feat: initial versions of the new workflows, to be able to test iterations from branch

MacMur85 · MacMur85 · commit d2158b477685 · 2025-12-16T14:04:59.000Z
diff --git a/.github/workflows/cicd-1-pull-request-devtest.yaml b/.github/workflows/cicd-1-pull-request-devtest.yaml
@@ -0,0 +1,20 @@
+name: CI/CD pull request - devtest
+
+on:
+  push:
+    tags:
+          - 'devtest'
+
+jobs:
+  print-debug-info:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Display Information
+        run: |
+          echo "Workflow triggered by tag!"
+          echo "--------------------------------------"
+          echo "Tag/Ref Name : $GITHUB_REF"
+          echo "Commit Hash  : $GITHUB_SHA"
+          echo "Triggered By : $GITHUB_ACTOR"
+          echo "Event Name   : $GITHUB_EVENT_NAME"
+          echo "--------------------------------------"
diff --git a/.github/workflows/stage-3-build-images-devtest.yaml b/.github/workflows/stage-3-build-images-devtest.yaml
@@ -0,0 +1,195 @@
+name: Docker Image CI
+
+on:
+  workflow_call:
+    inputs:
+      environment_tag:
+        description: Environment of the deployment
+        required: true
+        type: string
+        default: development
+      docker_compose_file:
+        description: The path of the compose.yaml file needed to build docker images
+        required: true
+        type: string
+      function_app_source_code_path:
+        description: The source path of the function app source code for the docker builds
+        required: true
+        type: string
+      project_name:
+        description: The name of the project
+        required: true
+        type: string
+      excluded_containers_csv_list:
+        description: Excluded containers in a comma separated list
+        required: true
+        type: string
+      build_all_images:
+        description: Build all images (true) or only changed ones (false)
+        required: false
+        type: boolean
+        default: false
+
+    secrets:
+      client_id:
+        description: 'The Azure Client ID.'
+        required: true
+      tenant_id:
+        description: 'The Azure Tenant ID.'
+        required: true
+      subscription_id:
+        description: 'The Azure Subscription ID.'
+        required: true
+      acr_name:
+        description: 'The name of the Azure Container Registry.'
+        required: true
+
+jobs:
+  get-functions:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: read
+      id-token: write
+    outputs:
+      FUNC_NAMES: ${{ steps.get-function-names.outputs.FUNC_NAMES }}
+      DOCKER_COMPOSE_DIR: ${{ steps.get-function-names.outputs.DOCKER_COMPOSE_DIR }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 2
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Checkout dtos-devops-templates repository
+        uses: actions/checkout@v4
+        with:
+          repository: NHSDigital/dtos-devops-templates
+          path: templates
+          ref: main
+
+      - name: Determine which Docker container(s) to build
+
+  build-and-push:
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+      pull-requests: read
+    needs: get-functions
+    strategy:
+      matrix:
+        function: ${{ fromJSON(needs.get-functions.outputs.FUNC_NAMES) }}
+    if: needs.get-functions.outputs.FUNC_NAMES != '[]'
+    outputs:
+      pr_num_tag: ${{ env.PR_NUM_TAG }}
+      short_commit_hash: ${{ env.COMMIT_HASH_TAG }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          fetch-depth: 1
+          submodules: 'true'
+
+      - name: Checkout dtos-devops-templates repository
+        uses: actions/checkout@v4
+        with:
+          repository: NHSDigital/dtos-devops-templates
+          path: templates
+          ref: main
+
+      - name: Az CLI login
+        if: github.ref == 'refs/heads/main'
+        uses: azure/login@v2
+        with:
+          client-id: ${{ secrets.client_id }}
+          tenant-id: ${{ secrets.tenant_id }}
+          subscription-id: ${{ secrets.subscription_id }}
+
+      - name: Azure Container Registry login
+        if: github.ref == 'refs/heads/main'
+        env:
+          ACR_NAME: ${{ secrets.acr_name }}
+        run: az acr login --name ${ACR_DEVTEST_NAME}
+
+      - name: Create Tags
+        env:
+          GH_TOKEN: ${{ github.token }}
+          ENVIRONMENT_TAG: ${{ inputs.environment_tag }}
+        continue-on-error: false
+        run: |
+          echo "The branch is: ${GITHUB_REF}"
+
+          if [[ "${GITHUB_REF}" == refs/pull/*/merge ]]; then
+            PR_NUM_TAG=$(echo "${GITHUB_REF}" | sed 's/refs\/pull\/\([0-9]*\)\/merge/\1/')
+          else
+            PULLS_JSON=$(gh api /repos/{owner}/{repo}/commits/${GITHUB_SHA}/pulls)
+            ORIGINATING_BRANCH=$(echo ${PULLS_JSON} | jq -r '.[].head.ref' | python3 -c "import sys, urllib.parse; print(urllib.parse.quote_plus(sys.stdin.read().strip()))")
+            echo "ORIGINATING_BRANCH: ${ORIGINATING_BRANCH}"
+            PR_NUM_TAG=$(echo ${PULLS_JSON} | jq -r '.[].number')
+          fi
+
+          echo "PR_NUM_TAG: pr${PR_NUM_TAG}"
+          echo "PR_NUM_TAG=pr${PR_NUM_TAG}" >> ${GITHUB_ENV}
+
+          SHORT_COMMIT_HASH=$(git rev-parse --short ${GITHUB_SHA})
+          echo "Commit hash tag: ${SHORT_COMMIT_HASH}"
+          echo "COMMIT_HASH_TAG=${SHORT_COMMIT_HASH}" >> ${GITHUB_ENV}
+
+          echo "ENVIRONMENT_TAG=${ENVIRONMENT_TAG}" >> ${GITHUB_ENV}
+
+      - name: Build and Push Image
+        working-directory: ${{ steps.get-function-names.outputs.DOCKER_COMPOSE_DIR }}
+        continue-on-error: false
+        env:
+          COMPOSE_FILE: ${{ inputs.docker_compose_file }}
+          PROJECT_NAME: ${{ inputs.project_name }}
+          ACR_NAME: ${{ secrets.acr_name }}
+        run: |
+          function=${{ matrix.function }}
+
+          echo PROJECT_NAME: ${PROJECT_NAME}
+
+          if [ -z "${function}" ]; then
+            echo "Function variable is empty. Skipping Docker build."
+            exit 0
+          fi
+
+          # Build the image
+          docker compose -f ${COMPOSE_FILE//,/ -f } -p ${PROJECT_NAME} --profile "*" build --no-cache --pull ${function}
+
+          repo_name="${ACR_NAME}.azurecr.io/${PROJECT_NAME}-${function}"
+          echo $(repo_name)
+
+          # Tag the image
+          echo "Tag the image:"
+          docker tag ${PROJECT_NAME}-$ {function}:latest "$repo_name:${COMMIT_HASH_TAG}"
+          docker tag ${PROJECT_NAME}-${function}:latest "$repo_name:${PR_NUM_TAG}"
+          docker tag ${PROJECT_NAME}-${function}:latest "$repo_name:${ENVIRONMENT_TAG}"
+
+          # If this variable is set, the create-sbom-report.sh script will scan this docker image instead.
+          export CHECK_DOCKER_IMAGE=${PROJECT_NAME}-${function}:latest
+          export FORCE_USE_DOCKER=true
+
+          export PR_NUM_TAG=${PR_NUM_TAG}
+          echo "PR_NUM_TAG=${PR_NUM_TAG}" >> ${GITHUB_ENV}
+
+          # Push the image to the repository
+          docker push "${repo_name}:${COMMIT_HASH_TAG}"
+          if [ "${PR_NUM_TAG}" != 'pr' ]; then
+            docker push "${repo_name}:${PR_NUM_TAG}"
+          fi
+          docker push "${repo_name}:${ENVIRONMENT_TAG}"
+
+      - name: Cleanup the docker images
+        env:
+          PROJECT_NAME: ${{ inputs.project_name }}
+          ACR_NAME: ${{ secrets.acr_name }}
+        run: |
+          function=${{ matrix.function }}
+          repo_name="${ACR_NAME}.azurecr.io/${PROJECT_NAME}-${function}"
+
+          # Remove the images
+          docker rmi "${repo_name}:${COMMIT_HASH_TAG}"
+          docker rmi "${repo_name}:${PR_NUM_TAG}"
+          docker rmi "${repo_name}:${ENVIRONMENT_TAG}"
+          docker rmi ${PROJECT_NAME}-${function}:latest
