CCM-13419 Generate Specification Variants on Build (#301)

* CCM-13419 Refactor build steps

* CCM-13419 Generate specification variants on build

* Add permissions

* Post review comment

* Only build OAS variants if push is to main

---------

Co-authored-by: Mark Slowey <[email protected]>

Author: stevebux

.github/actions/build-oas-spec/action.yml

@@ -0,0 +1,68 @@
+name: "Build OAS Spec"
+description: "Build OAS Spec"
+
+inputs:
+  version:
+    description: "Version number"
+    required: true
+  apimEnv:
+    description: "APIM environment"
+    required: true
+  buildSandbox:
+    description: "Whether to build the sandbox OAS spec"
+    required: false
+    default: false
+  nodejs_version:
+    description: "Node.js version, set by the CI/CD pipeline workflow"
+    required: true
+  NODE_AUTH_TOKEN:
+    description: "Token for access to github package registry"
+    required: true
+
+runs:
+  using: composite
+
+  steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+    - uses: actions/setup-node@v4
+      with:
+        node-version: ${{ inputs.nodejs_version }}
+        registry-url: 'https://npm.pkg.github.com'
+
+    - name: "Cache node_modules"
+      uses: actions/cache@v4
+      with:
+        path: |
+          **/node_modules
+        key: ${{ runner.os }}-node-${{ inputs.nodejs_version }}-${{ hashFiles('**/package-lock.json') }}
+        restore-keys: |
+          ${{ runner.os }}-node-${{ inputs.nodejs_version }}-
+
+    - name: Npm install
+      working-directory: .
+      env:
+        NODE_AUTH_TOKEN: ${{ inputs.NODE_AUTH_TOKEN }}
+      run: npm ci
+      shell: bash
+
+    - name: Build ${{ inputs.apimEnv }} oas
+      working-directory: .
+      env:
+        APIM_ENV: ${{ inputs.apimEnv }}
+      shell: bash
+      run: |
+        if [ ${{ env.APIM_ENV }} == "internal-dev-sandbox" ] && [ ${{ inputs.buildSandbox }} == true ]
+        then
+          echo "Building sandbox OAS spec"
+          make build-json-oas-spec APIM_ENV=sandbox
+        else
+          echo "Building env specific OAS spec"
+          make build-json-oas-spec APIM_ENV=${{ env.APIM_ENV }}
+        fi
+
+    - name: Upload API OAS specification artifact
+      uses: actions/upload-artifact@v4
+      with:
+        path: "build"
+        name: api-oas-specification-${{ inputs.apimEnv }}${{ inputs.version != '' && format('-{0}', inputs.version) || '' }}

.github/actions/build-proxies/action.yml

@@ -25,39 +25,16 @@ inputs:
     description: "Name of the Component to deploy"
     required: true
     default: 'api'
-  nodejs_version:
-    description: "Node.js version, set by the CI/CD pipeline workflow"
-    required: true
-  NODE_AUTH_TOKEN:
-    description: "Token for access to github package registry"
-    required: true
 
 runs:
   using: composite
 
   steps:
-    - name: Checkout
-      uses: actions/checkout@v4
-    - uses: actions/setup-node@v4
-      with:
-        node-version: ${{ inputs.nodejs_version }}
-        registry-url: 'https://npm.pkg.github.com'
-
-    - name: "Cache node_modules"
-      uses: actions/cache@v4
+    - name: Download OAS Spec artifact
+      uses: actions/download-artifact@v4
       with:
-        path: |
-          **/node_modules
-        key: ${{ runner.os }}-node-${{ inputs.nodejs_version }}-${{ hashFiles('**/package-lock.json') }}
-        restore-keys: |
-          ${{ runner.os }}-node-${{ inputs.nodejs_version }}-
-
-    - name: Npm install
-      working-directory: .
-      env:
-        NODE_AUTH_TOKEN: ${{ inputs.NODE_AUTH_TOKEN }}
-      run: npm ci
-      shell: bash
+        name: api-oas-specification-${{ inputs.apimEnv }}${{ inputs.version != '' && format('-{0}', inputs.version) || '' }}
+        path: ./build
 
     - name: Setup Proxy Name and target
       shell: bash
@@ -87,21 +64,10 @@ runs:
           echo "MTLS_NAME=notify-supplier-mtls-pr$PR_NUMBER" >> $GITHUB_ENV
         fi
 
-    - name: Build ${{ inputs.apimEnv }} oas
-      working-directory: .
-      env:
-        APIM_ENV: ${{ inputs.apimEnv }}
+    - name: Set APIM_ENV
       shell: bash
       run: |
-        if [ ${{ env.APIM_ENV }} == "internal-dev-sandbox" ] && [ ${{ inputs.buildSandbox }} == true ]
-        then
-          echo "Building sandbox OAS spec"
-          make build-json-oas-spec APIM_ENV=sandbox
-        else
-          echo "Building env specific OAS spec"
-          make build-json-oas-spec APIM_ENV=${{ env.APIM_ENV }}
-        fi
-
+        APIM_ENV="${{ inputs.apimEnv }}"
         if [[ $APIM_ENV == *-pr ]]; then
           echo "Removing pr suffix from APIM_ENV after building OAS and calling proxygen"
           APIM_ENV=$(echo "$APIM_ENV" | sed 's/-pr$//')

.github/actions/build-sdk/action.yml

@@ -55,12 +55,6 @@ runs:
       run: |
         make build VERSION="${{ inputs.version }}"
 
-    - name: Upload API OAS specification artifact
-      uses: actions/upload-artifact@v4
-      with:
-        path: "build"
-        name: api-oas-specification-${{ inputs.version }}
-
     - name: Upload html artifact
       uses: actions/upload-artifact@v4
       with:

.github/workflows/manual-proxy-environment-deploy.yaml

@@ -77,6 +77,13 @@ jobs:
           echo "ENVIRONMENT=$ENVIRONMENT" >> $GITHUB_ENV
           echo "APIM_ENV=$APIM_ENV" >> $GITHUB_ENV
 
+      - name: "Build OAS spec"
+        uses: ./.github/actions/build-oas-spec
+        with:
+          apimEnv: "${{ env.APIM_ENV }}"
+          buildSandbox: ${{ inputs.build_sandbox }}
+          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
       - name: "Build proxies"
         env:
           PROXYGEN_API_NAME: nhs-notify-supplier
@@ -90,4 +97,3 @@ jobs:
           runId: "${{ github.run_id }}"
           buildSandbox: ${{ inputs.build_sandbox }}
           releaseVersion: ${{ github.ref_name }}
-          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/stage-3-build.yaml

@@ -55,9 +55,48 @@ jobs:
           version: "${{ inputs.version }}"
           NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
+  artefact-oas-spec:
+    name: "Build OAS spec (${{ matrix.apimEnv }})"
+    if: (github.event_name == 'push' && github.ref == 'refs/heads/main')
+    runs-on: ubuntu-latest
+    needs: [artefact-jekyll-docs]
+    timeout-minutes: 10
+    strategy:
+      matrix:
+        apimEnv: [internal-dev-pr, internal-dev, int, ref, prod]
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@v5
+      - name: "Build OAS spec"
+        uses: ./.github/actions/build-oas-spec
+        with:
+          version: "${{ inputs.version }}"
+          apimEnv: "${{ matrix.apimEnv }}"
+          buildSandbox: false
+          nodejs_version: ${{ inputs.nodejs_version }}
+          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  artefact-oas-spec-sandbox:
+    name: "Build OAS spec for sandbox"
+    runs-on: ubuntu-latest
+    needs: [artefact-jekyll-docs]
+    timeout-minutes: 10
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@v5
+      - name: "Build proxies"
+        uses: ./.github/actions/build-oas-spec
+        with:
+          version: "${{ inputs.version }}"
+          apimEnv: "internal-dev-sandbox"
+          buildSandbox: true
+          nodejs_version: ${{ inputs.nodejs_version }}
+          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
   artefact-sdks:
     name: "Build SDKs"
     runs-on: ubuntu-latest
+    needs: [artefact-oas-spec]
     timeout-minutes: 10
     steps:
       - name: "Checkout code"
@@ -94,6 +133,7 @@ jobs:
   pr-create-dynamic-environment:
     name: Create Dynamic Environment
     runs-on: ubuntu-latest
+    if: inputs.pr_number != ''
     steps:
       - uses: actions/checkout@v5
       - name: Trigger dynamic environment creation
@@ -117,7 +157,8 @@ jobs:
   artefact-proxies:
     name: "Build proxies"
     runs-on: ubuntu-latest
-    needs: [pr-create-dynamic-environment]
+    if: inputs.pr_number != ''
+    needs: [artefact-oas-spec-sandbox, pr-create-dynamic-environment]
     timeout-minutes: 10
     env:
       PROXYGEN_API_NAME: nhs-notify-supplier
@@ -136,5 +177,3 @@ jobs:
           runId: "${{ github.run_id }}"
           buildSandbox: true
           releaseVersion: ${{ github.head_ref || github.ref_name }}
-          nodejs_version: ${{ inputs.nodejs_version }}
-          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/stage-5-publish.yaml

@@ -40,6 +40,9 @@ jobs:
     name: "Publish packages"
     runs-on: ubuntu-latest
     timeout-minutes: 10
+    outputs:
+      release_id: ${{ steps.create_release.outputs.id }}
+      upload_url: ${{ steps.create_release.outputs.upload_url }}
 
     steps:
       - name: "Checkout code"
@@ -87,12 +90,6 @@ jobs:
           path: ./artifacts/sdk-csharp-${{ inputs.version }}
           name: sdk-csharp-${{ inputs.version }}
 
-      - name: "Get the artefacts 8"
-        uses: actions/download-artifact@v6
-        with:
-          path: ./artifacts/api-oas-specification-${{ inputs.version }}
-          name: api-oas-specification-${{ inputs.version }}
-
       # Take out for now - might add again in the future
       # - name: "Get the artefacts 9"
       #   uses: actions/download-artifact@v6
@@ -207,22 +204,6 @@ jobs:
           asset_name: sdk-csharp-${{ inputs.version }}.zip
           asset_content_type: "application/gzip"
 
-      - name: "zip api OAS specification release asset"
-        # GitHub pages needs a single tar called artifact inside the zip.
-        working-directory: ./artifacts/api-oas-specification-${{ inputs.version }}
-        run: zip -r ../api-oas-specification-${{ inputs.version }}.zip .
-        shell: bash
-
-      - name: "Upload api OAS specification release asset"
-        uses: actions/upload-release-asset@v1
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          upload_url: "${{ steps.create_release.outputs.upload_url }}"
-          asset_path: ./artifacts/api-oas-specification-${{ inputs.version }}.zip
-          asset_name: api-oas-specification-${{ inputs.version }}.zip
-          asset_content_type: "application/gzip"
-
       # Take out for now - might add again in the future
       # - name: "zip csharp server release asset"
       #   # GitHub pages needs a single tar called artifact inside the zip.
@@ -241,6 +222,39 @@ jobs:
       #     asset_name: server-csharp-${{ inputs.version }}.zip
       #     asset_content_type: "application/gzip"
 
+  publish-oas-specs:
+    name: "Publish OAS spec (${{ matrix.apimEnv }})"
+    runs-on: ubuntu-latest
+    needs: [publish]
+    permissions:
+      id-token: write # This is required for requesting the JWT
+      contents: read # This is required for actions/checkout
+    timeout-minutes: 10
+    strategy:
+      matrix:
+        apimEnv: [internal-dev, int, ref, prod]
+    steps:
+      - name: "Download OAS spec artifact"
+        uses: actions/download-artifact@v6
+        with:
+          path: ./artifacts/api-oas-specification-${{ matrix.apimEnv }}-${{ inputs.version }}
+          name: api-oas-specification-${{ matrix.apimEnv }}-${{ inputs.version }}
+
+      - name: "Zip OAS specification"
+        working-directory: ./artifacts/api-oas-specification-${{ matrix.apimEnv }}-${{ inputs.version }}
+        run: zip -r ../api-oas-specification-${{ matrix.apimEnv }}-${{ inputs.version }}.zip .
+        shell: bash
+
+      - name: "Upload OAS specification release asset"
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ needs.publish.outputs.upload_url }}
+          asset_path: ./artifacts/api-oas-specification-${{ matrix.apimEnv }}-${{ inputs.version }}.zip
+          asset_name: api-oas-specification-${{ matrix.apimEnv }}-${{ inputs.version }}.zip
+          asset_content_type: "application/zip"
+
   # Take out for now - might add again in the future
   # ### PUBLISH DOCKER  - THIS NEEDS CHANGING TO DO THE DOCKER BUILD IN THE BUILD STAGE AND ARTIFACT IT. SEE publishlibhostdocker below how how and the buildlibs action.
   #   publishdocker: