From 3b29a62282c2b0aab3f86a9993666b4dc8e21902 Mon Sep 17 00:00:00 2001 From: aidenvaines-bjss Date: Fri, 29 Aug 2025 11:55:01 +0100 Subject: [PATCH 01/36] CCM-11942 Uses shared dispatch workflow with tracking --- .../dispatch_internal_repo_workflow.sh | 211 ++++++++++++++++++ .../dispatch_internal_repo_workflow.yaml | 171 -------------- .github/workflows/pr_create_dynamic_env.yaml | 62 ++--- .github/workflows/pr_destroy_dynamic_env.yaml | 63 +++--- .../reusable_internal_repo_build.yaml | 103 +-------- .github/workflows/stage-4-acceptance.yaml | 82 ++----- 6 files changed, 304 insertions(+), 388 deletions(-) create mode 100755 .github/scripts/dispatch_internal_repo_workflow.sh delete mode 100644 .github/workflows/dispatch_internal_repo_workflow.yaml diff --git a/.github/scripts/dispatch_internal_repo_workflow.sh b/.github/scripts/dispatch_internal_repo_workflow.sh new file mode 100755 index 000000000..470e9e833 --- /dev/null +++ b/.github/scripts/dispatch_internal_repo_workflow.sh @@ -0,0 +1,211 @@ +#!/bin/bash + +# Triggers a remote GitHub workflow in nhs-notify-internal and waits for completion. + +# Usage: +# ./dispatch_internal_repo_workflow.sh \ +# --jobName \ +# --infraRepoName \ +# --releaseVersion \ +# --targetWorkflow \ +# --targetEnvironment \ +# --targetComponent \ +# --targetAccountGroup \ +# --terraformAction \ +# --internalRef +# +# All arguments are required except jobName, terraformAction, and internalRef. +# Example: +# ./dispatch_internal_repo_workflow.sh \ +# --jobName "Deploy" \ +# --infraRepoName "nhs-notify-web-template-management" \ +# --releaseVersion "v1.2.3" \ +# --targetWorkflow "deploy.yaml" \ +# --targetEnvironment "prod" \ +# --targetComponent "web" \ +# --targetAccountGroup "core" \ +# --terraformAction "apply" \ +# --internalRef "main" + +set -e + +while [[ $# -gt 0 ]]; do + case $1 in + --jobName) # Name of the job triggering the remote workflow (optional) + jobName="$2" + shift 2 + ;; + --infraRepoName) # Name of the infrastructure repo in NHSDigital org (required) + infraRepoName="$2" + shift 2 + ;; + --releaseVersion) # Release version, commit, or tag to deploy (required) + releaseVersion="$2" + shift 2 + ;; + --targetWorkflow) # Name of the workflow file to call in nhs-notify-internal (required) + targetWorkflow="$2" + shift 2 + ;; + --targetEnvironment) # Terraform environment to deploy (required) + targetEnvironment="$2" + shift 2 + ;; + --targetComponent) # Terraform component to deploy (required) + targetComponent="$2" + shift 2 + ;; + --targetAccountGroup) # Terraform account group to deploy (required) + targetAccountGroup="$2" + shift 2 + ;; + --terraformAction) # Terraform action to run (optional, default: "plan") + terraformAction="$2" + shift 2 + ;; + --internalRef) # Internal repo reference branch or tag (optional, default: "main") + internalRef="$2" + shift 2 + ;; + *) + echo "Unknown argument: $1" + exit 1 + ;; + esac +done + +# Set default values if not provided +if [[ -z "$PR_TRIGGER_PAT" ]]; then + echo "Error: PR_TRIGGER_PAT environment variable is not set or is empty." + exit 1 +fi + +if [[ -z "$jobName" ]]; then + jobName="${infraRepoName}-${targetComponent}-${terraformAction}" +fi + +if [[ -z "$terraformAction" ]]; then + terraformAction="plan" +fi + +if [[ -z "$internalRef" ]]; then + internalRef="main" +fi + + +callerRunId="${GITHUB_RUN_ID}-${jobName}-${GITHUB_RUN_ATTEMPT}" + +DISPATCH_EVENT=$(jq -ncM \ + --arg infraRepoName "$infraRepoName" \ + --arg releaseVersion "$releaseVersion" \ + --arg targetEnvironment "$targetEnvironment" \ + --arg targetAccountGroup "$targetAccountGroup" \ + --arg targetComponent "$targetComponent" \ + --arg terraformAction "$terraformAction" \ + --arg callerRunId "$callerRunId" \ + --arg targetWorkflow "$targetWorkflow" \ + '{ + "ref": "'"$internalRef"'", + "inputs": ( + (if $infraRepoName != "" then { "infraRepoName": $infraRepoName } else {} end) + + (if $terraformAction != "" then { "terraformAction": $terraformAction } else {} end) + + { + "releaseVersion": $releaseVersion, + "targetEnvironment": $targetEnvironment, + "targetAccountGroup": $targetAccountGroup, + "targetComponent": $targetComponent + } + + (if ($targetWorkflow | test("dispatch-(acceptance|contextual|product|security)-tests-.*\\.yaml")) + then { "callerRunId": $callerRunId } else {} end) + ) + }') + +# Trigger the workflow +curl -L \ + --fail \ + --silent \ + -X POST \ + -H "Accept: application/vnd.github+json" \ + -H "Authorization: Bearer ${PR_TRIGGER_PAT}" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + "https://api.github.com/repos/NHSDigital/nhs-notify-internal/actions/workflows/$targetWorkflow/dispatches" \ + -d "$DISPATCH_EVENT" + +echo "Workflow triggered. Waiting for the workflow to complete.." + +# Poll GitHub API to check the workflow status +workflow_run_url="" +for _ in {1..18}; do + workflow_run_url=$(curl -s \ + -H "Accept: application/vnd.github+json" \ + -H "Authorization: Bearer ${PR_TRIGGER_PAT}" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + "https://api.github.com/repos/NHSDigital/nhs-notify-internal/actions/runs?event=workflow_dispatch" \ + | jq -r \ + --arg callerRunId "$callerRunId" \ + --arg targetWorkflow "$targetWorkflow" \ + --arg targetEnvironment "$targetEnvironment" \ + --arg targetAccountGroup "$targetAccountGroup" \ + --arg targetComponent "$targetComponent" \ + --arg terraformAction "$terraformAction" \ + '.workflow_runs[] + | select(.path == ".github/workflows/" + $targetWorkflow) + | select(.name + | contains($targetEnvironment) + and contains($targetAccountGroup) + and contains($targetComponent) + and contains($terraformAction) + ) + | if ($targetWorkflow | test("dispatch-(acceptance|contextual|product|security)-tests-.*\\.yaml")) + then select(.name | contains("caller:" + $callerRunId)) + else . + end + | .url') + + if [[ -n "$workflow_run_url" && "$workflow_run_url" != null ]]; then + ui_url=${workflow_run_url/api./} + ui_url=${ui_url/\/repos/} + echo "Found workflow run url: $ui_url" + echo "workflow_run_url=$workflow_run_url" >> "$GITHUB_ENV" + break + fi + + echo "Waiting for workflow to start..." + sleep 10 +done + +if [[ -z "$workflow_run_url" || "$workflow_run_url" == null ]]; then + echo "Failed to get the workflow run url. Exiting." + exit 1 +fi + +# Wait for workflow completion +while true; do + sleep 10 + response=$(curl -s -L \ + -H "Authorization: Bearer ${PR_TRIGGER_PAT}" \ + -H "Accept: application/vnd.github+json" \ + "$workflow_run_url") + + status=$(echo "$response" | jq -r '.status') + conclusion=$(echo "$response" | jq -r '.conclusion') + + if [ "$status" == "completed" ]; then + if [ -z "$conclusion" ] || [ "$conclusion" == "null" ]; then + echo "Workflow marked completed but conclusion not yet available, retrying..." + sleep 5 + continue + fi + + if [ "$conclusion" == "success" ]; then + echo "Workflow completed successfully." + exit 0 + else + echo "Workflow failed with conclusion: $conclusion" + exit 1 + fi + fi + + echo "Workflow still running..." + sleep 20 +done diff --git a/.github/workflows/dispatch_internal_repo_workflow.yaml b/.github/workflows/dispatch_internal_repo_workflow.yaml deleted file mode 100644 index 526bc563c..000000000 --- a/.github/workflows/dispatch_internal_repo_workflow.yaml +++ /dev/null @@ -1,171 +0,0 @@ -name: Call Notify Internal Infrastructure Workflow - -on: - workflow_call: - inputs: - jobName: - type: string - description: The name of the job triggering the remote workflow - required: true - infraRepoName: - type: string - description: Repository (this one) in the NHSDigital Github Org to deploy from - default: "" - releaseVersion: - type: string - description: The Github release version, commit, or tag. - default: main - targetWorkflow: - type: string - description: The name of the github workflow to call. - required: true - targetEnvironment: - type: string - description: The Terraform environment to deploy - default: main - targetComponent: - type: string - description: The Terraform component to deploy - required: true - targetAccountGroup: - type: string - description: The Terraform group to deploy - required: true - terraformAction: - type: string - description: The Terraform action to run - default: "" - internalRef: - type: string - description: Internal repo reference (branch or tag) - default: "main" - -permissions: - id-token: write - contents: read - -concurrency: - group: ${{ inputs.targetEnvironment }}-${{ inputs.targetAccountGroup }}-${{ inputs.targetComponent }}-${{ inputs.terraformAction }} - -jobs: - trigger: - name: ${{ inputs.jobName }} - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v5.0.0 - - - name: Trigger nhs-notify-internal workflow - shell: bash - run: | - callerRunId="${GITHUB_RUN_ID}-${{ inputs.jobName }}-${GITHUB_RUN_ATTEMPT}" - - DISPATCH_EVENT=$(jq -ncM \ - --arg infraRepoName "${{ inputs.infraRepoName }}" \ - --arg releaseVersion "${{ inputs.releaseVersion }}" \ - --arg targetEnvironment "${{ inputs.targetEnvironment }}" \ - --arg targetAccountGroup "${{ inputs.targetAccountGroup }}" \ - --arg targetComponent "${{ inputs.targetComponent }}" \ - --arg terraformAction "${{ inputs.terraformAction }}" \ - --arg callerRunId "$callerRunId" \ - --arg targetWorkflow "${{ inputs.targetWorkflow }}" \ - '{ - "ref": "${{ inputs.internalRef }}", - "inputs": ( - (if $infraRepoName != "" then { "infraRepoName": $infraRepoName } else {} end) + - (if $terraformAction != "" then { "terraformAction": $terraformAction } else {} end) + - { - "releaseVersion": $releaseVersion, - "targetEnvironment": $targetEnvironment, - "targetAccountGroup": $targetAccountGroup, - "targetComponent": $targetComponent - } + - (if ($targetWorkflow | test("dispatch-(acceptance|contextual|product|security)-tests-.*\\.yaml")) - then { "callerRunId": $callerRunId } else {} end) - ) - }') - - # Trigger The workflow - curl -L \ - --fail \ - --silent \ - -X POST \ - -H "Accept: application/vnd.github+json" \ - -H "Authorization: Bearer ${{ secrets.PR_TRIGGER_PAT }}" \ - -H "X-GitHub-Api-Version: 2022-11-28" \ - "https://api.github.com/repos/NHSDigital/nhs-notify-internal/actions/workflows/${{ inputs.targetWorkflow }}/dispatches" \ - -d "${DISPATCH_EVENT}" - - echo "Workflow triggered. Waiting for the workflow to complete.." - - # Poll GitHub API to check the workflow status - - workflow_run_url="" - for i in {1..18}; do - workflow_run_url=$(curl -s \ - -H "Accept: application/vnd.github+json" \ - -H "Authorization: Bearer ${{ secrets.PR_TRIGGER_PAT }}" \ - -H "X-GitHub-Api-Version: 2022-11-28" \ - "https://api.github.com/repos/NHSDigital/nhs-notify-internal/actions/runs?event=workflow_dispatch" \ - | jq -r \ - --arg callerRunId "$callerRunId" \ - --arg targetWorkflow "${{ inputs.targetWorkflow }}" \ - --arg targetEnvironment "${{ inputs.targetEnvironment }}" \ - --arg targetAccountGroup "${{ inputs.targetAccountGroup }}" \ - --arg targetComponent "${{ inputs.targetComponent }}" \ - --arg terraformAction "${{ inputs.terraformAction }}" \ - '.workflow_runs[] - | select(.path == ".github/workflows/" + $targetWorkflow) - | select(.name - | contains($targetEnvironment) - and contains($targetAccountGroup) - and contains($targetComponent) - and contains($terraformAction) - ) - | if ($targetWorkflow | test("dispatch-(acceptance|contextual|product|security)-tests-.*\\.yaml")) - then select(.name | contains("caller:" + $callerRunId)) - else . - end - | .url') - - if [[ -n "$workflow_run_url" && "$workflow_run_url" != null ]]; then - ui_url=${workflow_run_url/api./} - ui_url=${ui_url/\/repos/} - echo "Found workflow run url: $ui_url" - echo "workflow_run_url=$workflow_run_url" >> $GITHUB_ENV - break - fi - - echo "Waiting for workflow to start..." - sleep 10 - done - - if [[ -z "$workflow_run_url" || "$workflow_run_url" == null ]]; then - echo "Failed to get the workflow run url. Exiting." - exit 1 - fi - - # Wait for workflow completion - while true; do - sleep 10 - response=$(curl -s -L \ - -H "Authorization: Bearer ${{ secrets.PR_TRIGGER_PAT }}" \ - -H "Accept: application/vnd.github+json" \ - $workflow_run_url) - - status=$(echo "$response" | jq -r '.status') - conclusion=$(echo "$response" | jq -r '.conclusion') - - if [ "$status" == "completed" ]; then - if [ "$conclusion" == "success" ]; then - echo "Workflow completed successfully." - exit 0 - else - echo "Workflow failed with conclusion: $conclusion" - exit 1 - fi - fi - - echo "Workflow still running..." - sleep 20 - done diff --git a/.github/workflows/pr_create_dynamic_env.yaml b/.github/workflows/pr_create_dynamic_env.yaml index 12b4ad69d..8383d02bb 100644 --- a/.github/workflows/pr_create_dynamic_env.yaml +++ b/.github/workflows/pr_create_dynamic_env.yaml @@ -13,38 +13,40 @@ jobs: create-dynamic-environment: name: Create Dynamic Environment runs-on: ubuntu-latest - steps: - - name: Trigger nhs-notify-internal dynamic environment workflow + - uses: actions/checkout@v5.0.0 + - name: Trigger dynamic environment creation + env: + PR_TRIGGER_PAT: ${{ secrets.PR_TRIGGER_PAT }} shell: bash run: | - set -x - this_repo_name=$(echo ${{ github.repository }} | cut -d'/' -f2) + .github/scripts/dispatch_internal_repo_workflow.sh \ + --jobName "Create PR Dynamic Environment" \ + --infraRepoName "$(echo ${{ github.repository }} | cut -d'/' -f2)" \ + --releaseVersion "${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" \ + --targetWorkflow "dispatch-deploy-dynamic-env.yaml" \ + --targetEnvironment "pr${{ github.event.number }}" \ + --targetComponent "branch" \ + --targetAccountGroup "nhs-notify-template-management-dev" \ + --terraformAction "apply" - DISPATCH_EVENT=$(jq -ncM \ - --arg infraRepoName "${this_repo_name}" \ - --arg releaseVersion "${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" \ - --arg targetEnvironment "pr${{ github.event.number }}" \ - --arg targetAccountGroup "nhs-notify-template-management-dev" \ - --arg targetComponent "branch" \ - --arg terraformAction "apply" \ - --arg overrides "branch_name=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" \ - '{ "ref": "main", - "inputs": { - "infraRepoName": $infraRepoName, - "releaseVersion", $releaseVersion, - "targetEnvironment", $targetEnvironment, - "targetAccountGroup", $targetAccountGroup, - "targetComponent", $targetComponent, - "terraformAction", $terraformAction, - "overrides", $overrides, - } - }') + create-sandbox-environment: + name: Create Sandbox Environment + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v5.0.0 + - name: Trigger sandbox environment creation + shell: bash + env: + PR_TRIGGER_PAT: ${{ secrets.PR_TRIGGER_PAT }} + run: | + .github/scripts/dispatch_internal_repo_workflow.sh \ + --jobName "Create PR Sandbox " \ + --infraRepoName "nhs-notify-web-template-management" \ + --releaseVersion "${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" \ + --targetWorkflow "dispatch-deploy-dynamic-env.yaml" \ + --targetEnvironment "pr${{ github.event.number }}" \ + --targetAccountGroup "nhs-notify-template-management-dev" \ + --targetComponent "sandbox" \ + --terraformAction "apply" - curl --fail -L \ - -X POST \ - -H "Accept: application/vnd.github+json" \ - -H "Authorization: Bearer ${{ secrets.PR_TRIGGER_PAT }}" \ - -H "X-GitHub-Api-Version: 2022-11-28" \ - https://api.github.com/repos/NHSDigital/nhs-notify-internal/actions/workflows/dispatch-deploy-dynamic-env.yaml/dispatches \ - -d "${DISPATCH_EVENT}" diff --git a/.github/workflows/pr_destroy_dynamic_env.yaml b/.github/workflows/pr_destroy_dynamic_env.yaml index 05e71482a..ecbcdfdc8 100644 --- a/.github/workflows/pr_destroy_dynamic_env.yaml +++ b/.github/workflows/pr_destroy_dynamic_env.yaml @@ -9,39 +9,44 @@ concurrency: cancel-in-progress: false jobs: - create-dynamic-environment: + destroy-dynamic-environment: name: Destroy Dynamic Environment runs-on: ubuntu-latest - steps: - - name: Trigger nhs-notify-internal dynamic environment destruction + - uses: actions/checkout@v5.0.0 + + - name: Trigger dynamic environment destruction + env: + PR_TRIGGER_PAT: ${{ secrets.PR_TRIGGER_PAT }} shell: bash run: | - set -x - this_repo_name=$(echo ${{ github.repository }} | cut -d'/' -f2) + .github/scripts/dispatch_internal_repo_workflow.sh \ + --jobName "Destroy PR Dynamic Environment" \ + --infraRepoName "$(echo ${{ github.repository }} | cut -d'/' -f2)" \ + --releaseVersion "main" \ + --targetWorkflow "dispatch-deploy-dynamic-env.yaml" \ + --targetEnvironment "pr${{ github.event.number }}" \ + --targetComponent "branch" \ + --targetAccountGroup "nhs-notify-template-management-dev" \ + --terraformAction "destroy" - DISPATCH_EVENT=$(jq -ncM \ - --arg infraRepoName "${this_repo_name}" \ - --arg releaseVersion "main" \ - --arg targetEnvironment "pr${{ github.event.number }}" \ - --arg targetAccountGroup "nhs-notify-template-management-dev" \ - --arg targetComponent "branch" \ - --arg terraformAction "destroy" \ - '{ "ref": "main", - "inputs": { - "infraRepoName": $infraRepoName, - "releaseVersion", $releaseVersion, - "targetEnvironment", $targetEnvironment, - "targetAccountGroup", $targetAccountGroup, - "targetComponent", $targetComponent, - "terraformAction", $terraformAction, - } - }') + sandbox-tear-down: + name: Destroy Sandbox Environment + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v5.0.0 - curl --fail -L \ - -X POST \ - -H "Accept: application/vnd.github+json" \ - -H "Authorization: Bearer ${{ secrets.PR_TRIGGER_PAT }}" \ - -H "X-GitHub-Api-Version: 2022-11-28" \ - https://api.github.com/repos/NHSDigital/nhs-notify-internal/actions/workflows/dispatch-deploy-dynamic-env.yaml/dispatches \ - -d "${DISPATCH_EVENT}" + - name: Trigger sandbox environment destruction + shell: bash + env: + PR_TRIGGER_PAT: ${{ secrets.PR_TRIGGER_PAT }} + run: | + .github/scripts/dispatch_internal_repo_workflow.sh \ + --jobName "Sandbox tear down" \ + --infraRepoName "nhs-notify-web-template-management" \ + --releaseVersion "${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" \ + --targetWorkflow "dispatch-deploy-dynamic-env.yaml" \ + --targetEnvironment "pr${{ github.event.number }}" \ + --targetAccountGroup "nhs-notify-template-management-dev" \ + --targetComponent "sandbox" \ + --terraformAction "destroy" diff --git a/.github/workflows/reusable_internal_repo_build.yaml b/.github/workflows/reusable_internal_repo_build.yaml index c9a778dd3..c3e8c8e74 100644 --- a/.github/workflows/reusable_internal_repo_build.yaml +++ b/.github/workflows/reusable_internal_repo_build.yaml @@ -46,97 +46,14 @@ jobs: - name: Trigger nhs-notify-internal static environment workflow deployment shell: bash + env: + PR_TRIGGER_PAT: ${{ secrets.PR_TRIGGER_PAT }} run: | - set -x - - DISPATCH_EVENT=$(jq -ncM \ - --arg releaseVersion ${{ inputs.releaseVersion }} \ - --arg targetEnvironment ${{ inputs.targetEnvironment }} \ - --arg targetAccountGroup ${{ inputs.targetAccountGroup }} \ - --arg targetComponent ${{ inputs.targetComponent }} \ - --arg terraformAction ${{ inputs.terraformAction }} \ - '{ "ref": "main", - "inputs": { - "releaseVersion", $releaseVersion, - "targetEnvironment", $targetEnvironment, - "targetAccountGroup", $targetAccountGroup, - "targetComponent", $targetComponent, - "terraformAction", $terraformAction - } - }') - - # Trigger The workflow - curl -L \ - --fail \ - --silent \ - -X POST \ - -H "Accept: application/vnd.github+json" \ - -H "Authorization: Bearer ${{ secrets.PR_TRIGGER_PAT }}" \ - -H "X-GitHub-Api-Version: 2022-11-28" \ - "https://api.github.com/repos/NHSDigital/nhs-notify-internal/actions/workflows/${{ inputs.targetWorkflow }}/dispatches" \ - -d "${DISPATCH_EVENT}" - - echo "Workflow triggered successfully. HTTP response. Waiting for the workflow to complete.." - - # Poll GitHub API to check the workflow status - run_id="" - for i in {1..12}; do - in_progress=$(curl -s \ - -H "Accept: application/vnd.github+json" \ - -H "Authorization: Bearer ${{ secrets.PR_TRIGGER_PAT }}" \ - -H "X-GitHub-Api-Version: 2022-11-28" \ - "https://api.github.com/repos/NHSDigital/nhs-notify-internal/actions/runs?event=workflow_dispatch&status=in_progress") - - run_id=$(echo "$in_progress" | jq -r \ - --arg env "${{ inputs.targetEnvironment }}" \ - --arg component "${{ inputs.targetComponent }}" \ - --arg group "${{ inputs.targetAccountGroup }}" \ - --arg releaseVersion "${{ inputs.releaseVersion }}" \ - '.workflow_runs[] - | select(.name | contains($env) and contains($component) and contains($group) and contains($releaseVersion)) - | .id' | head -n 1) - - if [[ -n "$run_id" && "$run_id" != null ]]; then - echo "Found workflow run with ID: $run_id" - break - fi - - echo "Waiting for workflow to start..." - sleep 10 - done - - if [[ -z "$run_id" || "$run_id" == null ]]; then - echo "Failed to get the workflow run ID. Exiting." - exit 1 - fi - - # Wait for workflow completion - while true; do - sleep 10 - status=$(curl -s \ - -H "Accept: application/vnd.github+json" \ - -H "Authorization: Bearer ${{ secrets.PR_TRIGGER_PAT }}" \ - -H "X-GitHub-Api-Version: 2022-11-28" \ - "https://api.github.com/repos/NHSDigital/nhs-notify-internal/actions/runs/$run_id" \ - | jq -r '.status') - - conclusion=$(curl -s \ - -H "Accept: application/vnd.github+json" \ - -H "Authorization: Bearer ${{ secrets.PR_TRIGGER_PAT }}" \ - -H "X-GitHub-Api-Version: 2022-11-28" \ - "https://api.github.com/repos/NHSDigital/nhs-notify-internal/actions/runs/$run_id" \ - | jq -r '.conclusion') - - if [ "$status" == "completed" ]; then - if [ "$conclusion" == "success" ]; then - echo "Workflow completed successfully." - exit 0 - else - echo "Workflow failed with conclusion: $conclusion" - exit 1 - fi - fi - - echo "Workflow still running..." - sleep 20 - done + .github/scripts/dispatch_internal_repo_workflow.sh \ + --jobName "Static environment workflow deployment" \ + --releaseVersion "${{ inputs.releaseVersion }}" \ + --targetWorkflow "${{ inputs.targetWorkflow }}" \ + --targetEnvironment "${{ inputs.targetEnvironment }}" \ + --targetAccountGroup "${{ inputs.targetAccountGroup }}" \ + --targetComponent "${{ inputs.targetComponent }}" \ + --terraformAction "${{ inputs.terraformAction }}" diff --git a/.github/workflows/stage-4-acceptance.yaml b/.github/workflows/stage-4-acceptance.yaml index c16eb0447..ab6031caa 100644 --- a/.github/workflows/stage-4-acceptance.yaml +++ b/.github/workflows/stage-4-acceptance.yaml @@ -8,70 +8,22 @@ permissions: contents: read jobs: - generate-sandbox-name: - name: Generate sandbox name + acceptance-tests: + name: Acceptance Tests runs-on: ubuntu-latest - outputs: - SANDBOX_NAME: ${{ steps.normalize_branch_name.outputs.normalized_branch_name }} - timeout-minutes: 3 steps: - - name: "Checkout code" - uses: actions/checkout@v5.0.0 - - name: "Get normalized branch name" - id: normalize_branch_name - uses: ./.github/actions/normalize-branch-name - - - sandbox-set-up: - name: Step 1 - needs: generate-sandbox-name - uses: ./.github/workflows/dispatch_internal_repo_workflow.yaml - secrets: inherit - with: - jobName: Sandbox set up - infraRepoName: nhs-notify-web-template-management - releaseVersion: ${{ github.head_ref || github.ref_name }} - targetWorkflow: dispatch-deploy-dynamic-env.yaml - targetEnvironment: ${{ needs.generate-sandbox-name.outputs.SANDBOX_NAME }} - targetAccountGroup: nhs-notify-template-management-dev - targetComponent: sandbox - terraformAction: apply - - acceptance-tests: - name: Step 2 - needs: - - sandbox-set-up - - generate-sandbox-name - - # Calls out to the nhs-notify-internal repo. - # The nhs-notify-internal repo will run the tests - # setup in ./.github/actions/acceptance-tests/action.yaml - uses: ./.github/workflows/dispatch_internal_repo_workflow.yaml - secrets: inherit - with: - jobName: Acceptance tests - infraRepoName: nhs-notify-web-template-management - releaseVersion: ${{ github.head_ref || github.ref_name }} - targetWorkflow: dispatch-contextual-tests-dynamic-env.yaml - targetEnvironment: ${{ needs.generate-sandbox-name.outputs.SANDBOX_NAME }} - targetAccountGroup: nhs-notify-template-management-dev - targetComponent: sandbox - - sandbox-tear-down: - name: Step 3 - needs: - - acceptance-tests - - generate-sandbox-name - if: always() - - uses: ./.github/workflows/dispatch_internal_repo_workflow.yaml - secrets: inherit - with: - jobName: Sandbox tear down - infraRepoName: nhs-notify-web-template-management - releaseVersion: ${{ github.head_ref || github.ref_name }} - targetWorkflow: dispatch-deploy-dynamic-env.yaml - targetEnvironment: ${{ needs.generate-sandbox-name.outputs.SANDBOX_NAME }} - targetAccountGroup: nhs-notify-template-management-dev - targetComponent: sandbox - terraformAction: destroy + - uses: actions/checkout@v5.0.0 + + - name: Acceptance Tests + shell: bash + env: + PR_TRIGGER_PAT: ${{ secrets.PR_TRIGGER_PAT }} + run: | + .github/scripts/dispatch_internal_repo_workflow.sh \ + --jobName "Acceptance tests" \ + --infraRepoName "nhs-notify-web-template-management" \ + --releaseVersion "${{ github.head_ref || github.ref_name }}" \ + --targetWorkflow "dispatch-contextual-tests-dynamic-env.yaml" \ + --targetEnvironment "${{ needs.generate-sandbox-name.outputs.SANDBOX_NAME }}" \ + --targetAccountGroup "nhs-notify-template-management-dev" \ + --targetComponent "sandbox" \ No newline at end of file From 17ddf0a58b41af893adc16f0c5b8ceb7b7c163dc Mon Sep 17 00:00:00 2001 From: aidenvaines-bjss Date: Fri, 29 Aug 2025 12:20:24 +0100 Subject: [PATCH 02/36] CCM-11942 Uses shared dispatch workflow with tracking --- .github/workflows/pr_create_dynamic_env.yaml | 21 ----------------- .github/workflows/stage-4-acceptance.yaml | 24 ++++++++++++++++---- 2 files changed, 20 insertions(+), 25 deletions(-) diff --git a/.github/workflows/pr_create_dynamic_env.yaml b/.github/workflows/pr_create_dynamic_env.yaml index 8383d02bb..3d242d3f7 100644 --- a/.github/workflows/pr_create_dynamic_env.yaml +++ b/.github/workflows/pr_create_dynamic_env.yaml @@ -29,24 +29,3 @@ jobs: --targetComponent "branch" \ --targetAccountGroup "nhs-notify-template-management-dev" \ --terraformAction "apply" - - create-sandbox-environment: - name: Create Sandbox Environment - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v5.0.0 - - name: Trigger sandbox environment creation - shell: bash - env: - PR_TRIGGER_PAT: ${{ secrets.PR_TRIGGER_PAT }} - run: | - .github/scripts/dispatch_internal_repo_workflow.sh \ - --jobName "Create PR Sandbox " \ - --infraRepoName "nhs-notify-web-template-management" \ - --releaseVersion "${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" \ - --targetWorkflow "dispatch-deploy-dynamic-env.yaml" \ - --targetEnvironment "pr${{ github.event.number }}" \ - --targetAccountGroup "nhs-notify-template-management-dev" \ - --targetComponent "sandbox" \ - --terraformAction "apply" - diff --git a/.github/workflows/stage-4-acceptance.yaml b/.github/workflows/stage-4-acceptance.yaml index ab6031caa..49ebdc377 100644 --- a/.github/workflows/stage-4-acceptance.yaml +++ b/.github/workflows/stage-4-acceptance.yaml @@ -8,12 +8,28 @@ permissions: contents: read jobs: - acceptance-tests: - name: Acceptance Tests + + create-sandbox-environment: + name: Create Sandbox Environment runs-on: ubuntu-latest steps: - uses: actions/checkout@v5.0.0 + - name: Trigger sandbox environment creation + shell: bash + env: + PR_TRIGGER_PAT: ${{ secrets.PR_TRIGGER_PAT }} + run: | + .github/scripts/dispatch_internal_repo_workflow.sh \ + --jobName "Create PR Sandbox " \ + --infraRepoName "nhs-notify-web-template-management" \ + --releaseVersion "${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" \ + --targetWorkflow "dispatch-deploy-dynamic-env.yaml" \ + --targetEnvironment "pr${{ github.event.number }}" \ + --targetAccountGroup "nhs-notify-template-management-dev" \ + --targetComponent "sandbox" \ + --terraformAction "apply" + - name: Acceptance Tests shell: bash env: @@ -22,8 +38,8 @@ jobs: .github/scripts/dispatch_internal_repo_workflow.sh \ --jobName "Acceptance tests" \ --infraRepoName "nhs-notify-web-template-management" \ - --releaseVersion "${{ github.head_ref || github.ref_name }}" \ + --releaseVersion "${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" \ --targetWorkflow "dispatch-contextual-tests-dynamic-env.yaml" \ --targetEnvironment "${{ needs.generate-sandbox-name.outputs.SANDBOX_NAME }}" \ --targetAccountGroup "nhs-notify-template-management-dev" \ - --targetComponent "sandbox" \ No newline at end of file + --targetComponent "sandbox" From 967c9c0d8bf73e49d501fdb1be5671aeca6c15cf Mon Sep 17 00:00:00 2001 From: aidenvaines-bjss Date: Fri, 29 Aug 2025 12:27:00 +0100 Subject: [PATCH 03/36] CCM-11942 Uses shared dispatch workflow with tracking --- .../dispatch_internal_repo_workflow.sh | 286 +++++++++--------- 1 file changed, 143 insertions(+), 143 deletions(-) diff --git a/.github/scripts/dispatch_internal_repo_workflow.sh b/.github/scripts/dispatch_internal_repo_workflow.sh index 470e9e833..dd70f04ac 100755 --- a/.github/scripts/dispatch_internal_repo_workflow.sh +++ b/.github/scripts/dispatch_internal_repo_workflow.sh @@ -30,182 +30,182 @@ set -e while [[ $# -gt 0 ]]; do - case $1 in - --jobName) # Name of the job triggering the remote workflow (optional) - jobName="$2" - shift 2 - ;; - --infraRepoName) # Name of the infrastructure repo in NHSDigital org (required) - infraRepoName="$2" - shift 2 - ;; - --releaseVersion) # Release version, commit, or tag to deploy (required) - releaseVersion="$2" - shift 2 - ;; - --targetWorkflow) # Name of the workflow file to call in nhs-notify-internal (required) - targetWorkflow="$2" - shift 2 - ;; - --targetEnvironment) # Terraform environment to deploy (required) - targetEnvironment="$2" - shift 2 - ;; - --targetComponent) # Terraform component to deploy (required) - targetComponent="$2" - shift 2 - ;; - --targetAccountGroup) # Terraform account group to deploy (required) - targetAccountGroup="$2" - shift 2 - ;; - --terraformAction) # Terraform action to run (optional, default: "plan") - terraformAction="$2" - shift 2 - ;; - --internalRef) # Internal repo reference branch or tag (optional, default: "main") - internalRef="$2" - shift 2 - ;; - *) - echo "Unknown argument: $1" - exit 1 - ;; - esac + case $1 in + --jobName) # Name of the job triggering the remote workflow (optional) + jobName="$2" + shift 2 + ;; + --infraRepoName) # Name of the infrastructure repo in NHSDigital org (required) + infraRepoName="$2" + shift 2 + ;; + --releaseVersion) # Release version, commit, or tag to deploy (required) + releaseVersion="$2" + shift 2 + ;; + --targetWorkflow) # Name of the workflow file to call in nhs-notify-internal (required) + targetWorkflow="$2" + shift 2 + ;; + --targetEnvironment) # Terraform environment to deploy (required) + targetEnvironment="$2" + shift 2 + ;; + --targetComponent) # Terraform component to deploy (required) + targetComponent="$2" + shift 2 + ;; + --targetAccountGroup) # Terraform account group to deploy (required) + targetAccountGroup="$2" + shift 2 + ;; + --terraformAction) # Terraform action to run (optional, default: "plan") + terraformAction="$2" + shift 2 + ;; + --internalRef) # Internal repo reference branch or tag (optional, default: "main") + internalRef="$2" + shift 2 + ;; + *) + echo "Unknown argument: $1" + exit 1 + ;; + esac done # Set default values if not provided if [[ -z "$PR_TRIGGER_PAT" ]]; then - echo "Error: PR_TRIGGER_PAT environment variable is not set or is empty." - exit 1 + echo "Error: PR_TRIGGER_PAT environment variable is not set or is empty." + exit 1 fi if [[ -z "$jobName" ]]; then - jobName="${infraRepoName}-${targetComponent}-${terraformAction}" + jobName="${infraRepoName}-${targetComponent}-${terraformAction}" fi if [[ -z "$terraformAction" ]]; then - terraformAction="plan" + terraformAction="plan" fi if [[ -z "$internalRef" ]]; then - internalRef="main" + internalRef="main" fi callerRunId="${GITHUB_RUN_ID}-${jobName}-${GITHUB_RUN_ATTEMPT}" DISPATCH_EVENT=$(jq -ncM \ - --arg infraRepoName "$infraRepoName" \ - --arg releaseVersion "$releaseVersion" \ - --arg targetEnvironment "$targetEnvironment" \ - --arg targetAccountGroup "$targetAccountGroup" \ - --arg targetComponent "$targetComponent" \ - --arg terraformAction "$terraformAction" \ - --arg callerRunId "$callerRunId" \ - --arg targetWorkflow "$targetWorkflow" \ - '{ - "ref": "'"$internalRef"'", - "inputs": ( - (if $infraRepoName != "" then { "infraRepoName": $infraRepoName } else {} end) + - (if $terraformAction != "" then { "terraformAction": $terraformAction } else {} end) + - { - "releaseVersion": $releaseVersion, - "targetEnvironment": $targetEnvironment, - "targetAccountGroup": $targetAccountGroup, - "targetComponent": $targetComponent - } + - (if ($targetWorkflow | test("dispatch-(acceptance|contextual|product|security)-tests-.*\\.yaml")) - then { "callerRunId": $callerRunId } else {} end) - ) - }') + --arg infraRepoName "$infraRepoName" \ + --arg releaseVersion "$releaseVersion" \ + --arg targetEnvironment "$targetEnvironment" \ + --arg targetAccountGroup "$targetAccountGroup" \ + --arg targetComponent "$targetComponent" \ + --arg terraformAction "$terraformAction" \ + --arg callerRunId "$callerRunId" \ + --arg targetWorkflow "$targetWorkflow" \ + '{ + "ref": "'"$internalRef"'", + "inputs": ( + (if $infraRepoName != "" then { "infraRepoName": $infraRepoName } else {} end) + + (if $terraformAction != "" then { "terraformAction": $terraformAction } else {} end) + + { + "releaseVersion": $releaseVersion, + "targetEnvironment": $targetEnvironment, + "targetAccountGroup": $targetAccountGroup, + "targetComponent": $targetComponent + } + + (if ($targetWorkflow | test("dispatch-(acceptance|contextual|product|security)-tests-.*\\.yaml")) + then { "callerRunId": $callerRunId } else {} end) + ) + }') # Trigger the workflow curl -L \ - --fail \ - --silent \ - -X POST \ - -H "Accept: application/vnd.github+json" \ - -H "Authorization: Bearer ${PR_TRIGGER_PAT}" \ - -H "X-GitHub-Api-Version: 2022-11-28" \ - "https://api.github.com/repos/NHSDigital/nhs-notify-internal/actions/workflows/$targetWorkflow/dispatches" \ - -d "$DISPATCH_EVENT" + --fail \ + --silent \ + -X POST \ + -H "Accept: application/vnd.github+json" \ + -H "Authorization: Bearer ${PR_TRIGGER_PAT}" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + "https://api.github.com/repos/NHSDigital/nhs-notify-internal/actions/workflows/$targetWorkflow/dispatches" \ + -d "$DISPATCH_EVENT" echo "Workflow triggered. Waiting for the workflow to complete.." # Poll GitHub API to check the workflow status workflow_run_url="" for _ in {1..18}; do - workflow_run_url=$(curl -s \ - -H "Accept: application/vnd.github+json" \ - -H "Authorization: Bearer ${PR_TRIGGER_PAT}" \ - -H "X-GitHub-Api-Version: 2022-11-28" \ - "https://api.github.com/repos/NHSDigital/nhs-notify-internal/actions/runs?event=workflow_dispatch" \ - | jq -r \ - --arg callerRunId "$callerRunId" \ - --arg targetWorkflow "$targetWorkflow" \ - --arg targetEnvironment "$targetEnvironment" \ - --arg targetAccountGroup "$targetAccountGroup" \ - --arg targetComponent "$targetComponent" \ - --arg terraformAction "$terraformAction" \ - '.workflow_runs[] - | select(.path == ".github/workflows/" + $targetWorkflow) - | select(.name - | contains($targetEnvironment) - and contains($targetAccountGroup) - and contains($targetComponent) - and contains($terraformAction) - ) - | if ($targetWorkflow | test("dispatch-(acceptance|contextual|product|security)-tests-.*\\.yaml")) - then select(.name | contains("caller:" + $callerRunId)) - else . - end - | .url') - - if [[ -n "$workflow_run_url" && "$workflow_run_url" != null ]]; then - ui_url=${workflow_run_url/api./} - ui_url=${ui_url/\/repos/} - echo "Found workflow run url: $ui_url" - echo "workflow_run_url=$workflow_run_url" >> "$GITHUB_ENV" - break - fi - - echo "Waiting for workflow to start..." - sleep 10 + workflow_run_url=$(curl -s \ + -H "Accept: application/vnd.github+json" \ + -H "Authorization: Bearer ${PR_TRIGGER_PAT}" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + "https://api.github.com/repos/NHSDigital/nhs-notify-internal/actions/runs?event=workflow_dispatch" \ + | jq -r \ + --arg callerRunId "$callerRunId" \ + --arg targetWorkflow "$targetWorkflow" \ + --arg targetEnvironment "$targetEnvironment" \ + --arg targetAccountGroup "$targetAccountGroup" \ + --arg targetComponent "$targetComponent" \ + --arg terraformAction "$terraformAction" \ + '.workflow_runs[] + | select(.path == ".github/workflows/" + $targetWorkflow) + | select(.name + | contains($targetEnvironment) + and contains($targetAccountGroup) + and contains($targetComponent) + and contains($terraformAction) + ) + | if ($targetWorkflow | test("dispatch-(acceptance|contextual|product|security)-tests-.*\\.yaml")) + then select(.name | contains("caller:" + $callerRunId)) + else . + end + | .url') + + if [[ -n "$workflow_run_url" && "$workflow_run_url" != null ]]; then + ui_url=${workflow_run_url/api./} + ui_url=${ui_url/\/repos/} + echo "Found workflow run url: $ui_url" + echo "workflow_run_url=$workflow_run_url" >> "$GITHUB_ENV" + break + fi + + echo "Waiting for workflow to start..." + sleep 10 done if [[ -z "$workflow_run_url" || "$workflow_run_url" == null ]]; then - echo "Failed to get the workflow run url. Exiting." - exit 1 + echo "Failed to get the workflow run url. Exiting." + exit 1 fi # Wait for workflow completion while true; do - sleep 10 - response=$(curl -s -L \ - -H "Authorization: Bearer ${PR_TRIGGER_PAT}" \ - -H "Accept: application/vnd.github+json" \ - "$workflow_run_url") - - status=$(echo "$response" | jq -r '.status') - conclusion=$(echo "$response" | jq -r '.conclusion') - - if [ "$status" == "completed" ]; then - if [ -z "$conclusion" ] || [ "$conclusion" == "null" ]; then - echo "Workflow marked completed but conclusion not yet available, retrying..." - sleep 5 - continue - fi - - if [ "$conclusion" == "success" ]; then - echo "Workflow completed successfully." - exit 0 - else - echo "Workflow failed with conclusion: $conclusion" - exit 1 - fi - fi - - echo "Workflow still running..." - sleep 20 + sleep 10 + response=$(curl -s -L \ + -H "Authorization: Bearer ${PR_TRIGGER_PAT}" \ + -H "Accept: application/vnd.github+json" \ + "$workflow_run_url") + + status=$(echo "$response" | jq -r '.status') + conclusion=$(echo "$response" | jq -r '.conclusion') + + if [ "$status" == "completed" ]; then + if [ -z "$conclusion" ] || [ "$conclusion" == "null" ]; then + echo "Workflow marked completed but conclusion not yet available, retrying..." + sleep 5 + continue + fi + + if [ "$conclusion" == "success" ]; then + echo "Workflow completed successfully." + exit 0 + else + echo "Workflow failed with conclusion: $conclusion" + exit 1 + fi + fi + + echo "Workflow still running..." + sleep 20 done From 964003d11e063375dc81a7823f77c03dc7811033 Mon Sep 17 00:00:00 2001 From: aidenvaines-bjss Date: Fri, 29 Aug 2025 12:35:33 +0100 Subject: [PATCH 04/36] CCM-11942 Uses shared dispatch workflow with tracking --- .github/scripts/dispatch_internal_repo_workflow.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/scripts/dispatch_internal_repo_workflow.sh b/.github/scripts/dispatch_internal_repo_workflow.sh index dd70f04ac..cfba45729 100755 --- a/.github/scripts/dispatch_internal_repo_workflow.sh +++ b/.github/scripts/dispatch_internal_repo_workflow.sh @@ -166,7 +166,6 @@ for _ in {1..18}; do ui_url=${workflow_run_url/api./} ui_url=${ui_url/\/repos/} echo "Found workflow run url: $ui_url" - echo "workflow_run_url=$workflow_run_url" >> "$GITHUB_ENV" break fi From 153ab829da315eb6442b9ba116b8f9982f1e9155 Mon Sep 17 00:00:00 2001 From: aidenvaines-bjss Date: Fri, 29 Aug 2025 12:43:59 +0100 Subject: [PATCH 05/36] CCM-11942 Updating script with debug info --- .../dispatch_internal_repo_workflow.sh | 47 +++++++++++++------ 1 file changed, 32 insertions(+), 15 deletions(-) diff --git a/.github/scripts/dispatch_internal_repo_workflow.sh b/.github/scripts/dispatch_internal_repo_workflow.sh index cfba45729..065a420d5 100755 --- a/.github/scripts/dispatch_internal_repo_workflow.sh +++ b/.github/scripts/dispatch_internal_repo_workflow.sh @@ -68,7 +68,7 @@ while [[ $# -gt 0 ]]; do shift 2 ;; *) - echo "Unknown argument: $1" + echo "[ERROR] Unknown argument: $1" exit 1 ;; esac @@ -76,7 +76,7 @@ done # Set default values if not provided if [[ -z "$PR_TRIGGER_PAT" ]]; then - echo "Error: PR_TRIGGER_PAT environment variable is not set or is empty." + echo "[ERROR] PR_TRIGGER_PAT environment variable is not set or is empty." exit 1 fi @@ -92,6 +92,17 @@ if [[ -z "$internalRef" ]]; then internalRef="main" fi +echo "==================== Workflow Dispatch Parameters ====================" +echo " jobName: $jobName" +echo " infraRepoName: $infraRepoName" +echo " releaseVersion: $releaseVersion" +echo " targetWorkflow: $targetWorkflow" +echo " targetEnvironment: $targetEnvironment" +echo " targetComponent: $targetComponent" +echo " targetAccountGroup: $targetAccountGroup" +echo " terraformAction: $terraformAction" +echo " internalRef: $internalRef" +echo "===============================================================" callerRunId="${GITHUB_RUN_ID}-${jobName}-${GITHUB_RUN_ATTEMPT}" @@ -120,8 +131,9 @@ DISPATCH_EVENT=$(jq -ncM \ ) }') -# Trigger the workflow -curl -L \ +echo "[INFO] Triggering workflow '$targetWorkflow' in nhs-notify-internal..." + +trigger_response=$(curl -L \ --fail \ --silent \ -X POST \ @@ -129,9 +141,12 @@ curl -L \ -H "Authorization: Bearer ${PR_TRIGGER_PAT}" \ -H "X-GitHub-Api-Version: 2022-11-28" \ "https://api.github.com/repos/NHSDigital/nhs-notify-internal/actions/workflows/$targetWorkflow/dispatches" \ - -d "$DISPATCH_EVENT" - -echo "Workflow triggered. Waiting for the workflow to complete.." + -d "$DISPATCH_EVENT" 2>&1) +if [[ $? -ne 0 ]]; then + echo "[ERROR] Failed to trigger workflow. Response: $trigger_response" + exit 1 +fi +echo "[INFO] Workflow trigger request sent successfully, waiting for completion..." # Poll GitHub API to check the workflow status workflow_run_url="" @@ -165,16 +180,16 @@ for _ in {1..18}; do if [[ -n "$workflow_run_url" && "$workflow_run_url" != null ]]; then ui_url=${workflow_run_url/api./} ui_url=${ui_url/\/repos/} - echo "Found workflow run url: $ui_url" + echo "[INFO] Found workflow run url: $ui_url" break fi - echo "Waiting for workflow to start..." + echo "[$(date '+%Y-%m-%d %H:%M:%S')] Waiting for workflow to start..." sleep 10 done if [[ -z "$workflow_run_url" || "$workflow_run_url" == null ]]; then - echo "Failed to get the workflow run url. Exiting." + echo "[ERROR] Failed to get the workflow run url. Exiting." exit 1 fi @@ -187,24 +202,26 @@ while true; do "$workflow_run_url") status=$(echo "$response" | jq -r '.status') + echo "[$(date '+%Y-%m-%d %H:%M:%S')] Workflow status: $status" + conclusion=$(echo "$response" | jq -r '.conclusion') + echo "[$(date '+%Y-%m-%d %H:%M:%S')] Workflow conclusion: $conclusion" if [ "$status" == "completed" ]; then if [ -z "$conclusion" ] || [ "$conclusion" == "null" ]; then - echo "Workflow marked completed but conclusion not yet available, retrying..." + echo "[WARN] Workflow marked completed but conclusion not yet available, retrying..." sleep 5 continue fi if [ "$conclusion" == "success" ]; then - echo "Workflow completed successfully." + echo "[SUCCESS] Workflow completed successfully!" exit 0 else - echo "Workflow failed with conclusion: $conclusion" + echo "[FAIL] Workflow failed with conclusion: $conclusion" exit 1 fi fi - echo "Workflow still running..." - sleep 20 + echo "[$(date '+%Y-%m-%d %H:%M:%S')] Workflow still running..." done From e63bf7182a5a64fd32e57c7505bba3f7aa2c3bdb Mon Sep 17 00:00:00 2001 From: aidenvaines-bjss Date: Fri, 29 Aug 2025 12:51:33 +0100 Subject: [PATCH 06/36] CCM-11942 Updating script with debug info --- .../dispatch_internal_repo_workflow.sh | 54 ++++++++++--------- 1 file changed, 30 insertions(+), 24 deletions(-) diff --git a/.github/scripts/dispatch_internal_repo_workflow.sh b/.github/scripts/dispatch_internal_repo_workflow.sh index 065a420d5..015862318 100755 --- a/.github/scripts/dispatch_internal_repo_workflow.sh +++ b/.github/scripts/dispatch_internal_repo_workflow.sh @@ -102,7 +102,6 @@ echo " targetComponent: $targetComponent" echo " targetAccountGroup: $targetAccountGroup" echo " terraformAction: $terraformAction" echo " internalRef: $internalRef" -echo "===============================================================" callerRunId="${GITHUB_RUN_ID}-${jobName}-${GITHUB_RUN_ATTEMPT}" @@ -150,37 +149,42 @@ echo "[INFO] Workflow trigger request sent successfully, waiting for completion. # Poll GitHub API to check the workflow status workflow_run_url="" + +WORKFLOW_RUN_EVENT=$(jq -r \ + --arg callerRunId "$callerRunId" \ + --arg targetWorkflow "$targetWorkflow" \ + --arg targetEnvironment "$targetEnvironment" \ + --arg targetAccountGroup "$targetAccountGroup" \ + --arg targetComponent "$targetComponent" \ + --arg terraformAction "$terraformAction" \ + '.workflow_runs[] + | select(.path == ".github/workflows/" + $targetWorkflow) + | select(.name + | contains($targetEnvironment) + and contains($targetAccountGroup) + and contains($targetComponent) + and contains($terraformAction) + ) + | if ($targetWorkflow | test("dispatch-(acceptance|contextual|product|security)-tests-.*\\.yaml")) + then select(.name | contains("caller:" + $callerRunId)) + else . + end + | .url') + +echo "[INFO] Checking for workflow run $WORKFLOW_RUN_EVENT" + for _ in {1..18}; do - workflow_run_url=$(curl -s \ + workflow_run_url=$(curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer ${PR_TRIGGER_PAT}" \ -H "X-GitHub-Api-Version: 2022-11-28" \ "https://api.github.com/repos/NHSDigital/nhs-notify-internal/actions/runs?event=workflow_dispatch" \ - | jq -r \ - --arg callerRunId "$callerRunId" \ - --arg targetWorkflow "$targetWorkflow" \ - --arg targetEnvironment "$targetEnvironment" \ - --arg targetAccountGroup "$targetAccountGroup" \ - --arg targetComponent "$targetComponent" \ - --arg terraformAction "$terraformAction" \ - '.workflow_runs[] - | select(.path == ".github/workflows/" + $targetWorkflow) - | select(.name - | contains($targetEnvironment) - and contains($targetAccountGroup) - and contains($targetComponent) - and contains($terraformAction) - ) - | if ($targetWorkflow | test("dispatch-(acceptance|contextual|product|security)-tests-.*\\.yaml")) - then select(.name | contains("caller:" + $callerRunId)) - else . - end - | .url') + -d "$WORKFLOW_RUN_EVENT" 2>&1) if [[ -n "$workflow_run_url" && "$workflow_run_url" != null ]]; then ui_url=${workflow_run_url/api./} ui_url=${ui_url/\/repos/} - echo "[INFO] Found workflow run url: $ui_url" + echo "[INFO] Found workflow run url: $ui_url" break fi @@ -191,12 +195,14 @@ done if [[ -z "$workflow_run_url" || "$workflow_run_url" == null ]]; then echo "[ERROR] Failed to get the workflow run url. Exiting." exit 1 +else + echo "[INFO] Found workflow run url: $workflow_run_url" fi # Wait for workflow completion while true; do sleep 10 - response=$(curl -s -L \ + response=$(curl -L \ -H "Authorization: Bearer ${PR_TRIGGER_PAT}" \ -H "Accept: application/vnd.github+json" \ "$workflow_run_url") From 99c7b98e82ff1ffd29d6dc53fff0f14b07b8ae61 Mon Sep 17 00:00:00 2001 From: aidenvaines-bjss Date: Fri, 29 Aug 2025 12:53:51 +0100 Subject: [PATCH 07/36] CCM-11942 Updating script with debug info --- .github/scripts/dispatch_internal_repo_workflow.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/scripts/dispatch_internal_repo_workflow.sh b/.github/scripts/dispatch_internal_repo_workflow.sh index 015862318..6df7bb719 100755 --- a/.github/scripts/dispatch_internal_repo_workflow.sh +++ b/.github/scripts/dispatch_internal_repo_workflow.sh @@ -132,7 +132,7 @@ DISPATCH_EVENT=$(jq -ncM \ echo "[INFO] Triggering workflow '$targetWorkflow' in nhs-notify-internal..." -trigger_response=$(curl -L \ +trigger_response=$(curl -s-L \ --fail \ --silent \ -X POST \ @@ -174,7 +174,7 @@ WORKFLOW_RUN_EVENT=$(jq -r \ echo "[INFO] Checking for workflow run $WORKFLOW_RUN_EVENT" for _ in {1..18}; do - workflow_run_url=$(curl -L \ + workflow_run_url=$(curl -s -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer ${PR_TRIGGER_PAT}" \ -H "X-GitHub-Api-Version: 2022-11-28" \ @@ -202,7 +202,7 @@ fi # Wait for workflow completion while true; do sleep 10 - response=$(curl -L \ + response=$(curl -s -L \ -H "Authorization: Bearer ${PR_TRIGGER_PAT}" \ -H "Accept: application/vnd.github+json" \ "$workflow_run_url") From 314fb5d2f83e77c63b92e7957c334d467ab9d454 Mon Sep 17 00:00:00 2001 From: aidenvaines-bjss Date: Fri, 29 Aug 2025 12:54:42 +0100 Subject: [PATCH 08/36] CCM-11942 Updating script with debug info --- .github/scripts/dispatch_internal_repo_workflow.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/scripts/dispatch_internal_repo_workflow.sh b/.github/scripts/dispatch_internal_repo_workflow.sh index 6df7bb719..69cbebd0e 100755 --- a/.github/scripts/dispatch_internal_repo_workflow.sh +++ b/.github/scripts/dispatch_internal_repo_workflow.sh @@ -132,7 +132,7 @@ DISPATCH_EVENT=$(jq -ncM \ echo "[INFO] Triggering workflow '$targetWorkflow' in nhs-notify-internal..." -trigger_response=$(curl -s-L \ +trigger_response=$(curl -s -L \ --fail \ --silent \ -X POST \ From 6db1ccb3e0846e2ed33d85dc7187c8edcffacb13 Mon Sep 17 00:00:00 2001 From: aidenvaines-bjss Date: Fri, 29 Aug 2025 13:14:49 +0100 Subject: [PATCH 09/36] CCM-11942 Updating script with debug info --- .../dispatch_internal_repo_workflow.sh | 47 +++++++++---------- 1 file changed, 21 insertions(+), 26 deletions(-) diff --git a/.github/scripts/dispatch_internal_repo_workflow.sh b/.github/scripts/dispatch_internal_repo_workflow.sh index 69cbebd0e..31a6e1db0 100755 --- a/.github/scripts/dispatch_internal_repo_workflow.sh +++ b/.github/scripts/dispatch_internal_repo_workflow.sh @@ -149,37 +149,32 @@ echo "[INFO] Workflow trigger request sent successfully, waiting for completion. # Poll GitHub API to check the workflow status workflow_run_url="" - -WORKFLOW_RUN_EVENT=$(jq -r \ - --arg callerRunId "$callerRunId" \ - --arg targetWorkflow "$targetWorkflow" \ - --arg targetEnvironment "$targetEnvironment" \ - --arg targetAccountGroup "$targetAccountGroup" \ - --arg targetComponent "$targetComponent" \ - --arg terraformAction "$terraformAction" \ - '.workflow_runs[] - | select(.path == ".github/workflows/" + $targetWorkflow) - | select(.name - | contains($targetEnvironment) - and contains($targetAccountGroup) - and contains($targetComponent) - and contains($terraformAction) - ) - | if ($targetWorkflow | test("dispatch-(acceptance|contextual|product|security)-tests-.*\\.yaml")) - then select(.name | contains("caller:" + $callerRunId)) - else . - end - | .url') - -echo "[INFO] Checking for workflow run $WORKFLOW_RUN_EVENT" - for _ in {1..18}; do - workflow_run_url=$(curl -s -L \ +workflow_run_url=$(curl -s -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer ${PR_TRIGGER_PAT}" \ -H "X-GitHub-Api-Version: 2022-11-28" \ "https://api.github.com/repos/NHSDigital/nhs-notify-internal/actions/runs?event=workflow_dispatch" \ - -d "$WORKFLOW_RUN_EVENT" 2>&1) + | jq -r \ + --arg callerRunId "$callerRunId" \ + --arg targetWorkflow "$targetWorkflow" \ + --arg targetEnvironment "$targetEnvironment" \ + --arg targetAccountGroup "$targetAccountGroup" \ + --arg targetComponent "$targetComponent" \ + --arg terraformAction "$terraformAction" \ + '.workflow_runs[] + | select(.path == ".github/workflows/" + $targetWorkflow) + | select(.name + | contains($targetEnvironment) + and contains($targetAccountGroup) + and contains($targetComponent) + and contains($terraformAction) + ) + | if ($targetWorkflow | test("dispatch-(acceptance|contextual|product|security)-tests-.*\\.yaml")) + then select(.name | contains("caller:" + $callerRunId)) + else . + end + | .url') if [[ -n "$workflow_run_url" && "$workflow_run_url" != null ]]; then ui_url=${workflow_run_url/api./} From dd30d1b59c9b4c3b13b92e531e4c9a0a92d06697 Mon Sep 17 00:00:00 2001 From: aidenvaines-bjss Date: Fri, 29 Aug 2025 13:14:55 +0100 Subject: [PATCH 10/36] CCM-11942 Updating script with debug info --- .github/scripts/dispatch_internal_repo_workflow.sh | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/scripts/dispatch_internal_repo_workflow.sh b/.github/scripts/dispatch_internal_repo_workflow.sh index 31a6e1db0..92a442153 100755 --- a/.github/scripts/dispatch_internal_repo_workflow.sh +++ b/.github/scripts/dispatch_internal_repo_workflow.sh @@ -176,10 +176,11 @@ workflow_run_url=$(curl -s -L \ end | .url') + if [[ -n "$workflow_run_url" && "$workflow_run_url" != null ]]; then - ui_url=${workflow_run_url/api./} - ui_url=${ui_url/\/repos/} - echo "[INFO] Found workflow run url: $ui_url" + # Get the latest GHA run of this combination of parameters + workflow_run_url=$(echo "$workflow_run_url" | head -n 1) + echo "[INFO] Found workflow run url: $workflow_run_url" break fi From 47b4fe831f99b1546e8358831b6766d1693529b8 Mon Sep 17 00:00:00 2001 From: aidenvaines-bjss Date: Fri, 29 Aug 2025 13:15:39 +0100 Subject: [PATCH 11/36] CCM-11942 Updating script with debug info --- .github/scripts/dispatch_internal_repo_workflow.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/scripts/dispatch_internal_repo_workflow.sh b/.github/scripts/dispatch_internal_repo_workflow.sh index 92a442153..720ce91e4 100755 --- a/.github/scripts/dispatch_internal_repo_workflow.sh +++ b/.github/scripts/dispatch_internal_repo_workflow.sh @@ -179,7 +179,7 @@ workflow_run_url=$(curl -s -L \ if [[ -n "$workflow_run_url" && "$workflow_run_url" != null ]]; then # Get the latest GHA run of this combination of parameters - workflow_run_url=$(echo "$workflow_run_url" | head -n 1) + workflow_run_url=$(echo "$workflow_run_url" | head -n 1) echo "[INFO] Found workflow run url: $workflow_run_url" break fi From da132c39a68280f05d8213b70e8a5a3cbb41e55d Mon Sep 17 00:00:00 2001 From: aidenvaines-bjss Date: Fri, 29 Aug 2025 13:55:21 +0100 Subject: [PATCH 12/36] CCM-11942 Updating script with debug info --- .github/scripts/dispatch_internal_repo_workflow.sh | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/.github/scripts/dispatch_internal_repo_workflow.sh b/.github/scripts/dispatch_internal_repo_workflow.sh index 720ce91e4..9f9cfc2e9 100755 --- a/.github/scripts/dispatch_internal_repo_workflow.sh +++ b/.github/scripts/dispatch_internal_repo_workflow.sh @@ -176,10 +176,14 @@ workflow_run_url=$(curl -s -L \ end | .url') - if [[ -n "$workflow_run_url" && "$workflow_run_url" != null ]]; then - # Get the latest GHA run of this combination of parameters + # Workflow_run_url is a list of all workflows which were run for this combination of inputs, but are the API uri + # take the first and strip it back to being an accessible url + # Example https://api.github.com/repos/MyOrg/my-repo/actions/runs/12346789 becomes + # becomes https://github.com/MyOrg/my-repo/actions/runs/12346789 workflow_run_url=$(echo "$workflow_run_url" | head -n 1) + workflow_run_url=${workflow_run_url/api./} # strips the api. prefix + workflow_run_url=${workflow_run_url/\/repos/} # strips the repos/ uri echo "[INFO] Found workflow run url: $workflow_run_url" break fi @@ -191,8 +195,6 @@ done if [[ -z "$workflow_run_url" || "$workflow_run_url" == null ]]; then echo "[ERROR] Failed to get the workflow run url. Exiting." exit 1 -else - echo "[INFO] Found workflow run url: $workflow_run_url" fi # Wait for workflow completion From 8cd27062cb7c1370f56d772375adf336ca16f38c Mon Sep 17 00:00:00 2001 From: aidenvaines-bjss Date: Fri, 29 Aug 2025 13:59:33 +0100 Subject: [PATCH 13/36] CCM-11942 Updating script with debug info --- .../dispatch_internal_repo_workflow.sh | 52 +++++++++++-------- 1 file changed, 30 insertions(+), 22 deletions(-) diff --git a/.github/scripts/dispatch_internal_repo_workflow.sh b/.github/scripts/dispatch_internal_repo_workflow.sh index 9f9cfc2e9..8a66d5bba 100755 --- a/.github/scripts/dispatch_internal_repo_workflow.sh +++ b/.github/scripts/dispatch_internal_repo_workflow.sh @@ -150,31 +150,39 @@ echo "[INFO] Workflow trigger request sent successfully, waiting for completion. # Poll GitHub API to check the workflow status workflow_run_url="" for _ in {1..18}; do -workflow_run_url=$(curl -s -L \ + + response=$(curl -s -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer ${PR_TRIGGER_PAT}" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - "https://api.github.com/repos/NHSDigital/nhs-notify-internal/actions/runs?event=workflow_dispatch" \ - | jq -r \ - --arg callerRunId "$callerRunId" \ - --arg targetWorkflow "$targetWorkflow" \ - --arg targetEnvironment "$targetEnvironment" \ - --arg targetAccountGroup "$targetAccountGroup" \ - --arg targetComponent "$targetComponent" \ - --arg terraformAction "$terraformAction" \ - '.workflow_runs[] - | select(.path == ".github/workflows/" + $targetWorkflow) - | select(.name - | contains($targetEnvironment) - and contains($targetAccountGroup) - and contains($targetComponent) - and contains($terraformAction) - ) - | if ($targetWorkflow | test("dispatch-(acceptance|contextual|product|security)-tests-.*\\.yaml")) - then select(.name | contains("caller:" + $callerRunId)) - else . - end - | .url') + "https://api.github.com/repos/NHSDigital/nhs-notify-internal/actions/runs?event=workflow_dispatch") + + if ! echo "$response" | jq empty 2>/dev/null; then + echo "[ERROR] Invalid JSON response from GitHub API during workflow polling:" + echo "$response" + exit 1 + fi + + workflow_run_url=$(echo "$response" | jq -r \ + --arg callerRunId "$callerRunId" \ + --arg targetWorkflow "$targetWorkflow" \ + --arg targetEnvironment "$targetEnvironment" \ + --arg targetAccountGroup "$targetAccountGroup" \ + --arg targetComponent "$targetComponent" \ + --arg terraformAction "$terraformAction" \ + '.workflow_runs[] + | select(.path == ".github/workflows/" + $targetWorkflow) + | select(.name + | contains($targetEnvironment) + and contains($targetAccountGroup) + and contains($targetComponent) + and contains($terraformAction) + ) + | if ($targetWorkflow | test("dispatch-(acceptance|contextual|product|security)-tests-.*\\.yaml")) + then select(.name | contains("caller:" + $callerRunId)) + else . + end + | .url') if [[ -n "$workflow_run_url" && "$workflow_run_url" != null ]]; then # Workflow_run_url is a list of all workflows which were run for this combination of inputs, but are the API uri From 450d02d14bf9a60536833ef0dcb49e77d5cd9545 Mon Sep 17 00:00:00 2001 From: aidenvaines-bjss Date: Fri, 29 Aug 2025 14:04:08 +0100 Subject: [PATCH 14/36] CCM-11942 Updating script with debug info --- .github/scripts/dispatch_internal_repo_workflow.sh | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/.github/scripts/dispatch_internal_repo_workflow.sh b/.github/scripts/dispatch_internal_repo_workflow.sh index 8a66d5bba..d7a922d35 100755 --- a/.github/scripts/dispatch_internal_repo_workflow.sh +++ b/.github/scripts/dispatch_internal_repo_workflow.sh @@ -27,7 +27,7 @@ # --terraformAction "apply" \ # --internalRef "main" -set -e +set -ex while [[ $# -gt 0 ]]; do case $1 in @@ -186,13 +186,14 @@ for _ in {1..18}; do if [[ -n "$workflow_run_url" && "$workflow_run_url" != null ]]; then # Workflow_run_url is a list of all workflows which were run for this combination of inputs, but are the API uri - # take the first and strip it back to being an accessible url + workflow_run_url=$(echo "$workflow_run_url" | head -n 1) + + # Take the first and strip it back to being an accessible url # Example https://api.github.com/repos/MyOrg/my-repo/actions/runs/12346789 becomes # becomes https://github.com/MyOrg/my-repo/actions/runs/12346789 - workflow_run_url=$(echo "$workflow_run_url" | head -n 1) - workflow_run_url=${workflow_run_url/api./} # strips the api. prefix - workflow_run_url=${workflow_run_url/\/repos/} # strips the repos/ uri - echo "[INFO] Found workflow run url: $workflow_run_url" + workflow_run_ui_url=${workflow_run_url/api./} # Strips the api. prefix + workflow_run_ui_url=${workflow_run_url/\/repos/} # Strips the repos/ uri + echo "[INFO] Found workflow run url: $workflow_run_ui_url" break fi From c89a23ade5a35afd00d7f2ddcfd7c8762e62a6f5 Mon Sep 17 00:00:00 2001 From: aidenvaines-bjss Date: Fri, 29 Aug 2025 14:04:42 +0100 Subject: [PATCH 15/36] CCM-11942 Updating script with debug info --- .github/scripts/dispatch_internal_repo_workflow.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/scripts/dispatch_internal_repo_workflow.sh b/.github/scripts/dispatch_internal_repo_workflow.sh index d7a922d35..e54703a03 100755 --- a/.github/scripts/dispatch_internal_repo_workflow.sh +++ b/.github/scripts/dispatch_internal_repo_workflow.sh @@ -27,7 +27,7 @@ # --terraformAction "apply" \ # --internalRef "main" -set -ex +set -e while [[ $# -gt 0 ]]; do case $1 in From a4723f1e3cac82d37b8127cbb9a20bf70db4b886 Mon Sep 17 00:00:00 2001 From: aidenvaines-bjss Date: Fri, 29 Aug 2025 14:06:38 +0100 Subject: [PATCH 16/36] CCM-11942 Updating script with debug info --- .github/scripts/dispatch_internal_repo_workflow.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/scripts/dispatch_internal_repo_workflow.sh b/.github/scripts/dispatch_internal_repo_workflow.sh index e54703a03..d7a922d35 100755 --- a/.github/scripts/dispatch_internal_repo_workflow.sh +++ b/.github/scripts/dispatch_internal_repo_workflow.sh @@ -27,7 +27,7 @@ # --terraformAction "apply" \ # --internalRef "main" -set -e +set -ex while [[ $# -gt 0 ]]; do case $1 in From 105ea6b3bc7c536f4037fe2ed708e3d0f191768a Mon Sep 17 00:00:00 2001 From: aidenvaines-bjss Date: Fri, 29 Aug 2025 14:08:39 +0100 Subject: [PATCH 17/36] CCM-11942 Updating script with debug info --- .github/scripts/dispatch_internal_repo_workflow.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/scripts/dispatch_internal_repo_workflow.sh b/.github/scripts/dispatch_internal_repo_workflow.sh index d7a922d35..3426c634e 100755 --- a/.github/scripts/dispatch_internal_repo_workflow.sh +++ b/.github/scripts/dispatch_internal_repo_workflow.sh @@ -27,7 +27,7 @@ # --terraformAction "apply" \ # --internalRef "main" -set -ex +set -e while [[ $# -gt 0 ]]; do case $1 in @@ -217,10 +217,10 @@ while true; do status=$(echo "$response" | jq -r '.status') echo "[$(date '+%Y-%m-%d %H:%M:%S')] Workflow status: $status" - conclusion=$(echo "$response" | jq -r '.conclusion') - echo "[$(date '+%Y-%m-%d %H:%M:%S')] Workflow conclusion: $conclusion" - if [ "$status" == "completed" ]; then + conclusion=$(echo "$response" | jq -r '.conclusion') + echo "[$(date '+%Y-%m-%d %H:%M:%S')] Workflow conclusion: $conclusion" + if [ -z "$conclusion" ] || [ "$conclusion" == "null" ]; then echo "[WARN] Workflow marked completed but conclusion not yet available, retrying..." sleep 5 From 203f169f65dbedcc1495db551b917703805cde85 Mon Sep 17 00:00:00 2001 From: aidenvaines-bjss Date: Fri, 29 Aug 2025 14:11:11 +0100 Subject: [PATCH 18/36] CCM-11942 Updating script with debug info --- .github/scripts/dispatch_internal_repo_workflow.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/scripts/dispatch_internal_repo_workflow.sh b/.github/scripts/dispatch_internal_repo_workflow.sh index 3426c634e..92e7b84ba 100755 --- a/.github/scripts/dispatch_internal_repo_workflow.sh +++ b/.github/scripts/dispatch_internal_repo_workflow.sh @@ -192,7 +192,7 @@ for _ in {1..18}; do # Example https://api.github.com/repos/MyOrg/my-repo/actions/runs/12346789 becomes # becomes https://github.com/MyOrg/my-repo/actions/runs/12346789 workflow_run_ui_url=${workflow_run_url/api./} # Strips the api. prefix - workflow_run_ui_url=${workflow_run_url/\/repos/} # Strips the repos/ uri + workflow_run_ui_url=${workflow_run_ui_url/\/repos/} # Strips the repos/ uri echo "[INFO] Found workflow run url: $workflow_run_ui_url" break fi From 1ccf2c619ac0977aa2b364d1110211adc22963e8 Mon Sep 17 00:00:00 2001 From: aidenvaines-bjss Date: Fri, 29 Aug 2025 14:20:05 +0100 Subject: [PATCH 19/36] CCM-11942 Updating script with debug info --- .github/scripts/dispatch_internal_repo_workflow.sh | 13 +++++++++++++ .github/workflows/pr_create_dynamic_env.yaml | 4 ++-- 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/.github/scripts/dispatch_internal_repo_workflow.sh b/.github/scripts/dispatch_internal_repo_workflow.sh index 92e7b84ba..23c59e433 100755 --- a/.github/scripts/dispatch_internal_repo_workflow.sh +++ b/.github/scripts/dispatch_internal_repo_workflow.sh @@ -67,6 +67,10 @@ while [[ $# -gt 0 ]]; do internalRef="$2" shift 2 ;; + --overrides) # Terraform overrides for passing in extra variables (optional) + overrides="$2" + shift 2 + ;; *) echo "[ERROR] Unknown argument: $1" exit 1 @@ -84,6 +88,10 @@ if [[ -z "$jobName" ]]; then jobName="${infraRepoName}-${targetComponent}-${terraformAction}" fi +if [[ -z "$overrides" ]]; then + overrides="" +fi + if [[ -z "$terraformAction" ]]; then terraformAction="plan" fi @@ -102,6 +110,7 @@ echo " targetComponent: $targetComponent" echo " targetAccountGroup: $targetAccountGroup" echo " terraformAction: $terraformAction" echo " internalRef: $internalRef" +echo " overrides: $overrides" callerRunId="${GITHUB_RUN_ID}-${jobName}-${GITHUB_RUN_ATTEMPT}" @@ -114,6 +123,7 @@ DISPATCH_EVENT=$(jq -ncM \ --arg terraformAction "$terraformAction" \ --arg callerRunId "$callerRunId" \ --arg targetWorkflow "$targetWorkflow" \ + --arg overrides "$overrides" \ '{ "ref": "'"$internalRef"'", "inputs": ( @@ -141,14 +151,17 @@ trigger_response=$(curl -s -L \ -H "X-GitHub-Api-Version: 2022-11-28" \ "https://api.github.com/repos/NHSDigital/nhs-notify-internal/actions/workflows/$targetWorkflow/dispatches" \ -d "$DISPATCH_EVENT" 2>&1) + if [[ $? -ne 0 ]]; then echo "[ERROR] Failed to trigger workflow. Response: $trigger_response" exit 1 fi + echo "[INFO] Workflow trigger request sent successfully, waiting for completion..." # Poll GitHub API to check the workflow status workflow_run_url="" + for _ in {1..18}; do response=$(curl -s -L \ diff --git a/.github/workflows/pr_create_dynamic_env.yaml b/.github/workflows/pr_create_dynamic_env.yaml index 3d242d3f7..09d11dfd5 100644 --- a/.github/workflows/pr_create_dynamic_env.yaml +++ b/.github/workflows/pr_create_dynamic_env.yaml @@ -1,4 +1,3 @@ - name: PR Create Environment on: @@ -28,4 +27,5 @@ jobs: --targetEnvironment "pr${{ github.event.number }}" \ --targetComponent "branch" \ --targetAccountGroup "nhs-notify-template-management-dev" \ - --terraformAction "apply" + --terraformAction "apply" \ + --overrides "branch_name=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" From 1bbbe77122e88a4414d500c86b0fbb2292be6bce Mon Sep 17 00:00:00 2001 From: aidenvaines-bjss Date: Fri, 29 Aug 2025 14:26:49 +0100 Subject: [PATCH 20/36] CCM-11942 Uses shared dispatch workflow with overrides --- .github/scripts/dispatch_internal_repo_workflow.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/scripts/dispatch_internal_repo_workflow.sh b/.github/scripts/dispatch_internal_repo_workflow.sh index 23c59e433..7194d626e 100755 --- a/.github/scripts/dispatch_internal_repo_workflow.sh +++ b/.github/scripts/dispatch_internal_repo_workflow.sh @@ -133,7 +133,8 @@ DISPATCH_EVENT=$(jq -ncM \ "releaseVersion": $releaseVersion, "targetEnvironment": $targetEnvironment, "targetAccountGroup": $targetAccountGroup, - "targetComponent": $targetComponent + "targetComponent": $targetComponent, + "overrides": $overrides, } + (if ($targetWorkflow | test("dispatch-(acceptance|contextual|product|security)-tests-.*\\.yaml")) then { "callerRunId": $callerRunId } else {} end) From 226ec514bf0c6891e7795fa2143020fe55272361 Mon Sep 17 00:00:00 2001 From: aidenvaines-bjss Date: Fri, 29 Aug 2025 14:28:22 +0100 Subject: [PATCH 21/36] CCM-11942 Uses shared dispatch workflow with overrides --- .github/scripts/dispatch_internal_repo_workflow.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/scripts/dispatch_internal_repo_workflow.sh b/.github/scripts/dispatch_internal_repo_workflow.sh index 7194d626e..12da431a6 100755 --- a/.github/scripts/dispatch_internal_repo_workflow.sh +++ b/.github/scripts/dispatch_internal_repo_workflow.sh @@ -200,6 +200,7 @@ for _ in {1..18}; do if [[ -n "$workflow_run_url" && "$workflow_run_url" != null ]]; then # Workflow_run_url is a list of all workflows which were run for this combination of inputs, but are the API uri + echo "All the runs ${workflow_run_url[*]} workflow_run_url=$(echo "$workflow_run_url" | head -n 1) # Take the first and strip it back to being an accessible url From ddac6ec5858c89e54eb405f4dbbc0c2664754c67 Mon Sep 17 00:00:00 2001 From: aidenvaines-bjss Date: Fri, 29 Aug 2025 14:29:33 +0100 Subject: [PATCH 22/36] CCM-11942 Uses shared dispatch workflow with overrides --- .github/scripts/dispatch_internal_repo_workflow.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/scripts/dispatch_internal_repo_workflow.sh b/.github/scripts/dispatch_internal_repo_workflow.sh index 12da431a6..f98bf3853 100755 --- a/.github/scripts/dispatch_internal_repo_workflow.sh +++ b/.github/scripts/dispatch_internal_repo_workflow.sh @@ -200,7 +200,7 @@ for _ in {1..18}; do if [[ -n "$workflow_run_url" && "$workflow_run_url" != null ]]; then # Workflow_run_url is a list of all workflows which were run for this combination of inputs, but are the API uri - echo "All the runs ${workflow_run_url[*]} + echo "All the runs ${workflow_run_url[*]}" workflow_run_url=$(echo "$workflow_run_url" | head -n 1) # Take the first and strip it back to being an accessible url From 55211b0ae18bc00767570125da9e7ff2c5b459ca Mon Sep 17 00:00:00 2001 From: aidenvaines-bjss Date: Fri, 29 Aug 2025 14:58:56 +0100 Subject: [PATCH 23/36] CCM-11942 Uses shared dispatch workflow with overrides --- .github/scripts/dispatch_internal_repo_workflow.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/scripts/dispatch_internal_repo_workflow.sh b/.github/scripts/dispatch_internal_repo_workflow.sh index f98bf3853..e6277ea24 100755 --- a/.github/scripts/dispatch_internal_repo_workflow.sh +++ b/.github/scripts/dispatch_internal_repo_workflow.sh @@ -160,6 +160,8 @@ fi echo "[INFO] Workflow trigger request sent successfully, waiting for completion..." +sleep 10 # Wait a few seconds before checking for the presence of the api to account for GitHub updating + # Poll GitHub API to check the workflow status workflow_run_url="" From 0985878dc015ae49f453764bec06082c1e3a29fb Mon Sep 17 00:00:00 2001 From: aidenvaines-bjss Date: Fri, 29 Aug 2025 15:01:15 +0100 Subject: [PATCH 24/36] CCM-11942 Uses shared dispatch workflow with overrides --- .github/scripts/dispatch_internal_repo_workflow.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/scripts/dispatch_internal_repo_workflow.sh b/.github/scripts/dispatch_internal_repo_workflow.sh index e6277ea24..8ae7fff6d 100755 --- a/.github/scripts/dispatch_internal_repo_workflow.sh +++ b/.github/scripts/dispatch_internal_repo_workflow.sh @@ -202,7 +202,6 @@ for _ in {1..18}; do if [[ -n "$workflow_run_url" && "$workflow_run_url" != null ]]; then # Workflow_run_url is a list of all workflows which were run for this combination of inputs, but are the API uri - echo "All the runs ${workflow_run_url[*]}" workflow_run_url=$(echo "$workflow_run_url" | head -n 1) # Take the first and strip it back to being an accessible url @@ -252,6 +251,4 @@ while true; do exit 1 fi fi - - echo "[$(date '+%Y-%m-%d %H:%M:%S')] Workflow still running..." done From 90c26946efc98b8587d8b4697e0c4c1fda09f29c Mon Sep 17 00:00:00 2001 From: aidenvaines-bjss Date: Fri, 29 Aug 2025 15:13:00 +0100 Subject: [PATCH 25/36] CCM-11942 Fix permission best practice --- .github/workflows/pr_create_dynamic_env.yaml | 4 ++++ .github/workflows/pr_destroy_dynamic_env.yaml | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/.github/workflows/pr_create_dynamic_env.yaml b/.github/workflows/pr_create_dynamic_env.yaml index 09d11dfd5..6e1e240bc 100644 --- a/.github/workflows/pr_create_dynamic_env.yaml +++ b/.github/workflows/pr_create_dynamic_env.yaml @@ -8,6 +8,10 @@ concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: false +permissions: + id-token: write + contents: read + jobs: create-dynamic-environment: name: Create Dynamic Environment diff --git a/.github/workflows/pr_destroy_dynamic_env.yaml b/.github/workflows/pr_destroy_dynamic_env.yaml index ecbcdfdc8..0935cf404 100644 --- a/.github/workflows/pr_destroy_dynamic_env.yaml +++ b/.github/workflows/pr_destroy_dynamic_env.yaml @@ -8,6 +8,10 @@ concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: false +permissions: + id-token: write + contents: read + jobs: destroy-dynamic-environment: name: Destroy Dynamic Environment From aa67f2ea8425f51da97ea83d9216021412387c2f Mon Sep 17 00:00:00 2001 From: aidenvaines-bjss Date: Fri, 29 Aug 2025 15:29:30 +0100 Subject: [PATCH 26/36] CCM-11942 fixing environment refs for acceptance tests --- .github/workflows/cicd-1-pull-request.yaml | 14 ++++++++++++-- .github/workflows/stage-4-acceptance.yaml | 9 +++++++-- 2 files changed, 19 insertions(+), 4 deletions(-) diff --git a/.github/workflows/cicd-1-pull-request.yaml b/.github/workflows/cicd-1-pull-request.yaml index 67f2ce3a8..d1f0b354a 100644 --- a/.github/workflows/cicd-1-pull-request.yaml +++ b/.github/workflows/cicd-1-pull-request.yaml @@ -50,12 +50,18 @@ jobs: run: | branch_name=${GITHUB_HEAD_REF:-$(echo $GITHUB_REF | sed 's#refs/heads/##')} echo "Current branch is '$branch_name'" - if gh pr list --head $branch_name | grep -q .; then - echo "Pull request exists" + + pr_json=$(gh pr list --head "$branch_name" --state open --json number --limit 1) + pr_number=$(echo "$pr_json" | jq -r '.[0].number // empty') + + if [[ -n "$pr_number" ]]; then + echo "Pull request exists: #$pr_number" echo "does_pull_request_exist=true" >> $GITHUB_OUTPUT + echo "pr_number=$pr_number" >> $GITHUB_OUTPUT else echo "Pull request doesn't exist" echo "does_pull_request_exist=false" >> $GITHUB_OUTPUT + echo "pr_number=" >> $GITHUB_OUTPUT fi - name: "List variables" run: | @@ -68,6 +74,7 @@ jobs: export TERRAFORM_VERSION="${{ steps.variables.outputs.terraform_version }}" export VERSION="${{ steps.variables.outputs.version }}" export DOES_PULL_REQUEST_EXIST="${{ steps.pr_exists.outputs.does_pull_request_exist }}" + export IS_VERSION_PRERELEASE="${{ steps.variables.outputs.is_version_prerelease }}" make list-variables commit-stage: # Recommended maximum execution time is 2 minutes name: "Commit stage" @@ -99,4 +106,7 @@ jobs: name: "Acceptance stage" needs: [metadata, test-stage] uses: ./.github/workflows/stage-4-acceptance.yaml + if: needs.metadata.outputs.does_pull_request_exist == 'true' || (github.event_name == 'pull_request' && (github.event.action == 'opened' || github.event.action == 'reopened')) || (github.event_name == 'push' && github.ref == 'refs/heads/main') secrets: inherit + with: + pr_number: ${{ needs.metadata.outputs.pr_number }} diff --git a/.github/workflows/stage-4-acceptance.yaml b/.github/workflows/stage-4-acceptance.yaml index 49ebdc377..ef947b15d 100644 --- a/.github/workflows/stage-4-acceptance.yaml +++ b/.github/workflows/stage-4-acceptance.yaml @@ -2,6 +2,11 @@ name: Acceptance stage on: workflow_call: + inputs: + pr_number: + required: true + type: string + permissions: id-token: write @@ -25,7 +30,7 @@ jobs: --infraRepoName "nhs-notify-web-template-management" \ --releaseVersion "${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" \ --targetWorkflow "dispatch-deploy-dynamic-env.yaml" \ - --targetEnvironment "pr${{ github.event.number }}" \ + --targetEnvironment "pr${{ inputs.pr_number }}" \ --targetAccountGroup "nhs-notify-template-management-dev" \ --targetComponent "sandbox" \ --terraformAction "apply" @@ -40,6 +45,6 @@ jobs: --infraRepoName "nhs-notify-web-template-management" \ --releaseVersion "${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" \ --targetWorkflow "dispatch-contextual-tests-dynamic-env.yaml" \ - --targetEnvironment "${{ needs.generate-sandbox-name.outputs.SANDBOX_NAME }}" \ + --targetEnvironment "pr${{ inputs.pr_number }}" \ --targetAccountGroup "nhs-notify-template-management-dev" \ --targetComponent "sandbox" From bbbb82367e86438d6ad2552586ede29fbe15eb65 Mon Sep 17 00:00:00 2001 From: aidenvaines-bjss Date: Fri, 29 Aug 2025 15:41:18 +0100 Subject: [PATCH 27/36] CCM-11942 missing output --- .github/workflows/cicd-1-pull-request.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/cicd-1-pull-request.yaml b/.github/workflows/cicd-1-pull-request.yaml index d1f0b354a..ac56de064 100644 --- a/.github/workflows/cicd-1-pull-request.yaml +++ b/.github/workflows/cicd-1-pull-request.yaml @@ -27,6 +27,7 @@ jobs: terraform_version: ${{ steps.variables.outputs.terraform_version }} version: ${{ steps.variables.outputs.version }} does_pull_request_exist: ${{ steps.pr_exists.outputs.does_pull_request_exist }} + pr_number: ${{ steps.pr_exists.outputs.pr_number }} steps: - name: "Checkout code" uses: actions/checkout@v5.0.0 From 9794b7ed259a156a04fb22f169f02088c08816b6 Mon Sep 17 00:00:00 2001 From: aidenvaines-bjss Date: Fri, 29 Aug 2025 16:04:58 +0100 Subject: [PATCH 28/36] CCM-11942 fixing environment refs for acceptance tests --- .github/scripts/dispatch_internal_repo_workflow.sh | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/.github/scripts/dispatch_internal_repo_workflow.sh b/.github/scripts/dispatch_internal_repo_workflow.sh index 8ae7fff6d..f360268fe 100755 --- a/.github/scripts/dispatch_internal_repo_workflow.sh +++ b/.github/scripts/dispatch_internal_repo_workflow.sh @@ -59,7 +59,7 @@ while [[ $# -gt 0 ]]; do targetAccountGroup="$2" shift 2 ;; - --terraformAction) # Terraform action to run (optional, default: "plan") + --terraformAction) # Terraform action to run (optional) terraformAction="$2" shift 2 ;; @@ -92,10 +92,6 @@ if [[ -z "$overrides" ]]; then overrides="" fi -if [[ -z "$terraformAction" ]]; then - terraformAction="plan" -fi - if [[ -z "$internalRef" ]]; then internalRef="main" fi @@ -145,7 +141,6 @@ echo "[INFO] Triggering workflow '$targetWorkflow' in nhs-notify-internal..." trigger_response=$(curl -s -L \ --fail \ - --silent \ -X POST \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer ${PR_TRIGGER_PAT}" \ From 5327d19d26351114f05490c9a57a19a42fdfcd9a Mon Sep 17 00:00:00 2001 From: aidenvaines-bjss Date: Fri, 29 Aug 2025 16:31:21 +0100 Subject: [PATCH 29/36] CCM-11942 Removal of another duplication --- .github/workflows/pr_closed.yaml | 25 +++++--- .github/workflows/release_created.yaml | 26 +++++--- .../reusable_internal_repo_build.yaml | 59 ------------------- .github/workflows/stage-4-acceptance.yaml | 1 - 4 files changed, 33 insertions(+), 78 deletions(-) delete mode 100644 .github/workflows/reusable_internal_repo_build.yaml diff --git a/.github/workflows/pr_closed.yaml b/.github/workflows/pr_closed.yaml index 5d939d305..4f2869bec 100644 --- a/.github/workflows/pr_closed.yaml +++ b/.github/workflows/pr_closed.yaml @@ -45,15 +45,22 @@ jobs: matrix: component: [acct, app] - uses: ./.github/workflows/reusable_internal_repo_build.yaml - secrets: inherit - with: - releaseVersion: main - targetWorkflow: "dispatch-deploy-static-notify-web-template-management-env.yaml" - targetEnvironment: "main" - targetAccountGroup: "nhs-notify-template-management-dev" - targetComponent: ${{ matrix.component }} - terraformAction: "apply" + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Updating Main Environment + env: + PR_TRIGGER_PAT: ${{ secrets.PR_TRIGGER_PAT }} + run: | + bash .github/scripts/dispatch_internal_repo_workflow.sh \ + --infraRepoName "nhs-notify-web-template-management" \ + --releaseVersion "main" \ + --targetWorkflow "dispatch-deploy-static-notify-web-template-management-env.yaml" \ + --targetEnvironment "main" \ + --targetAccountGroup "nhs-notify-template-management-dev" \ + --targetComponent "${{ matrix.component }}" \ + --terraformAction "apply" check-event-schemas-version-change: name: Check for event schemas package version change diff --git a/.github/workflows/release_created.yaml b/.github/workflows/release_created.yaml index 5e88dfdeb..7ddc11f47 100644 --- a/.github/workflows/release_created.yaml +++ b/.github/workflows/release_created.yaml @@ -11,6 +11,7 @@ concurrency: jobs: deploy-main: name: Deploy changes to main in nonprod AWS Account + runs-on: ubuntu-latest permissions: id-token: write @@ -21,12 +22,19 @@ jobs: matrix: component: [acct, app] - uses: ./.github/workflows/reusable_internal_repo_build.yaml - secrets: inherit - with: - releaseVersion: ${{ github.event.release.tag_name }} - targetWorkflow: "dispatch-deploy-static-notify-web-template-management-env.yaml" - targetEnvironment: "main" - targetAccountGroup: "nhs-notify-template-management-nonprod" - targetComponent: ${{ matrix.component }} - terraformAction: "apply" + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Deploy Nonprod Environment + env: + PR_TRIGGER_PAT: ${{ secrets.PR_TRIGGER_PAT }} + run: | + bash .github/scripts/dispatch_internal_repo_workflow.sh \ + --infraRepoName "nhs-notify-web-template-management" \ + --releaseVersion "${{ github.event.release.tag_name }}" \ + --targetWorkflow "dispatch-deploy-static-notify-web-template-management-env.yaml" \ + --targetEnvironment "main" \ + --targetAccountGroup "nhs-notify-template-management-nonprod" \ + --targetComponent "${{ matrix.component }}" \ + --terraformAction "apply" diff --git a/.github/workflows/reusable_internal_repo_build.yaml b/.github/workflows/reusable_internal_repo_build.yaml deleted file mode 100644 index c3e8c8e74..000000000 --- a/.github/workflows/reusable_internal_repo_build.yaml +++ /dev/null @@ -1,59 +0,0 @@ -name: Call Notify Internal Infrastructure Deployment -## Sub workflow which plans and deploys Notify components as part of the workflow. -## Review Gates may be required to proceed on triggered builds. - -on: - workflow_call: - inputs: - releaseVersion: - type: string - description: The Github release version, commit, or tag. - default: main - targetWorkflow: - type: string - description: The name of the github workflow to call. - default: main - targetEnvironment: - type: string - description: The Terraform environment to deploy - default: main - targetComponent: - type: string - description: The Terraform component to deploy - required: true - targetAccountGroup: - type: string - description: The Terraform group to deploy - required: true - terraformAction: - type: string - description: The Terraform component to deploy - default: plan - -concurrency: - group: ${{ inputs.targetEnvironment }}-${{ inputs.targetAccountGroup }}-${{ inputs.targetComponent }}-${{ inputs.terraformAction }} - -jobs: - trigger: - runs-on: ubuntu-latest - - permissions: - id-token: write - contents: read - - steps: - - uses: actions/checkout@v5.0.0 - - - name: Trigger nhs-notify-internal static environment workflow deployment - shell: bash - env: - PR_TRIGGER_PAT: ${{ secrets.PR_TRIGGER_PAT }} - run: | - .github/scripts/dispatch_internal_repo_workflow.sh \ - --jobName "Static environment workflow deployment" \ - --releaseVersion "${{ inputs.releaseVersion }}" \ - --targetWorkflow "${{ inputs.targetWorkflow }}" \ - --targetEnvironment "${{ inputs.targetEnvironment }}" \ - --targetAccountGroup "${{ inputs.targetAccountGroup }}" \ - --targetComponent "${{ inputs.targetComponent }}" \ - --terraformAction "${{ inputs.terraformAction }}" diff --git a/.github/workflows/stage-4-acceptance.yaml b/.github/workflows/stage-4-acceptance.yaml index ef947b15d..396fa08db 100644 --- a/.github/workflows/stage-4-acceptance.yaml +++ b/.github/workflows/stage-4-acceptance.yaml @@ -13,7 +13,6 @@ permissions: contents: read jobs: - create-sandbox-environment: name: Create Sandbox Environment runs-on: ubuntu-latest From 640148267630a1e23ed52932ab7c150f19fc1262 Mon Sep 17 00:00:00 2001 From: aidenvaines-bjss Date: Fri, 29 Aug 2025 16:40:48 +0100 Subject: [PATCH 30/36] CCM-11942 Removal of jobid callerrunid --- .../dispatch_internal_repo_workflow.sh | 25 ++----------------- .github/workflows/pr_create_dynamic_env.yaml | 1 - .github/workflows/pr_destroy_dynamic_env.yaml | 2 -- .github/workflows/stage-4-acceptance.yaml | 2 -- 4 files changed, 2 insertions(+), 28 deletions(-) diff --git a/.github/scripts/dispatch_internal_repo_workflow.sh b/.github/scripts/dispatch_internal_repo_workflow.sh index f360268fe..499fac0a7 100755 --- a/.github/scripts/dispatch_internal_repo_workflow.sh +++ b/.github/scripts/dispatch_internal_repo_workflow.sh @@ -4,7 +4,6 @@ # Usage: # ./dispatch_internal_repo_workflow.sh \ -# --jobName \ # --infraRepoName \ # --releaseVersion \ # --targetWorkflow \ @@ -14,10 +13,9 @@ # --terraformAction \ # --internalRef # -# All arguments are required except jobName, terraformAction, and internalRef. +# All arguments are required except terraformAction, and internalRef. # Example: # ./dispatch_internal_repo_workflow.sh \ -# --jobName "Deploy" \ # --infraRepoName "nhs-notify-web-template-management" \ # --releaseVersion "v1.2.3" \ # --targetWorkflow "deploy.yaml" \ @@ -31,10 +29,6 @@ set -e while [[ $# -gt 0 ]]; do case $1 in - --jobName) # Name of the job triggering the remote workflow (optional) - jobName="$2" - shift 2 - ;; --infraRepoName) # Name of the infrastructure repo in NHSDigital org (required) infraRepoName="$2" shift 2 @@ -84,10 +78,6 @@ if [[ -z "$PR_TRIGGER_PAT" ]]; then exit 1 fi -if [[ -z "$jobName" ]]; then - jobName="${infraRepoName}-${targetComponent}-${terraformAction}" -fi - if [[ -z "$overrides" ]]; then overrides="" fi @@ -97,7 +87,6 @@ if [[ -z "$internalRef" ]]; then fi echo "==================== Workflow Dispatch Parameters ====================" -echo " jobName: $jobName" echo " infraRepoName: $infraRepoName" echo " releaseVersion: $releaseVersion" echo " targetWorkflow: $targetWorkflow" @@ -108,8 +97,6 @@ echo " terraformAction: $terraformAction" echo " internalRef: $internalRef" echo " overrides: $overrides" -callerRunId="${GITHUB_RUN_ID}-${jobName}-${GITHUB_RUN_ATTEMPT}" - DISPATCH_EVENT=$(jq -ncM \ --arg infraRepoName "$infraRepoName" \ --arg releaseVersion "$releaseVersion" \ @@ -117,7 +104,6 @@ DISPATCH_EVENT=$(jq -ncM \ --arg targetAccountGroup "$targetAccountGroup" \ --arg targetComponent "$targetComponent" \ --arg terraformAction "$terraformAction" \ - --arg callerRunId "$callerRunId" \ --arg targetWorkflow "$targetWorkflow" \ --arg overrides "$overrides" \ '{ @@ -131,9 +117,7 @@ DISPATCH_EVENT=$(jq -ncM \ "targetAccountGroup": $targetAccountGroup, "targetComponent": $targetComponent, "overrides": $overrides, - } + - (if ($targetWorkflow | test("dispatch-(acceptance|contextual|product|security)-tests-.*\\.yaml")) - then { "callerRunId": $callerRunId } else {} end) + } ) }') @@ -175,7 +159,6 @@ for _ in {1..18}; do fi workflow_run_url=$(echo "$response" | jq -r \ - --arg callerRunId "$callerRunId" \ --arg targetWorkflow "$targetWorkflow" \ --arg targetEnvironment "$targetEnvironment" \ --arg targetAccountGroup "$targetAccountGroup" \ @@ -189,10 +172,6 @@ for _ in {1..18}; do and contains($targetComponent) and contains($terraformAction) ) - | if ($targetWorkflow | test("dispatch-(acceptance|contextual|product|security)-tests-.*\\.yaml")) - then select(.name | contains("caller:" + $callerRunId)) - else . - end | .url') if [[ -n "$workflow_run_url" && "$workflow_run_url" != null ]]; then diff --git a/.github/workflows/pr_create_dynamic_env.yaml b/.github/workflows/pr_create_dynamic_env.yaml index 6e1e240bc..5457b7977 100644 --- a/.github/workflows/pr_create_dynamic_env.yaml +++ b/.github/workflows/pr_create_dynamic_env.yaml @@ -24,7 +24,6 @@ jobs: shell: bash run: | .github/scripts/dispatch_internal_repo_workflow.sh \ - --jobName "Create PR Dynamic Environment" \ --infraRepoName "$(echo ${{ github.repository }} | cut -d'/' -f2)" \ --releaseVersion "${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" \ --targetWorkflow "dispatch-deploy-dynamic-env.yaml" \ diff --git a/.github/workflows/pr_destroy_dynamic_env.yaml b/.github/workflows/pr_destroy_dynamic_env.yaml index 0935cf404..9aecf4e00 100644 --- a/.github/workflows/pr_destroy_dynamic_env.yaml +++ b/.github/workflows/pr_destroy_dynamic_env.yaml @@ -25,7 +25,6 @@ jobs: shell: bash run: | .github/scripts/dispatch_internal_repo_workflow.sh \ - --jobName "Destroy PR Dynamic Environment" \ --infraRepoName "$(echo ${{ github.repository }} | cut -d'/' -f2)" \ --releaseVersion "main" \ --targetWorkflow "dispatch-deploy-dynamic-env.yaml" \ @@ -46,7 +45,6 @@ jobs: PR_TRIGGER_PAT: ${{ secrets.PR_TRIGGER_PAT }} run: | .github/scripts/dispatch_internal_repo_workflow.sh \ - --jobName "Sandbox tear down" \ --infraRepoName "nhs-notify-web-template-management" \ --releaseVersion "${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" \ --targetWorkflow "dispatch-deploy-dynamic-env.yaml" \ diff --git a/.github/workflows/stage-4-acceptance.yaml b/.github/workflows/stage-4-acceptance.yaml index 396fa08db..770878bcc 100644 --- a/.github/workflows/stage-4-acceptance.yaml +++ b/.github/workflows/stage-4-acceptance.yaml @@ -25,7 +25,6 @@ jobs: PR_TRIGGER_PAT: ${{ secrets.PR_TRIGGER_PAT }} run: | .github/scripts/dispatch_internal_repo_workflow.sh \ - --jobName "Create PR Sandbox " \ --infraRepoName "nhs-notify-web-template-management" \ --releaseVersion "${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" \ --targetWorkflow "dispatch-deploy-dynamic-env.yaml" \ @@ -40,7 +39,6 @@ jobs: PR_TRIGGER_PAT: ${{ secrets.PR_TRIGGER_PAT }} run: | .github/scripts/dispatch_internal_repo_workflow.sh \ - --jobName "Acceptance tests" \ --infraRepoName "nhs-notify-web-template-management" \ --releaseVersion "${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" \ --targetWorkflow "dispatch-contextual-tests-dynamic-env.yaml" \ From f57af18a9491f2d89c6c9c068774cdc9fc113b4e Mon Sep 17 00:00:00 2001 From: aidenvaines-bjss Date: Fri, 29 Aug 2025 17:14:01 +0100 Subject: [PATCH 31/36] CCM-11942 Removal of jobid callerrunid --- .github/workflows/pr_closed.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/pr_closed.yaml b/.github/workflows/pr_closed.yaml index 4f2869bec..dbb15972b 100644 --- a/.github/workflows/pr_closed.yaml +++ b/.github/workflows/pr_closed.yaml @@ -34,6 +34,7 @@ jobs: deploy-main: needs: check-merge-or-workflow-dispatch name: Deploy changes to main in dev AWS account + runs-on: ubuntu-latest if: needs.check-merge-or-workflow-dispatch.outputs.deploy == 'true' permissions: From a7fd960ea8556e865d064246f7b0034cbd752b98 Mon Sep 17 00:00:00 2001 From: aidenvaines-bjss Date: Mon, 1 Sep 2025 09:02:35 +0100 Subject: [PATCH 32/36] CCM-11942 fixing environment refs for acceptance tests --- .github/workflows/stage-4-acceptance.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/stage-4-acceptance.yaml b/.github/workflows/stage-4-acceptance.yaml index 770878bcc..903658572 100644 --- a/.github/workflows/stage-4-acceptance.yaml +++ b/.github/workflows/stage-4-acceptance.yaml @@ -13,13 +13,13 @@ permissions: contents: read jobs: - create-sandbox-environment: - name: Create Sandbox Environment + run-acceptance-tests: + name: Run Acceptance Tests runs-on: ubuntu-latest steps: - uses: actions/checkout@v5.0.0 - - name: Trigger sandbox environment creation + - name: Trigger Sandbox Environment Build shell: bash env: PR_TRIGGER_PAT: ${{ secrets.PR_TRIGGER_PAT }} @@ -33,7 +33,7 @@ jobs: --targetComponent "sandbox" \ --terraformAction "apply" - - name: Acceptance Tests + - name: Trigger Acceptance Tests shell: bash env: PR_TRIGGER_PAT: ${{ secrets.PR_TRIGGER_PAT }} From ca91c245a01b09a1842e432b5523daedaaee2be4 Mon Sep 17 00:00:00 2001 From: aidenvaines-bjss Date: Mon, 1 Sep 2025 09:25:25 +0100 Subject: [PATCH 33/36] CCM-11942 updating package-lock --- package-lock.json | 54 ++++++++++++++++++++++++++--------------------- 1 file changed, 30 insertions(+), 24 deletions(-) diff --git a/package-lock.json b/package-lock.json index 0f328bd82..30c5a1de6 100644 --- a/package-lock.json +++ b/package-lock.json @@ -17505,9 +17505,10 @@ } }, "node_modules/@smithy/core": { - "version": "3.8.0", - "resolved": "https://registry.npmjs.org/@smithy/core/-/core-3.8.0.tgz", - "integrity": "sha512-EYqsIYJmkR1VhVE9pccnk353xhs+lB6btdutJEtsp7R055haMJp2yE16eSxw8fv+G0WUY6vqxyYOP8kOqawxYQ==", + "version": "3.9.0", + "resolved": "https://registry.npmjs.org/@smithy/core/-/core-3.9.0.tgz", + "integrity": "sha512-B/GknvCfS3llXd/b++hcrwIuqnEozQDnRL4sBmOac5/z/dr0/yG1PURNPOyU4Lsiy1IyTj8scPxVqRs5dYWf6A==", + "license": "Apache-2.0", "dependencies": { "@smithy/middleware-serde": "^4.0.9", "@smithy/protocol-http": "^5.1.3", @@ -17720,11 +17721,12 @@ } }, "node_modules/@smithy/middleware-endpoint": { - "version": "4.1.18", - "resolved": "https://registry.npmjs.org/@smithy/middleware-endpoint/-/middleware-endpoint-4.1.18.tgz", - "integrity": "sha512-ZhvqcVRPZxnZlokcPaTwb+r+h4yOIOCJmx0v2d1bpVlmP465g3qpVSf7wxcq5zZdu4jb0H4yIMxuPwDJSQc3MQ==", + "version": "4.1.19", + "resolved": "https://registry.npmjs.org/@smithy/middleware-endpoint/-/middleware-endpoint-4.1.19.tgz", + "integrity": "sha512-EAlEPncqo03siNZJ9Tm6adKCQ+sw5fNU8ncxWwaH0zTCwMPsgmERTi6CEKaermZdgJb+4Yvh0NFm36HeO4PGgQ==", + "license": "Apache-2.0", "dependencies": { - "@smithy/core": "^3.8.0", + "@smithy/core": "^3.9.0", "@smithy/middleware-serde": "^4.0.9", "@smithy/node-config-provider": "^4.1.4", "@smithy/shared-ini-file-loader": "^4.0.5", @@ -17738,14 +17740,15 @@ } }, "node_modules/@smithy/middleware-retry": { - "version": "4.1.19", - "resolved": "https://registry.npmjs.org/@smithy/middleware-retry/-/middleware-retry-4.1.19.tgz", - "integrity": "sha512-X58zx/NVECjeuUB6A8HBu4bhx72EoUz+T5jTMIyeNKx2lf+Gs9TmWPNNkH+5QF0COjpInP/xSpJGJ7xEnAklQQ==", + "version": "4.1.20", + "resolved": "https://registry.npmjs.org/@smithy/middleware-retry/-/middleware-retry-4.1.20.tgz", + "integrity": "sha512-T3maNEm3Masae99eFdx1Q7PIqBBEVOvRd5hralqKZNeIivnoGNx5OFtI3DiZ5gCjUkl0mNondlzSXeVxkinh7Q==", + "license": "Apache-2.0", "dependencies": { "@smithy/node-config-provider": "^4.1.4", "@smithy/protocol-http": "^5.1.3", "@smithy/service-error-classification": "^4.0.7", - "@smithy/smithy-client": "^4.4.10", + "@smithy/smithy-client": "^4.5.0", "@smithy/types": "^4.3.2", "@smithy/util-middleware": "^4.0.5", "@smithy/util-retry": "^4.0.7", @@ -17902,12 +17905,13 @@ } }, "node_modules/@smithy/smithy-client": { - "version": "4.4.10", - "resolved": "https://registry.npmjs.org/@smithy/smithy-client/-/smithy-client-4.4.10.tgz", - "integrity": "sha512-iW6HjXqN0oPtRS0NK/zzZ4zZeGESIFcxj2FkWed3mcK8jdSdHzvnCKXSjvewESKAgGKAbJRA+OsaqKhkdYRbQQ==", + "version": "4.5.0", + "resolved": "https://registry.npmjs.org/@smithy/smithy-client/-/smithy-client-4.5.0.tgz", + "integrity": "sha512-ZSdE3vl0MuVbEwJBxSftm0J5nL/gw76xp5WF13zW9cN18MFuFXD5/LV0QD8P+sCU5bSWGyy6CTgUupE1HhOo1A==", + "license": "Apache-2.0", "dependencies": { - "@smithy/core": "^3.8.0", - "@smithy/middleware-endpoint": "^4.1.18", + "@smithy/core": "^3.9.0", + "@smithy/middleware-endpoint": "^4.1.19", "@smithy/middleware-stack": "^4.0.5", "@smithy/protocol-http": "^5.1.3", "@smithy/types": "^4.3.2", @@ -18006,12 +18010,13 @@ } }, "node_modules/@smithy/util-defaults-mode-browser": { - "version": "4.0.26", - "resolved": "https://registry.npmjs.org/@smithy/util-defaults-mode-browser/-/util-defaults-mode-browser-4.0.26.tgz", - "integrity": "sha512-xgl75aHIS/3rrGp7iTxQAOELYeyiwBu+eEgAk4xfKwJJ0L8VUjhO2shsDpeil54BOFsqmk5xfdesiewbUY5tKQ==", + "version": "4.0.27", + "resolved": "https://registry.npmjs.org/@smithy/util-defaults-mode-browser/-/util-defaults-mode-browser-4.0.27.tgz", + "integrity": "sha512-i/Fu6AFT5014VJNgWxKomBJP/GB5uuOsM4iHdcmplLm8B1eAqnRItw4lT2qpdO+mf+6TFmf6dGcggGLAVMZJsQ==", + "license": "Apache-2.0", "dependencies": { "@smithy/property-provider": "^4.0.5", - "@smithy/smithy-client": "^4.4.10", + "@smithy/smithy-client": "^4.5.0", "@smithy/types": "^4.3.2", "bowser": "^2.11.0", "tslib": "^2.6.2" @@ -18021,15 +18026,16 @@ } }, "node_modules/@smithy/util-defaults-mode-node": { - "version": "4.0.26", - "resolved": "https://registry.npmjs.org/@smithy/util-defaults-mode-node/-/util-defaults-mode-node-4.0.26.tgz", - "integrity": "sha512-z81yyIkGiLLYVDetKTUeCZQ8x20EEzvQjrqJtb/mXnevLq2+w3XCEWTJ2pMp401b6BkEkHVfXb/cROBpVauLMQ==", + "version": "4.0.27", + "resolved": "https://registry.npmjs.org/@smithy/util-defaults-mode-node/-/util-defaults-mode-node-4.0.27.tgz", + "integrity": "sha512-3W0qClMyxl/ELqTA39aNw1N+pN0IjpXT7lPFvZ8zTxqVFP7XCpACB9QufmN4FQtd39xbgS7/Lekn7LmDa63I5w==", + "license": "Apache-2.0", "dependencies": { "@smithy/config-resolver": "^4.1.5", "@smithy/credential-provider-imds": "^4.0.7", "@smithy/node-config-provider": "^4.1.4", "@smithy/property-provider": "^4.0.5", - "@smithy/smithy-client": "^4.4.10", + "@smithy/smithy-client": "^4.5.0", "@smithy/types": "^4.3.2", "tslib": "^2.6.2" }, From fb13c62034a8d368fd1ffe4e984174b3b6565c18 Mon Sep 17 00:00:00 2001 From: aidenvaines-bjss Date: Mon, 1 Sep 2025 10:03:54 +0100 Subject: [PATCH 34/36] CCM-11942 drop infrareponme from static workflow calls --- .github/scripts/dispatch_internal_repo_workflow.sh | 6 +++++- .github/workflows/pr_closed.yaml | 1 - .github/workflows/release_created.yaml | 1 - 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/scripts/dispatch_internal_repo_workflow.sh b/.github/scripts/dispatch_internal_repo_workflow.sh index 499fac0a7..68a4af19a 100755 --- a/.github/scripts/dispatch_internal_repo_workflow.sh +++ b/.github/scripts/dispatch_internal_repo_workflow.sh @@ -16,7 +16,7 @@ # All arguments are required except terraformAction, and internalRef. # Example: # ./dispatch_internal_repo_workflow.sh \ -# --infraRepoName "nhs-notify-web-template-management" \ +# --infraRepoName "nhs-notify-iam-webauth" \ # --releaseVersion "v1.2.3" \ # --targetWorkflow "deploy.yaml" \ # --targetEnvironment "prod" \ @@ -123,6 +123,7 @@ DISPATCH_EVENT=$(jq -ncM \ echo "[INFO] Triggering workflow '$targetWorkflow' in nhs-notify-internal..." +set -x trigger_response=$(curl -s -L \ --fail \ -X POST \ @@ -131,6 +132,7 @@ trigger_response=$(curl -s -L \ -H "X-GitHub-Api-Version: 2022-11-28" \ "https://api.github.com/repos/NHSDigital/nhs-notify-internal/actions/workflows/$targetWorkflow/dispatches" \ -d "$DISPATCH_EVENT" 2>&1) +set +x if [[ $? -ne 0 ]]; then echo "[ERROR] Failed to trigger workflow. Response: $trigger_response" @@ -146,11 +148,13 @@ workflow_run_url="" for _ in {1..18}; do + set -x response=$(curl -s -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer ${PR_TRIGGER_PAT}" \ -H "X-GitHub-Api-Version: 2022-11-28" \ "https://api.github.com/repos/NHSDigital/nhs-notify-internal/actions/runs?event=workflow_dispatch") + set +x if ! echo "$response" | jq empty 2>/dev/null; then echo "[ERROR] Invalid JSON response from GitHub API during workflow polling:" diff --git a/.github/workflows/pr_closed.yaml b/.github/workflows/pr_closed.yaml index dbb15972b..c73a1bb61 100644 --- a/.github/workflows/pr_closed.yaml +++ b/.github/workflows/pr_closed.yaml @@ -55,7 +55,6 @@ jobs: PR_TRIGGER_PAT: ${{ secrets.PR_TRIGGER_PAT }} run: | bash .github/scripts/dispatch_internal_repo_workflow.sh \ - --infraRepoName "nhs-notify-web-template-management" \ --releaseVersion "main" \ --targetWorkflow "dispatch-deploy-static-notify-web-template-management-env.yaml" \ --targetEnvironment "main" \ diff --git a/.github/workflows/release_created.yaml b/.github/workflows/release_created.yaml index 7ddc11f47..a3c45f2f8 100644 --- a/.github/workflows/release_created.yaml +++ b/.github/workflows/release_created.yaml @@ -31,7 +31,6 @@ jobs: PR_TRIGGER_PAT: ${{ secrets.PR_TRIGGER_PAT }} run: | bash .github/scripts/dispatch_internal_repo_workflow.sh \ - --infraRepoName "nhs-notify-web-template-management" \ --releaseVersion "${{ github.event.release.tag_name }}" \ --targetWorkflow "dispatch-deploy-static-notify-web-template-management-env.yaml" \ --targetEnvironment "main" \ From b760d886980856500431e5911ff03aea62abb498 Mon Sep 17 00:00:00 2001 From: aidenvaines-bjss Date: Mon, 1 Sep 2025 10:06:54 +0100 Subject: [PATCH 35/36] CCM-11942 drop infrareponme from static workflow calls --- .github/scripts/dispatch_internal_repo_workflow.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/scripts/dispatch_internal_repo_workflow.sh b/.github/scripts/dispatch_internal_repo_workflow.sh index 68a4af19a..e05fb55cb 100755 --- a/.github/scripts/dispatch_internal_repo_workflow.sh +++ b/.github/scripts/dispatch_internal_repo_workflow.sh @@ -147,14 +147,11 @@ sleep 10 # Wait a few seconds before checking for the presence of the api to acc workflow_run_url="" for _ in {1..18}; do - - set -x response=$(curl -s -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer ${PR_TRIGGER_PAT}" \ -H "X-GitHub-Api-Version: 2022-11-28" \ "https://api.github.com/repos/NHSDigital/nhs-notify-internal/actions/runs?event=workflow_dispatch") - set +x if ! echo "$response" | jq empty 2>/dev/null; then echo "[ERROR] Invalid JSON response from GitHub API during workflow polling:" From ee97490c184aed08aa896054c5dd77d15efef0f9 Mon Sep 17 00:00:00 2001 From: aidenvaines-bjss Date: Mon, 1 Sep 2025 11:24:36 +0100 Subject: [PATCH 36/36] CCM-11942 Update Params --- .../dispatch_internal_repo_workflow.sh | 33 ++++++++++++++++--- 1 file changed, 28 insertions(+), 5 deletions(-) diff --git a/.github/scripts/dispatch_internal_repo_workflow.sh b/.github/scripts/dispatch_internal_repo_workflow.sh index e05fb55cb..2e2e89e07 100755 --- a/.github/scripts/dispatch_internal_repo_workflow.sh +++ b/.github/scripts/dispatch_internal_repo_workflow.sh @@ -11,19 +11,26 @@ # --targetComponent \ # --targetAccountGroup \ # --terraformAction \ -# --internalRef +# --internalRef \ +# --overrides \ +# --overrideProjectName \ +# --overrideRoleName + # # All arguments are required except terraformAction, and internalRef. # Example: # ./dispatch_internal_repo_workflow.sh \ -# --infraRepoName "nhs-notify-iam-webauth" \ +# --infraRepoName "nhs-notify-web-template-management" \ # --releaseVersion "v1.2.3" \ # --targetWorkflow "deploy.yaml" \ # --targetEnvironment "prod" \ # --targetComponent "web" \ # --targetAccountGroup "core" \ # --terraformAction "apply" \ -# --internalRef "main" +# --internalRef "main" \ +# --overrides "tf_var=someString" \ +# --overrideProjectName nhs \ +# --overrideRoleName nhs-service-iam-role set -e @@ -65,6 +72,14 @@ while [[ $# -gt 0 ]]; do overrides="$2" shift 2 ;; + --overrideProjectName) # Override the project name (optional) + overrideProjectName="$2" + shift 2 + ;; + --overrideRoleName) # Override the role name (optional) + overrideRoleName="$2" + shift 2 + ;; *) echo "[ERROR] Unknown argument: $1" exit 1 @@ -96,6 +111,9 @@ echo " targetAccountGroup: $targetAccountGroup" echo " terraformAction: $terraformAction" echo " internalRef: $internalRef" echo " overrides: $overrides" +echo " overrideProjectName: $overrideProjectName" +echo " overrideRoleName: $overrideRoleName" +echo " targetProject: $targetProject" DISPATCH_EVENT=$(jq -ncM \ --arg infraRepoName "$infraRepoName" \ @@ -106,11 +124,17 @@ DISPATCH_EVENT=$(jq -ncM \ --arg terraformAction "$terraformAction" \ --arg targetWorkflow "$targetWorkflow" \ --arg overrides "$overrides" \ + --arg overrideProjectName "$overrideProjectName" \ + --arg overrideRoleName "$overrideRoleName" \ + --arg targetProject "$targetProject" \ '{ "ref": "'"$internalRef"'", "inputs": ( (if $infraRepoName != "" then { "infraRepoName": $infraRepoName } else {} end) + (if $terraformAction != "" then { "terraformAction": $terraformAction } else {} end) + + (if $overrideProjectName != "" then { "overrideProjectName": $overrideProjectName } else {} end) + + (if $overrideRoleName != "" then { "overrideRoleName": $overrideRoleName } else {} end) + + (if $targetProject != "" then { "targetProject": $targetProject } else {} end) + { "releaseVersion": $releaseVersion, "targetEnvironment": $targetEnvironment, @@ -123,7 +147,6 @@ DISPATCH_EVENT=$(jq -ncM \ echo "[INFO] Triggering workflow '$targetWorkflow' in nhs-notify-internal..." -set -x trigger_response=$(curl -s -L \ --fail \ -X POST \ @@ -132,7 +155,6 @@ trigger_response=$(curl -s -L \ -H "X-GitHub-Api-Version: 2022-11-28" \ "https://api.github.com/repos/NHSDigital/nhs-notify-internal/actions/workflows/$targetWorkflow/dispatches" \ -d "$DISPATCH_EVENT" 2>&1) -set +x if [[ $? -ne 0 ]]; then echo "[ERROR] Failed to trigger workflow. Response: $trigger_response" @@ -147,6 +169,7 @@ sleep 10 # Wait a few seconds before checking for the presence of the api to acc workflow_run_url="" for _ in {1..18}; do + response=$(curl -s -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer ${PR_TRIGGER_PAT}" \