VED-812: Tidy up. Use env vars associated with the Apigee environment. Make more steps conditional.

mfjarvis · mfjarvis · commit d7b9d0c83d83 · 2025-10-16T11:11:12.000+01:00
diff --git a/.github/workflows/deploy-backend.yml b/.github/workflows/deploy-backend.yml
@@ -42,43 +42,42 @@ on:
         type: string
         description: Set the sub environment name e.g. pr-xxx, or green/blue in higher environments
 
+env: # Sonarcloud - do not allow direct usage of untrusted data
+  APIGEE_ENVIRONMENT: ${{ inputs.apigee_environment }}
+  ENVIRONMENT: ${{ inputs.environment }}
+  SUB_ENVIRONMENT: ${{ inputs.sub_environment }}
+
+permissions:
+  id-token: write
+  contents: read
+
 jobs:
   terraform-plan:
     runs-on: ubuntu-latest
     environment:
       name: ${{ inputs.environment }}
-    env: # Sonarcloud - do not allow direct usage of untrusted data
-      APIGEE_ENVIRONMENT: ${{ inputs.apigee_environment }}
-      BACKEND_ENVIRONMENT: ${{ inputs.environment }}
-      BACKEND_SUB_ENVIRONMENT: ${{ inputs.sub_environment }}
-    permissions:
-      id-token: write
-      contents: read
     steps:
+      - name: Checkout
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
+
       - name: Connect to AWS
         uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838
         with:
           aws-region: eu-west-2
           role-to-assume: arn:aws:iam::${{ vars.AWS_ACCOUNT_ID }}:role/auto-ops
           role-session-name: github-actions
 
-      - name: Whoami
-        run: aws sts get-caller-identity
-
-      - name: Checkout
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
-
       - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd
         with:
           terraform_version: "1.12.2"
 
       - name: Terraform Init
         working-directory: terraform
-        run: make init apigee_environment=$APIGEE_ENVIRONMENT environment=$BACKEND_ENVIRONMENT sub_environment=$BACKEND_SUB_ENVIRONMENT
+        run: make init
 
       - name: Terraform Plan
         working-directory: terraform
-        run: make plan-ci apigee_environment=$APIGEE_ENVIRONMENT environment=$BACKEND_ENVIRONMENT sub_environment=$BACKEND_SUB_ENVIRONMENT
+        run: make plan-ci
 
       - name: Save Terraform Plan
         uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
@@ -91,13 +90,6 @@ jobs:
     runs-on: ubuntu-latest
     environment:
       name: ${{ inputs.environment }}
-    env: # Sonarcloud - do not allow direct usage of untrusted data
-      APIGEE_ENVIRONMENT: ${{ inputs.apigee_environment }}
-      BACKEND_ENVIRONMENT: ${{ inputs.environment }}
-      BACKEND_SUB_ENVIRONMENT: ${{ inputs.sub_environment }}
-    permissions:
-      id-token: write
-      contents: read
     steps:
       - name: Checkout
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
@@ -120,12 +112,12 @@ jobs:
 
       - name: Terraform Init
         working-directory: terraform
-        run: make init apigee_environment=$APIGEE_ENVIRONMENT environment=$BACKEND_ENVIRONMENT sub_environment=$BACKEND_SUB_ENVIRONMENT
+        run: make init
 
       - name: Terraform Apply
         working-directory: terraform
         run: |
-          make apply-ci apigee_environment=$APIGEE_ENVIRONMENT environment=$BACKEND_ENVIRONMENT sub_environment=$BACKEND_SUB_ENVIRONMENT
+          make apply-ci
           echo "ID_SYNC_QUEUE_ARN=$(make -s output name=id_sync_queue_arn)" >> $GITHUB_ENV
 
       - name: Install poetry
@@ -145,7 +137,6 @@ jobs:
         if: ${{ inputs.environment == 'dev' && inputs.create_mns_subscription }}
         working-directory: "./lambdas/mns_subscription"
         env:
-          APIGEE_ENVIRONMENT: ${{ inputs.apigee_environment }}
           SQS_ARN: ${{ env.ID_SYNC_QUEUE_ARN }}
         run: |
           poetry install --no-root
diff --git a/.github/workflows/run-e2e-tests.yml b/.github/workflows/run-e2e-tests.yml
@@ -48,73 +48,76 @@ permissions:
 jobs:
   wait-for-deployment:
     runs-on: ubuntu-latest
-    environment: ${{ inputs.environment }}
+    environment: ${{ inputs.apigee_environment }}
     steps:
       - name: Wait for API to be available
         run: |
-          set -ex
-
           endpoint=""
-          if [[ $APIGEE_ENVIRONMENT =~ "prod" ]]; then
+          if [[ ${APIGEE_ENVIRONMENT} =~ "prod" ]]; then
             endpoint="https://api.service.nhs.uk/${SERVICE_BASE_PATH}/_status"
           else
             endpoint="https://${APIGEE_ENVIRONMENT}.api.service.nhs.uk/${SERVICE_BASE_PATH}/_status"
           fi
 
           counter=0
-          while [[ $counter -lt 31 ]]; do
-            response=$(curl -H "apikey: ${STATUS_API_KEY}" -s "$endpoint")
-            response_code=$(jq -r '.checks.healthcheck.responseCode' <<< "$response")
-            response_body=$(jq -r '.checks.healthcheck.outcome' <<< "$response")
-            status=$(jq -r '.status' <<< "$response")
-            if [ "$response_code" -eq 200 ] && [ "$response_body" == "OK" ] && [ "$status" == "pass" ]; then
+          while [[ ${counter} -lt 31 ]]; do
+            response=$(curl -H "apikey: ${STATUS_API_KEY}" -s "${endpoint}")
+            response_code=$(jq -r '.checks.healthcheck.responseCode' <<< "${response}")
+            response_body=$(jq -r '.checks.healthcheck.outcome' <<< "${response}")
+            status=$(jq -r '.status' <<< "${response}")
+            if [[ "${response_code}" -eq 200 ]] && [[ "${response_body}" == "OK" ]] && [[ "${status}" == "pass" ]]; then
                 echo "Status test successful"
                 break
             else
-                echo "Waiting for $endpoint to return a 200 response with 'OK' body..."
+                echo "Waiting for ${endpoint} to return a 200 response with 'OK' body..."
                 ((counter=counter+1)) # Increment counter by 1
-                echo "Attempt $counter"
+                echo "Attempt ${counter}"
                 sleep 30
             fi
           done
 
-          if [ $counter -eq 31 ]; then
+          if [[ ${counter} -eq 31 ]]; then
               echo "Status test failed: Maximum number of attempts reached"
               echo "Last response received:"
-              echo "$response"
+              echo "${response}"
               exit 1
           fi
 
   e2e-tests:
     runs-on: ubuntu-latest
     needs: [wait-for-deployment]
-    environment: ${{ inputs.environment }}
+    environment: ${{ inputs.apigee_environment }}
     env:
       APIGEE_USERNAME: ${{ vars.APIGEE_USERNAME }}
       SOURCE_COMMIT_ID: ${{ github.sha }}
     steps:
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
+
       - name: Connect to AWS
+        if: ${{ vars.RUN_FULL_E2E_TESTS == 'true' }}
         uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838
         with:
           aws-region: eu-west-2
           role-to-assume: arn:aws:iam::${{ vars.AWS_ACCOUNT_ID }}:role/auto-ops
           role-session-name: github-actions
 
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
-
       - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd
+        if: ${{ vars.RUN_FULL_E2E_TESTS == 'true' }}
         with:
           terraform_version: "1.12.2"
 
       - name: Terraform Init
+        if: ${{ vars.RUN_FULL_E2E_TESTS == 'true' }}
         working-directory: terraform
         run: make init
 
       - name: Set Terraform workspace
+        if: ${{ vars.RUN_FULL_E2E_TESTS == 'true' }}
         working-directory: terraform
         run: make workspace
 
       - name: Read Terraform outputs
+        if: ${{ vars.RUN_FULL_E2E_TESTS == 'true' }}
         working-directory: terraform
         run: |
           echo "IMMS_DELTA_TABLE_NAME=$(make -s output name=imms_delta_table_name)" >> $GITHUB_ENV
@@ -137,6 +140,7 @@ jobs:
         run: poetry install --no-root
 
       - name: Get Apigee access token
+        if: ${{ vars.RUN_FULL_E2E_TESTS == 'true' }}
         working-directory: e2e
         env:
           APIGEE_PASSWORD: ${{ secrets.APIGEE_PASSWORD }}
@@ -181,17 +185,17 @@ jobs:
     # Only actually depend on wait-for-deployment, but run after e2e-tests
     if: ${{ !cancelled() && needs.wait-for-deployment.result == 'success' && vars.RUN_BATCH_E2E_TESTS == 'true' }}
     runs-on: ubuntu-latest
-    environment: ${{ inputs.environment }}
+    environment: ${{ inputs.apigee_environment }}
     steps:
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
+
       - name: Connect to AWS
         uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838
         with:
           aws-region: eu-west-2
           role-to-assume: arn:aws:iam::${{ vars.AWS_ACCOUNT_ID }}:role/auto-ops
           role-session-name: github-actions
 
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
-
       - name: Install poetry
         run: pip install poetry==2.1.4
 
