diff --git a/.github/workflows/terraform-daily-healthcheck-deploy-and-destroy.yml b/.github/workflows/automated-daily-health-check.yml similarity index 98% rename from .github/workflows/terraform-daily-healthcheck-deploy-and-destroy.yml rename to .github/workflows/automated-daily-health-check.yml index c7d09ebad..563d8fb82 100644 --- a/.github/workflows/terraform-daily-healthcheck-deploy-and-destroy.yml +++ b/.github/workflows/automated-daily-health-check.yml @@ -1,4 +1,4 @@ -name: 'Daily Healthcheck Deploy, Test and Destroy' +name: 'Z-AUTOMATED: Daily health check' on: schedule: @@ -194,4 +194,4 @@ jobs: sandbox_workspace: ${{ needs.set_workspace.outputs.workspace }} terraform_vars: dev.tfvars backend: backend.conf - secrets: inherit \ No newline at end of file + secrets: inherit diff --git a/.github/workflows/terraform-dev-to-main-ci.yml b/.github/workflows/automated-deploy-dev.yml similarity index 99% rename from .github/workflows/terraform-dev-to-main-ci.yml rename to .github/workflows/automated-deploy-dev.yml index 3a3128593..7a57e2a33 100644 --- a/.github/workflows/terraform-dev-to-main-ci.yml +++ b/.github/workflows/automated-deploy-dev.yml @@ -1,5 +1,5 @@ # .github/workflows/terraform-dev -name: 'Development CI Feature to Main' +name: 'Z-AUTOMATED: Deploy - Dev' on: push: @@ -9,7 +9,6 @@ on: branches: - main - permissions: pull-requests: write actions: read # This is required for Plan comment @@ -229,6 +228,3 @@ jobs: uses: nhsconnect/national-document-repository/.github/workflows/ui-dev-to-main-ci.yml@main secrets: AWS_ASSUME_ROLE: ${{ secrets.AWS_ASSUME_ROLE }} - - - diff --git a/.github/workflows/sonarcloud-analysis.yml b/.github/workflows/automated-sonarqube-cloud.yml similarity index 85% rename from .github/workflows/sonarcloud-analysis.yml rename to .github/workflows/automated-sonarqube-cloud.yml index b2fbb543e..897efdf8a 100644 --- a/.github/workflows/sonarcloud-analysis.yml +++ b/.github/workflows/automated-sonarqube-cloud.yml @@ -1,4 +1,5 @@ -name: SonarCloud-Analysis +name: 'Z-AUTOMATED: SonarQube Cloud Analysis' + on: push: branches: @@ -21,4 +22,4 @@ jobs: uses: SonarSource/sonarqube-scan-action@v5 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} \ No newline at end of file + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} diff --git a/.github/workflows/terraform-destroy-sandbox-environments-cron.yml b/.github/workflows/automated-tear-down-sandbox.yml similarity index 96% rename from .github/workflows/terraform-destroy-sandbox-environments-cron.yml rename to .github/workflows/automated-tear-down-sandbox.yml index daf07dd25..8aa483a60 100644 --- a/.github/workflows/terraform-destroy-sandbox-environments-cron.yml +++ b/.github/workflows/automated-tear-down-sandbox.yml @@ -1,4 +1,4 @@ -name: 'Destroy Sandbox Environments (CRON)' +name: 'Z-AUTOMATED: Tear down - Sandbox' on: schedule: diff --git a/.github/workflows/terraform-destroy-test-environments-cron.yml b/.github/workflows/automated-tear-down-test.yml similarity index 98% rename from .github/workflows/terraform-destroy-test-environments-cron.yml rename to .github/workflows/automated-tear-down-test.yml index c404a1abd..a212c2dfe 100644 --- a/.github/workflows/terraform-destroy-test-environments-cron.yml +++ b/.github/workflows/automated-tear-down-test.yml @@ -1,4 +1,4 @@ -name: 'Destroy Test (Test Account) Environment CRON' +name: 'Z-AUTOMATED: Tear down - Test' on: schedule: diff --git a/.github/workflows/cleanup-appconfig-and-lambda-layer-versions.yml b/.github/workflows/base-cleanup-appconfig-and-lambda-layer-versions.yml similarity index 96% rename from .github/workflows/cleanup-appconfig-and-lambda-layer-versions.yml rename to .github/workflows/base-cleanup-appconfig-and-lambda-layer-versions.yml index 73dbaacb9..b917f3dcd 100644 --- a/.github/workflows/cleanup-appconfig-and-lambda-layer-versions.yml +++ b/.github/workflows/base-cleanup-appconfig-and-lambda-layer-versions.yml @@ -1,4 +1,4 @@ -name: 'Cleanup Untracked App Config Profiles and Lambda Layer Versions' +name: 'Z-BASE: Cleanup - Workspace' on: workflow_call: @@ -23,7 +23,6 @@ on: AWS_ASSUME_ROLE: required: true - permissions: pull-requests: write id-token: write # This is required for requesting the JWT @@ -75,4 +74,4 @@ jobs: - name: Run Version Cleanup Script run: | - ./venv/bin/python3 scripts/cleanup_versions.py ${{ inputs.sandbox }} + ./venv/bin/python3 scripts/cleanup_versions.py ${{ inputs.sandbox }} diff --git a/.github/workflows/cleanup-cloudfront-edge-associations.yml b/.github/workflows/base-cleanup-lambda-edge.yml similarity index 98% rename from .github/workflows/cleanup-cloudfront-edge-associations.yml rename to .github/workflows/base-cleanup-lambda-edge.yml index dfdc04097..eae811270 100644 --- a/.github/workflows/cleanup-cloudfront-edge-associations.yml +++ b/.github/workflows/base-cleanup-lambda-edge.yml @@ -1,4 +1,4 @@ -name: 'Remove Lambda@Edge Associations' +name: 'Z-BASE: Cleanup - Lambda@Edge' on: workflow_call: diff --git a/.github/workflows/terraform-deploy-to-pre-prod-manual.yml b/.github/workflows/deploy-pre-prod.yml similarity index 99% rename from .github/workflows/terraform-deploy-to-pre-prod-manual.yml rename to .github/workflows/deploy-pre-prod.yml index 2a3f99661..54f6162c5 100644 --- a/.github/workflows/terraform-deploy-to-pre-prod-manual.yml +++ b/.github/workflows/deploy-pre-prod.yml @@ -1,4 +1,4 @@ -name: "Deploy to Pre-Prod" +name: "Deploy - Pre-prod" on: workflow_dispatch: diff --git a/.github/workflows/terraform-deploy-to-prod-manual.yml b/.github/workflows/deploy-prod.yml similarity index 98% rename from .github/workflows/terraform-deploy-to-prod-manual.yml rename to .github/workflows/deploy-prod.yml index 1a0a8582a..9d7473aac 100644 --- a/.github/workflows/terraform-deploy-to-prod-manual.yml +++ b/.github/workflows/deploy-prod.yml @@ -1,5 +1,5 @@ # .github/workflows/terraform-dev -name: "Deploy tagged version to Prod" +name: "Deploy - Prod" on: workflow_dispatch: diff --git a/.github/workflows/terraform-deploy-feature-to-sandbox.yml b/.github/workflows/deploy-sandbox.yml similarity index 98% rename from .github/workflows/terraform-deploy-feature-to-sandbox.yml rename to .github/workflows/deploy-sandbox.yml index 6d25d8de4..0f1cd04e7 100644 --- a/.github/workflows/terraform-deploy-feature-to-sandbox.yml +++ b/.github/workflows/deploy-sandbox.yml @@ -1,5 +1,5 @@ # .github/workflows/terraform-dev -name: "Deploy Feature Branch to Sandbox" +name: "Deploy - Sandbox" on: workflow_dispatch: diff --git a/.github/workflows/terraform-deploy-to-test-manual.yml b/.github/workflows/deploy-test.yml similarity index 98% rename from .github/workflows/terraform-deploy-to-test-manual.yml rename to .github/workflows/deploy-test.yml index 5865a8ef0..6075ed57c 100644 --- a/.github/workflows/terraform-deploy-to-test-manual.yml +++ b/.github/workflows/deploy-test.yml @@ -1,5 +1,5 @@ # .github/workflows/terraform-dev -name: "Deploy Feature Branch to Test" +name: "Deploy - Test" on: workflow_dispatch: diff --git a/.github/workflows/terraform-destroy-environment-manual.yml b/.github/workflows/tear-down-sandbox.yml similarity index 98% rename from .github/workflows/terraform-destroy-environment-manual.yml rename to .github/workflows/tear-down-sandbox.yml index ad79da813..11ae52996 100644 --- a/.github/workflows/terraform-destroy-environment-manual.yml +++ b/.github/workflows/tear-down-sandbox.yml @@ -1,6 +1,6 @@ # .github/workflows/destroy.yml -name: "Destroy (Select Account) Environment" +name: "Tear down - Sandbox" on: workflow_dispatch: @@ -24,6 +24,7 @@ on: default: "backend.conf" description: "Terraform backend configuration." required: true + workflow_call: inputs: build_branch: diff --git a/.github/workflows/terraform-deploy-to-perf-manual.yml b/.github/workflows/terraform-deploy-to-perf-manual.yml deleted file mode 100644 index 84e3135db..000000000 --- a/.github/workflows/terraform-deploy-to-perf-manual.yml +++ /dev/null @@ -1,79 +0,0 @@ -# .github/workflows/terraform-dev -name: "Deploy Feature Branch to Perf" - -on: - workflow_dispatch: - inputs: - buildBranch: - description: "Feature branch to push to test?" - required: true - type: "string" - -permissions: - pull-requests: write - id-token: write # This is required for requesting the JWT - contents: read # This is required for actions/checkout - -jobs: - terraform_process: - runs-on: ubuntu-latest - environment: perf - - steps: - # Checkout the repository to the GitHub Actions runner - - name: Checkout - uses: actions/checkout@v5 - with: - ref: ${{ github.event.inputs.buildBranch}} - fetch-depth: "0" - - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v5 - with: - role-to-assume: ${{ secrets.AWS_ASSUME_ROLE }} - role-skip-session-tagging: true - aws-region: ${{ vars.AWS_REGION }} - mask-aws-account-id: true - - - name: View AWS Role - run: aws sts get-caller-identity - - # Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token - - name: Setup Terraform - uses: hashicorp/setup-terraform@v3 - with: - terraform_version: 1.11.4 - terraform_wrapper: false - - - name: Terraform Init - id: init - run: terraform init -backend-config=backend.conf - working-directory: ./infrastructure - shell: bash - - - name: Terraform Set Workspace - id: workspace - run: terraform workspace select ${{ secrets.AWS_WORKSPACE }} - working-directory: ./infrastructure - shell: bash - - - name: Lambda Layer Imports - id: lambda_layer_import - run: ./import_lambda_layers.sh ${{ secrets.AWS_WORKSPACE }} ${{ vars.TF_VARS_FILE }} - working-directory: ./scripts - shell: bash - - # Checks that all Terraform configuration files adhere to a canonical format - - name: Terraform Format - run: terraform fmt -check - - - name: Terraform Plan - id: plan - run: | - terraform plan -input=false -no-color -var-file="${{vars.TF_VARS_FILE}}" -out tf.plan - working-directory: ./infrastructure - shell: bash - - - name: Terraform Apply - run: terraform apply -auto-approve -input=false tf.plan - working-directory: ./infrastructure diff --git a/.github/workflows/terraform-deploy-virus-scanner.yml b/.github/workflows/terraform-deploy-virus-scanner.yml deleted file mode 100644 index 48e78910a..000000000 --- a/.github/workflows/terraform-deploy-virus-scanner.yml +++ /dev/null @@ -1,81 +0,0 @@ -# .github/workflows/terraform-dev -name: 'Deploy Virus Scanner' - -on: - workflow_dispatch: - inputs: - buildBranch: - description: 'Feature branch to push to sandbox.' - required: true - type: 'string' - sandboxWorkspace: - description: 'Which Sandbox to push to.' - required: true - type: 'string' - environment: - description: 'Environment to run against' - required: true - type: 'string' - -permissions: - pull-requests: write - id-token: write # This is required for requesting the JWT - contents: read # This is required for actions/checkout - -jobs: - terraform_process: - runs-on: ubuntu-latest - environment: ${{ github.event.inputs.environment}} - - steps: - # Checkout the repository to the GitHub Actions runner - - name: Checkout - uses: actions/checkout@v5 - with: - ref: ${{ github.event.inputs.buildBranch}} - - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v5 - with: - role-to-assume: ${{ secrets.AWS_ASSUME_ROLE }} - role-skip-session-tagging: true - aws-region: ${{ vars.AWS_REGION }} - mask-aws-account-id: true - - - name: View AWS Role - run: aws sts get-caller-identity - - # Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token - - name: Setup Terraform - uses: hashicorp/setup-terraform@v3 - with: - terraform_version: 1.11.4 - terraform_wrapper: false - - - name: Terraform Init - id: init - run: terraform init -backend-config="${{ github.event.inputs.sandboxWorkspace}}.tfbackend" - working-directory: ./virusscanner/terraform - shell: bash - - - name: Terraform Set Workspace - id: workspace - run: terraform workspace select -or-create ${{ github.event.inputs.sandboxWorkspace}} - working-directory: ./virusscanner/terraform - shell: bash - - # Checks that all Terraform configuration files adhere to a canonical format - - name: Terraform Format - run: terraform fmt -check - working-directory: ./virusscanner/terraform - - - name: Terraform Plan - id: plan - run: | - terraform plan -input=false -no-color -var-file="${{vars.TF_VARS_FILE}}" -out tf.plan - working-directory: ./virusscanner/terraform - shell: bash - - - name: Terraform Apply - run: terraform apply -auto-approve -input=false tf.plan - working-directory: ./virusscanner/terraform diff --git a/.github/workflows/git-rename-tag.yml b/.github/workflows/tool-rename-git-tag.yml similarity index 97% rename from .github/workflows/git-rename-tag.yml rename to .github/workflows/tool-rename-git-tag.yml index 8afa67dc9..4430847c4 100644 --- a/.github/workflows/git-rename-tag.yml +++ b/.github/workflows/tool-rename-git-tag.yml @@ -1,4 +1,4 @@ -name: 'Git - Rename Tag' +name: 'Tool: Rename Git Tag' on: workflow_dispatch: