feat: PTL pipeline

Author: bencegadanyi1-nhs

.github/workflows/deploy-dev-auto.yml

@@ -0,0 +1,78 @@
+name: Auto Deploy to DEV
+
+on:
+  pull_request:
+    types: [closed]
+    branches: [main]
+
+env:
+  BRANCH_NAME: ${{ github.ref_name }}
+
+jobs:
+  quality_checks:
+    if: github.event.pull_request.merged == true
+    uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/[email protected]
+    secrets:
+      SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+
+  get_commit_id:
+    if: github.event.pull_request.merged == true
+    runs-on: ubuntu-22.04
+    outputs:
+      commit_id: ${{ steps.commit_id.outputs.commit_id }}
+    steps:
+      - name: Get Commit ID
+        id: commit_id
+        run: |
+          echo "commit_id=${{ github.sha }}" >> "$GITHUB_OUTPUT"
+
+  generate_dev_version:
+    if: github.event.pull_request.merged == true
+    needs: quality_checks
+    runs-on: ubuntu-22.04
+    outputs:
+      dev_version: ${{ steps.version.outputs.dev_version }}
+    steps:
+      - name: Generate DEV version
+        id: version
+        run: |
+          DEV_VERSION="dev-${{ github.run_number }}-$(echo ${{ github.sha }} | cut -c1-7)"
+          echo "dev_version=${DEV_VERSION}" >> "$GITHUB_OUTPUT"
+          echo "## DEV Version: ${DEV_VERSION}" >> "$GITHUB_STEP_SUMMARY"
+
+  package_code:
+    needs: [get_commit_id, generate_dev_version]
+    uses: ./.github/workflows/cdk_package_code.yml
+    with:
+      STACK_NAME: epsam
+      VERSION_NUMBER: ${{ needs.generate_dev_version.outputs.dev_version }}
+      COMMIT_ID: ${{ needs.get_commit_id.outputs.commit_id }}
+
+  deploy_dev:
+    if: github.event.pull_request.merged == true
+    needs: [get_commit_id, generate_dev_version, package_code]
+    uses: ./.github/workflows/release_all_stacks.yml
+    with:
+      STACK_NAME: epsam
+      TARGET_ENVIRONMENT: dev
+      VERSION_NUMBER: ${{ needs.generate_dev_version.outputs.dev_version }}
+      COMMIT_ID: ${{ needs.get_commit_id.outputs.commit_id }}
+      CDK_APP_NAME: EpsAssistMeApp
+      DEPLOY_CODE: true
+      LOG_RETENTION_IN_DAYS: 30
+      LOG_LEVEL: "DEBUG"
+      CREATE_INT_RELEASE_NOTES: false
+      CREATE_PROD_RELEASE_NOTES: false
+      MARK_JIRA_RELEASED: false
+      CREATE_INT_RC_RELEASE_NOTES: false
+      IS_PULL_REQUEST: false
+    secrets:
+      CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }}
+      CDK_PULL_IMAGE_ROLE: ${{ secrets.DEV_CDK_PULL_IMAGE_ROLE }}
+      DEV_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_CHECK_VERSION_ROLE }}
+      INT_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.INT_CLOUD_FORMATION_CHECK_VERSION_ROLE }}
+      PROD_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.PROD_CLOUD_FORMATION_CHECK_VERSION_ROLE }}
+      DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE }}
+      REGRESSION_TESTS_PEM: ${{ secrets.REGRESSION_TESTS_PEM }}
+      SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
+      SLACK_SIGNING_SECRET: ${{ secrets.SLACK_SIGNING_SECRET }}

.github/workflows/release.yml

@@ -2,6 +2,11 @@ name: deploy to environments
 
 on:
   workflow_dispatch:
+    inputs:
+      dev_version:
+        description: "DEV version to promote (e.g., dev-123-a1b2c3d)"
+        required: true
+        type: string
 
 env:
   BRANCH_NAME: ${{ github.event.ref.BRANCH_NAME }}
@@ -39,7 +44,7 @@ jobs:
         uses: asdf-vm/actions/setup@1902764435ca0dd2f3388eea723a4f92a4eb8302
         with:
           asdf_branch: v0.14.1
-  
+
       - name: Cache asdf
         uses: actions/cache@v4
         with:
@@ -66,7 +71,7 @@ jobs:
       - name: Install dependencies
         run: |
           make install
-  
+
       - name: Set VERSION_TAG to be next tag varsion
         id: output_version_tag
         run: |
@@ -121,34 +126,117 @@ jobs:
       VERSION_NUMBER: ${{ needs.tag_release.outputs.version_tag }}
       COMMIT_ID: ${{ needs.get_commit_id.outputs.commit_id }}
 
-  release_dev:
-    needs: [get_commit_id, tag_release, package_code]
-    uses: ./.github/workflows/cdk_release_code.yml
+  approve_qa_deployment:
+    needs: [tag_release]
+    runs-on: ubuntu-22.04
+    environment: qa-approval
+    steps:
+      - name: Manual approval for QA deployment
+        run: echo "QA deployment approved"
+
+  release_qa:
+    needs: [get_commit_id, tag_release, package_code, approve_qa_deployment]
+    uses: ./.github/workflows/release_all_stacks.yml
     with:
       STACK_NAME: epsam
-      TARGET_ENVIRONMENT: dev
-      VERSION_NUMBER: ${{ needs.tag_release.outputs.version_tag }}
+      TARGET_ENVIRONMENT: qa
+      VERSION_NUMBER: ${{ inputs.dev_version || needs.tag_release.outputs.version_tag }}
       COMMIT_ID: ${{ needs.get_commit_id.outputs.commit_id }}
       CDK_APP_NAME: EpsAssistMeApp
       DEPLOY_CODE: true
       LOG_RETENTION_IN_DAYS: 30
-      LOG_LEVEL: DEBUG
+      LOG_LEVEL: "DEBUG"
+      CREATE_INT_RELEASE_NOTES: false
+      CREATE_PROD_RELEASE_NOTES: false
+      MARK_JIRA_RELEASED: false
+      CREATE_INT_RC_RELEASE_NOTES: false
+      IS_PULL_REQUEST: false
     secrets:
-      CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }}
-      CDK_PULL_IMAGE_ROLE: ${{ secrets.DEV_CDK_PULL_IMAGE_ROLE }}
+      CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.QA_CLOUD_FORMATION_DEPLOY_ROLE }}
+      CDK_PULL_IMAGE_ROLE: ${{ secrets.QA_CDK_PULL_IMAGE_ROLE }}
+      DEV_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_CHECK_VERSION_ROLE }}
+      INT_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.INT_CLOUD_FORMATION_CHECK_VERSION_ROLE }}
+      PROD_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.PROD_CLOUD_FORMATION_CHECK_VERSION_ROLE }}
+      DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE }}
+      REGRESSION_TESTS_PEM: ${{ secrets.REGRESSION_TESTS_PEM }}
+      SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
+      SLACK_SIGNING_SECRET: ${{ secrets.SLACK_SIGNING_SECRET }}
+
+  approve_production_deployment:
+    needs: [release_qa]
+    runs-on: ubuntu-22.04
+    environment: production-approval
+    steps:
+      - name: Manual approval for INT and PROD deployment
+        run: echo "Production environments (INT and PROD) deployment approved"
+
+  release_int:
+    needs:
+      [get_commit_id, tag_release, package_code, approve_production_deployment]
+    uses: ./.github/workflows/release_all_stacks.yml
+    with:
+      STACK_NAME: epsam
+      TARGET_ENVIRONMENT: int
+      VERSION_NUMBER: ${{ inputs.dev_version || needs.tag_release.outputs.version_tag }}
+      COMMIT_ID: ${{ needs.get_commit_id.outputs.commit_id }}
+      CDK_APP_NAME: EpsAssistMeApp
+      DEPLOY_CODE: true
+      LOG_RETENTION_IN_DAYS: 30
+      LOG_LEVEL: "INFO"
+      CREATE_INT_RELEASE_NOTES: true
+      CREATE_PROD_RELEASE_NOTES: false
+      MARK_JIRA_RELEASED: false
+      CREATE_INT_RC_RELEASE_NOTES: true
+      IS_PULL_REQUEST: false
+    secrets:
+      CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.INT_CLOUD_FORMATION_DEPLOY_ROLE }}
+      CDK_PULL_IMAGE_ROLE: ${{ secrets.INT_CDK_PULL_IMAGE_ROLE }}
+      DEV_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_CHECK_VERSION_ROLE }}
+      INT_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.INT_CLOUD_FORMATION_CHECK_VERSION_ROLE }}
+      PROD_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.PROD_CLOUD_FORMATION_CHECK_VERSION_ROLE }}
+      DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE }}
+      REGRESSION_TESTS_PEM: ${{ secrets.REGRESSION_TESTS_PEM }}
+      SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
+      SLACK_SIGNING_SECRET: ${{ secrets.SLACK_SIGNING_SECRET }}
+
+  release_prod:
+    needs:
+      [get_commit_id, tag_release, package_code, approve_production_deployment]
+    uses: ./.github/workflows/release_all_stacks.yml
+    with:
+      STACK_NAME: epsam
+      TARGET_ENVIRONMENT: prod
+      VERSION_NUMBER: ${{ inputs.dev_version || needs.tag_release.outputs.version_tag }}
+      COMMIT_ID: ${{ needs.get_commit_id.outputs.commit_id }}
+      CDK_APP_NAME: EpsAssistMeApp
+      DEPLOY_CODE: true
+      LOG_RETENTION_IN_DAYS: 731
+      LOG_LEVEL: "INFO"
+      CREATE_INT_RELEASE_NOTES: false
+      CREATE_PROD_RELEASE_NOTES: true
+      MARK_JIRA_RELEASED: true
+      CREATE_INT_RC_RELEASE_NOTES: false
+      IS_PULL_REQUEST: false
+    secrets:
+      CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.PROD_CLOUD_FORMATION_DEPLOY_ROLE }}
+      CDK_PULL_IMAGE_ROLE: ${{ secrets.PROD_CDK_PULL_IMAGE_ROLE }}
+      DEV_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_CHECK_VERSION_ROLE }}
+      INT_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.INT_CLOUD_FORMATION_CHECK_VERSION_ROLE }}
+      PROD_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.PROD_CLOUD_FORMATION_CHECK_VERSION_ROLE }}
+      DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE }}
       REGRESSION_TESTS_PEM: ${{ secrets.REGRESSION_TESTS_PEM }}
       SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
       SLACK_SIGNING_SECRET: ${{ secrets.SLACK_SIGNING_SECRET }}
 
   create_release_notes:
-    needs: [tag_release, package_code, get_commit_id, release_dev]
+    needs: [tag_release, package_code, get_commit_id, release_int, release_prod]
     uses: ./.github/workflows/create_release_notes.yml
     with:
-      VERSION_NUMBER: ${{needs.tag_release.outputs.version_tag}}
+      VERSION_NUMBER: ${{ inputs.dev_version || needs.tag_release.outputs.version_tag }}
       CREATE_INT_RELEASE_NOTES: true
       CREATE_INT_RC_RELEASE_NOTES: false
       CREATE_PROD_RELEASE_NOTES: true
-      MARK_JIRA_RELEASED: false
+      MARK_JIRA_RELEASED: true
     secrets:
       DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE }}
       DEV_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_CHECK_VERSION_ROLE }}