CCM-10294: standardise cicd tests

mark-r-bjss · mark-r-bjss · commit 7d61983dda27 · 2025-06-20T07:00:07.000+01:00
diff --git a/.github/workflows/cicd-1-pull-request.yaml b/.github/workflows/cicd-1-pull-request.yaml
@@ -96,12 +96,4 @@ jobs:
     name: "Acceptance stage"
     needs: [metadata, test-stage]
     uses: ./.github/workflows/stage-4-acceptance.yaml
-    with:
-      build_datetime: "${{ needs.metadata.outputs.build_datetime }}"
-      build_timestamp: "${{ needs.metadata.outputs.build_timestamp }}"
-      build_epoch: "${{ needs.metadata.outputs.build_epoch }}"
-      nodejs_version: "${{ needs.metadata.outputs.nodejs_version }}"
-      python_version: "${{ needs.metadata.outputs.python_version }}"
-      terraform_version: "${{ needs.metadata.outputs.terraform_version }}"
-      version: "${{ needs.metadata.outputs.version }}"
     secrets: inherit
diff --git a/.github/workflows/stage-4-acceptance.yaml b/.github/workflows/stage-4-acceptance.yaml
@@ -1,256 +1,58 @@
-name: "Acceptance stage"
+name: Acceptance stage
 
 on:
   workflow_call:
-    inputs:
-      build_datetime:
-        description: "Build datetime, set by the CI/CD pipeline workflow"
-        required: true
-        type: string
-      build_timestamp:
-        description: "Build timestamp, set by the CI/CD pipeline workflow"
-        required: true
-        type: string
-      build_epoch:
-        description: "Build epoch, set by the CI/CD pipeline workflow"
-        required: true
-        type: string
-      nodejs_version:
-        description: "Node.js version, set by the CI/CD pipeline workflow"
-        required: true
-        type: string
-      python_version:
-        description: "Python version, set by the CI/CD pipeline workflow"
-        required: true
-        type: string
-      terraform_version:
-        description: "Terraform version, set by the CI/CD pipeline workflow"
-        required: true
-        type: string
-      version:
-        description: "Version of the software, set by the CI/CD pipeline workflow"
-        required: true
-        type: string
-
-env:
-  AWS_REGION: eu-west-2
 
 permissions:
-  id-token: write # This is required for requesting the JWT
-  contents: read  # This is required for actions/checkout
+  id-token: write
+  contents: read
 
 jobs:
   sandbox-set-up:
-    name: "Sandbox set up"
-    runs-on: ubuntu-latest
-    environment: dev
-    timeout-minutes: 15
-    steps:
-      - uses: hashicorp/setup-terraform@v3
-      - uses: asdf-vm/actions/setup@v3
-      - name: "Checkout code"
-        uses: actions/checkout@v4
-      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v4
-        with:
-          role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.AWS_ASSUME_ROLE_NAME }}
-          role-session-name: templates-ci-sandbox-setup
-          aws-region: ${{ env.AWS_REGION }}
-      - name: "Get normalized branch name"
-        id: normalize_branch_name
-        uses: ./.github/actions/normalize-branch-name
-      - name: "Create Backend sandbox"
-        run: |
-          npm run create-backend-sandbox ${{ steps.normalize_branch_name.outputs.normalized_branch_name }}
-      - uses: actions/upload-artifact@v4
-        with:
-          name: sandbox_tf_outputs.json
-          path: sandbox_tf_outputs.json
-      - uses: actions/upload-artifact@v4
-        with:
-          name: amplify_outputs.json
-          path: ./frontend/amplify_outputs.json
-  test-security:
-    name: "Security test"
-    runs-on: ubuntu-latest
-    needs: [sandbox-set-up]
-    timeout-minutes: 10
-    steps:
-      - name: "Checkout code"
-        uses: actions/checkout@v4
-      - name: "Run security test"
-        run: |
-          make test-security
-      - name: "Save result"
-        run: |
-          echo "Nothing to save"
-  test-accessibility:
-    name: "Accessibility test"
-    runs-on: ubuntu-latest
-    needs: [sandbox-set-up]
-    environment: dev
-    timeout-minutes: 10
-    steps:
-      - name: "Checkout code"
-        uses: actions/checkout@v4
-      - uses: actions/download-artifact@v4
-        with:
-          name: sandbox_tf_outputs.json
-          path: ./
-      - uses: actions/download-artifact@v4
-        with:
-          name: amplify_outputs.json
-          path: ./frontend
-      - name: "Repo setup"
-        run: |
-          npm ci
-      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v4
-        with:
-          role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.AWS_ASSUME_ROLE_NAME }}
-          role-session-name: templates-ci-accessibility-tests
-          aws-region: eu-west-2
-      - name: "Run accessibility test"
-        run: make test-accessibility
-      - name: Archive accessibility results
-        uses: actions/upload-artifact@v4
-        with:
-          name: accessibility
-          path: ".reports/accessibility"
-  test-ui-component:
-    name: "UI Component test"
-    runs-on: ubuntu-latest
-    needs: [sandbox-set-up]
-    environment: dev
-    timeout-minutes: 10
-    steps:
-      - name: "Checkout code"
-        uses: actions/checkout@v4
-      - uses: actions/download-artifact@v4
-        with:
-          name: sandbox_tf_outputs.json
-          path: ./
-      - uses: actions/download-artifact@v4
-        with:
-          name: amplify_outputs.json
-          path: ./frontend
-      - name: "Repo setup"
-        run: |
-          npm ci
-      - name: Install Playwright Browsers
-        run: npx playwright install --with-deps
-      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v4
-        with:
-          role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.AWS_ASSUME_ROLE_NAME }}
-          role-session-name: templates-ci-component-tests
-          aws-region: eu-west-2
-      - name: "Run ui component test"
-        run: |
-          cd tests/test-team
-          npm run test:local-ui
-      - name: Archive component test results
-        if: success() || failure()
-        uses: actions/upload-artifact@v4
-        with:
-          name: component test report
-          path: "tests/test-team/playwright-report"
-  test-api:
-    name: "API test"
-    runs-on: ubuntu-latest
-    needs: [sandbox-set-up]
-    environment: dev
-    timeout-minutes: 10
-    steps:
-      - name: "Checkout code"
-        uses: actions/checkout@v4
-      - uses: actions/download-artifact@v4
-        with:
-          name: sandbox_tf_outputs.json
-          path: './'
-      - uses: actions/download-artifact@v4
-        with:
-          name: amplify_outputs.json
-          path: ./frontend
-      - name: "Repo setup"
-        run: |
-          npm ci
-      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v4
-        with:
-          role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.AWS_ASSUME_ROLE_NAME }}
-          role-session-name: templates-ci-api-tests
-          aws-region: eu-west-2
-      - name: "Run API test"
-        run: |
-          cd tests/test-team
-          npm run test:api
-      - name: Archive API test results
-        uses: actions/upload-artifact@v4
-        with:
-          name: API test report
-          path: "tests/test-team/playwright-report"
-  test-e2e:
-    name: "E2E test"
-    runs-on: ubuntu-latest
-    needs: [sandbox-set-up]
-    environment: dev
-    timeout-minutes: 10
-    steps:
-      - name: "Checkout code"
-        uses: actions/checkout@v4
-      - uses: actions/download-artifact@v4
-        with:
-          name: sandbox_tf_outputs.json
-          path: ./
-      - uses: actions/download-artifact@v4
-        with:
-          name: amplify_outputs.json
-          path: ./frontend
-      - name: "Repo setup"
-        run: |
-          npm ci
-      - name: Install Playwright Browsers
-        run: npx playwright install --with-deps
-      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v4
-        with:
-          role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.AWS_ASSUME_ROLE_NAME }}
-          role-session-name: templates-ci-e2e-tests
-          aws-region: eu-west-2
-      - name: "Run E2E test"
-        run:
-          npm -w tests/test-team run test:e2e
-      - name: Archive e2e test results
-        if: success() || failure()
-        uses: actions/upload-artifact@v4
-        with:
-          name: e2e test report
-          path: "tests/test-team/playwright-report"
+    name: Step 1
+    uses: ./.github/workflows/dispatch_internal_repo_workflow.yaml
+    secrets: inherit
+    with:
+      jobName: Sandbox set up
+      infraRepoName: nhs-notify-template-management
+      releaseVersion: ${{ github.head_ref || github.ref_name }}
+      targetWorkflow: dispatch-deploy-dynamic-env.yaml
+      targetEnvironment: pr${{ github.event.number }}
+      targetAccountGroup: nhs-notify-template-management-dev
+      targetComponent: sandbox
+      terraformAction: apply
+
+  acceptance-tests:
+    name: Step 2
+    needs: sandbox-set-up
+
+    # Calls out to the nhs-notify-internal repo.
+    # The nhs-notify-internal repo will run the tests
+    # setup in ./.github/actions/acceptance-tests/action.yaml
+    uses: ./.github/workflows/dispatch_internal_repo_workflow.yaml
+    secrets: inherit
+    with:
+      jobName: Acceptance tests
+      infraRepoName: nhs-notify-template-management
+      releaseVersion: ${{ github.head_ref || github.ref_name }}
+      targetWorkflow: dispatch-acceptance-tests-dynamic-env.yaml
+      targetEnvironment: pr${{ github.event.number }}
+      targetAccountGroup: nhs-notify-template-management-dev
+      targetComponent: sandbox
+
   sandbox-tear-down:
-    name: "Sandbox tear down"
-    if: success() || failure()
-    runs-on: ubuntu-latest
-    needs:
-      - test-accessibility
-      - test-ui-component
-      - test-api
-      - test-e2e
-    environment: dev
-    steps:
-      - uses: hashicorp/setup-terraform@v3
-      - uses: asdf-vm/actions/setup@v3
-      - name: "Checkout code"
-        uses: actions/checkout@v4
-      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v4
-        with:
-          role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.AWS_ASSUME_ROLE_NAME }}
-          role-session-name: templates-ci-sandbox-teardown
-          aws-region: eu-west-2
-      - name: "Get normalized branch name"
-        id: normalize_branch_name
-        uses: ./.github/actions/normalize-branch-name
-      - name: "Destroy Backend sandbox"
-        run: |
-          npm run destroy-backend-sandbox ${{ steps.normalize_branch_name.outputs.normalized_branch_name }}
+    name: Step 3
+    needs: acceptance-tests
+    if: always()
+
+    uses: ./.github/workflows/dispatch_internal_repo_workflow.yaml
+    secrets: inherit
+    with:
+      jobName: Sandbox tear down
+      infraRepoName: nhs-notify-template-management
+      releaseVersion: ${{ github.head_ref || github.ref_name }}
+      targetWorkflow: dispatch-deploy-dynamic-env.yaml
+      targetEnvironment: pr${{ github.event.number }}
+      targetAccountGroup: nhs-notify-template-management-dev
+      targetComponent: sandbox
+      terraformAction: destroy
