feat(ftrs): FTRS-978 FTRS(978) main merge

Author: mswierszcznhs

.github/actions/cleardown-apim-proxy/action.yaml

@@ -0,0 +1,61 @@
+name: 'Cleardown API Proxy from APIM environment'
+description: 'Remove an API Proxy from an APIM environment'
+
+inputs:
+  api_name:
+    description: 'Name of the API to cleardown'
+    required: true
+  workspace:
+    description: 'Workspace identifier (e.g., ftrs-000). If specified, a workspaced proxy will be cleared from the APIM environment'
+    required: false
+  environment:
+    description: 'The environment (e.g., dev, test, prod)'
+    required: true
+  apim_env:
+    description: 'APIM environment to cleardown the API Proxy from (e.g., internal-dev, internal-qa, int, ref, prod)'
+    required: true
+  aws_region:
+    description: 'AWS region for Secrets Manager'
+    required: true
+  proxygen_url:
+    description: 'Proxygen API URL'
+    required: true
+
+outputs:
+  cleardown_status:
+    description: 'Status of the cleardown'
+    value: ${{ steps.cleardown.outputs.status }}
+
+runs:
+  using: 'composite'
+  steps:
+    - name: Get Proxygen Access Token
+      id: get-token
+      uses: ./.github/actions/authenticate-apim
+      with:
+        api_name: ${{ inputs.api_name }}
+        environment: ${{ inputs.environment }}
+        aws_region: ${{ inputs.aws_region }}
+
+    - name: Cleardown API Proxy from APIM environment
+      id: cleardown
+      shell: bash
+      run: |
+        export API_NAME="${{ inputs.api_name }}"
+        export WORKSPACE="${{ inputs.workspace }}"
+        export PROXY_ENV="${{ inputs.apim_env }}"
+        export ACCESS_TOKEN="${{ steps.get-token.outputs.access_token }}"
+        export PROXYGEN_URL="${{ inputs.proxygen_url }}"
+
+        STATUS=$(./scripts/workflow/cleardown-apim-proxy.sh | tail -n1)
+        echo "status=$STATUS" >> $GITHUB_OUTPUT
+
+    - name: Output cleardown details
+      shell: bash
+      run: |
+        echo "Cleardown Summary:"
+        echo "- API Name: ${{ inputs.api_name }}"
+        echo "- Workspace: ${{ inputs.workspace }}"
+        echo "- Environment: ${{ inputs.environment }}"
+        echo "- APIM Environment: ${{ inputs.apim_env }}"
+        echo "- Status: ${{ steps.cleardown.outputs.status }}"

.github/actions/deploy-to-apim/action.yaml

@@ -20,6 +20,9 @@ inputs:
   proxygen_url:
     description: 'Proxygen API URL'
     required: true
+  version_tag:
+    description: 'Version applied to the deployed proxy'
+    required: false
 
 outputs:
   deployment_status:
@@ -36,6 +39,7 @@ runs:
         pip install pyyaml
 
     - name: Validate workspace format
+      if: ${{ !contains(inputs.apim_env, 'sandbox') }}
       shell: bash
       run: |
         if [[ ! "${{ inputs.workspace }}" =~ ^ftrs-[0-9]+$ ]]; then
@@ -45,6 +49,7 @@ runs:
         echo "Workspace format validated: ${{ inputs.workspace }}"
 
     - name: Modify OAS Specification
+      if: ${{ !contains(inputs.apim_env, 'sandbox') }}
       id: modify-spec
       shell: bash
       run: |
@@ -63,6 +68,27 @@ runs:
           exit 1
         fi
 
+    - name: Modify Sandbox OAS Specification
+      if: ${{ contains(inputs.apim_env, 'sandbox') }}
+      id: modify-sandbox-spec
+      shell: bash
+      run: |
+        export API_NAME="${{ inputs.api_name }}"
+        export PROXY_ENV="${{ inputs.apim_env }}"
+        export VERSION_TAG="${{ inputs.version_tag }}"
+
+        chmod +x ./scripts/workflow/modify-oas-sandbox-spec.sh
+        read -r MODIFIED_SPEC_PATH TARGET_SPEC_FILE < <(./scripts/workflow/modify-oas-sandbox-spec.sh)
+
+        if [ $? -eq 0 ]; then
+          echo "modified_spec_path=$MODIFIED_SPEC_PATH" >> $GITHUB_OUTPUT
+          echo "target_spec_file_abs=$TARGET_SPEC_FILE" >> $GITHUB_OUTPUT
+          echo "OAS spec modified successfully"
+        else
+          echo "Failed to modify OAS spec"
+          exit 1
+        fi
+
     - name: Deploy API Proxy to APIM environment
       id: deploy
       shell: bash
@@ -71,8 +97,16 @@ runs:
         export WORKSPACE="${{ inputs.workspace }}"
         export PROXY_ENV="${{ inputs.apim_env }}"
         export ACCESS_TOKEN="${{ inputs.access_token }}"
-        export MODIFIED_SPEC_PATH="${{ steps.modify-spec.outputs.modified_spec_path }}"
         export PROXYGEN_URL="${{ inputs.proxygen_url }}"
+        export VERSION_TAG="${{ inputs.version_tag }}"
+        export IS_SANDBOX="${{ contains(inputs.apim_env, 'sandbox') }}"
+
+        if [[ "$IS_SANDBOX" == 'true' ]]; then
+          export MODIFIED_SPEC_PATH="${{ steps.modify-sandbox-spec.outputs.modified_spec_path }}"
+          export TARGET_SPEC_FILE="${{ steps.modify-sandbox-spec.outputs.target_spec_file_abs }}"
+        else
+          export MODIFIED_SPEC_PATH="${{ steps.modify-spec.outputs.modified_spec_path }}"
+        fi
 
         chmod +x ./scripts/workflow/deploy-to-apim.sh
         ./scripts/workflow/deploy-to-apim.sh
@@ -89,9 +123,13 @@ runs:
     - name: Output deployment details
       shell: bash
       run: |
+        VERSION_TAG="${{ inputs.version_tag }}"
         echo "Deployment Summary:"
         echo "- API Name: ${{ inputs.api_name }}"
         echo "- Workspace: ${{ inputs.workspace }}"
         echo "- Environment: ${{ inputs.environment }}"
         echo "- APIM Environment: ${{inputs.apim_env }}"
+        if [ -n "$VERSION_TAG" ]; then
+          echo "- Version Tag: $VERSION_TAG"
+        fi
         echo "- Status: ${{ steps.deploy.outputs.status }}"

.github/actions/derive-workspace/action.yaml

@@ -2,9 +2,9 @@ name: "Derive Workspace action"
 description: "Derives the name of the workspace for subsequent actions to run against"
 
 outputs:
-    workspace:
-        description: "The derived workspace name"
-        value: ${{ steps.derive-workspace.outputs.workspace }}
+  workspace:
+    description: "The derived workspace name"
+    value: ${{ steps.derive-workspace.outputs.workspace }}
 
 runs:
   using: "composite"

.github/actions/parse-apim-sandbox-tag/action.yml

@@ -0,0 +1,33 @@
+name: "Parse APIM sandbox tag"
+description: "Run the sandbox tag parsing script and emit deployment metadata"
+inputs:
+  ref_name:
+    description: "Git ref name (tag)"
+    required: true
+  ref_type:
+    description: "Git ref type (e.g. tag)"
+    required: true
+  commit_sha:
+    description: "Commit SHA associated with the ref"
+    required: true
+runs:
+  using: "composite"
+  steps:
+    - id: parse
+      name: Run parser
+      shell: bash
+      env:
+        GITHUB_REF_NAME: ${{ inputs.ref_name }}
+        GITHUB_REF_TYPE: ${{ inputs.ref_type }}
+        GITHUB_SHA: ${{ inputs.commit_sha }}
+      run: ./scripts/workflow/parse-apim-sandbox-tag.sh
+
+outputs:
+  sandbox_environment:
+    value: ${{ steps.parse.outputs.sandbox_environment }}
+  service:
+    value: ${{ steps.parse.outputs.service }}
+  version:
+    value: ${{ steps.parse.outputs.version }}
+  should_deploy:
+    value: ${{ steps.parse.outputs.should_deploy }}

.github/workflows/apim-proxy-cleardown.yaml

@@ -0,0 +1,57 @@
+name: APIM Proxy Cleardown
+
+permissions:
+  id-token: write
+  contents: read
+
+on:
+  workflow_call:
+    inputs:
+      environment:
+        description: "Defines the Github environment in which to pull environment variables from"
+        required: true
+        type: string
+      workspace:
+        description: "Name of the workspace"
+        required: true
+        type: string
+      apim_env:
+        description: "APIM environment to cleardown from"
+        required: true
+        type: string
+      api_names:
+        description: "JSON array of API names to cleardown"
+        required: true
+        type: string
+
+jobs:
+  cleardown-apim-proxy:
+    name: "Cleardown APIM proxy (${{ matrix.api_name }})"
+    runs-on: ubuntu-latest
+    environment: ${{ inputs.environment }}
+    strategy:
+      fail-fast: false
+      matrix:
+        api_name: ${{ fromJSON(inputs.api_names) }}
+
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@v6
+
+      - name: "Configure AWS Credentials"
+        uses: ./.github/actions/configure-credentials
+        with:
+          aws_account_id: ${{ secrets.ACCOUNT_ID }}
+          aws_region: ${{ vars.AWS_REGION }}
+          type: app
+          environment: ${{ inputs.environment }}
+
+      - name: "Cleardown proxy"
+        uses: ./.github/actions/cleardown-apim-proxy
+        with:
+          api_name: ${{ matrix.api_name }}
+          workspace: ${{ inputs.workspace }}
+          environment: ${{ inputs.environment }}
+          apim_env: ${{ inputs.apim_env }}
+          aws_region: ${{ vars.AWS_REGION }}
+          proxygen_url: ${{ secrets.PROXYGEN_URL }}

.github/workflows/authenticate-and-deploy-to-apim.yaml

@@ -42,7 +42,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
 
       - name: Configure AWS Credentials
         uses: ./.github/actions/configure-credentials

.github/workflows/build-project.yaml

@@ -68,7 +68,7 @@ jobs:
 
       - name: "Cache asdf tools"
         id: asdf-cache
-        uses: actions/cache@v4
+        uses: actions/cache@v5
         with:
           path: ~/.asdf
           key: asdf-${{ runner.os }}-${{ hashFiles('.tool-versions') }}
@@ -112,7 +112,7 @@ jobs:
         working-directory: ${{ steps.get-directories.outputs.working_directory }}
 
       - name: "Publish coverage report to GitHub"
-        uses: actions/upload-artifact@v5
+        uses: actions/upload-artifact@v6
         with:
           name: coverage-${{ inputs.name }}.xml
           path: ${{ steps.get-directories.outputs.working_directory }}/coverage-${{ inputs.name }}.xml
@@ -142,7 +142,7 @@ jobs:
           RELEASE_BUILD: ${{ inputs.release_build }}
 
       - name: "Publish artefacts to GitHub"
-        uses: actions/upload-artifact@v5
+        uses: actions/upload-artifact@v6
         with:
           name: ${{ inputs.name }}-${{ inputs.build_type }}-artefacts
           path: ${{ steps.get-directories.outputs.build_directory }}

.github/workflows/build-sandbox-images.yaml

@@ -50,7 +50,7 @@ jobs:
           echo "API_NAME=$CLEAN_NAME" >> "$GITHUB_ENV"
 
       - name: "Checkout code"
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
         with:
           ref: ${{ inputs.application_tag && inputs.application_tag != 'latest' && inputs.application_tag || '' }}
 
@@ -61,7 +61,7 @@ jobs:
 
       - name: "Cache asdf tools"
         id: asdf-cache
-        uses: actions/cache@v4
+        uses: actions/cache@v5
         with:
           path: ~/.asdf
           key: asdf-${{ runner.os }}-${{ hashFiles('.tool-versions') }}
@@ -97,7 +97,7 @@ jobs:
         working-directory: ${{ steps.get-directories.outputs.working_directory }}
 
       - name: "Publish artefacts to GitHub"
-        uses: actions/upload-artifact@v5
+        uses: actions/upload-artifact@v6
         env:
           ENVIRONMENT: ${{ inputs.environment }}
         with:

.github/workflows/deploy-infrastructure.yaml

@@ -91,7 +91,7 @@ jobs:
           environment: ${{ inputs.environment }}
 
       - name: "Download Terraform Plan Artifact"
-        uses: actions/download-artifact@v6
+        uses: actions/download-artifact@v7
         if: ${{ inputs.action == 'apply' }}
         with:
           name: ${{ matrix.stack }}_terraform_plan_${{ inputs.account_type }}_${{ inputs.environment }}
@@ -112,7 +112,7 @@ jobs:
           mgmt_account_id: ${{ secrets.MGMT_ACCOUNT_ID }}
 
       - name: "Upload Terraform Plan Artifact"
-        uses: actions/upload-artifact@v5
+        uses: actions/upload-artifact@v6
         if: ${{ inputs.action == 'plan' }}
         with:
           name: ${{ matrix.stack }}_terraform_plan_${{ inputs.account_type }}_${{ inputs.environment }}