From caf3183af7cdc67d273a057255d6cd2cc07b1bda Mon Sep 17 00:00:00 2001 From: adamwhitingnhs Date: Fri, 17 Oct 2025 09:54:00 +0100 Subject: [PATCH 1/5] [PRMP-580] Add create before destroy to gateways --- infrastructure/api.tf | 6 +++++- infrastructure/api_mtls.tf | 10 +++++++++- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/infrastructure/api.tf b/infrastructure/api.tf index 14cc53f32..2c135e654 100644 --- a/infrastructure/api.tf +++ b/infrastructure/api.tf @@ -23,7 +23,7 @@ resource "aws_api_gateway_base_path_mapping" "api_mapping" { stage_name = var.environment domain_name = local.api_gateway_full_domain_name - depends_on = [aws_api_gateway_deployment.ndr_api_deploy, aws_api_gateway_rest_api.ndr_doc_store_api] + depends_on = [aws_api_gateway_deployment.ndr_api_deploy, aws_api_gateway_rest_api.ndr_doc_store_api, aws_api_gateway_stage.ndr_api] } resource "aws_api_gateway_resource" "auth_resource" { @@ -95,6 +95,10 @@ resource "aws_api_gateway_stage" "ndr_api" { depends_on = [ aws_cloudwatch_log_group.api_gateway_stage ] + + lifecycle { + create_before_destroy = true + } } resource "aws_cloudwatch_log_group" "api_gateway_stage" { diff --git a/infrastructure/api_mtls.tf b/infrastructure/api_mtls.tf index 2861c4d02..a815d39b1 100644 --- a/infrastructure/api_mtls.tf +++ b/infrastructure/api_mtls.tf @@ -33,7 +33,11 @@ resource "aws_api_gateway_base_path_mapping" "api_mapping_mtls" { stage_name = var.environment domain_name = aws_api_gateway_domain_name.custom_api_domain_mtls.domain_name - depends_on = [aws_api_gateway_deployment.ndr_api_deploy_mtls] + depends_on = [ + aws_api_gateway_deployment.ndr_api_deploy_mtls, + aws_api_gateway_stage.ndr_api_mtls, + aws_api_gateway_rest_api.ndr_doc_store_api_mtls + ] } resource "aws_api_gateway_deployment" "ndr_api_deploy_mtls" { @@ -67,6 +71,10 @@ resource "aws_api_gateway_stage" "ndr_api_mtls" { rest_api_id = aws_api_gateway_rest_api.ndr_doc_store_api_mtls.id stage_name = var.environment xray_tracing_enabled = var.enable_xray_tracing + + lifecycle { + create_before_destroy = true + } } resource "aws_cloudwatch_log_group" "mtls_api_gateway_stage" { From 1e8fb7a904ea0500d3f602f9a1e92c5b0602dd8c Mon Sep 17 00:00:00 2001 From: adamwhitingnhs Date: Fri, 17 Oct 2025 13:55:00 +0100 Subject: [PATCH 2/5] add terraform-docs WSL install script to readme --- README.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/README.md b/README.md index c660bd635..4be8b1e39 100644 --- a/README.md +++ b/README.md @@ -7,6 +7,15 @@ This repository is used to build the infrastructure the NDR. That is it's sole p - [Terraform](https://developer.hashicorp.com/terraform/install) - [Terraform docs](https://github.com/terraform-docs/terraform-docs) +To install terraform-docs on WSL use the following command +``` +curl -sSLo ./terraform-docs.tar.gz https://terraform-docs.io/dl/v0.20.0/terraform-docs-v0.20.0-$(uname)-amd64.tar.gz && +tar -xzf terraform-docs.tar.gz && +chmod +x terraform-docs && +sudo mv terraform-docs /usr/local/bin/terraform-docs && +rm terraform-docs.tar.gz +``` + ## Installation ### pre-commit hook From f61864551eac6a319188254d5fa6b4aa08126b12 Mon Sep 17 00:00:00 2001 From: Megan Date: Fri, 17 Oct 2025 14:33:01 +0100 Subject: [PATCH 3/5] [PRMP-580] Add depends on to gateway stage --- infrastructure/api_mtls.tf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/infrastructure/api_mtls.tf b/infrastructure/api_mtls.tf index a815d39b1..66c4e4874 100644 --- a/infrastructure/api_mtls.tf +++ b/infrastructure/api_mtls.tf @@ -75,6 +75,8 @@ resource "aws_api_gateway_stage" "ndr_api_mtls" { lifecycle { create_before_destroy = true } + + depends_on = [aws_cloudwatch_log_group.mtls_api_gateway_stage] } resource "aws_cloudwatch_log_group" "mtls_api_gateway_stage" { From 7bcbde3c2cac6c7af712501f34ba5aa1c92dfa4a Mon Sep 17 00:00:00 2001 From: Megan Date: Thu, 23 Oct 2025 12:49:02 +0100 Subject: [PATCH 4/5] [PRMP-580] Update cron and delay continuous workspace teardown --- .github/workflows/cron-tear-down-sandbox.yml | 2 +- README.md | 10 +++++----- infrastructure/api.tf | 2 +- infrastructure/api_mtls.tf | 1 - scripts/cleanup_sandboxes.py | 2 ++ 5 files changed, 9 insertions(+), 8 deletions(-) diff --git a/.github/workflows/cron-tear-down-sandbox.yml b/.github/workflows/cron-tear-down-sandbox.yml index cc8ea596d..90bbed306 100644 --- a/.github/workflows/cron-tear-down-sandbox.yml +++ b/.github/workflows/cron-tear-down-sandbox.yml @@ -2,7 +2,7 @@ name: 'Z-CRON: Tear down - Sandboxes' on: schedule: - - cron: 59 17 * * 1-5 # utc time + - cron: 59 18-21 * * 1-5 # utc time permissions: pull-requests: write diff --git a/README.md b/README.md index 4be8b1e39..9ddb252e3 100644 --- a/README.md +++ b/README.md @@ -7,12 +7,12 @@ This repository is used to build the infrastructure the NDR. That is it's sole p - [Terraform](https://developer.hashicorp.com/terraform/install) - [Terraform docs](https://github.com/terraform-docs/terraform-docs) -To install terraform-docs on WSL use the following command +To install terraform-docs on WSL use the following commands (e.g. for v0.20.0): ``` -curl -sSLo ./terraform-docs.tar.gz https://terraform-docs.io/dl/v0.20.0/terraform-docs-v0.20.0-$(uname)-amd64.tar.gz && -tar -xzf terraform-docs.tar.gz && -chmod +x terraform-docs && -sudo mv terraform-docs /usr/local/bin/terraform-docs && +curl -sSLo ./terraform-docs.tar.gz https://terraform-docs.io/dl/v0.20.0/terraform-docs-v0.20.0-$(uname)-amd64.tar.gz +tar -xzf terraform-docs.tar.gz +chmod +x terraform-docs +sudo mv terraform-docs /usr/local/bin/terraform-docs rm terraform-docs.tar.gz ``` diff --git a/infrastructure/api.tf b/infrastructure/api.tf index 2c135e654..9608ed235 100644 --- a/infrastructure/api.tf +++ b/infrastructure/api.tf @@ -23,7 +23,7 @@ resource "aws_api_gateway_base_path_mapping" "api_mapping" { stage_name = var.environment domain_name = local.api_gateway_full_domain_name - depends_on = [aws_api_gateway_deployment.ndr_api_deploy, aws_api_gateway_rest_api.ndr_doc_store_api, aws_api_gateway_stage.ndr_api] + depends_on = [aws_api_gateway_deployment.ndr_api_deploy, aws_api_gateway_rest_api.ndr_doc_store_api] } resource "aws_api_gateway_resource" "auth_resource" { diff --git a/infrastructure/api_mtls.tf b/infrastructure/api_mtls.tf index 66c4e4874..73f38c77b 100644 --- a/infrastructure/api_mtls.tf +++ b/infrastructure/api_mtls.tf @@ -35,7 +35,6 @@ resource "aws_api_gateway_base_path_mapping" "api_mapping_mtls" { depends_on = [ aws_api_gateway_deployment.ndr_api_deploy_mtls, - aws_api_gateway_stage.ndr_api_mtls, aws_api_gateway_rest_api.ndr_doc_store_api_mtls ] } diff --git a/scripts/cleanup_sandboxes.py b/scripts/cleanup_sandboxes.py index 3a8aac815..f7aa5bbbd 100644 --- a/scripts/cleanup_sandboxes.py +++ b/scripts/cleanup_sandboxes.py @@ -1,3 +1,4 @@ +import time import boto3, os, requests, sys from botocore.exceptions import ClientError @@ -62,3 +63,4 @@ def get_workspaces() -> list[str]: for workspace in workspaces: if workspace not in excluded: trigger_delete_workflow(token=gh_pat, sandbox=workspace) + time.sleep(300) From dbfb7a3f45b96cd9360c25baf39777e6d8de5f6a Mon Sep 17 00:00:00 2001 From: Adam Whiting Date: Thu, 23 Oct 2025 13:14:17 +0100 Subject: [PATCH 5/5] add comment to explain wait Co-authored-by: Kris Bloe <2674722+chrisbloe@users.noreply.github.com> --- scripts/cleanup_sandboxes.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/cleanup_sandboxes.py b/scripts/cleanup_sandboxes.py index f7aa5bbbd..ad9eb346f 100644 --- a/scripts/cleanup_sandboxes.py +++ b/scripts/cleanup_sandboxes.py @@ -63,4 +63,4 @@ def get_workspaces() -> list[str]: for workspace in workspaces: if workspace not in excluded: trigger_delete_workflow(token=gh_pat, sandbox=workspace) - time.sleep(300) + time.sleep(300) # Wait 5 min between executions to avoid an AWS concurrency issue.