Merge remote-tracking branch 'origin/main' into feature/CCM-11228-db-schema

Author: francisco-videira-nhs

.github/actions/build-proxies/action.yml

@@ -25,14 +25,16 @@ runs:
       run: |
         make publish-oas
 
-    - name: Setup Proxy Name
+    - name: Setup Proxy Name and target
       shell: bash
       run: |
 
         if [ -z $PR_NUMBER ]
         then
           echo "INSTANCE=$PROXYGEN_API_NAME" >> $GITHUB_ENV
+          echo "TARGET=https://suppliers.dev.nhsnotify.national.nhs.uk" >> $GITHUB_ENV
         else
+          echo "TARGET=https://pr$PR_NUMBER.suppliers.dev.nhsnotify.national.nhs.uk" >> $GITHUB_ENV
           echo "INSTANCE=$PROXYGEN_API_NAME-PR-$PR_NUMBER" >> $GITHUB_ENV
         fi
 
@@ -52,6 +54,11 @@ runs:
         envsubst < ./.github/proxygen-settings.yaml > ${HOME}/.proxygen/settings.yaml
         envsubst < ./.github/proxygen-settings.yaml | cat
 
+    - name: Set target
+      shell: bash
+      run: |
+        jq --arg newurl "$TARGET" '.["x-nhsd-apim"].target.url = $newurl' build/notify-supplier.json > build/notify-supplier_target.json && mv build/notify-supplier_target.json build/notify-supplier.json
+
 
     - name: Deploy to Internal Dev
       shell: bash

.github/workflows/pr_create_dynamic_env.yaml

@@ -17,7 +17,6 @@ jobs:
       - name: Trigger nhs-notify-internal dynamic environment workflow
         shell: bash
         run: |
-          set -x
           this_repo_name=$(echo ${{ github.repository }} | cut -d'/' -f2)
 
           DISPATCH_EVENT=$(jq -ncM \
@@ -46,10 +45,70 @@ jobs:
               }
             }')
 
-          curl --fail -L \
+          curl --fail -L -s \
             -X POST \
             -H "Accept: application/vnd.github+json" \
             -H "Authorization: Bearer ${{ secrets.PR_TRIGGER_PAT }}" \
             -H "X-GitHub-Api-Version: 2022-11-28" \
             https://api.github.com/repos/NHSDigital/nhs-notify-internal/actions/workflows/dispatch-deploy-dynamic-env.yaml/dispatches \
             -d "${DISPATCH_EVENT}"
+
+          echo "Workflow triggered. Waiting for the workflow to complete.."
+
+          # Poll GitHub API to check the workflow status
+          workflow_run_url=""
+          for i in {1..12}; do
+            workflow_run_url=$(curl -s \
+              -H "Accept: application/vnd.github+json" \
+              -H "Authorization: Bearer ${{ secrets.PR_TRIGGER_PAT }}" \
+              -H "X-GitHub-Api-Version: 2022-11-28" \
+              "https://api.github.com/repos/NHSDigital/nhs-notify-internal/actions/runs?event=workflow_dispatch&status=in_progress" \
+              | jq -r '.workflow_runs[]
+                | select(.name
+                | contains("'pr${{ github.event.number }}'") and
+                  contains("'nhs-notify-supplier-api-dev'") and
+                  contains("'api'") and
+                  contains("'apply'"))
+                | .url')
+
+            if [[ -n "$workflow_run_url" && "$workflow_run_url" != null ]]; then
+              ui_url=${workflow_run_url/api./}
+              ui_url=${ui_url/\/repos/}
+              echo "Found workflow run url: $ui_url"
+              echo "workflow_run_url=$workflow_run_url" >> $GITHUB_ENV
+              break
+            fi
+
+            echo "Waiting for workflow to start..."
+            sleep 10
+          done
+
+          if [[ -z "$workflow_run_url" || "$workflow_run_url" == null ]]; then
+            echo "Failed to get the workflow run url. Exiting."
+            exit 1
+          fi
+
+          # Wait for workflow completion
+          while true; do
+            sleep 10
+            response=$(curl -s -L \
+              -H "Authorization: Bearer ${{ secrets.PR_TRIGGER_PAT }}" \
+              -H "Accept: application/vnd.github+json" \
+              $workflow_run_url)
+
+            status=$(echo "$response" | jq -r '.status')
+            conclusion=$(echo "$response" | jq -r '.conclusion')
+
+            if [ "$status" == "completed" ]; then
+              if [ "$conclusion" == "success" ]; then
+                echo "Workflow completed successfully."
+                exit 0
+              else
+                echo "Workflow failed with conclusion: $conclusion"
+                exit 1
+              fi
+            fi
+
+            echo "Workflow still running..."
+            sleep 20
+          done

docs/Gemfile.lock

@@ -27,10 +27,14 @@ GEM
     erb (4.0.4)
       cgi (>= 0.3.3)
     eventmachine (1.2.7)
+    ffi (1.17.2-aarch64-linux-gnu)
     ffi (1.17.2-arm64-darwin)
     ffi (1.17.2-x86_64-linux-gnu)
     forwardable-extended (2.6.0)
     gemoji (4.1.0)
+    google-protobuf (4.31.1-aarch64-linux-gnu)
+      bigdecimal
+      rake (>= 13)
     google-protobuf (4.31.1-arm64-darwin)
       bigdecimal
       rake (>= 13)
@@ -101,8 +105,9 @@ GEM
       jekyll-seo-tag (~> 2.1)
     minitest (5.24.1)
     mutex_m (0.2.0)
-    nokogiri (1.18.9-arm64-darwin)
+    nokogiri (1.18.4-aarch64-linux-gnu)
       racc (~> 1.4)
+    nokogiri (1.18.9-arm64-darwin)
     nokogiri (1.18.9-x86_64-linux-gnu)
       racc (~> 1.4)
     pathutil (0.16.2)
@@ -116,6 +121,8 @@ GEM
     rexml (3.4.1)
     rouge (4.5.2)
     safe_yaml (1.0.5)
+    sass-embedded (1.83.0-aarch64-linux-gnu)
+      google-protobuf (~> 4.28)
     sass-embedded (1.83.0-arm64-darwin)
       google-protobuf (~> 4.28)
     sass-embedded (1.83.0-x86_64-linux-gnu)
@@ -128,6 +135,7 @@ GEM
     webrick (1.8.2)
 
 PLATFORMS
+  aarch64-linux
   arm64-darwin-23
   x86_64-linux
 

infrastructure/terraform/components/api/README.md

@@ -30,6 +30,7 @@ No requirements.
 | <a name="module_get_letters"></a> [get\_letters](#module\_get\_letters) | git::https://github.com/NHSDigital/nhs-notify-shared-modules.git//infrastructure/modules/lambda | v2.0.10 |
 | <a name="module_hello_world"></a> [hello\_world](#module\_hello\_world) | git::https://github.com/NHSDigital/nhs-notify-shared-modules.git//infrastructure/modules/lambda | v2.0.10 |
 | <a name="module_kms"></a> [kms](#module\_kms) | git::https://github.com/NHSDigital/nhs-notify-shared-modules.git//infrastructure/modules/kms | v2.0.10 |
+| <a name="module_patch_letters"></a> [patch\_letters](#module\_patch\_letters) | git::https://github.com/NHSDigital/nhs-notify-shared-modules.git//infrastructure/modules/lambda | v2.0.10 |
 ## Outputs
 
 | Name | Description |

infrastructure/terraform/components/api/ddb_table_letters.tf

@@ -19,17 +19,17 @@ resource "aws_dynamodb_table" "letters" {
 
   attribute {
     name = "id"
-    type = "string"
+    type = "S"
   }
 
   attribute {
     name = "supplierId"
-    type = "string"
+    type = "S"
   }
 
   attribute {
     name = "supplierStatus"
-    type = "string"
+    type = "S"
   }
 
   point_in_time_recovery {

infrastructure/terraform/components/api/ddb_table_mi.tf

@@ -12,12 +12,12 @@ resource "aws_dynamodb_table" "mi" {
 
   attribute {
     name = "id"
-    type = "string"
+    type = "S"
   }
 
   attribute {
     name = "supplierId"
-    type = "string"
+    type = "S"
   }
 
   point_in_time_recovery {

infrastructure/terraform/components/api/iam_role_api_gateway_execution_role.tf

@@ -51,6 +51,7 @@ data "aws_iam_policy_document" "api_gateway_execution_policy" {
       module.authorizer_lambda.function_arn,
       module.hello_world.function_arn,
       module.get_letters.function_arn,
+      module.patch_letters.function_arn
     ]
   }
 }

infrastructure/terraform/components/api/locals.tf

@@ -10,6 +10,7 @@ locals {
     AUTHORIZER_LAMBDA_ARN   = module.authorizer_lambda.function_arn
     HELLO_WORLD_LAMBDA_ARN  = module.hello_world.function_arn
     GET_LETTERS_LAMBDA_ARN  = module.get_letters.function_arn
+    PATCH_LETTERS_LAMBDA_ARN  = module.patch_letters.function_arn
   })
 
   destination_arn = "arn:aws:logs:${var.region}:${var.shared_infra_account_id}:destination:nhs-main-obs-firehose-logs"

infrastructure/terraform/components/api/module_lambda_patch_letters.tf

@@ -0,0 +1,57 @@
+module "patch_letters" {
+  source = "git::https://github.com/NHSDigital/nhs-notify-shared-modules.git//infrastructure/modules/lambda?ref=v2.0.10"
+
+  function_name = "patch_letters"
+  description   = "Update the status of a letter"
+
+  aws_account_id = var.aws_account_id
+  component      = var.component
+  environment    = var.environment
+  project        = var.project
+  region         = var.region
+
+  group          = var.group
+
+  log_retention_in_days = var.log_retention_in_days
+  kms_key_arn           = module.kms.key_arn
+
+  iam_policy_document = {
+    body = data.aws_iam_policy_document.patch_letters_lambda.json
+  }
+
+  function_s3_bucket      = local.acct.s3_buckets["lambda_function_artefacts"]["id"]
+  function_code_base_path = local.aws_lambda_functions_dir_path
+  function_code_dir       = "api-handler/dist"
+  function_include_common = true
+  handler_function_name   = "patchLetters"
+  runtime                 = "nodejs22.x"
+  memory                  = 128
+  timeout                 = 5
+  log_level               = var.log_level
+
+  force_lambda_code_deploy = var.force_lambda_code_deploy
+  enable_lambda_insights   = false
+
+  send_to_firehose          = true
+  log_destination_arn       = local.destination_arn
+  log_subscription_role_arn = local.acct.log_subscription_role_arn
+
+  lambda_env_vars = {
+  }
+}
+
+data "aws_iam_policy_document" "patch_letters_lambda" {
+  statement {
+    sid    = "KMSPermissions"
+    effect = "Allow"
+
+    actions = [
+      "kms:Decrypt",
+      "kms:GenerateDataKey",
+    ]
+
+    resources = [
+      module.kms.key_arn, ## Requires shared kms module
+    ]
+  }
+}