README.md
@@ -31,6 +31,15 @@ The following tools are required for all options:
 - [Git](https://git-scm.com/)
 - Docker (e.g. via [Brew](https://formulae.brew.sh/formula/docker))
 
+Setup an environment variable on your local system. The environment variable points to your national-document-repository-infrastructure directory on your local system.
+For Linux/MacOS users add the following to your ~/.zshrc or ~/.bashrc file
+
+```bash
+export NDRI_LOCATION=<national-document-repository-infrastructure FOLDER location>
+```
+
+For Windows users, please follow Microsoft's recommendations for creating persistent environment variables
+
 ### Method 1 - Dev container within VS Code (recommended)
 
 > [!IMPORTANT]
@@ -70,6 +79,14 @@ lazygit
 - [Node@24](https://formulae.brew.sh/formula/node@24)
 - [Python@3.11](https://formulae.brew.sh/formula/python@3.11)
 
+### Initial Setup of the container
+
+1. Configure Github-CLI with
+
+```bash
+gh auth login
+```
+
 ## Monitoring
 
 We have configured AWS CloudWatch to provide alarm notifications whenever one of a number of metrics exceeds its normal