Merge branch 'VED-81-Number-Update' into VED-480-Number-Update-terraform

Author: JamesW1-NHS

.github/dependabot.yml

@@ -73,7 +73,6 @@ updates:
     directories:
       - "/grafana/non-prod/terraform"
       - "/infra"
-      - "/mesh-infra"
       - "/terraform"
       - "/terraform_aws_backup/**"
     schedule:

.github/workflows/sonarcloud.yml

@@ -140,6 +140,7 @@ jobs:
           PYTHONPATH: ${{ env.SHARED_PATH }}
         continue-on-error: true
         run: |
+            echo "shared coverage - Current directory: $(pwd)"
             poetry env use 3.11
             poetry install
             poetry run coverage run -m unittest discover || echo "shared tests failed" >> ../../failed_tests.txt
@@ -152,14 +153,21 @@ jobs:
           PYTHONPATH: ${{ env.LAMBDA_PATH }}/id_sync/src:${{ env.LAMBDA_PATH }}/id_sync/tests:${{ env.SHARED_PATH }}
         continue-on-error: true
         run: |
+            echo "id_sync coverage - Current directory: $(pwd)"
             poetry env use 3.11
             poetry install
             poetry run coverage run -m unittest discover || echo "id_sync tests failed" >> ../../failed_tests.txt
             poetry run coverage xml -o ../../id_sync-coverage.xml
+            #check files created
+            if [ ! -f ../../id_sync-coverage.xml ]; then
+              echo "id_sync-coverage.xml not found, exiting with error"
+            fi
 
       - name: Run Test Failure Summary
         id: check_failure
         run: |
+          echo "Checking for test failures..."
+          ls *-coverage.xml
           if [ -s failed_tests.txt ]; then
             echo "The following tests failed:"
             cat failed_tests.txt

README.md

@@ -46,7 +46,6 @@ See https://nhsd-confluence.digital.nhs.uk/display/APM/Glossary.
 | `terraform_old`        | Old tf code used to create INT to mimic prod. |
 | `terraform_sandbox`    | Sandbox environment for testing infrastructure changes. |
 | `terraform_aws_backup` | Streamlined backup processing with AWS. |
-| `mesh-infra`           | Infrastructure setup for Imms batch MESH integration. |
 | `proxies`              | Apigee API proxy definitions. |
 ---
 

infra/.terraform.lock.hcl

@@ -7,3 +7,5 @@ dspp_admin_role          = "root"
 environment              = "int"
 parent_route53_zone_name = "int.vds.platform.nhs.uk"
 child_route53_zone_name  = "imms.int.vds.platform.nhs.uk"
+mesh_mailbox_id          = "X26OT303"
+mesh_dlq_mailbox_id      = "X26OT304"

infra/environments/int/variables.tfvars

@@ -7,3 +7,8 @@ dspp_admin_role          = "root"
 environment              = "dev"
 parent_route53_zone_name = "dev.vds.platform.nhs.uk"
 child_route53_zone_name  = "imms.dev.vds.platform.nhs.uk"
+# TODO - null these out once we're using the int account
+# mesh_mailbox_id          = null
+# mesh_dlq_mailbox_id      = null
+mesh_mailbox_id          = "X26OT303"
+mesh_dlq_mailbox_id      = "X26OT304"

infra/environments/non-prod/variables.tfvars

@@ -7,3 +7,5 @@ dspp_admin_role          = "root"
 environment              = "prod"
 parent_route53_zone_name = "prod.vds.platform.nhs.uk"
 child_route53_zone_name  = "imms.prod.vds.platform.nhs.uk"
+mesh_mailbox_id          = "X26HC138"
+mesh_dlq_mailbox_id      = null

infra/environments/prod/variables.tfvars

@@ -0,0 +1,15 @@
+# MESH Client Module - conditionally created based on environment configuration
+module "mesh" {
+  count  = var.mesh_mailbox_id != null ? 1 : 0
+  source = "git::https://github.com/nhsdigital/terraform-aws-mesh-client.git//module?ref=v2.1.5"
+
+  name_prefix                    = "imms-${var.environment}"
+  account_id                     = var.imms_account_id
+  mesh_env                       = var.environment == "prod"? "production" : "integration"
+  subnet_ids                     = toset([])
+  mailbox_ids                    = [var.mesh_mailbox_id]
+
+  compress_threshold             = 1 * 1024 * 1024
+  get_message_max_concurrency    = 10
+  handshake_schedule             = "rate(24 hours)"
+}

infra/mesh.tf

@@ -16,3 +16,9 @@ variable "build_agent_account_id" {
 variable "environment" {
   default = "non-prod"
 }
+variable "mesh_mailbox_id" {
+  default = null
+}
+variable "mesh_dlq_mailbox_id" {
+  default = null
+}

infra/variables.tf

@@ -6,15 +6,37 @@ RUN mkdir -p /home/appuser && \
     echo 'appuser:x:1001:' >> /etc/group && \
     chown -R 1001:1001 /home/appuser && pip install "poetry~=1.5.0"
 
-# Install Poetry as root
-COPY poetry.lock pyproject.toml README.md ./
+# Install Poetry dependencies
+# Copy shared Poetry files first
+COPY shared/poetry.lock shared/pyproject.toml shared/README.md ./shared/
+# Copy id_sync Poetry files
+COPY id_sync/poetry.lock id_sync/pyproject.toml id_sync/README.md ./
+
+# Install shared dependencies first
+WORKDIR /var/task/shared
+RUN poetry config virtualenvs.create false && poetry install --no-interaction --no-ansi --no-root --only main
+
+# Install id_sync dependencies
+WORKDIR /var/task
 RUN poetry config virtualenvs.create false && poetry install --no-interaction --no-ansi --no-root --only main
 
 # -----------------------------
 FROM base AS build
-COPY src .
-COPY ../shared/src/common ./common
+
+# Set working directory back to Lambda task root
+WORKDIR /var/task
+
+# Copy shared source code
+COPY shared/src/common ./common
+
+# Copy id_sync source code
+COPY id_sync/src .
+
+# Set correct permissions
 RUN chmod 644 $(find . -type f) && chmod 755 $(find . -type d)
+
 # Build as non-root user
 USER 1001:1001
+
+# Set the Lambda handler
 CMD ["id_sync.handler"]