CCM-13003 Lambda infra #6167

Workflow file for this run

.github/workflows/cicd-1-pull-request.yaml at e997d39

	name: "CI/CD pull request"

	# The total recommended execution time for the "CI/CD Pull Request" workflow is around 20 minutes.

	on:
	push:
	branches:
	- "**"

	concurrency:
	group: ${{ github.workflow }}-${{ github.head_ref \|\| github.ref_name }}
	cancel-in-progress: false

	permissions:
	id-token: write
	contents: write
	packages: read

	jobs:
	metadata:
	name: "Set CI/CD metadata"
	runs-on: ubuntu-latest
	timeout-minutes: 1
	outputs:
	build_datetime_london: ${{ steps.variables.outputs.build_datetime_london }}
	build_datetime: ${{ steps.variables.outputs.build_datetime }}
	build_timestamp: ${{ steps.variables.outputs.build_timestamp }}
	build_epoch: ${{ steps.variables.outputs.build_epoch }}
	nodejs_version: ${{ steps.variables.outputs.nodejs_version }}
	python_version: ${{ steps.variables.outputs.python_version }}
	terraform_version: ${{ steps.variables.outputs.terraform_version }}
	version: ${{ steps.variables.outputs.version }}
	does_pull_request_exist: ${{ steps.pr_exists.outputs.does_pull_request_exist }}
	pr_number: ${{ steps.pr_exists.outputs.pr_number }}
	skip_trivy_package: ${{ steps.skip_trivy.outputs.skip_trivy_package }}
	steps:
	- name: "Checkout code"
	uses: actions/checkout@v5.0.0
	- name: "Set CI/CD variables"
	id: variables
	run: \|
	datetime=$(date -u +'%Y-%m-%dT%H:%M:%S%z')
	BUILD_DATETIME=$datetime make version-create-effective-file
	echo "build_datetime_london=$(TZ=Europe/London date --date=$datetime +'%Y-%m-%dT%H:%M:%S%z')" >> $GITHUB_OUTPUT
	echo "build_datetime=$datetime" >> $GITHUB_OUTPUT
	echo "build_timestamp=$(date --date=$datetime -u +'%Y%m%d%H%M%S')" >> $GITHUB_OUTPUT
	echo "build_epoch=$(date --date=$datetime -u +'%s')" >> $GITHUB_OUTPUT
	echo "nodejs_version=$(grep "^nodejs\s" .tool-versions \| cut -f2 -d' ')" >> $GITHUB_OUTPUT
	echo "python_version=$(grep "^python\s" .tool-versions \| cut -f2 -d' ')" >> $GITHUB_OUTPUT
	echo "terraform_version=$(grep "^terraform\s" .tool-versions \| cut -f2 -d' ')" >> $GITHUB_OUTPUT
	echo "version=$(head -n 1 .version 2> /dev/null \|\| echo unknown)" >> $GITHUB_OUTPUT
	- name: "Check if pull request exists for this branch"
	id: pr_exists
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	run: \|
	branch_name=${GITHUB_HEAD_REF:-$(echo $GITHUB_REF \| sed 's#refs/heads/##')}
	echo "Current branch is '$branch_name'"

	pr_json=$(gh pr list --head "$branch_name" --state open --json number --limit 1)
	pr_number=$(echo "$pr_json" \| jq -r '.[0].number // empty')

	if [[ -n "$pr_number" ]]; then
	echo "Pull request exists: #$pr_number"
	echo "does_pull_request_exist=true" >> $GITHUB_OUTPUT
	echo "pr_number=$pr_number" >> $GITHUB_OUTPUT
	else
	echo "Pull request doesn't exist"
	echo "does_pull_request_exist=false" >> $GITHUB_OUTPUT
	echo "pr_number=" >> $GITHUB_OUTPUT
	fi
	- name: "Determine if Trivy package scan should be skipped"
	id: skip_trivy
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	PR_NUMBER: ${{ steps.pr_exists.outputs.pr_number }}
	run: \|
	if [[ -z "$PR_NUMBER" ]]; then
	echo "No pull request detected; Trivy package scan will run."
	echo "skip_trivy_package=false" >> $GITHUB_OUTPUT
	exit 0
	fi

	labels=$(gh pr view "$PR_NUMBER" --json labels --jq '.labels[].name')
	echo "Labels on PR #$PR_NUMBER: $labels"

	if echo "$labels" \| grep -Fxq 'skip-trivy-package'; then
	echo "skip_trivy_package=true" >> $GITHUB_OUTPUT
	else
	echo "skip_trivy_package=false" >> $GITHUB_OUTPUT
	fi
	- name: "List variables"
	run: \|
	export BUILD_DATETIME_LONDON="${{ steps.variables.outputs.build_datetime_london }}"
	export BUILD_DATETIME="${{ steps.variables.outputs.build_datetime }}"
	export BUILD_TIMESTAMP="${{ steps.variables.outputs.build_timestamp }}"
	export BUILD_EPOCH="${{ steps.variables.outputs.build_epoch }}"
	export NODEJS_VERSION="${{ steps.variables.outputs.nodejs_version }}"
	export PYTHON_VERSION="${{ steps.variables.outputs.python_version }}"
	export TERRAFORM_VERSION="${{ steps.variables.outputs.terraform_version }}"
	export VERSION="${{ steps.variables.outputs.version }}"
	export DOES_PULL_REQUEST_EXIST="${{ steps.pr_exists.outputs.does_pull_request_exist }}"
	export IS_VERSION_PRERELEASE="${{ steps.variables.outputs.is_version_prerelease }}"
	make list-variables

	dependencies:
	name: Install / cache dependencies
	needs: [metadata]
	runs-on: ubuntu-latest
	steps:
	- name: "Checkout code"
	uses: actions/checkout@v5.0.0
	- name: "Install / cache node_modules"
	uses: ./.github/actions/node-modules-cache
	with:
	node_version: "${{ inputs.nodejs_version }}"
	skip_restore: true

	commit-stage: # Recommended maximum execution time is 2 minutes
	name: "Commit stage"
	needs: [metadata, dependencies]
	uses: ./.github/workflows/stage-1-commit.yaml
	with:
	build_datetime: "${{ needs.metadata.outputs.build_datetime }}"
	build_timestamp: "${{ needs.metadata.outputs.build_timestamp }}"
	build_epoch: "${{ needs.metadata.outputs.build_epoch }}"
	nodejs_version: "${{ needs.metadata.outputs.nodejs_version }}"
	python_version: "${{ needs.metadata.outputs.python_version }}"
	skip_trivy_package: ${{ needs.metadata.outputs.skip_trivy_package == 'true' }}
	terraform_version: "${{ needs.metadata.outputs.terraform_version }}"
	version: "${{ needs.metadata.outputs.version }}"
	secrets: inherit

	test-stage: # Recommended maximum execution time is 5 minutes
	name: "Test stage"
	needs: [metadata, dependencies, commit-stage]
	uses: ./.github/workflows/stage-2-test.yaml
	with:
	build_datetime: "${{ needs.metadata.outputs.build_datetime }}"
	build_timestamp: "${{ needs.metadata.outputs.build_timestamp }}"
	build_epoch: "${{ needs.metadata.outputs.build_epoch }}"
	nodejs_version: "${{ needs.metadata.outputs.nodejs_version }}"
	python_version: "${{ needs.metadata.outputs.python_version }}"
	terraform_version: "${{ needs.metadata.outputs.terraform_version }}"
	version: "${{ needs.metadata.outputs.version }}"
	secrets: inherit

	pr-create-dynamic-environment:
	name: Create Dynamic Environment
	needs: [metadata, dependencies, commit-stage]
	runs-on: ubuntu-latest
	if: needs.metadata.outputs.does_pull_request_exist == 'true' && github.ref != 'refs/heads/main'
	steps:
	- uses: actions/checkout@v5.0.0
	- name: Trigger dynamic environment creation
	env:
	APP_PEM_FILE: ${{ secrets.APP_PEM_FILE }}
	APP_CLIENT_ID: ${{ secrets.APP_CLIENT_ID }}
	shell: bash
	run: \|
	.github/scripts/dispatch_internal_repo_workflow.sh \
	--infraRepoName "$(echo ${{ github.repository }} \| cut -d'/' -f2)" \
	--releaseVersion "${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" \
	--targetWorkflow "dispatch-deploy-dynamic-env.yaml" \
	--targetEnvironment "pr${{ github.event.number }}" \
	--targetComponent "branch" \
	--targetAccountGroup "nhs-notify-template-management-dev" \
	--terraformAction "apply" \
	--overrides "branch_name=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}"
	acceptance-stage: # Recommended maximum execution time is 10 minutes
	name: "Acceptance stage"
	needs: [metadata, dependencies, test-stage]
	uses: ./.github/workflows/stage-4-acceptance.yaml
	if: needs.metadata.outputs.does_pull_request_exist == 'true' \|\| (github.event_name == 'pull_request' && (github.event.action == 'opened' \|\| github.event.action == 'reopened')) \|\| (github.event_name == 'push' && github.ref == 'refs/heads/main')
	secrets: inherit
	with:
	pr_number: ${{ needs.metadata.outputs.pr_number }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CCM-13003 Lambda infra #6167

Workflow file

CCM-13003 Lambda infra #6167

Uh oh!

Workflow file for this run