vaccinations-app/infrastructure/environments/dev/locals.tf at afcb78974867d10a43346d42abe9d6138cb1e613 · NHSDigital/vaccinations-app · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
locals {
  region = "eu-west-2"

  project_identifier           = "vaccinations-app"
  project_identifier_shortcode = "vita"

  domain                    = "vaccinations.nhs.uk"
  sub_domain                = var.is_github_action ? "sandpit" : local.prefix
  environment               = "dev"
  git_branch                = coalesce(data.external.git_branch.result.output, "na")
  deploy_workspace          = var.is_github_action ? "gh" : terraform.workspace
  prefix                    = "${local.deploy_workspace}-${local.project_identifier_shortcode}-${data.aws_caller_identity.current.account_id}"
  open_next_path            = "../../../.open-next"
  node_version              = "nodejs22.x"
  log_retention_in_days     = 7
  cache_lambda_zip_path     = "../../../lambda.zip"
  content_cache_bucket_name = "${local.prefix}-content-cache"
  app_version               = var.app_version
  alarms_slack_channel_id   = var.alarms_slack_channel_id

  # Splunk
  python_version               = "python3.13" # Transformer lambda runtime
  splunk_log_retention_in_days = 7

  application_environment_variables = {
    SECRET_PREFIX = "/${local.project_identifier_shortcode}/"

    PINO_LOG_LEVEL      = "info"
    DEPLOY_ENVIRONMENT  = local.environment
    PROFILE_PERFORMANCE = "true"

    CONTENT_API_ENDPOINT                     = "https://int.api.service.nhs.uk/"
    CONTENT_CACHE_PATH                       = "s3://${local.content_cache_bucket_name}"
    CONTENT_CACHE_IS_CHANGE_APPROVAL_ENABLED = false

    NHS_LOGIN_URL              = "https://auth.sandpit.signin.nhs.uk"
    NHS_LOGIN_SCOPE            = "openid profile"
    NHS_APP_REDIRECT_LOGIN_URL = "https://www-onboardingsandpit.nhsapp.service.nhs.uk/login?redirect_to=index"

    MAX_SESSION_AGE_MINUTES = 59

    ELIGIBILITY_API_ENDPOINT = "https://sandbox.api.service.nhs.uk/"
    IS_APIM_AUTH_ENABLED     = false

    AUTH_TRUST_HOST = "true"
    APP_VERSION     = local.app_version

    NBS_URL          = "https://f.nhswebsite-integration.nhs.uk/nbs"
    NBS_BOOKING_PATH = "/nhs-app/vita"

    SECRETS_MANAGER_TTL                    = 300
    PARAMETERS_SECRETS_EXTENSION_LOG_LEVEL = "INFO"

    CAMPAIGNS = file("${path.module}/campaigns.json")
  }

  default_tags = {
    ManagedBy   = "Terraform"
    Project     = local.project_identifier
    Environment = local.environment
  }
}

resource "null_resource" "check_workspace" {
  lifecycle {
    precondition {
      condition     = var.is_github_action || terraform.workspace != "default"
      error_message = <<EOT
  ❌ Default workspace is not allowed locally. It is reserved for GitHub actions.
  ✅ Please switch to a named workspace like this (replace <name> with your workspace):
  ( cd infrastructure/environments/dev; terraform workspace select <name>; terraform workspace list )
  EOT
    }
  }
}