Merge branch 'develop' into feature/hakh11-NRL-1002-consumerIntegrationTests

Author: hamzakhan24-nhs

.github/workflows/persistent-environment.yml

@@ -234,8 +234,7 @@ jobs:
 
       - name: Update environment config version
         run: |
-          short_commit_ref="$(echo ${{ github.sha }} | cut -c1-8)"
-          deployed_version="${{ inputs.branch_name }}@${short_commit_ref}"
+          deployed_version=$(terraform -chdir=terraform/infrastructure output --raw version)
           poetry run python ./scripts/set_env_config.py inactive-version ${deployed_version} ${{ inputs.environment }}
 
       - name: Smoke Test

.github/workflows/update-lambda-permissions.yml

@@ -0,0 +1,296 @@
+name: Update Lambda Permissions
+run-name: Updating permissions on ${{ inputs.stack_name }} using ${{ github.ref }} by ${{ github.actor }}
+
+on:
+  workflow_dispatch:
+    inputs:
+      environment:
+        description: Environment to deploy to
+        required: true
+        default: "dev"
+        type: environment
+
+      stack_name:
+        description: Stack to update
+        required: true
+        type: string
+
+      strict_versioning:
+        description: Use strict versioning (recommended)
+        required: true
+        type: boolean
+        default: true
+
+permissions:
+  id-token: write
+  contents: read
+  actions: write
+
+jobs:
+  check-versions:
+    name: Check versions
+    runs-on: [self-hosted, ci]
+
+    steps:
+      - name: Git clone - ${{ github.ref }}
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.ref }}
+
+      - name: Setup asdf cache
+        uses: actions/cache@v4
+        with:
+          path: ~/.asdf
+          key: ${{ runner.os }}-asdf-${{ hashFiles('**/.tool-versions') }}
+          restore-keys: |
+            ${{ runner.os }}-asdf-
+
+      - name: Install asdf
+        uses: asdf-vm/actions/[email protected]
+
+      - name: Install zip
+        run: sudo apt-get install zip
+
+      - name: Setup Python environment
+        run: |
+          poetry install --no-root
+          source $(poetry env info --path)/bin/activate
+
+      - name: Configure Management Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: eu-west-2
+          role-to-assume: ${{ secrets.MGMT_ROLE_ARN }}
+          role-session-name: github-actions-ci-${{ inputs.environment }}-${{ github.run_id }}
+
+      - name: Terraform Init
+        run: |
+          terraform -chdir=terraform/infrastructure init
+          terraform -chdir=terraform/infrastructure workspace new ${{ inputs.stack_name }} || \
+              terraform -chdir=terraform/infrastructure workspace select ${{ inputs.stack_name }}
+
+      - name: Check deployed version matches build version
+        run: |
+          this_version="$(./scripts/get-current-info.sh | jq -r .version)"
+          deployed_version="$(terraform -chdir=terraform/infrastructure output --raw version)"
+
+          echo "code-version=${this_version} deployed-version=${deployed_version}"
+
+          if [ "${deployed_version}" != "${this_version}" ]
+          then
+            echo "${this_version} does not match deployed version: ${deployed_version}" 1>&2
+
+            if [ "${{ inputs.strict_versioning }}" == "true" ]; then
+              echo "Strict version checking failed, cancelling workflow" 1>&2
+              exit 1
+            fi
+          fi
+
+  build-permissions:
+    name: Build permissions
+    runs-on: [self-hosted, ci]
+    environment: ${{ inputs.environment }}
+
+    needs: [check-versions]
+
+    steps:
+      - name: Git clone - ${{ github.ref }}
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.ref }}
+
+      - name: Setup asdf cache
+        uses: actions/cache@v4
+        with:
+          path: ~/.asdf
+          key: ${{ runner.os }}-asdf-${{ hashFiles('**/.tool-versions') }}
+          restore-keys: |
+            ${{ runner.os }}-asdf-
+
+      - name: Install asdf
+        uses: asdf-vm/actions/[email protected]
+
+      - name: Install zip
+        run: sudo apt-get install zip
+
+      - name: Setup Python environment
+        run: |
+          poetry install --no-root
+          source $(poetry env info --path)/bin/activate
+
+      - name: Configure Management Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: eu-west-2
+          role-to-assume: ${{ secrets.MGMT_ROLE_ARN }}
+          role-session-name: github-actions-ci-${{ inputs.environment }}-${{ github.run_id }}
+
+      - name: Create lambda permissions layer
+        run: |
+          account=$(echo '${{ inputs.environment }}' | cut -d '-' -f1)
+          make get-s3-perms ENV=${account} TF_WORKSPACE_NAME=${{ inputs.stack_name }}
+
+      - name: Save NRLF permissions in cache
+        uses: actions/cache/save@v4
+        with:
+          key: ${{ github.run_id }}-nrlf-permissions
+          path: dist/nrlf_permissions.zip
+
+  pull-deployed-lambdas:
+    name: Pull deployed lambdas
+    runs-on: [self-hosted, ci]
+    environment: ${{ inputs.environment }}
+
+    needs: [check-versions]
+
+    steps:
+      - name: Git clone - ${{ github.ref }}
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.ref }}
+
+      - name: Configure Management Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: eu-west-2
+          role-to-assume: ${{ secrets.MGMT_ROLE_ARN }}
+          role-session-name: github-actions-ci-${{ inputs.environment }}-${{ github.run_id }}
+
+      - name: Configure Account Role
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: eu-west-2
+          role-chaining: true
+          role-to-assume: ${{ secrets.DEPLOY_ROLE_ARN }}
+          role-session-name: github-actions-ci-acc-${{ inputs.environment }}-${{ github.run_id }}
+
+      - name: Pull deployed lambda artifacts
+        run: |
+          account=$(echo '${{ inputs.environment }}' | cut -d '-' -f1)
+          ./scripts/pull-lambda-code-for-stack.sh ${{ inputs.stack_name }}
+
+      - name: Save lambda artifacts in cache
+        uses: actions/cache/save@v4
+        with:
+          key: ${{ github.run_id }}-pulled-lambda-artifacts
+          path: dist/*.zip
+
+  terraform-plan:
+    name: Plan changes
+    runs-on: [self-hosted, ci]
+    environment: ${{ inputs.environment }}
+
+    needs: [build-permissions, pull-deployed-lambdas]
+
+    steps:
+      - name: Git clone - ${{ github.ref }}
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.ref }}
+
+      - name: Setup asdf cache
+        uses: actions/cache@v4
+        with:
+          path: ~/.asdf
+          key: ${{ runner.os }}-asdf-${{ hashFiles('**/.tool-versions') }}
+          restore-keys: |
+            ${{ runner.os }}-asdf-
+
+      - name: Install asdf
+        uses: asdf-vm/actions/[email protected]
+
+      - name: Install zip
+        run: sudo apt-get install zip
+
+      - name: Setup Python environment
+        run: |
+          poetry install --no-root
+          source $(poetry env info --path)/bin/activate
+
+      - name: Restore pulled lambda artifacts
+        uses: actions/cache/restore@v4
+        with:
+          key: ${{ github.run_id }}-pulled-lambda-artifacts
+          path: dist/*.zip
+          fail-on-cache-miss: true
+
+      - name: Restore NRLF permissions cache
+        uses: actions/cache/restore@v4
+        with:
+          key: ${{ github.run_id }}-nrlf-permissions
+          path: dist/nrlf_permissions.zip
+          fail-on-cache-miss: true
+
+      - name: Configure Management Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: eu-west-2
+          role-to-assume: ${{ secrets.MGMT_ROLE_ARN }}
+          role-session-name: github-actions-ci-${{ inputs.environment }}-${{ github.run_id }}
+
+      - name: Terraform Init
+        run: |
+          terraform -chdir=terraform/infrastructure init
+          terraform -chdir=terraform/infrastructure workspace new ${{ inputs.stack_name }} || \
+              terraform -chdir=terraform/infrastructure workspace select ${{ inputs.stack_name }}
+
+      - name: Terraform Plan
+        run: |
+          terraform -chdir=terraform/infrastructure plan \
+              --var-file=etc/${{ vars.ACCOUNT_NAME }}.tfvars \
+              --var assume_role_arn=${{ secrets.DEPLOY_ROLE_ARN }} \
+              --var use_shared_resources=$(poetry run python scripts/are_resources_shared_for_stack.py ${{ inputs.stack_name }}) \
+              --out tfplan
+
+      - name: Save Terraform Plan
+        run: |
+          terraform -chdir=terraform/infrastructure show -no-color tfplan > terraform/infrastructure/tfplan.txt
+          aws s3 cp terraform/infrastructure/tfplan s3://nhsd-nrlf--mgmt--github-ci-logging/${{ inputs.environment }}/${{ github.run_id }}/tfplan
+          aws s3 cp terraform/infrastructure/tfplan.txt s3://nhsd-nrlf--mgmt--github-ci-logging/${{ inputs.environment }}/${{ github.run_id }}/tfplan.txt
+
+  terraform-apply:
+    name: Apply permissions
+    runs-on: [self-hosted, ci]
+    environment: ${{ inputs.environment }}
+
+    needs: terraform-plan
+
+    steps:
+      - name: Git clone - ${{ github.ref }}
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.ref }}
+
+      - name: Restore pulled lambda artifacts
+        uses: actions/cache/restore@v4
+        with:
+          key: ${{ github.run_id }}-pulled-lambda-artifacts
+          path: dist/*.zip
+          fail-on-cache-miss: true
+
+      - name: Restore NRLF permissions cache
+        uses: actions/cache/restore@v4
+        with:
+          key: ${{ github.run_id }}-nrlf-permissions
+          path: dist/nrlf_permissions.zip
+          fail-on-cache-miss: true
+
+      - name: Configure Management Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: eu-west-2
+          role-to-assume: ${{ secrets.MGMT_ROLE_ARN }}
+          role-session-name: github-actions-ci-${{ inputs.environment }}-${{ github.run_id }}
+
+      - name: Download Terraform Plan artifact
+        run: aws s3 cp s3://nhsd-nrlf--mgmt--github-ci-logging/${{ inputs.environment }}/${{ github.run_id }}/tfplan terraform/infrastructure/tfplan
+
+      - name: Terraform Init
+        run: |
+          terraform -chdir=terraform/infrastructure init
+          terraform -chdir=terraform/infrastructure workspace new ${{ inputs.stack_name }} || \
+              terraform -chdir=terraform/infrastructure workspace select ${{ inputs.stack_name }}
+
+      - name: Terraform Apply
+        run: |
+          terraform -chdir=terraform/infrastructure apply tfplan

resources/fhir/NRLF-RecordCategory-ValueSet.json

@@ -0,0 +1,41 @@
+{
+  "resourceType": "ValueSet",
+  "id": "NRLF-RecordCategory",
+  "url": "https://fhir.nhs.uk/England/CodeSystem/England-NRLRecordCategory",
+  "version": "1.1.1",
+  "name": "NRLF Record Category",
+  "status": "draft",
+  "date": "2024-03-20T00:00:00+00:00",
+  "publisher": "NHS Digital",
+  "contact": {
+    "name": "NRL Team at NHS Digital",
+    "telecom": {
+      "system": "email",
+      "value": "[email protected]",
+      "use": "work"
+    }
+  },
+  "description": "A code from the SNOMED Clinical Terminology UK coding system to represent the NRL clinical record class.",
+  "copyright": "Copyright 2024 NHS Digital. This value set includes content from SNOMED CT, which is copyright 2002+ International Health Terminology Standards Development Organisation (IHTSDO), and distributed by agreement between IHTSDO and HL7. Implementer use of SNOMED CT is not covered by this agreement.",
+  "compose": {
+    "include": [
+      {
+        "system": "http://snomed.info/sct",
+        "concept": [
+          {
+            "code": "734163000",
+            "display": "Care plan"
+          },
+          {
+            "code": "1102421000000108",
+            "display": "Observations"
+          },
+          {
+            "code": "823651000000106",
+            "display": "Clinical note"
+          }
+        ]
+      }
+    ]
+  }
+}