CCM-11938: try

Author: sidnhs

.github/actions/build-proxies/action.yml

@@ -5,6 +5,19 @@ inputs:
   version:
     description: "Version number"
     required: true
+  environment:
+    description: "Deployment environment"
+    required: true
+  apimEnv:
+    description: "APIM environment"
+    required: true
+  runId:
+    description: "GitHub Actions run ID to fetch the OAS artifact from"
+    required: true
+  buildSandbox:
+    description: "Whether to build the sandbox OAS spec"
+    required: false
+    default: false
 
 runs:
   using: composite
@@ -25,46 +38,87 @@ runs:
       shell: bash
       run: |
 
+        ENV="${{ inputs.environment }}"
+        if [[ "$ENV" == "internal-dev" || "$ENV" == pr* ]]; then
+          echo "TARGET_DOMAIN=suppliers.dev.nhsnotify.national.nhs.uk" >> $GITHUB_ENV
+        elif [[ "$ENV" == "uat" ]]; then
+          echo "TARGET_DOMAIN=suppliers.nonprod.nhsnotify.national.nhs.uk" >> $GITHUB_ENV
+        elif [[ "$ENV" == "prod" ]]; then
+          echo "TARGET_DOMAIN=suppliers.prod.nhsnotify.national.nhs.uk" >> $GITHUB_ENV
+        else
+          echo "TARGET_DOMAIN=suppliers.dev.nhsnotify.national.nhs.uk" >> $GITHUB_ENV
+        fi
+
         if [ -z $PR_NUMBER ]
         then
           echo "INSTANCE=$PROXYGEN_API_NAME" >> $GITHUB_ENV
-          echo "TARGET=https://main.suppliers.dev.nhsnotify.national.nhs.uk" >> $GITHUB_ENV
+          echo "TARGET=https://main.$TARGET_DOMAIN" >> $GITHUB_ENV
           echo "SANDBOX_TAG=latest" >> $GITHUB_ENV
           echo "MTLS_NAME=notify-supplier-mtls" >> $GITHUB_ENV
         else
-          echo "TARGET=https://pr$PR_NUMBER.suppliers.dev.nhsnotify.national.nhs.uk" >> $GITHUB_ENV
+          echo "TARGET=https://pr$PR_NUMBER.$TARGET_DOMAIN" >> $GITHUB_ENV
           echo "INSTANCE=$PROXYGEN_API_NAME-PR-$PR_NUMBER" >> $GITHUB_ENV
           echo "SANDBOX_TAG=pr$PR_NUMBER" >> $GITHUB_ENV
           echo "MTLS_NAME=notify-supplier-mtls-pr$PR_NUMBER" >> $GITHUB_ENV
         fi
 
-    - name: Install Proxygen client
-      shell: bash
-      run: |
-        # Install proxygen cli
-        pip install pipx
-        pipx install proxygen-cli
+    # - name: Install Proxygen client
+    #   shell: bash
+    #   run: |
+    #     # Install proxygen cli
+    #     pip install pipx
+    #     pipx install proxygen-cli
 
-        # Setup proxygen auth and settings
-        mkdir -p ${HOME}/.proxygen
-        echo -n $PROXYGEN_PRIVATE_KEY | base64 --decode > ${HOME}/.proxygen/key
-        envsubst < ./.github/proxygen-credentials-template.yaml > ${HOME}/.proxygen/credentials.yaml
-        envsubst < ./.github/proxygen-credentials-template.yaml | cat
-        envsubst < ./.github/proxygen-settings.yaml > ${HOME}/.proxygen/settings.yaml
-        envsubst < ./.github/proxygen-settings.yaml | cat
+    #     # Setup proxygen auth and settings
+    #     mkdir -p ${HOME}/.proxygen
+    #     echo -n $PROXYGEN_PRIVATE_KEY | base64 --decode > ${HOME}/.proxygen/key
+    #     envsubst < ./.github/proxygen-credentials-template.yaml > ${HOME}/.proxygen/credentials.yaml
+    #     envsubst < ./.github/proxygen-credentials-template.yaml | cat
+    #     envsubst < ./.github/proxygen-settings.yaml > ${HOME}/.proxygen/settings.yaml
+    #     envsubst < ./.github/proxygen-settings.yaml | cat
 
-    - name: Build sandbox oas
+    - name: Build ${{ inputs.apimEnv }} oas
       working-directory: .
       shell: bash
       run: |
-        make build-json-oas-spec APIM_ENV=sandbox
+        if [ ${{ inputs.apimEnv }} == "internal-dev-sandbox" ] && [ ${{ inputs.buildSandbox }} == true ]
+        then
+          echo "Building sandbox OAS spec"
+          make build-json-oas-spec APIM_ENV=sandbox
+        else
+          echo "Building env specific OAS spec"
+          make build-json-oas-spec APIM_ENV=${{ inputs.apimEnv }}
+        fi
 
-    - name: Set docker tag
-      shell: bash
-      run: |
-        jq --arg newtag "$SANDBOX_TAG" '.["x-nhsd-apim"].target.containers[0].image.tag = $newtag' build/notify-supplier.json > build/notify-supplier_target.json && mv build/notify-supplier_target.json build/notify-supplier.json
+    - name: Upload OAS Spec
+      uses: actions/upload-artifact@v4
+      with:
+        name: ${{ inputs.apimEnv }}-build-output
+        path: ./build
 
-    - name: Deploy to Internal Dev Sandbox
+    - name: Trigger deploy proxy
+      env:
+        PR_TRIGGER_PAT: ${{ secrets.PR_TRIGGER_PAT }}
       shell: bash
       run: |
-        proxygen instance deploy internal-dev-sandbox $INSTANCE build/notify-supplier.json --no-confirm
+        #Change this back to proxy-deploy.yaml after testing
+        .github/scripts/dispatch_internal_repo_workflow.sh \
+          --infraRepoName "$(echo ${{ github.repository }} | cut -d'/' -f2)" \
+          --internalRef "feature/CCM-11938_workflow" \
+          --targetWorkflow "dispatch-deploy-notify-account-provisioning.yaml" \
+          --targetEnvironment "${{ inputs.environment }}" \
+          --runId "${{ inputs.runId }}" \
+          --buildSandbox ${{ inputs.buildSandbox }} \
+          --apimEnvironment "${{ inputs.apimEnv }}" \
+          --boundedContext "notify-supplier" \
+          --targetDomain "$TARGET_DOMAIN"
+
+    # - name: Set docker tag
+    #   shell: bash
+    #   run: |
+    #     jq --arg newtag "$SANDBOX_TAG" '.["x-nhsd-apim"].target.containers[0].image.tag = $newtag' build/notify-supplier.json > build/notify-supplier_target.json && mv build/notify-supplier_target.json build/notify-supplier.json
+
+    # - name: Deploy to Internal Dev Sandbox
+    #   shell: bash
+    #   run: |
+    #     proxygen instance deploy internal-dev-${{ inputs.apimEnv }} $INSTANCE build/notify-supplier.json --no-confirm

.github/scripts/dispatch_internal_repo_workflow.sh

@@ -68,6 +68,10 @@ while [[ $# -gt 0 ]]; do
       internalRef="$2"
       shift 2
       ;;
+    --runId) # Github Run ID (optional)
+      runId="$2"
+      shift 2
+      ;;
     --overrides) # Terraform overrides for passing in extra variables (optional)
       overrides="$2"
       shift 2
@@ -80,6 +84,10 @@ while [[ $# -gt 0 ]]; do
       overrideRoleName="$2"
       shift 2
       ;;
+    --buildSandbox) # Build sandbox flag (optional)
+      buildSandbox="$2"
+      shift 2
+      ;;
     *)
     echo "[ERROR] Unknown argument: $1"
       exit 1
@@ -101,6 +109,14 @@ if [[ -z "$internalRef" ]]; then
   internalRef="main"
 fi
 
+if [[ -z "$runId" ]]; then
+  runId="$GITHUB_RUN_ID"
+fi
+
+if [[ -z "$buildSandbox" ]]; then
+  buildSandbox=""
+fi
+
 echo "==================== Workflow Dispatch Parameters ===================="
 echo "  infraRepoName:      $infraRepoName"
 echo "  releaseVersion:     $releaseVersion"
@@ -114,6 +130,8 @@ echo "  overrides:          $overrides"
 echo "  overrideProjectName: $overrideProjectName"
 echo "  overrideRoleName:   $overrideRoleName"
 echo "  targetProject:      $targetProject"
+echo "  runId:              $runId"
+echo "  buildSandbox:        $buildSandbox"
 
 DISPATCH_EVENT=$(jq -ncM \
   --arg infraRepoName "$infraRepoName" \
@@ -127,6 +145,8 @@ DISPATCH_EVENT=$(jq -ncM \
   --arg overrideProjectName "$overrideProjectName" \
   --arg overrideRoleName "$overrideRoleName" \
   --arg targetProject "$targetProject" \
+  --arg runId "$runId" \
+  --arg buildSandbox "$buildSandbox" \
   '{
     "ref": "'"$internalRef"'",
     "inputs": (
@@ -135,13 +155,13 @@ DISPATCH_EVENT=$(jq -ncM \
       (if $overrideProjectName != "" then { "overrideProjectName": $overrideProjectName } else {} end) +
       (if $overrideRoleName != "" then { "overrideRoleName": $overrideRoleName } else {} end) +
       (if $targetProject != "" then { "targetProject": $targetProject } else {} end) +
-      {
-        "releaseVersion": $releaseVersion,
-        "targetEnvironment": $targetEnvironment,
-        "targetAccountGroup": $targetAccountGroup,
-        "targetComponent": $targetComponent,
-        "overrides": $overrides,
-      }
+      (if $releaseVersion != "" then { "releaseVersion": $releaseVersion } else {} end) +
+      (if $targetComponent != "" then { "targetComponent": $targetComponent } else {} end) +
+      (if $overrides != "" then { "overrides": $overrides } else {} end) +
+      (if $runId != "" then { "runId": $runId } else {} end) +
+      (if $buildSandbox != "" then { "buildSandbox": $buildSandbox } else {} end) +
+      { "targetEnvironment": $targetEnvironment } +
+      { "targetAccountGroup": $targetAccountGroup }
     )
   }')
 

.github/workflows/manual-proxy-environment-deploy.yaml

@@ -0,0 +1,85 @@
+name: Deploy proxy to environment
+
+on:
+  workflow_dispatch:
+    inputs:
+      environment:
+        description: Name of the environment to deploy
+        required: true
+        type: choice
+        options:
+          - internal-dev
+      
+
+permissions:
+  contents: read
+
+jobs:
+  deploy-environment:
+    runs-on: ubuntu-latest
+    name: Deploy to Environment
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 24
+
+      - name: Npm install
+        working-directory: .
+        run: npm ci
+        shell: bash
+
+      - name: "Check if pull request exists for this branch"
+        id: pr_exists
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          branch_name=${GITHUB_HEAD_REF:-$(echo $GITHUB_REF | sed 's#refs/heads/##')}
+          echo "Current branch is '$branch_name'"
+
+          pr_json=$(gh pr list --head "$branch_name" --state open --json number --limit 1)
+          pr_number=$(echo "$pr_json" | jq -r '.[0].number // empty')
+
+          if [[ -n "$pr_number" ]]; then
+            echo "Pull request exists: #$pr_number"
+            echo "does_pull_request_exist=true" >> $GITHUB_OUTPUT
+            echo "pr_number=$pr_number" >> $GITHUB_OUTPUT
+          else
+            echo "Pull request doesn't exist"
+            echo "does_pull_request_exist=false" >> $GITHUB_OUTPUT
+            echo "pr_number=" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Set APIM_ENV
+        shell: bash
+        run: |
+          if [ -z "${{ steps.pr_exists.outputs.pr_number }}" ]; then
+            echo "APIM_ENV=${{ inputs.environment }}" >> $GITHUB_ENV
+          else
+            echo "APIM_ENV=${{ inputs.environment }}-pr" >> $GITHUB_ENV
+          fi
+      - name: Build environment oas
+        working-directory: .
+        shell: bash
+        run: make build-json-oas-spec APIM_ENV=${{ env.APIM_ENV }}
+      - name: "Build proxies"
+        uses: ./.github/actions/build-proxies
+        with:
+          version: "${{ inputs.version }}"
+          environment: "${{ env.APIM_ENV }}"
+          apim_env: "${{ env.APIM_ENV }}"
+          run_id: "${{ github.run_id }}"
+          build_sandbox: false
+
+      # - name: Set target and cert
+      #   shell: bash
+      #   run: |
+      #     jq --arg newurl "$TARGET" '.["x-nhsd-apim"].target.url = $newurl' build/notify-supplier.json > build/notify-supplier_target.json && mv build/notify-supplier_target.json build/notify-supplier.json
+      #     jq --arg newmtls "$MTLS_NAME" '.["x-nhsd-apim"].target.security.secret = $newmtls' build/notify-supplier.json > build/notify-supplier_target.json && mv build/notify-supplier_target.json build/notify-supplier.json
+
+      # - name: Deploy to Internal Dev
+      #   shell: bash
+      #   run: |
+      #     proxygen instance deploy internal-dev $INSTANCE build/notify-supplier.json --no-confirm