CCM-12180: acceptance stage internal invoke

Author: masl2

.github/actions/acceptance-tests/action.yaml

@@ -0,0 +1,53 @@
+name: Acceptance tests
+description: "Run acceptance tests for this repo"
+
+inputs:
+  testType:
+    description: Type of test to run
+    required: true
+
+  targetEnvironment:
+    description: Name of the environment under test
+    required: true
+
+  targetAccountGroup:
+    description: Name of the account group under test
+    default: nhs-notify-template-management-dev
+    required: true
+
+  targetComponent:
+    description: Name of the component under test
+    required: true
+
+runs:
+  using: "composite"
+
+  steps:
+    - name: Fetch terraform output
+      uses: actions/download-artifact@v5
+      with:
+        name: terraform-output-${{ inputs.targetComponent }}
+
+    - name: "Repo setup"
+      shell: bash
+      run: |
+        npm ci
+
+    - name: Generate outputs file
+      shell: bash
+      run: |
+        root_dir=${GITHUB_WORKSPACE}
+        mv ./terraform_output.json ./sandbox_tf_outputs.json
+        npm run generate-outputs sandbox-output
+
+    - name: Run test - ${{ inputs.testType }}
+      shell: bash
+      run: |
+        make test-${{ inputs.testType }}
+
+    - name: Archive test results
+      uses: actions/upload-artifact@v4
+      if: always()
+      with:
+        name: ${{ inputs.testType }} - test report
+        path: "tests/acceptance-test-report"

.github/actions/test-types.json

@@ -0,0 +1,3 @@
+[
+  "component"
+]

.github/workflows/stage-4-acceptance.yaml

@@ -35,139 +35,27 @@ on:
         required: true
         type: string
 
+permissions:
+  id-token: write
+  contents: read
+
 jobs:
-  environment-set-up:
-    name: "Environment set up"
-    runs-on: ubuntu-latest
-    timeout-minutes: 5
-    steps:
-      - name: "Checkout code"
-        uses: actions/checkout@v5
-      - name: "Create infractructure"
-        run: |
-          echo "Creating infractructure..."
-      - name: "Update database"
-        run: |
-          echo "Updating database..."
-      - name: "Deploy application"
-        run: |
-          echo "Deploying application..."
-  test-contract:
-    name: "Contract test"
-    runs-on: ubuntu-latest
-    needs: environment-set-up
-    timeout-minutes: 10
-    steps:
-      - name: "Checkout code"
-        uses: actions/checkout@v5
-      - name: "Run contract test"
-        run: |
-          make test-contract
-      - name: "Save result"
-        run: |
-          echo "Nothing to save"
-  test-security:
-    name: "Security test"
-    runs-on: ubuntu-latest
-    needs: environment-set-up
-    timeout-minutes: 10
-    steps:
-      - name: "Checkout code"
-        uses: actions/checkout@v5
-      - name: "Run security test"
-        run: |
-          make test-security
-      - name: "Save result"
-        run: |
-          echo "Nothing to save"
-  test-ui:
-    name: "UI test"
-    runs-on: ubuntu-latest
-    needs: environment-set-up
-    timeout-minutes: 10
-    steps:
-      - name: "Checkout code"
-        uses: actions/checkout@v5
-      - name: "Run UI test"
-        run: |
-          make test-ui
-      - name: "Save result"
-        run: |
-          echo "Nothing to save"
-  test-ui-performance:
-    name: "UI performance test"
+  run-acceptance-tests:
+    name: Run Acceptance Tests
     runs-on: ubuntu-latest
-    needs: environment-set-up
-    timeout-minutes: 10
     steps:
-      - name: "Checkout code"
-        uses: actions/checkout@v5
-      - name: "Run UI performance test"
-        run: |
-          make test-ui-performance
-      - name: "Save result"
-        run: |
-          echo "Nothing to save"
-  test-integration:
-    name: "Integration test"
-    runs-on: ubuntu-latest
-    needs: environment-set-up
-    timeout-minutes: 10
-    steps:
-      - name: "Checkout code"
-        uses: actions/checkout@v5
-      - name: "Run integration test"
-        run: |
-          make test-integration
-      - name: "Save result"
-        run: |
-          echo "Nothing to save"
-  test-accessibility:
-    name: "Accessibility test"
-    runs-on: ubuntu-latest
-    needs: environment-set-up
-    timeout-minutes: 10
-    steps:
-      - name: "Checkout code"
-        uses: actions/checkout@v5
-      - name: "Run accessibility test"
-        run: |
-          make test-accessibility
-      - name: "Save result"
-        run: |
-          echo "Nothing to save"
-  test-load:
-    name: "Load test"
-    runs-on: ubuntu-latest
-    needs: environment-set-up
-    timeout-minutes: 10
-    steps:
-      - name: "Checkout code"
-        uses: actions/checkout@v5
-      - name: "Run load tests"
-        run: |
-          make test-load
-      - name: "Save result"
-        run: |
-          echo "Nothing to save"
-  environment-tear-down:
-    name: "Environment tear down"
-    runs-on: ubuntu-latest
-    needs:
-      [
-        test-accessibility,
-        test-contract,
-        test-integration,
-        test-load,
-        test-security,
-        test-ui-performance,
-        test-ui,
-      ]
-    if: always()
-    timeout-minutes: 5
-    steps:
-      - name: "Checkout code"
-        uses: actions/checkout@v5
-      - name: "Tear down environment"
-        run: |
-          echo "Tearing down environment..."
+      - uses: actions/[email protected]
+
+      - name: Trigger Acceptance Tests
+        shell: bash
+        env:
+          APP_PEM_FILE: ${{ secrets.APP_PEM_FILE }}
+          APP_CLIENT_ID: ${{ secrets.APP_CLIENT_ID }}
+        run: |
+          .github/scripts/dispatch_internal_repo_workflow.sh \
+            --infraRepoName "nhs-notify-web-template-management" \
+            --releaseVersion "${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" \
+            --targetWorkflow "dispatch-contextual-tests-dynamic-env.yaml" \
+            --targetEnvironment "pr${{ inputs.pr_number }}" \
+            --targetAccountGroup "nhs-notify-supplier-api-dev" \
+            --targetComponent "api"

infrastructure/terraform/components/api/README.md

@@ -11,6 +11,7 @@ No requirements.
 |------|-------------|------|---------|:--------:|
 | <a name="input_aws_account_id"></a> [aws\_account\_id](#input\_aws\_account\_id) | The AWS Account ID (numeric) | `string` | n/a | yes |
 | <a name="input_ca_pem_filename"></a> [ca\_pem\_filename](#input\_ca\_pem\_filename) | Filename for the CA truststore file within the s3 bucket | `string` | `null` | no |
+| <a name="input_commit_id"></a> [commit\_id](#input\_commit\_id) | The commit to deploy. Must be in the tree for branch\_name | `string` | `"HEAD"` | no |
 | <a name="input_component"></a> [component](#input\_component) | The variable encapsulating the name of this component | `string` | `"supapi"` | no |
 | <a name="input_default_tags"></a> [default\_tags](#input\_default\_tags) | A map of default tags to apply to all taggable resources within the component | `map(string)` | `{}` | no |
 | <a name="input_enable_backups"></a> [enable\_backups](#input\_enable\_backups) | Enable backups | `bool` | `false` | no |
@@ -48,6 +49,7 @@ No requirements.
 | Name | Description |
 |------|-------------|
 | <a name="output_api_urll"></a> [api\_urll](#output\_api\_urll) | n/a |
+| <a name="output_deployment"></a> [deployment](#output\_deployment) | Deployment details used for post-deployment scripts |
 <!-- vale on -->
 <!-- markdownlint-enable -->
 <!-- END_TF_DOCS -->

infrastructure/terraform/components/api/outputs.tf

@@ -1,3 +1,16 @@
 output "api_urll" {
   value = aws_api_gateway_stage.main.invoke_url
 }
+
+output "deployment" {
+  description = "Deployment details used for post-deployment scripts"
+  value = {
+    aws_region     = var.region
+    aws_account_id = var.aws_account_id
+    project        = var.project
+    environment    = var.environment
+    group          = var.group
+    component      = var.component
+    commit_id      = var.commit_id
+  }
+}

infrastructure/terraform/components/api/variables.tf

@@ -51,64 +51,40 @@ variable "default_tags" {
 # Variables specific to the component
 ##
 
-variable "kms_deletion_window" {
+variable "ca_pem_filename" {
   type        = string
-  description = "When a kms key is deleted, how long should it wait in the pending deletion state?"
-  default     = "30"
-}
-
-variable "log_retention_in_days" {
-  type        = number
-  description = "The retention period in days for the Cloudwatch Logs events to be retained, default of 0 is indefinite"
-  default     = 0
+  description = "Filename for the CA truststore file within the s3 bucket"
+  default     = null
 }
 
-variable "log_level" {
+variable "commit_id" {
   type        = string
-  description = "The log level to be used in lambda functions within the component. Any log with a lower severity than the configured value will not be logged: https://docs.python.org/3/library/logging.html#levels"
-  default     = "INFO"
+  description = "The commit to deploy. Must be in the tree for branch_name"
+  default     = "HEAD"
 }
 
-variable "force_lambda_code_deploy" {
+variable "enable_backups" {
   type        = bool
-  description = "If the lambda package in s3 has the same commit id tag as the terraform build branch, the lambda will not update automatically. Set to True if making changes to Lambda code from on the same commit for example during development"
+  description = "Enable backups"
   default     = false
 }
 
-variable "parent_acct_environment" {
-  type        = string
-  description = "Name of the environment responsible for the acct resources used, affects things like DNS zone. Useful for named dev environments"
-  default     = "main"
-}
-
-variable "shared_infra_account_id" {
-  type        = string
-  description = "The AWS Account ID of the shared infrastructure account"
-  default     = "000000000000"
-}
-
-variable "manually_configure_mtls_truststore" {
+variable "force_destroy" {
   type        = bool
-  description = "Manually manage the truststore used for API Gateway mTLS (e.g. for prod environment)"
+  description = "Flag to force deletion of S3 buckets"
   default     = false
 }
 
-variable "enable_backups" {
+variable "force_lambda_code_deploy" {
   type        = bool
-  description = "Enable backups"
+  description = "If the lambda package in s3 has the same commit id tag as the terraform build branch, the lambda will not update automatically. Set to True if making changes to Lambda code from on the same commit for example during development"
   default     = false
 }
 
-variable "ca_pem_filename" {
+variable "kms_deletion_window" {
   type        = string
-  description = "Filename for the CA truststore file within the s3 bucket"
-  default     = null
-}
-
-variable "force_destroy" {
-  type        = bool
-  description = "Flag to force deletion of S3 buckets"
-  default     = false
+  description = "When a kms key is deleted, how long should it wait in the pending deletion state?"
+  default     = "30"
 }
 
 variable "letter_table_ttl_hours" {
@@ -117,8 +93,38 @@ variable "letter_table_ttl_hours" {
   default     = 24
 }
 
+variable "log_level" {
+  type        = string
+  description = "The log level to be used in lambda functions within the component. Any log with a lower severity than the configured value will not be logged: https://docs.python.org/3/library/logging.html#levels"
+  default     = "INFO"
+}
+
+variable "log_retention_in_days" {
+  type        = number
+  description = "The retention period in days for the Cloudwatch Logs events to be retained, default of 0 is indefinite"
+  default     = 0
+}
+
+variable "manually_configure_mtls_truststore" {
+  type        = bool
+  description = "Manually manage the truststore used for API Gateway mTLS (e.g. for prod environment)"
+  default     = false
+}
+
 variable "max_get_limit" {
   type        = number
   description = "Default limit to apply to GET requests that support pagination"
   default     = 2500
 }
+
+variable "parent_acct_environment" {
+  type        = string
+  description = "Name of the environment responsible for the acct resources used, affects things like DNS zone. Useful for named dev environments"
+  default     = "main"
+}
+
+variable "shared_infra_account_id" {
+  type        = string
+  description = "The AWS Account ID of the shared infrastructure account"
+  default     = "000000000000"
+}