From 508407384a96e6c669e45c1e80ea5fd959eb3ae6 Mon Sep 17 00:00:00 2001
From: Mark Slowey <mark.slowey1@nhs.net>
Date: Tue, 4 Nov 2025 11:44:27 +0000
Subject: [PATCH 1/2] CCM-12921: add proxy to destroy dynamic

---
 .github/workflows/pr_destroy_dynamic_env.yaml | 24 ++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/pr_destroy_dynamic_env.yaml b/.github/workflows/pr_destroy_dynamic_env.yaml
index 343279cf..d6b37dd7 100644
--- a/.github/workflows/pr_destroy_dynamic_env.yaml
+++ b/.github/workflows/pr_destroy_dynamic_env.yaml
@@ -9,7 +9,7 @@ concurrency:
   cancel-in-progress: false
 
 jobs:
-  create-dynamic-environment:
+  destroy-dynamic-environment:
     name: Destroy Dynamic Environment
     runs-on: ubuntu-latest
 
@@ -32,3 +32,25 @@ jobs:
             --terraformAction "destroy" \
             --overrideProjectName "nhs" \
             --overrideRoleName "nhs-main-acct-supplier-api-github-deploy"
+
+  destroy-dynamic-proxy:
+    name: Destroy Dynamic Proxy
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v5
+
+      - name: Trigger dynamic proxy destruction
+        env:
+          APP_CLIENT_ID: ${{ secrets.APP_CLIENT_ID }}
+          APP_PEM_FILE: ${{ secrets.APP_PEM_FILE }}
+        shell: bash
+        run: |
+          .github/scripts/dispatch_internal_repo_workflow.sh \
+          --infraRepoName "nhs-notify-supplier-api" \
+          --releaseVersion "main" \
+          --targetComponent "api" \
+          --targetWorkflow "proxy-destroy.yaml" \
+          --targetEnvironment "pr${{ github.event.number }}" \
+          --apimEnvironment "internal-dev-sandbox" \
+          --boundedContext "notify-supplier"

From bb4ec461b4aeed0baf1917f9f10f2ecca5f778a5 Mon Sep 17 00:00:00 2001
From: Mark Slowey <mark.slowey1@nhs.net>
Date: Tue, 4 Nov 2025 17:32:59 +0000
Subject: [PATCH 2/2] CCM-12921: permissions declaration

---
 .github/workflows/pr_destroy_dynamic_env.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/pr_destroy_dynamic_env.yaml b/.github/workflows/pr_destroy_dynamic_env.yaml
index d6b37dd7..73ff4e47 100644
--- a/.github/workflows/pr_destroy_dynamic_env.yaml
+++ b/.github/workflows/pr_destroy_dynamic_env.yaml
@@ -8,6 +8,10 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: false
 
+permissions:
+  id-token: write
+  contents: read
+
 jobs:
   destroy-dynamic-environment:
     name: Destroy Dynamic Environment