diff --git a/.github/actions/e2e-tests/action.yml b/.github/actions/e2e-tests/action.yml new file mode 100644 index 000000000..f4443b483 --- /dev/null +++ b/.github/actions/e2e-tests/action.yml @@ -0,0 +1,22 @@ +name: E2E tests +description: "Run end-to-end tests for this repo" + +runs: + using: "composite" + + steps: + - name: Install poetry and e2e test dependencies + shell: bash + run: | + pipx install poetry + cd tests/e2e-tests && poetry install + + - name: Run e2e tests + shell: bash + run: | + echo "$INTERNAL_DEV_TEST_PEM" > "${GITHUB_WORKSPACE}/internal-dev-test-1.pem" + chmod 600 "${GITHUB_WORKSPACE}/internal-dev-test-1.pem" + export PROXY_NAME=nhs-notify-supplier--internal-dev--nhs-notify-supplier + export API_ENVIRONMENT=internal-dev + export NON_PROD_PRIVATE_KEY="${GITHUB_WORKSPACE}/internal-dev-test-1.pem" + make .internal-dev-test diff --git a/.github/workflows/cicd-1-pull-request.yaml b/.github/workflows/cicd-1-pull-request.yaml index 877f3a595..fe63ee689 100644 --- a/.github/workflows/cicd-1-pull-request.yaml +++ b/.github/workflows/cicd-1-pull-request.yaml @@ -29,6 +29,7 @@ jobs: does_pull_request_exist: ${{ steps.pr_exists.outputs.does_pull_request_exist }} pr_number: ${{ steps.pr_exists.outputs.pr_number }} skip_trivy_package: ${{ steps.skip_trivy.outputs.skip_trivy_package }} + deploy_proxy: ${{ steps.deploy_proxy.outputs.deploy_proxy }} steps: - name: "Checkout code" uses: actions/checkout@v5 @@ -87,6 +88,26 @@ jobs: else echo "skip_trivy_package=false" >> $GITHUB_OUTPUT fi + - name: "Determine if proxy should be deployed" + id: deploy_proxy + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + PR_NUMBER: ${{ steps.pr_exists.outputs.pr_number }} + run: | + if [[ -z "$PR_NUMBER" ]]; then + echo "No pull request detected; proxy deployment will run." + echo "deploy_proxy=true" >> $GITHUB_OUTPUT + exit 0 + fi + + labels=$(gh pr view "$PR_NUMBER" --json labels --jq '.labels[].name') + echo "Labels on PR #$PR_NUMBER: $labels" + + if echo "$labels" | grep -Fxq 'deploy-proxy'; then + echo "deploy_proxy=true" >> $GITHUB_OUTPUT + else + echo "deploy_proxy=false" >> $GITHUB_OUTPUT + fi - name: "List variables" run: | export BUILD_DATETIME_LONDON="${{ steps.variables.outputs.build_datetime_london }}" @@ -141,6 +162,7 @@ jobs: terraform_version: "${{ needs.metadata.outputs.terraform_version }}" version: "${{ needs.metadata.outputs.version }}" pr_number: "${{ needs.metadata.outputs.pr_number }}" + deploy_proxy: "${{ needs.metadata.outputs.deploy_proxy }}" secrets: inherit acceptance-stage: # Recommended maximum execution time is 10 minutes name: "Acceptance stage" @@ -156,6 +178,7 @@ jobs: terraform_version: "${{ needs.metadata.outputs.terraform_version }}" version: "${{ needs.metadata.outputs.version }}" pr_number: ${{ needs.metadata.outputs.pr_number }} + proxy_deployed: "${{ needs.metadata.outputs.deploy_proxy }}" secrets: inherit publish-stage: # Recommended maximum execution time is 10 minutes name: "Publish stage" diff --git a/.github/workflows/stage-3-build.yaml b/.github/workflows/stage-3-build.yaml index f8e34e8be..a8441e7ff 100644 --- a/.github/workflows/stage-3-build.yaml +++ b/.github/workflows/stage-3-build.yaml @@ -35,6 +35,10 @@ on: description: "PR Number if it exists" required: false type: string + deploy_proxy: + description: "True if the APIM proxy should be deployed" + required: true + type: string permissions: id-token: write # This is required for requesting the JWT @@ -133,9 +137,13 @@ jobs: pr-create-dynamic-environment: name: Create Dynamic Environment runs-on: ubuntu-latest - if: inputs.pr_number != '' + outputs: + environment_name: ${{ steps.set-environment.outputs.environment_name }} steps: - uses: actions/checkout@v5 + - name: Set environment name + id: set-environment + run: echo "environment_name=${{ inputs.pr_number != '' && format('pr{0}', inputs.pr_number) || 'main' }}" >> $GITHUB_OUTPUT - name: Trigger dynamic environment creation env: APP_CLIENT_ID: ${{ secrets.APP_CLIENT_ID }} @@ -148,7 +156,7 @@ jobs: --infraRepoName "$(echo ${{ github.repository }} | cut -d'/' -f2)" \ --releaseVersion ${{ github.head_ref || github.ref_name }} \ --targetWorkflow "dispatch-deploy-dynamic-env.yaml" \ - --targetEnvironment "pr${PR_NUMBER}" \ + --targetEnvironment "${{ steps.set-environment.outputs.environment_name }}" \ --targetComponent "api" \ --targetAccountGroup "nhs-notify-supplier-api-dev" \ --terraformAction "apply" \ @@ -157,12 +165,11 @@ jobs: artefact-proxies: name: "Build proxies" runs-on: ubuntu-latest - if: inputs.pr_number != '' + if: inputs.deploy_proxy == 'true' needs: [artefact-oas-spec-sandbox, pr-create-dynamic-environment] timeout-minutes: 10 env: PROXYGEN_API_NAME: nhs-notify-supplier - PR_NUMBER: ${{ inputs.pr_number }} APP_CLIENT_ID: ${{ secrets.APP_CLIENT_ID }} APP_PEM_FILE: ${{ secrets.APP_PEM_FILE }} steps: @@ -172,7 +179,7 @@ jobs: uses: ./.github/actions/build-proxies with: version: "${{ inputs.version }}" - environment: ${{ inputs.pr_number != '' && format('pr{0}', inputs.pr_number) || 'main' }} + environment: ${{ needs.pr-create-dynamic-environment.outputs.environment_name }} apimEnv: "internal-dev-sandbox" runId: "${{ github.run_id }}" buildSandbox: true diff --git a/.github/workflows/stage-4-acceptance.yaml b/.github/workflows/stage-4-acceptance.yaml index 4190ff880..a71f3037e 100644 --- a/.github/workflows/stage-4-acceptance.yaml +++ b/.github/workflows/stage-4-acceptance.yaml @@ -34,6 +34,10 @@ on: pr_number: required: true type: string + proxy_deployed: + description: "True if the APIM proxy was deployed" + required: true + type: string permissions: id-token: write @@ -77,3 +81,17 @@ jobs: --targetEnvironment "$ENVIRONMENT" \ --targetAccountGroup "nhs-notify-supplier-api-dev" \ --targetComponent "api" + + run-e2e-tests: + name: Run End-to-End Tests + runs-on: ubuntu-latest + if: inputs.proxy_deployed == 'true' + steps: + - uses: actions/checkout@v5.0.0 + + - name: "Run e2e tests" + uses: ./.github/actions/e2e-tests + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + NON_PROD_API_KEY: ${{ secrets.NON_PROD_API_KEY }} + INTERNAL_DEV_TEST_PEM: ${{ secrets.INTERNAL_DEV_TEST_PEM }}