CCM-10294: review

mark-r-bjss · mark-r-bjss · commit cbbd317d2b3b · 2025-07-01T11:10:00.000+01:00
diff --git a/.github/workflows/pr_closed.yaml b/.github/workflows/pr_closed.yaml
@@ -0,0 +1,56 @@
+name: PR Closed
+
+on:
+  workflow_dispatch:
+  pull_request:
+    types: [closed]
+    branches:
+      - main
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: false
+
+jobs:
+  check-merge-or-workflow-dispatch:
+    runs-on: ubuntu-latest
+    outputs:
+      deploy: ${{ steps.check.outputs.deploy }}
+    steps:
+      - name: Check if PR was merged or workflow is triggered by workflow_dispatch
+        id: check
+        run: |
+          if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then
+            echo "deploy=true" >> $GITHUB_OUTPUT
+            echo "Job triggered by workflow_dispatch - running 'deploy-main'"
+          elif [[ "${{ github.event_name }}" == "pull_request" && "${{ github.event.pull_request.merged }}" == "true" ]]; then
+            echo "deploy=true" >> $GITHUB_OUTPUT
+            echo "Job triggered by Merged PR - running 'deploy-main'"
+          else
+            echo "deploy=false" >> $GITHUB_OUTPUT
+            echo "Job not triggered by workflow_dispatch or Merged PR - Skipping 'deploy-main'"
+          fi
+
+  deploy-main:
+    needs: check-merge-or-workflow-dispatch
+    name: Deploy changes to main in dev AWS account
+    if: needs.check-merge-or-workflow-dispatch.outputs.deploy == 'true'
+
+    permissions:
+      id-token: write
+      contents: read
+
+    strategy:
+      max-parallel: 1
+      matrix:
+        component: [acct, app]
+
+    uses: ./.github/workflows/reusable_internal_repo_build.yaml
+    secrets: inherit
+    with:
+      releaseVersion: main
+      targetWorkflow: "dispatch-deploy-static-notify-web-template-management-env.yaml"
+      targetEnvironment: "main"
+      targetAccountGroup: "nhs-notify-template-management-dev"
+      targetComponent: ${{ matrix.component }}
+      terraformAction: "apply"
diff --git a/.github/workflows/pr_create_dynamic_env.yaml b/.github/workflows/pr_create_dynamic_env.yaml
@@ -0,0 +1,50 @@
+
+name: PR Create Environment
+
+on:
+  pull_request:
+    types: [labeled, opened, synchronize, reopened, unlabeled, edited]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: false
+
+jobs:
+  create-dynamic-environment:
+    name: Create Dynamic Environment
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Trigger nhs-notify-internal dynamic environment workflow
+        shell: bash
+        run: |
+          set -x
+          this_repo_name=$(echo ${{ github.repository }} | cut -d'/' -f2)
+
+          DISPATCH_EVENT=$(jq -ncM \
+            --arg infraRepoName "${this_repo_name}" \
+            --arg releaseVersion "${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" \
+            --arg targetEnvironment "pr${{ github.event.number }}" \
+            --arg targetAccountGroup "nhs-notify-template-management-dev" \
+            --arg targetComponent "branch" \
+            --arg terraformAction "apply" \
+            --arg overrides "branch_name=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" \
+            '{ "ref": "main",
+              "inputs": {
+                "infraRepoName": $infraRepoName,
+                "releaseVersion", $releaseVersion,
+                "targetEnvironment", $targetEnvironment,
+                "targetAccountGroup", $targetAccountGroup,
+                "targetComponent", $targetComponent,
+                "terraformAction", $terraformAction,
+                "overrides", $overrides,
+              }
+            }')
+
+          curl --fail -L \
+            -X POST \
+            -H "Accept: application/vnd.github+json" \
+            -H "Authorization: Bearer ${{ secrets.PR_TRIGGER_PAT }}" \
+            -H "X-GitHub-Api-Version: 2022-11-28" \
+            https://api.github.com/repos/NHSDigital/nhs-notify-internal/actions/workflows/dispatch-deploy-dynamic-env.yaml/dispatches \
+            -d "${DISPATCH_EVENT}"
diff --git a/.github/workflows/pr_destroy_dynamic_env.yaml b/.github/workflows/pr_destroy_dynamic_env.yaml
@@ -0,0 +1,47 @@
+name: PR Destroy Environment
+
+on:
+  pull_request:
+    types: [closed]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: false
+
+jobs:
+  create-dynamic-environment:
+    name: Destroy Dynamic Environment
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Trigger nhs-notify-internal dynamic environment destruction
+        shell: bash
+        run: |
+          set -x
+          this_repo_name=$(echo ${{ github.repository }} | cut -d'/' -f2)
+
+          DISPATCH_EVENT=$(jq -ncM \
+            --arg infraRepoName "${this_repo_name}" \
+            --arg releaseVersion "main" \
+            --arg targetEnvironment "pr${{ github.event.number }}" \
+            --arg targetAccountGroup "nhs-notify-template-management-dev" \
+            --arg targetComponent "branch" \
+            --arg terraformAction "destroy" \
+            '{ "ref": "main",
+              "inputs": {
+                "infraRepoName": $infraRepoName,
+                "releaseVersion", $releaseVersion,
+                "targetEnvironment", $targetEnvironment,
+                "targetAccountGroup", $targetAccountGroup,
+                "targetComponent", $targetComponent,
+                "terraformAction", $terraformAction,
+              }
+            }')
+
+          curl --fail -L \
+            -X POST \
+            -H "Accept: application/vnd.github+json" \
+            -H "Authorization: Bearer ${{ secrets.PR_TRIGGER_PAT }}" \
+            -H "X-GitHub-Api-Version: 2022-11-28" \
+            https://api.github.com/repos/NHSDigital/nhs-notify-internal/actions/workflows/dispatch-deploy-dynamic-env.yaml/dispatches \
+            -d "${DISPATCH_EVENT}"
