Merge branch 'main' into feature/CCM-12179-Component-tests

Author: Namitha-Prabhu

.devcontainer/devcontainer.json

@@ -63,6 +63,7 @@
       "omzPlugins": "https://github.com/zsh-users/zsh-autosuggestions.git https://github.com/zsh-users/zsh-syntax-highlighting.git",
       "plugins": "zsh-autosuggestions zsh-syntax-highlighting"
     },
+    "ghcr.io/devcontainers/features/aws-cli:1": {},
     "ghcr.io/devcontainers/features/common-utils": {
       "configureZshAsDefaultShell": true,
       "installOhMyZsh": true,
@@ -75,11 +76,11 @@
       "installDockerComposeSwitch": true,
       "moby": true,
       "version": "latest"
-    },
-    "ghcr.io/devcontainers/features/ruby:1": {}
+    }
   },
   "mounts": [
-    "source=${localEnv:HOME}/.ssh,target=/home/vscode/.ssh,type=bind,consistency=cached"
+    "source=${localEnv:HOME}/.ssh,target=/home/vscode/.ssh,type=bind,consistency=cached",
+    "source=${localEnv:HOME}/.aws,target=/home/vscode/.aws,type=bind,consistency=cached"
   ],
   "name": "Devcontainer",
   "postCreateCommand": "scripts/devcontainer/postcreatecommand.sh"

.github/actions/build-docs/action.yml

@@ -14,7 +14,7 @@ runs:
         node-version: 18
     - name: Npm cli install
       working-directory: .
-      run: npm ci -w docs
+      run: npm ci
       shell: bash
     - name: Setup Ruby
       uses: ruby/[email protected]

.github/actions/build-proxies/action.yml

@@ -98,7 +98,8 @@ runs:
 
     - name: Trigger deploy proxy
       env:
-        PR_TRIGGER_PAT: ${{ env.PR_TRIGGER_PAT }}
+        APP_CLIENT_ID: ${{ env.APP_CLIENT_ID }}
+        APP_PEM_FILE: ${{ env.APP_PEM_FILE }}
       shell: bash
       run: |
         .github/scripts/dispatch_internal_repo_workflow.sh \

.github/actions/build-sdk/action.yml

@@ -53,7 +53,7 @@ runs:
     - name: Upload API OAS specification artifact
       uses: actions/upload-artifact@v4
       with:
-        path: "specification/api"
+        path: "build"
         name: api-oas-specification-${{ inputs.version }}
 
     - name: Upload html artifact

.github/scripts/dispatch_internal_repo_workflow.sh

@@ -111,6 +111,59 @@ while [[ $# -gt 0 ]]; do
   esac
 done
 
+if [[ -z "$APP_PEM_FILE" ]]; then
+  echo "[ERROR] PEM_FILE environment variable is not set or is empty."
+  exit 1
+fi
+
+if [[ -z "$APP_CLIENT_ID" ]]; then
+  echo "[ERROR] CLIENT_ID environment variable is not set or is empty."
+  exit 1
+fi
+
+now=$(date +%s)
+iat=$((${now} - 60)) # Issues 60 seconds in the past
+exp=$((${now} + 600)) # Expires 10 minutes in the future
+
+b64enc() { openssl base64 | tr -d '=' | tr '/+' '_-' | tr -d '\n'; }
+
+header_json='{
+    "typ":"JWT",
+    "alg":"RS256"
+}'
+# Header encode
+header=$( echo -n "${header_json}" | b64enc )
+
+payload_json="{
+    \"iat\":${iat},
+    \"exp\":${exp},
+    \"iss\":\"${APP_CLIENT_ID}\"
+}"
+# Payload encode
+payload=$( echo -n "${payload_json}" | b64enc )
+
+# Signature
+header_payload="${header}"."${payload}"
+signature=$(
+    openssl dgst -sha256 -sign <(echo -n "${APP_PEM_FILE}") \
+    <(echo -n "${header_payload}") | b64enc
+)
+
+# Create JWT
+JWT="${header_payload}"."${signature}"
+
+INSTALLATION_ID=$(curl -X GET \
+    -H "Accept: application/vnd.github+json" \
+    -H "Authorization: Bearer ${JWT}" \
+    -H "X-GitHub-Api-Version: 2022-11-28" \
+    --url "https://api.github.com/app/installations" | jq -r '.[0].id')
+
+PR_TRIGGER_PAT=$(curl --request POST \
+  --url "https://api.github.com/app/installations/${INSTALLATION_ID}/access_tokens" \
+  -H "Accept: application/vnd.github+json" \
+  -H "Authorization: Bearer ${JWT}" \
+  -H "X-GitHub-Api-Version: 2022-11-28" | jq -r '.token')
+
 # Set default values if not provided
 if [[ -z "$PR_TRIGGER_PAT" ]]; then
   echo "[ERROR] PR_TRIGGER_PAT environment variable is not set or is empty."

.github/workflows/cicd-3-deploy.yaml

@@ -101,37 +101,15 @@ jobs:
         env:
           GH_TOKEN: ${{ github.token }}
         run: |
-          gh release download ${{steps.get-asset-version.outputs.release_version}} -p sdk-swagger-docs-*.tar --output artifact.tar
+          gh release download ${{steps.get-asset-version.outputs.release_version}} -p jekyll-docs-*.tar --output artifact.tar
 
       - uses: actions/upload-artifact@v4
         with:
-          name: sdk-swagger-docs-${{steps.get-asset-version.outputs.release_version}}
+          name: jekyll-docs-${{steps.get-asset-version.outputs.release_version}}
           path: artifact.tar
 
       - name: Deploy to GitHub Pages
         id: deployment
         uses: actions/deploy-pages@v4
         with:
-          artifact_name: sdk-swagger-docs-${{steps.get-asset-version.outputs.release_version}}
-
-
-      ### BELOW WAS THE DEFAULT USING THE JEKYLL BUILD
-
-      # - name: "Get release version"
-      #   id: download-asset
-      #   shell: bash
-      #   env:
-      #     GH_TOKEN: ${{ github.token }}
-      #   run: |
-      #     gh release download ${{steps.get-asset-version.outputs.release_version}} -p jekyll-docs-*.tar --output artifact.tar
-
-      # - uses: actions/upload-artifact@v4
-      #   with:
-      #     name: jekyll-docs-${{steps.get-asset-version.outputs.release_version}}
-      #     path: artifact.tar
-
-      # - name: Deploy to GitHub Pages
-      #   id: deployment
-      #   uses: actions/deploy-pages@v4
-      #   with:
-      #     artifact_name: jekyll-docs-${{steps.get-asset-version.outputs.release_version}}
+          artifact_name: jekyll-docs-${{steps.get-asset-version.outputs.release_version}}

.github/workflows/manual-proxy-environment-deploy.yaml

@@ -78,7 +78,8 @@ jobs:
         env:
           PROXYGEN_API_NAME: nhs-notify-supplier
           PR_NUMBER: ${{ steps.pr_exists.outputs.pr_number }}
-          PR_TRIGGER_PAT: ${{ secrets.PR_TRIGGER_PAT }}
+          APP_CLIENT_ID: ${{ secrets.APP_CLIENT_ID }}
+          APP_PEM_FILE: ${{ secrets.APP_PEM_FILE }}
         uses: ./.github/actions/build-proxies
         with:
           environment: "${{ env.ENVIRONMENT }}"

.github/workflows/pr_closed.yaml

@@ -52,7 +52,8 @@ jobs:
 
       - name: Updating Main Environment
         env:
-          PR_TRIGGER_PAT: ${{ secrets.PR_TRIGGER_PAT }}
+          APP_CLIENT_ID: ${{ secrets.APP_CLIENT_ID }}
+          APP_PEM_FILE: ${{ secrets.APP_PEM_FILE }}
         run: |
           bash .github/scripts/dispatch_internal_repo_workflow.sh \
             --releaseVersion "main" \

.github/workflows/pr_create_dynamic_env.yaml

@@ -21,7 +21,8 @@ jobs:
       - uses: actions/[email protected]
       - name: Trigger dynamic environment creation
         env:
-          PR_TRIGGER_PAT: ${{ secrets.PR_TRIGGER_PAT }}
+          APP_CLIENT_ID: ${{ secrets.APP_CLIENT_ID }}
+          APP_PEM_FILE: ${{ secrets.APP_PEM_FILE }}
         shell: bash
         run: |
           .github/scripts/dispatch_internal_repo_workflow.sh \

.github/workflows/pr_destroy_dynamic_env.yaml

@@ -18,7 +18,8 @@ jobs:
 
       - name: Trigger dynamic environment destruction
         env:
-          PR_TRIGGER_PAT: ${{ secrets.PR_TRIGGER_PAT }}
+          APP_CLIENT_ID: ${{ secrets.APP_CLIENT_ID }}
+          APP_PEM_FILE: ${{ secrets.APP_PEM_FILE }}
         shell: bash
         run: |
           .github/scripts/dispatch_internal_repo_workflow.sh \