From 9d84a764dfb32824804596f38aceff2808b2ba16 Mon Sep 17 00:00:00 2001 From: Steve Buxton Date: Wed, 18 Feb 2026 11:54:33 +0000 Subject: [PATCH 1/4] Refactor environment calculation --- .github/workflows/stage-3-build.yaml | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/.github/workflows/stage-3-build.yaml b/.github/workflows/stage-3-build.yaml index f8e34e8be..cc15d5ef6 100644 --- a/.github/workflows/stage-3-build.yaml +++ b/.github/workflows/stage-3-build.yaml @@ -134,8 +134,13 @@ jobs: name: Create Dynamic Environment runs-on: ubuntu-latest if: inputs.pr_number != '' + outputs: + environment_name: ${{ steps.set-environment.outputs.environment_name }} steps: - uses: actions/checkout@v5 + - name: Set environment name + id: set-environment + run: echo "environment_name=${{ inputs.pr_number != '' && format('pr{0}', inputs.pr_number) || 'main' }}" >> $GITHUB_OUTPUT - name: Trigger dynamic environment creation env: APP_CLIENT_ID: ${{ secrets.APP_CLIENT_ID }} @@ -148,7 +153,7 @@ jobs: --infraRepoName "$(echo ${{ github.repository }} | cut -d'/' -f2)" \ --releaseVersion ${{ github.head_ref || github.ref_name }} \ --targetWorkflow "dispatch-deploy-dynamic-env.yaml" \ - --targetEnvironment "pr${PR_NUMBER}" \ + --targetEnvironment "${{ steps.set-environment.outputs.environment_name }}" \ --targetComponent "api" \ --targetAccountGroup "nhs-notify-supplier-api-dev" \ --terraformAction "apply" \ @@ -162,7 +167,6 @@ jobs: timeout-minutes: 10 env: PROXYGEN_API_NAME: nhs-notify-supplier - PR_NUMBER: ${{ inputs.pr_number }} APP_CLIENT_ID: ${{ secrets.APP_CLIENT_ID }} APP_PEM_FILE: ${{ secrets.APP_PEM_FILE }} steps: @@ -172,7 +176,7 @@ jobs: uses: ./.github/actions/build-proxies with: version: "${{ inputs.version }}" - environment: ${{ inputs.pr_number != '' && format('pr{0}', inputs.pr_number) || 'main' }} + environment: ${{ needs.pr-create-dynamic-environment.outputs.environment_name }} apimEnv: "internal-dev-sandbox" runId: "${{ github.run_id }}" buildSandbox: true From 7028aa6ec2dc998e0aec841cf249b72c7b7aebd4 Mon Sep 17 00:00:00 2001 From: Steve Buxton Date: Wed, 18 Feb 2026 13:38:05 +0000 Subject: [PATCH 2/4] Conditionally deploy proxy --- .github/workflows/cicd-1-pull-request.yaml | 22 ++++++++++++++++++++++ .github/workflows/stage-3-build.yaml | 7 +++++-- 2 files changed, 27 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cicd-1-pull-request.yaml b/.github/workflows/cicd-1-pull-request.yaml index 877f3a595..747e76f4a 100644 --- a/.github/workflows/cicd-1-pull-request.yaml +++ b/.github/workflows/cicd-1-pull-request.yaml @@ -29,6 +29,7 @@ jobs: does_pull_request_exist: ${{ steps.pr_exists.outputs.does_pull_request_exist }} pr_number: ${{ steps.pr_exists.outputs.pr_number }} skip_trivy_package: ${{ steps.skip_trivy.outputs.skip_trivy_package }} + deploy_proxy: ${{ steps.deploy_proxy.outputs.deploy_proxy }} steps: - name: "Checkout code" uses: actions/checkout@v5 @@ -87,6 +88,26 @@ jobs: else echo "skip_trivy_package=false" >> $GITHUB_OUTPUT fi + - name: "Determine if proxy should be deployed" + id: deploy_proxy + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + PR_NUMBER: ${{ steps.pr_exists.outputs.pr_number }} + run: | + if [[ -z "$PR_NUMBER" ]]; then + echo "No pull request detected; proxy deployment will run." + echo "deploy_proxy=true" >> $GITHUB_OUTPUT + exit 0 + fi + + labels=$(gh pr view "$PR_NUMBER" --json labels --jq '.labels[].name') + echo "Labels on PR #$PR_NUMBER: $labels" + + if echo "$labels" | grep -Fxq 'deploy-proxy'; then + echo "deploy_proxy=true" >> $GITHUB_OUTPUT + else + echo "deploy_proxy=false" >> $GITHUB_OUTPUT + fi - name: "List variables" run: | export BUILD_DATETIME_LONDON="${{ steps.variables.outputs.build_datetime_london }}" @@ -141,6 +162,7 @@ jobs: terraform_version: "${{ needs.metadata.outputs.terraform_version }}" version: "${{ needs.metadata.outputs.version }}" pr_number: "${{ needs.metadata.outputs.pr_number }}" + deploy_proxy: "${{ needs.metadata.outputs.deploy_proxy }}" secrets: inherit acceptance-stage: # Recommended maximum execution time is 10 minutes name: "Acceptance stage" diff --git a/.github/workflows/stage-3-build.yaml b/.github/workflows/stage-3-build.yaml index cc15d5ef6..a8441e7ff 100644 --- a/.github/workflows/stage-3-build.yaml +++ b/.github/workflows/stage-3-build.yaml @@ -35,6 +35,10 @@ on: description: "PR Number if it exists" required: false type: string + deploy_proxy: + description: "True if the APIM proxy should be deployed" + required: true + type: string permissions: id-token: write # This is required for requesting the JWT @@ -133,7 +137,6 @@ jobs: pr-create-dynamic-environment: name: Create Dynamic Environment runs-on: ubuntu-latest - if: inputs.pr_number != '' outputs: environment_name: ${{ steps.set-environment.outputs.environment_name }} steps: @@ -162,7 +165,7 @@ jobs: artefact-proxies: name: "Build proxies" runs-on: ubuntu-latest - if: inputs.pr_number != '' + if: inputs.deploy_proxy == 'true' needs: [artefact-oas-spec-sandbox, pr-create-dynamic-environment] timeout-minutes: 10 env: From b34139abfa789b3569f47b0524b36e6e45c7a3c9 Mon Sep 17 00:00:00 2001 From: Steve Buxton Date: Wed, 18 Feb 2026 15:57:29 +0000 Subject: [PATCH 3/4] Run E2E tests if proxy deployed --- .github/actions/e2e-tests/action.yml | 50 +++++++++++++++++++++++ .github/workflows/stage-4-acceptance.yaml | 15 +++++++ 2 files changed, 65 insertions(+) create mode 100644 .github/actions/e2e-tests/action.yml diff --git a/.github/actions/e2e-tests/action.yml b/.github/actions/e2e-tests/action.yml new file mode 100644 index 000000000..149dffc01 --- /dev/null +++ b/.github/actions/e2e-tests/action.yml @@ -0,0 +1,50 @@ +name: E2E tests +description: "Run end-to-end tests for this repo" + +inputs: + pr_number: + required: true + type: string + +runs: + using: "composite" + + steps: + - name: Check if e2e tests should run + id: check_e2e + shell: bash + env: + GITHUB_TOKEN: ${{ env.GITHUB_TOKEN }} + run: | + if [[ -n "${{ inputs.pr_number }}" ]]; then + labels=$(gh pr view "${{ inputs.pr_number }}" --json labels --jq '.labels[].name' 2>/dev/null || echo "") + + if echo "$labels" | grep -Fxq 'deploy-proxy'; then + echo "deploy-proxy label found; e2e tests will run." + echo "run_e2e=true" >> $GITHUB_OUTPUT + else + echo "deploy-proxy label not found; e2e tests will be skipped." + echo "run_e2e=false" >> $GITHUB_OUTPUT + fi + else + echo "Not a PR environment; e2e tests will run." + echo "run_e2e=true" >> $GITHUB_OUTPUT + fi + + - name: Install poetry and e2e test dependencies + if: steps.check_e2e.outputs.run_e2e == 'true' + shell: bash + run: | + pipx install poetry + cd tests/e2e-tests && poetry install + + - name: Run e2e tests + if: steps.check_e2e.outputs.run_e2e == 'true' + shell: bash + run: | + echo "$INTERNAL_DEV_TEST_PEM" > "${GITHUB_WORKSPACE}/internal-dev-test-1.pem" + chmod 600 "${GITHUB_WORKSPACE}/internal-dev-test-1.pem" + export PROXY_NAME=nhs-notify-supplier--internal-dev--nhs-notify-supplier + export API_ENVIRONMENT=internal-dev + export NON_PROD_PRIVATE_KEY="${GITHUB_WORKSPACE}/internal-dev-test-1.pem" + make .internal-dev-test diff --git a/.github/workflows/stage-4-acceptance.yaml b/.github/workflows/stage-4-acceptance.yaml index 4190ff880..b773fc429 100644 --- a/.github/workflows/stage-4-acceptance.yaml +++ b/.github/workflows/stage-4-acceptance.yaml @@ -77,3 +77,18 @@ jobs: --targetEnvironment "$ENVIRONMENT" \ --targetAccountGroup "nhs-notify-supplier-api-dev" \ --targetComponent "api" + + run-e2e-tests: + name: Run End-to-End Tests + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v5.0.0 + + - name: "Run e2e tests" + uses: ./.github/actions/e2e-tests + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + NON_PROD_API_KEY: ${{ secrets.NON_PROD_API_KEY }} + INTERNAL_DEV_TEST_PEM: ${{ secrets.INTERNAL_DEV_TEST_PEM }} + with: + pr_number: ${{ inputs.pr_number }} From 2deaa4f8ecf118cc9731b5844f6eed02bec962ad Mon Sep 17 00:00:00 2001 From: Steve Buxton Date: Thu, 26 Feb 2026 13:14:55 +0000 Subject: [PATCH 4/4] Simplification following peer review --- .github/actions/e2e-tests/action.yml | 28 ---------------------- .github/workflows/cicd-1-pull-request.yaml | 1 + .github/workflows/stage-4-acceptance.yaml | 7 ++++-- 3 files changed, 6 insertions(+), 30 deletions(-) diff --git a/.github/actions/e2e-tests/action.yml b/.github/actions/e2e-tests/action.yml index 149dffc01..f4443b483 100644 --- a/.github/actions/e2e-tests/action.yml +++ b/.github/actions/e2e-tests/action.yml @@ -1,45 +1,17 @@ name: E2E tests description: "Run end-to-end tests for this repo" -inputs: - pr_number: - required: true - type: string - runs: using: "composite" steps: - - name: Check if e2e tests should run - id: check_e2e - shell: bash - env: - GITHUB_TOKEN: ${{ env.GITHUB_TOKEN }} - run: | - if [[ -n "${{ inputs.pr_number }}" ]]; then - labels=$(gh pr view "${{ inputs.pr_number }}" --json labels --jq '.labels[].name' 2>/dev/null || echo "") - - if echo "$labels" | grep -Fxq 'deploy-proxy'; then - echo "deploy-proxy label found; e2e tests will run." - echo "run_e2e=true" >> $GITHUB_OUTPUT - else - echo "deploy-proxy label not found; e2e tests will be skipped." - echo "run_e2e=false" >> $GITHUB_OUTPUT - fi - else - echo "Not a PR environment; e2e tests will run." - echo "run_e2e=true" >> $GITHUB_OUTPUT - fi - - name: Install poetry and e2e test dependencies - if: steps.check_e2e.outputs.run_e2e == 'true' shell: bash run: | pipx install poetry cd tests/e2e-tests && poetry install - name: Run e2e tests - if: steps.check_e2e.outputs.run_e2e == 'true' shell: bash run: | echo "$INTERNAL_DEV_TEST_PEM" > "${GITHUB_WORKSPACE}/internal-dev-test-1.pem" diff --git a/.github/workflows/cicd-1-pull-request.yaml b/.github/workflows/cicd-1-pull-request.yaml index 747e76f4a..fe63ee689 100644 --- a/.github/workflows/cicd-1-pull-request.yaml +++ b/.github/workflows/cicd-1-pull-request.yaml @@ -178,6 +178,7 @@ jobs: terraform_version: "${{ needs.metadata.outputs.terraform_version }}" version: "${{ needs.metadata.outputs.version }}" pr_number: ${{ needs.metadata.outputs.pr_number }} + proxy_deployed: "${{ needs.metadata.outputs.deploy_proxy }}" secrets: inherit publish-stage: # Recommended maximum execution time is 10 minutes name: "Publish stage" diff --git a/.github/workflows/stage-4-acceptance.yaml b/.github/workflows/stage-4-acceptance.yaml index b773fc429..a71f3037e 100644 --- a/.github/workflows/stage-4-acceptance.yaml +++ b/.github/workflows/stage-4-acceptance.yaml @@ -34,6 +34,10 @@ on: pr_number: required: true type: string + proxy_deployed: + description: "True if the APIM proxy was deployed" + required: true + type: string permissions: id-token: write @@ -81,6 +85,7 @@ jobs: run-e2e-tests: name: Run End-to-End Tests runs-on: ubuntu-latest + if: inputs.proxy_deployed == 'true' steps: - uses: actions/checkout@v5.0.0 @@ -90,5 +95,3 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} NON_PROD_API_KEY: ${{ secrets.NON_PROD_API_KEY }} INTERNAL_DEV_TEST_PEM: ${{ secrets.INTERNAL_DEV_TEST_PEM }} - with: - pr_number: ${{ inputs.pr_number }}