Skip to content

CCM-14502 Make Proxy build optional for dynamic envs #415

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
stevebux wants to merge 5 commits into
base: main
Choose a base branch
from
Open

CCM-14502 Make Proxy build optional for dynamic envs #415

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
9d84a76
Refactor environment calculation
stevebux Feb 18, 2026
7028aa6
Conditionally deploy proxy
stevebux Feb 18, 2026
b34139a
Run E2E tests if proxy deployed
stevebux Feb 18, 2026
2deaa4f
Simplification following peer review
stevebux Feb 26, 2026
495a85b
Merge branch 'main' into feature/CCM-14502-Optional-Proxy-Build
stevebux Mar 4, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 22 additions & 0 deletions .github/actions/e2e-tests/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
name: E2E tests
description: "Run end-to-end tests for this repo"

runs:
using: "composite"

steps:
- name: Install poetry and e2e test dependencies
shell: bash
run: |
pipx install poetry
cd tests/e2e-tests && poetry install

- name: Run e2e tests
shell: bash
run: |
echo "$INTERNAL_DEV_TEST_PEM" > "${GITHUB_WORKSPACE}/internal-dev-test-1.pem"
chmod 600 "${GITHUB_WORKSPACE}/internal-dev-test-1.pem"
export PROXY_NAME=nhs-notify-supplier--internal-dev--nhs-notify-supplier
export API_ENVIRONMENT=internal-dev
export NON_PROD_PRIVATE_KEY="${GITHUB_WORKSPACE}/internal-dev-test-1.pem"
make .internal-dev-test
23 changes: 23 additions & 0 deletions .github/workflows/cicd-1-pull-request.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ jobs:
does_pull_request_exist: ${{ steps.pr_exists.outputs.does_pull_request_exist }}
pr_number: ${{ steps.pr_exists.outputs.pr_number }}
skip_trivy_package: ${{ steps.skip_trivy.outputs.skip_trivy_package }}
deploy_proxy: ${{ steps.deploy_proxy.outputs.deploy_proxy }}
steps:
- name: "Checkout code"
uses: actions/checkout@v5
Expand Down Expand Up @@ -87,6 +88,26 @@ jobs:
else
echo "skip_trivy_package=false" >> $GITHUB_OUTPUT
fi
- name: "Determine if proxy should be deployed"
id: deploy_proxy
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PR_NUMBER: ${{ steps.pr_exists.outputs.pr_number }}
run: |
if [[ -z "$PR_NUMBER" ]]; then
echo "No pull request detected; proxy deployment will run."
echo "deploy_proxy=true" >> $GITHUB_OUTPUT
exit 0
fi

labels=$(gh pr view "$PR_NUMBER" --json labels --jq '.labels[].name')
echo "Labels on PR #$PR_NUMBER: $labels"

if echo "$labels" | grep -Fxq 'deploy-proxy'; then
echo "deploy_proxy=true" >> $GITHUB_OUTPUT
else
echo "deploy_proxy=false" >> $GITHUB_OUTPUT
fi
- name: "List variables"
run: |
export BUILD_DATETIME_LONDON="${{ steps.variables.outputs.build_datetime_london }}"
Expand Down Expand Up @@ -141,6 +162,7 @@ jobs:
terraform_version: "${{ needs.metadata.outputs.terraform_version }}"
version: "${{ needs.metadata.outputs.version }}"
pr_number: "${{ needs.metadata.outputs.pr_number }}"
deploy_proxy: "${{ needs.metadata.outputs.deploy_proxy }}"
secrets: inherit
acceptance-stage: # Recommended maximum execution time is 10 minutes
name: "Acceptance stage"
Expand All @@ -156,6 +178,7 @@ jobs:
terraform_version: "${{ needs.metadata.outputs.terraform_version }}"
version: "${{ needs.metadata.outputs.version }}"
pr_number: ${{ needs.metadata.outputs.pr_number }}
proxy_deployed: "${{ needs.metadata.outputs.deploy_proxy }}"
secrets: inherit
publish-stage: # Recommended maximum execution time is 10 minutes
name: "Publish stage"
Expand Down
17 changes: 12 additions & 5 deletions .github/workflows/stage-3-build.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,10 @@ on:
description: "PR Number if it exists"
required: false
type: string
deploy_proxy:
description: "True if the APIM proxy should be deployed"
required: true
type: string

permissions:
id-token: write # This is required for requesting the JWT
Expand Down Expand Up @@ -133,9 +137,13 @@ jobs:
pr-create-dynamic-environment:
name: Create Dynamic Environment
runs-on: ubuntu-latest
if: inputs.pr_number != ''
outputs:
environment_name: ${{ steps.set-environment.outputs.environment_name }}
steps:
- uses: actions/checkout@v5
- name: Set environment name
id: set-environment
run: echo "environment_name=${{ inputs.pr_number != '' && format('pr{0}', inputs.pr_number) || 'main' }}" >> $GITHUB_OUTPUT
- name: Trigger dynamic environment creation
env:
APP_CLIENT_ID: ${{ secrets.APP_CLIENT_ID }}
Expand All @@ -148,7 +156,7 @@ jobs:
--infraRepoName "$(echo ${{ github.repository }} | cut -d'/' -f2)" \
--releaseVersion ${{ github.head_ref || github.ref_name }} \
--targetWorkflow "dispatch-deploy-dynamic-env.yaml" \
--targetEnvironment "pr${PR_NUMBER}" \
--targetEnvironment "${{ steps.set-environment.outputs.environment_name }}" \
--targetComponent "api" \
--targetAccountGroup "nhs-notify-supplier-api-dev" \
--terraformAction "apply" \
Expand All @@ -157,12 +165,11 @@ jobs:
artefact-proxies:
name: "Build proxies"
runs-on: ubuntu-latest
if: inputs.pr_number != ''
if: inputs.deploy_proxy == 'true'
needs: [artefact-oas-spec-sandbox, pr-create-dynamic-environment]
timeout-minutes: 10
env:
PROXYGEN_API_NAME: nhs-notify-supplier
PR_NUMBER: ${{ inputs.pr_number }}
APP_CLIENT_ID: ${{ secrets.APP_CLIENT_ID }}
APP_PEM_FILE: ${{ secrets.APP_PEM_FILE }}
steps:
Expand All @@ -172,7 +179,7 @@ jobs:
uses: ./.github/actions/build-proxies
with:
version: "${{ inputs.version }}"
environment: ${{ inputs.pr_number != '' && format('pr{0}', inputs.pr_number) || 'main' }}
environment: ${{ needs.pr-create-dynamic-environment.outputs.environment_name }}
apimEnv: "internal-dev-sandbox"
runId: "${{ github.run_id }}"
buildSandbox: true
Expand Down
18 changes: 18 additions & 0 deletions .github/workflows/stage-4-acceptance.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,10 @@ on:
pr_number:
required: true
type: string
proxy_deployed:
description: "True if the APIM proxy was deployed"
required: true
type: string

permissions:
id-token: write
Expand Down Expand Up @@ -77,3 +81,17 @@ jobs:
--targetEnvironment "$ENVIRONMENT" \
--targetAccountGroup "nhs-notify-supplier-api-dev" \
--targetComponent "api"

run-e2e-tests:
name: Run End-to-End Tests
runs-on: ubuntu-latest
if: inputs.proxy_deployed == 'true'
steps:
- uses: actions/checkout@v5.0.0

- name: "Run e2e tests"
uses: ./.github/actions/e2e-tests
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NON_PROD_API_KEY: ${{ secrets.NON_PROD_API_KEY }}
INTERNAL_DEV_TEST_PEM: ${{ secrets.INTERNAL_DEV_TEST_PEM }}
Loading