diff --git a/.github/actions/build-oas-spec/action.yml b/.github/actions/build-oas-spec/action.yml new file mode 100644 index 00000000..12679a0a --- /dev/null +++ b/.github/actions/build-oas-spec/action.yml @@ -0,0 +1,68 @@ +name: "Build OAS Spec" +description: "Build OAS Spec" + +inputs: + version: + description: "Version number" + required: true + apimEnv: + description: "APIM environment" + required: true + buildSandbox: + description: "Whether to build the sandbox OAS spec" + required: false + default: false + nodejs_version: + description: "Node.js version, set by the CI/CD pipeline workflow" + required: true + NODE_AUTH_TOKEN: + description: "Token for access to github package registry" + required: true + +runs: + using: composite + + steps: + - name: Checkout + uses: actions/checkout@v4 + - uses: actions/setup-node@v4 + with: + node-version: ${{ inputs.nodejs_version }} + registry-url: 'https://npm.pkg.github.com' + + - name: "Cache node_modules" + uses: actions/cache@v4 + with: + path: | + **/node_modules + key: ${{ runner.os }}-node-${{ inputs.nodejs_version }}-${{ hashFiles('**/package-lock.json') }} + restore-keys: | + ${{ runner.os }}-node-${{ inputs.nodejs_version }}- + + - name: Npm install + working-directory: . + env: + NODE_AUTH_TOKEN: ${{ inputs.NODE_AUTH_TOKEN }} + run: npm ci + shell: bash + + - name: Build ${{ inputs.apimEnv }} oas + working-directory: . + env: + APIM_ENV: ${{ inputs.apimEnv }} + shell: bash + run: | + if [ ${{ env.APIM_ENV }} == "internal-dev-sandbox" ] && [ ${{ inputs.buildSandbox }} == true ] + then + echo "Building sandbox OAS spec" + make build-json-oas-spec APIM_ENV=sandbox + else + echo "Building env specific OAS spec" + make build-json-oas-spec APIM_ENV=${{ env.APIM_ENV }} + fi + + - name: Upload API OAS specification artifact + uses: actions/upload-artifact@v4 + with: + path: "build" + name: api-oas-specification-${{ inputs.apimEnv }}${{ inputs.version != '' && format('-{0}', inputs.version) || '' }} diff --git a/.github/actions/build-proxies/action.yml b/.github/actions/build-proxies/action.yml index 5dcb872d..9b91369f 100644 --- a/.github/actions/build-proxies/action.yml +++ b/.github/actions/build-proxies/action.yml @@ -8,6 +8,10 @@ inputs: releaseVersion: description: "Release, tag, branch, or commit ID to be used for deployment" required: true + isRelease: + description: "True if releaseVersion is a release tag (if set, downloads from release assets instead of workflow artifacts)" + required: false + default: false environment: description: "Deployment environment" required: true @@ -25,39 +29,33 @@ inputs: description: "Name of the Component to deploy" required: true default: 'api' - nodejs_version: - description: "Node.js version, set by the CI/CD pipeline workflow" - required: true - NODE_AUTH_TOKEN: - description: "Token for access to github package registry" - required: true runs: using: composite steps: - - name: Checkout - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 + - name: Download OAS Spec artifact from workflow + if: ${{ inputs.isRelease == 'false' }} + uses: actions/download-artifact@v4 with: - node-version: ${{ inputs.nodejs_version }} - registry-url: 'https://npm.pkg.github.com' - - - name: "Cache node_modules" - uses: actions/cache@v4 - with: - path: | - **/node_modules - key: ${{ runner.os }}-node-${{ inputs.nodejs_version }}-${{ hashFiles('**/package-lock.json') }} - restore-keys: | - ${{ runner.os }}-node-${{ inputs.nodejs_version }}- + name: api-oas-specification-${{ inputs.apimEnv }}${{ inputs.version != '' && format('-{0}', inputs.version) || '' }} + path: ./build - - name: Npm install - working-directory: . - env: - NODE_AUTH_TOKEN: ${{ inputs.NODE_AUTH_TOKEN }} - run: npm ci + - name: Download OAS Spec artifact from release + if: ${{ inputs.isRelease == 'true' }} shell: bash + run: | + mkdir ./build + ASSET_PATTERN="api-oas-specification-${{ inputs.apimEnv }}-*.zip" + gh release download "${{ inputs.releaseVersion }}" \ + --pattern "$ASSET_PATTERN" \ + --dir ./build + # Unzip the downloaded file (there should be exactly one match) + ASSET_FILE=$(ls ./build/api-oas-specification-${{ inputs.apimEnv }}-*.zip) + unzip "$ASSET_FILE" -d ./build + rm "$ASSET_FILE" + env: + GH_TOKEN: ${{ github.token }} - name: Setup Proxy Name and target shell: bash @@ -87,21 +85,10 @@ runs: echo "MTLS_NAME=notify-supplier-mtls-pr$PR_NUMBER" >> $GITHUB_ENV fi - - name: Build ${{ inputs.apimEnv }} oas - working-directory: . - env: - APIM_ENV: ${{ inputs.apimEnv }} + - name: Set APIM_ENV shell: bash run: | - if [ ${{ env.APIM_ENV }} == "internal-dev-sandbox" ] && [ ${{ inputs.buildSandbox }} == true ] - then - echo "Building sandbox OAS spec" - make build-json-oas-spec APIM_ENV=sandbox - else - echo "Building env specific OAS spec" - make build-json-oas-spec APIM_ENV=${{ env.APIM_ENV }} - fi - + APIM_ENV="${{ inputs.apimEnv }}" if [[ $APIM_ENV == *-pr ]]; then echo "Removing pr suffix from APIM_ENV after building OAS and calling proxygen" APIM_ENV=$(echo "$APIM_ENV" | sed 's/-pr$//') diff --git a/.github/actions/build-sdk/action.yml b/.github/actions/build-sdk/action.yml index 1231b2c2..567d33c8 100644 --- a/.github/actions/build-sdk/action.yml +++ b/.github/actions/build-sdk/action.yml @@ -55,12 +55,6 @@ runs: run: | make build VERSION="${{ inputs.version }}" - - name: Upload API OAS specification artifact - uses: actions/upload-artifact@v4 - with: - path: "build" - name: api-oas-specification-${{ inputs.version }} - - name: Upload html artifact uses: actions/upload-artifact@v4 with: diff --git a/.github/workflows/manual-proxy-environment-deploy.yaml b/.github/workflows/manual-proxy-environment-deploy.yaml index c8ca20fe..d5e50230 100644 --- a/.github/workflows/manual-proxy-environment-deploy.yaml +++ b/.github/workflows/manual-proxy-environment-deploy.yaml @@ -77,6 +77,13 @@ jobs: echo "ENVIRONMENT=$ENVIRONMENT" >> $GITHUB_ENV echo "APIM_ENV=$APIM_ENV" >> $GITHUB_ENV + - name: "Build OAS spec" + uses: ./.github/actions/build-oas-spec + with: + apimEnv: "${{ env.APIM_ENV }}" + buildSandbox: ${{ inputs.build_sandbox }} + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - name: "Build proxies" env: PROXYGEN_API_NAME: nhs-notify-supplier @@ -90,4 +97,3 @@ jobs: runId: "${{ github.run_id }}" buildSandbox: ${{ inputs.build_sandbox }} releaseVersion: ${{ github.ref_name }} - NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/release_created.yaml b/.github/workflows/release_created.yaml index 7960e23c..1bb3a60a 100644 --- a/.github/workflows/release_created.yaml +++ b/.github/workflows/release_created.yaml @@ -17,11 +17,6 @@ jobs: id-token: write contents: read - strategy: - max-parallel: 1 - matrix: - component: [api] - steps: - name: Checkout repository uses: actions/checkout@v5 @@ -36,5 +31,32 @@ jobs: --targetWorkflow "dispatch-deploy-static-notify-supplier-api-env.yaml" \ --targetEnvironment "main" \ --targetAccountGroup "nhs-notify-supplier-api-nonprod" \ - --targetComponent "${{ matrix.component }}" \ + --targetComponent "api" \ --terraformAction "apply" + deploy-proxy: + name: "Deploy proxy" + runs-on: ubuntu-latest + timeout-minutes: 10 + + permissions: + id-token: write + contents: read + actions: read + + env: + PROXYGEN_API_NAME: nhs-notify-supplier + APP_CLIENT_ID: ${{ secrets.APP_CLIENT_ID }} + APP_PEM_FILE: ${{ secrets.APP_PEM_FILE }} + + steps: + - name: "Checkout code" + uses: actions/checkout@v5 + + - name: "Build proxies" + uses: ./.github/actions/build-proxies + with: + environment: "main" + apimEnv: "int" + runId: "${{ github.run_id }}" + releaseVersion: "${{ github.event.release.tag_name }}" + isRelease: true diff --git a/.github/workflows/stage-3-build.yaml b/.github/workflows/stage-3-build.yaml index 474b9094..31a4f1e0 100644 --- a/.github/workflows/stage-3-build.yaml +++ b/.github/workflows/stage-3-build.yaml @@ -55,9 +55,47 @@ jobs: version: "${{ inputs.version }}" NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + artefact-oas-spec: + name: "Build OAS spec (${{ matrix.apimEnv }})" + runs-on: ubuntu-latest + needs: [artefact-jekyll-docs] + timeout-minutes: 10 + strategy: + matrix: + apimEnv: [internal-dev-pr, internal-dev, int, ref, prod] + steps: + - name: "Checkout code" + uses: actions/checkout@v5 + - name: "Build OAS spec" + uses: ./.github/actions/build-oas-spec + with: + version: "${{ inputs.version }}" + apimEnv: "${{ matrix.apimEnv }}" + buildSandbox: false + nodejs_version: ${{ inputs.nodejs_version }} + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + artefact-oas-spec-sandbox: + name: "Build OAS spec for sandbox" + runs-on: ubuntu-latest + needs: [artefact-jekyll-docs] + timeout-minutes: 10 + steps: + - name: "Checkout code" + uses: actions/checkout@v5 + - name: "Build proxies" + uses: ./.github/actions/build-oas-spec + with: + version: "${{ inputs.version }}" + apimEnv: "internal-dev-sandbox" + buildSandbox: true + nodejs_version: ${{ inputs.nodejs_version }} + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + artefact-sdks: name: "Build SDKs" runs-on: ubuntu-latest + needs: [artefact-oas-spec] timeout-minutes: 10 steps: - name: "Checkout code" @@ -94,6 +132,7 @@ jobs: pr-create-dynamic-environment: name: Create Dynamic Environment runs-on: ubuntu-latest + if: inputs.pr_number != '' steps: - uses: actions/checkout@v5 - name: Trigger dynamic environment creation @@ -117,7 +156,8 @@ jobs: artefact-proxies: name: "Build proxies" runs-on: ubuntu-latest - needs: [pr-create-dynamic-environment] + if: inputs.pr_number != '' + needs: [artefact-oas-spec-sandbox, pr-create-dynamic-environment] timeout-minutes: 10 env: PROXYGEN_API_NAME: nhs-notify-supplier @@ -136,5 +176,3 @@ jobs: runId: "${{ github.run_id }}" buildSandbox: true releaseVersion: ${{ github.head_ref || github.ref_name }} - nodejs_version: ${{ inputs.nodejs_version }} - NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/stage-5-publish.yaml b/.github/workflows/stage-5-publish.yaml index 1bf1ac45..a27541fe 100644 --- a/.github/workflows/stage-5-publish.yaml +++ b/.github/workflows/stage-5-publish.yaml @@ -40,6 +40,9 @@ jobs: name: "Publish packages" runs-on: ubuntu-latest timeout-minutes: 10 + outputs: + release_id: ${{ steps.create_release.outputs.id }} + upload_url: ${{ steps.create_release.outputs.upload_url }} steps: - name: "Checkout code" @@ -87,12 +90,6 @@ jobs: path: ./artifacts/sdk-csharp-${{ inputs.version }} name: sdk-csharp-${{ inputs.version }} - - name: "Get the artefacts 8" - uses: actions/download-artifact@v6 - with: - path: ./artifacts/api-oas-specification-${{ inputs.version }} - name: api-oas-specification-${{ inputs.version }} - # Take out for now - might add again in the future # - name: "Get the artefacts 9" # uses: actions/download-artifact@v6 @@ -207,22 +204,6 @@ jobs: asset_name: sdk-csharp-${{ inputs.version }}.zip asset_content_type: "application/gzip" - - name: "zip api OAS specification release asset" - # GitHub pages needs a single tar called artifact inside the zip. - working-directory: ./artifacts/api-oas-specification-${{ inputs.version }} - run: zip -r ../api-oas-specification-${{ inputs.version }}.zip . - shell: bash - - - name: "Upload api OAS specification release asset" - uses: actions/upload-release-asset@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - upload_url: "${{ steps.create_release.outputs.upload_url }}" - asset_path: ./artifacts/api-oas-specification-${{ inputs.version }}.zip - asset_name: api-oas-specification-${{ inputs.version }}.zip - asset_content_type: "application/gzip" - # Take out for now - might add again in the future # - name: "zip csharp server release asset" # # GitHub pages needs a single tar called artifact inside the zip. @@ -241,6 +222,36 @@ jobs: # asset_name: server-csharp-${{ inputs.version }}.zip # asset_content_type: "application/gzip" + publish-oas-specs: + name: "Publish OAS spec (${{ matrix.apimEnv }})" + runs-on: ubuntu-latest + needs: [publish] + timeout-minutes: 10 + strategy: + matrix: + apimEnv: [internal-dev, int, ref, prod] + steps: + - name: "Download OAS spec artifact" + uses: actions/download-artifact@v6 + with: + path: ./artifacts/api-oas-specification-${{ matrix.apimEnv }}-${{ inputs.version }} + name: api-oas-specification-${{ matrix.apimEnv }}-${{ inputs.version }} + + - name: "Zip OAS specification" + working-directory: ./artifacts/api-oas-specification-${{ matrix.apimEnv }}-${{ inputs.version }} + run: zip -r ../api-oas-specification-${{ matrix.apimEnv }}-${{ inputs.version }}.zip . + shell: bash + + - name: "Upload OAS specification release asset" + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + upload_url: ${{ needs.publish.outputs.upload_url }} + asset_path: ./artifacts/api-oas-specification-${{ matrix.apimEnv }}-${{ inputs.version }}.zip + asset_name: api-oas-specification-${{ matrix.apimEnv }}-${{ inputs.version }}.zip + asset_content_type: "application/zip" + # Take out for now - might add again in the future # ### PUBLISH DOCKER - THIS NEEDS CHANGING TO DO THE DOCKER BUILD IN THE BUILD STAGE AND ARTIFACT IT. SEE publishlibhostdocker below how how and the buildlibs action. # publishdocker: