From 2eadde85f0e22e266a6fd2b6648a568a58cdea0a Mon Sep 17 00:00:00 2001 From: stevebux <104152898+stevebux@users.noreply.github.com> Date: Fri, 19 Dec 2025 10:56:27 +0000 Subject: [PATCH 1/3] CCM-13419 Generate Specification Variants on Build (#301) * CCM-13419 Refactor build steps * CCM-13419 Generate specification variants on build * Add permissions * Post review comment * Only build OAS variants if push is to main --------- Co-authored-by: Mark Slowey <113013138+masl2@users.noreply.github.com> --- .github/actions/build-oas-spec/action.yml | 68 +++++++++++++++++++ .github/actions/build-proxies/action.yml | 46 ++----------- .github/actions/build-sdk/action.yml | 6 -- .../manual-proxy-environment-deploy.yaml | 8 ++- .github/workflows/stage-3-build.yaml | 45 +++++++++++- .github/workflows/stage-5-publish.yaml | 58 ++++++++++------ 6 files changed, 159 insertions(+), 72 deletions(-) create mode 100644 .github/actions/build-oas-spec/action.yml diff --git a/.github/actions/build-oas-spec/action.yml b/.github/actions/build-oas-spec/action.yml new file mode 100644 index 00000000..12679a0a --- /dev/null +++ b/.github/actions/build-oas-spec/action.yml @@ -0,0 +1,68 @@ +name: "Build OAS Spec" +description: "Build OAS Spec" + +inputs: + version: + description: "Version number" + required: true + apimEnv: + description: "APIM environment" + required: true + buildSandbox: + description: "Whether to build the sandbox OAS spec" + required: false + default: false + nodejs_version: + description: "Node.js version, set by the CI/CD pipeline workflow" + required: true + NODE_AUTH_TOKEN: + description: "Token for access to github package registry" + required: true + +runs: + using: composite + + steps: + - name: Checkout + uses: actions/checkout@v4 + - uses: actions/setup-node@v4 + with: + node-version: ${{ inputs.nodejs_version }} + registry-url: 'https://npm.pkg.github.com' + + - name: "Cache node_modules" + uses: actions/cache@v4 + with: + path: | + **/node_modules + key: ${{ runner.os }}-node-${{ inputs.nodejs_version }}-${{ hashFiles('**/package-lock.json') }} + restore-keys: | + ${{ runner.os }}-node-${{ inputs.nodejs_version }}- + + - name: Npm install + working-directory: . + env: + NODE_AUTH_TOKEN: ${{ inputs.NODE_AUTH_TOKEN }} + run: npm ci + shell: bash + + - name: Build ${{ inputs.apimEnv }} oas + working-directory: . + env: + APIM_ENV: ${{ inputs.apimEnv }} + shell: bash + run: | + if [ ${{ env.APIM_ENV }} == "internal-dev-sandbox" ] && [ ${{ inputs.buildSandbox }} == true ] + then + echo "Building sandbox OAS spec" + make build-json-oas-spec APIM_ENV=sandbox + else + echo "Building env specific OAS spec" + make build-json-oas-spec APIM_ENV=${{ env.APIM_ENV }} + fi + + - name: Upload API OAS specification artifact + uses: actions/upload-artifact@v4 + with: + path: "build" + name: api-oas-specification-${{ inputs.apimEnv }}${{ inputs.version != '' && format('-{0}', inputs.version) || '' }} diff --git a/.github/actions/build-proxies/action.yml b/.github/actions/build-proxies/action.yml index 5dcb872d..fe6f4064 100644 --- a/.github/actions/build-proxies/action.yml +++ b/.github/actions/build-proxies/action.yml @@ -25,39 +25,16 @@ inputs: description: "Name of the Component to deploy" required: true default: 'api' - nodejs_version: - description: "Node.js version, set by the CI/CD pipeline workflow" - required: true - NODE_AUTH_TOKEN: - description: "Token for access to github package registry" - required: true runs: using: composite steps: - - name: Checkout - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 - with: - node-version: ${{ inputs.nodejs_version }} - registry-url: 'https://npm.pkg.github.com' - - - name: "Cache node_modules" - uses: actions/cache@v4 + - name: Download OAS Spec artifact + uses: actions/download-artifact@v4 with: - path: | - **/node_modules - key: ${{ runner.os }}-node-${{ inputs.nodejs_version }}-${{ hashFiles('**/package-lock.json') }} - restore-keys: | - ${{ runner.os }}-node-${{ inputs.nodejs_version }}- - - - name: Npm install - working-directory: . - env: - NODE_AUTH_TOKEN: ${{ inputs.NODE_AUTH_TOKEN }} - run: npm ci - shell: bash + name: api-oas-specification-${{ inputs.apimEnv }}${{ inputs.version != '' && format('-{0}', inputs.version) || '' }} + path: ./build - name: Setup Proxy Name and target shell: bash @@ -87,21 +64,10 @@ runs: echo "MTLS_NAME=notify-supplier-mtls-pr$PR_NUMBER" >> $GITHUB_ENV fi - - name: Build ${{ inputs.apimEnv }} oas - working-directory: . - env: - APIM_ENV: ${{ inputs.apimEnv }} + - name: Set APIM_ENV shell: bash run: | - if [ ${{ env.APIM_ENV }} == "internal-dev-sandbox" ] && [ ${{ inputs.buildSandbox }} == true ] - then - echo "Building sandbox OAS spec" - make build-json-oas-spec APIM_ENV=sandbox - else - echo "Building env specific OAS spec" - make build-json-oas-spec APIM_ENV=${{ env.APIM_ENV }} - fi - + APIM_ENV="${{ inputs.apimEnv }}" if [[ $APIM_ENV == *-pr ]]; then echo "Removing pr suffix from APIM_ENV after building OAS and calling proxygen" APIM_ENV=$(echo "$APIM_ENV" | sed 's/-pr$//') diff --git a/.github/actions/build-sdk/action.yml b/.github/actions/build-sdk/action.yml index 1231b2c2..567d33c8 100644 --- a/.github/actions/build-sdk/action.yml +++ b/.github/actions/build-sdk/action.yml @@ -55,12 +55,6 @@ runs: run: | make build VERSION="${{ inputs.version }}" - - name: Upload API OAS specification artifact - uses: actions/upload-artifact@v4 - with: - path: "build" - name: api-oas-specification-${{ inputs.version }} - - name: Upload html artifact uses: actions/upload-artifact@v4 with: diff --git a/.github/workflows/manual-proxy-environment-deploy.yaml b/.github/workflows/manual-proxy-environment-deploy.yaml index c8ca20fe..d5e50230 100644 --- a/.github/workflows/manual-proxy-environment-deploy.yaml +++ b/.github/workflows/manual-proxy-environment-deploy.yaml @@ -77,6 +77,13 @@ jobs: echo "ENVIRONMENT=$ENVIRONMENT" >> $GITHUB_ENV echo "APIM_ENV=$APIM_ENV" >> $GITHUB_ENV + - name: "Build OAS spec" + uses: ./.github/actions/build-oas-spec + with: + apimEnv: "${{ env.APIM_ENV }}" + buildSandbox: ${{ inputs.build_sandbox }} + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - name: "Build proxies" env: PROXYGEN_API_NAME: nhs-notify-supplier @@ -90,4 +97,3 @@ jobs: runId: "${{ github.run_id }}" buildSandbox: ${{ inputs.build_sandbox }} releaseVersion: ${{ github.ref_name }} - NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/stage-3-build.yaml b/.github/workflows/stage-3-build.yaml index 474b9094..f8e34e8b 100644 --- a/.github/workflows/stage-3-build.yaml +++ b/.github/workflows/stage-3-build.yaml @@ -55,9 +55,48 @@ jobs: version: "${{ inputs.version }}" NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + artefact-oas-spec: + name: "Build OAS spec (${{ matrix.apimEnv }})" + if: (github.event_name == 'push' && github.ref == 'refs/heads/main') + runs-on: ubuntu-latest + needs: [artefact-jekyll-docs] + timeout-minutes: 10 + strategy: + matrix: + apimEnv: [internal-dev-pr, internal-dev, int, ref, prod] + steps: + - name: "Checkout code" + uses: actions/checkout@v5 + - name: "Build OAS spec" + uses: ./.github/actions/build-oas-spec + with: + version: "${{ inputs.version }}" + apimEnv: "${{ matrix.apimEnv }}" + buildSandbox: false + nodejs_version: ${{ inputs.nodejs_version }} + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + artefact-oas-spec-sandbox: + name: "Build OAS spec for sandbox" + runs-on: ubuntu-latest + needs: [artefact-jekyll-docs] + timeout-minutes: 10 + steps: + - name: "Checkout code" + uses: actions/checkout@v5 + - name: "Build proxies" + uses: ./.github/actions/build-oas-spec + with: + version: "${{ inputs.version }}" + apimEnv: "internal-dev-sandbox" + buildSandbox: true + nodejs_version: ${{ inputs.nodejs_version }} + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + artefact-sdks: name: "Build SDKs" runs-on: ubuntu-latest + needs: [artefact-oas-spec] timeout-minutes: 10 steps: - name: "Checkout code" @@ -94,6 +133,7 @@ jobs: pr-create-dynamic-environment: name: Create Dynamic Environment runs-on: ubuntu-latest + if: inputs.pr_number != '' steps: - uses: actions/checkout@v5 - name: Trigger dynamic environment creation @@ -117,7 +157,8 @@ jobs: artefact-proxies: name: "Build proxies" runs-on: ubuntu-latest - needs: [pr-create-dynamic-environment] + if: inputs.pr_number != '' + needs: [artefact-oas-spec-sandbox, pr-create-dynamic-environment] timeout-minutes: 10 env: PROXYGEN_API_NAME: nhs-notify-supplier @@ -136,5 +177,3 @@ jobs: runId: "${{ github.run_id }}" buildSandbox: true releaseVersion: ${{ github.head_ref || github.ref_name }} - nodejs_version: ${{ inputs.nodejs_version }} - NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/stage-5-publish.yaml b/.github/workflows/stage-5-publish.yaml index 1bf1ac45..94d79fb2 100644 --- a/.github/workflows/stage-5-publish.yaml +++ b/.github/workflows/stage-5-publish.yaml @@ -40,6 +40,9 @@ jobs: name: "Publish packages" runs-on: ubuntu-latest timeout-minutes: 10 + outputs: + release_id: ${{ steps.create_release.outputs.id }} + upload_url: ${{ steps.create_release.outputs.upload_url }} steps: - name: "Checkout code" @@ -87,12 +90,6 @@ jobs: path: ./artifacts/sdk-csharp-${{ inputs.version }} name: sdk-csharp-${{ inputs.version }} - - name: "Get the artefacts 8" - uses: actions/download-artifact@v6 - with: - path: ./artifacts/api-oas-specification-${{ inputs.version }} - name: api-oas-specification-${{ inputs.version }} - # Take out for now - might add again in the future # - name: "Get the artefacts 9" # uses: actions/download-artifact@v6 @@ -207,22 +204,6 @@ jobs: asset_name: sdk-csharp-${{ inputs.version }}.zip asset_content_type: "application/gzip" - - name: "zip api OAS specification release asset" - # GitHub pages needs a single tar called artifact inside the zip. - working-directory: ./artifacts/api-oas-specification-${{ inputs.version }} - run: zip -r ../api-oas-specification-${{ inputs.version }}.zip . - shell: bash - - - name: "Upload api OAS specification release asset" - uses: actions/upload-release-asset@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - upload_url: "${{ steps.create_release.outputs.upload_url }}" - asset_path: ./artifacts/api-oas-specification-${{ inputs.version }}.zip - asset_name: api-oas-specification-${{ inputs.version }}.zip - asset_content_type: "application/gzip" - # Take out for now - might add again in the future # - name: "zip csharp server release asset" # # GitHub pages needs a single tar called artifact inside the zip. @@ -241,6 +222,39 @@ jobs: # asset_name: server-csharp-${{ inputs.version }}.zip # asset_content_type: "application/gzip" + publish-oas-specs: + name: "Publish OAS spec (${{ matrix.apimEnv }})" + runs-on: ubuntu-latest + needs: [publish] + permissions: + id-token: write # This is required for requesting the JWT + contents: read # This is required for actions/checkout + timeout-minutes: 10 + strategy: + matrix: + apimEnv: [internal-dev, int, ref, prod] + steps: + - name: "Download OAS spec artifact" + uses: actions/download-artifact@v6 + with: + path: ./artifacts/api-oas-specification-${{ matrix.apimEnv }}-${{ inputs.version }} + name: api-oas-specification-${{ matrix.apimEnv }}-${{ inputs.version }} + + - name: "Zip OAS specification" + working-directory: ./artifacts/api-oas-specification-${{ matrix.apimEnv }}-${{ inputs.version }} + run: zip -r ../api-oas-specification-${{ matrix.apimEnv }}-${{ inputs.version }}.zip . + shell: bash + + - name: "Upload OAS specification release asset" + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + upload_url: ${{ needs.publish.outputs.upload_url }} + asset_path: ./artifacts/api-oas-specification-${{ matrix.apimEnv }}-${{ inputs.version }}.zip + asset_name: api-oas-specification-${{ matrix.apimEnv }}-${{ inputs.version }}.zip + asset_content_type: "application/zip" + # Take out for now - might add again in the future # ### PUBLISH DOCKER - THIS NEEDS CHANGING TO DO THE DOCKER BUILD IN THE BUILD STAGE AND ARTIFACT IT. SEE publishlibhostdocker below how how and the buildlibs action. # publishdocker: From 96a838959c1d15f4e144c46e9581fdf0f1dee033 Mon Sep 17 00:00:00 2001 From: Steve Buxton Date: Mon, 15 Dec 2025 08:54:43 +0000 Subject: [PATCH 2/3] Temp commit - remove guard on publishing --- .github/workflows/cicd-1-pull-request.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cicd-1-pull-request.yaml b/.github/workflows/cicd-1-pull-request.yaml index 98fecefb..1eb40d2a 100644 --- a/.github/workflows/cicd-1-pull-request.yaml +++ b/.github/workflows/cicd-1-pull-request.yaml @@ -139,7 +139,7 @@ jobs: name: "Publish stage" needs: [metadata, acceptance-stage] uses: ./.github/workflows/stage-5-publish.yaml - if: (github.event_name == 'push' && github.ref == 'refs/heads/main') + #if: (github.event_name == 'push' && github.ref == 'refs/heads/main') with: build_datetime: "${{ needs.metadata.outputs.build_datetime }}" build_timestamp: "${{ needs.metadata.outputs.build_timestamp }}" From 8f408e2ddc1e7b3e406a4c6c0750cef687cda9b5 Mon Sep 17 00:00:00 2001 From: Steve Buxton Date: Fri, 19 Dec 2025 15:16:36 +0000 Subject: [PATCH 3/3] Another temp commit --- .github/workflows/stage-3-build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/stage-3-build.yaml b/.github/workflows/stage-3-build.yaml index f8e34e8b..cd40fd97 100644 --- a/.github/workflows/stage-3-build.yaml +++ b/.github/workflows/stage-3-build.yaml @@ -57,7 +57,7 @@ jobs: artefact-oas-spec: name: "Build OAS spec (${{ matrix.apimEnv }})" - if: (github.event_name == 'push' && github.ref == 'refs/heads/main') + #if: (github.event_name == 'push' && github.ref == 'refs/heads/main') runs-on: ubuntu-latest needs: [artefact-jekyll-docs] timeout-minutes: 10