From eb71c6e7e166f78593a63b705bcfa36b0103d051 Mon Sep 17 00:00:00 2001 From: adamwhitingnhs Date: Tue, 25 Nov 2025 14:04:24 +0000 Subject: [PATCH 1/2] [PRM-609] Add git ref to app config on deploy --- .github/workflows/deploy-sandbox.yml | 14 ++++- .../app_config/configurations/dev.json | 7 +++ .../app_config/configurations/pre-prod.json | 7 +++ .../app_config/configurations/prod.json | 7 +++ .../app_config/configurations/sandbox.json | 7 +++ scripts/cleanup_sandboxes.py | 57 ++++++++++++++++++- 6 files changed, 95 insertions(+), 4 deletions(-) diff --git a/.github/workflows/deploy-sandbox.yml b/.github/workflows/deploy-sandbox.yml index 1afd9ad57..1d00ec1e2 100644 --- a/.github/workflows/deploy-sandbox.yml +++ b/.github/workflows/deploy-sandbox.yml @@ -107,7 +107,19 @@ jobs: - name: Checkout Branch uses: actions/checkout@v5 with: - ref: ${{ github.event.inputs.git_ref}} + ref: ${{ github.event.inputs.git_ref }} + + - name: Replace versionNumber in app config + run: | + git_ref="${{ github.event.inputs.git_ref }}" + config_file="./modules/app_config/configurations/sandbox.json" + if [[ -f "$config_file" ]]; then + sed -i "s/##GITREF##/${git_ref}/" "$config_file" + else + echo "Configuration file not found: $config_file" + exit 1 + fi + working-directory: ./infrastructure # Checks that all Terraform configuration files adhere to a canonical format. - name: Check Terraform Formatting diff --git a/infrastructure/modules/app_config/configurations/dev.json b/infrastructure/modules/app_config/configurations/dev.json index bf0e95a59..4959f319f 100644 --- a/infrastructure/modules/app_config/configurations/dev.json +++ b/infrastructure/modules/app_config/configurations/dev.json @@ -20,6 +20,9 @@ }, "uploadDocumentIteration3Enabled": { "name": "uploadDocumentIteration3Enabled" + }, + "versionNumberEnabled": { + "name": "versionNumberEnabled" } }, "values": { @@ -43,6 +46,10 @@ }, "uploadDocumentIteration3Enabled": { "enabled": "false" + }, + "versionNumberEnabled": { + "enabled": "true", + "gitRef": "##GITREF##" } }, "version": "1" diff --git a/infrastructure/modules/app_config/configurations/pre-prod.json b/infrastructure/modules/app_config/configurations/pre-prod.json index 9b1a1d952..bce0235f5 100644 --- a/infrastructure/modules/app_config/configurations/pre-prod.json +++ b/infrastructure/modules/app_config/configurations/pre-prod.json @@ -20,6 +20,9 @@ }, "uploadDocumentIteration3Enabled": { "name": "uploadDocumentIteration3Enabled" + }, + "versionNumberEnabled": { + "name": "versionNumberEnabled" } }, "values": { @@ -43,6 +46,10 @@ }, "uploadDocumentIteration3Enabled": { "enabled": "false" + }, + "versionNumberEnabled": { + "enabled": "true", + "gitRef": "##GITREF##" } }, "version": "1" diff --git a/infrastructure/modules/app_config/configurations/prod.json b/infrastructure/modules/app_config/configurations/prod.json index 9b1a1d952..bce0235f5 100644 --- a/infrastructure/modules/app_config/configurations/prod.json +++ b/infrastructure/modules/app_config/configurations/prod.json @@ -20,6 +20,9 @@ }, "uploadDocumentIteration3Enabled": { "name": "uploadDocumentIteration3Enabled" + }, + "versionNumberEnabled": { + "name": "versionNumberEnabled" } }, "values": { @@ -43,6 +46,10 @@ }, "uploadDocumentIteration3Enabled": { "enabled": "false" + }, + "versionNumberEnabled": { + "enabled": "true", + "gitRef": "##GITREF##" } }, "version": "1" diff --git a/infrastructure/modules/app_config/configurations/sandbox.json b/infrastructure/modules/app_config/configurations/sandbox.json index bf0e95a59..4959f319f 100644 --- a/infrastructure/modules/app_config/configurations/sandbox.json +++ b/infrastructure/modules/app_config/configurations/sandbox.json @@ -20,6 +20,9 @@ }, "uploadDocumentIteration3Enabled": { "name": "uploadDocumentIteration3Enabled" + }, + "versionNumberEnabled": { + "name": "versionNumberEnabled" } }, "values": { @@ -43,6 +46,10 @@ }, "uploadDocumentIteration3Enabled": { "enabled": "false" + }, + "versionNumberEnabled": { + "enabled": "true", + "gitRef": "##GITREF##" } }, "version": "1" diff --git a/scripts/cleanup_sandboxes.py b/scripts/cleanup_sandboxes.py index ad9eb346f..f2001a73b 100644 --- a/scripts/cleanup_sandboxes.py +++ b/scripts/cleanup_sandboxes.py @@ -1,10 +1,11 @@ +import json import time import boto3, os, requests, sys from botocore.exceptions import ClientError -def trigger_delete_workflow(token: str, sandbox: str): +def trigger_delete_workflow(token: str, git_ref: str, sandbox: str): owner = "NHSDigital" repo = "national-document-repository-infrastructure" workflow = "tear-down-sandbox.yml" @@ -17,7 +18,7 @@ def trigger_delete_workflow(token: str, sandbox: str): } inputs = { - "git_ref": "main", + "git_ref": git_ref, "sandbox_name": sandbox, "environment": "development", } @@ -50,6 +51,55 @@ def get_workspaces() -> list[str]: print(f"Failed to extract TF workspace from AppConfig applications: {str(e)}") sys.exit(1) +def get_workspace_git_ref(sandbox: str) -> str: + client = boto3.client("appconfig") + application_name = f"RepositoryConfiguration-{sandbox}" + config_profile_name = f"config-profile-{sandbox}" + git_ref = "main" + + try: + applications = client.list_applications().get("Items") + application_id = None + for application in applications: + if application.get("Name") == application_name: + application_id = application.get("Id") + break + + if not application_id: + return git_ref + + configuration_profiles = client.list_configuration_profiles( + ApplicationId=application_id + ).get("Items") + + for config_profile in configuration_profiles: + if config_profile.get("Name") == config_profile_name: + profileId = config_profile.get("Id") + + session_response = client.start_configuration_session( + ApplicationIdentifier=application_id, + EnvironmentIdentifier=sandbox, + ConfigurationProfileIdentifier=profileId + ) + initial_token = session_response['InitialConfigurationToken'] + + # Get latest configuration + config_response = client.get_latest_configuration( + ConfigurationToken=initial_token + ) + + # Parse configuration content + config_content = config_response['Configuration'].read() + config_data = json.loads(config_content) + + # Extract gitRef + git_ref=config_data.get('versionNumberEnabled', {}).get('gitRef') + + return git_ref + + except ClientError: + return git_ref + if __name__ == "__main__": gh_pat = os.getenv("GIT_WORKFLOW_PAT") @@ -62,5 +112,6 @@ def get_workspaces() -> list[str]: workspaces = get_workspaces() for workspace in workspaces: if workspace not in excluded: - trigger_delete_workflow(token=gh_pat, sandbox=workspace) + git_ref = get_workspace_git_ref(workspace) + trigger_delete_workflow(token=gh_pat, git_ref=git_ref, sandbox=workspace) time.sleep(300) # Wait 5 min between executions to avoid an AWS concurrency issue. From b5d02b5e36cc0e654662877ae89016a2648ee14f Mon Sep 17 00:00:00 2001 From: adamwhitingnhs Date: Tue, 25 Nov 2025 14:47:29 +0000 Subject: [PATCH 2/2] add attribute --- .../modules/app_config/configurations/dev.json | 9 ++++++++- .../modules/app_config/configurations/pre-prod.json | 9 ++++++++- .../modules/app_config/configurations/prod.json | 9 ++++++++- .../modules/app_config/configurations/sandbox.json | 9 ++++++++- 4 files changed, 32 insertions(+), 4 deletions(-) diff --git a/infrastructure/modules/app_config/configurations/dev.json b/infrastructure/modules/app_config/configurations/dev.json index 4959f319f..c75644a57 100644 --- a/infrastructure/modules/app_config/configurations/dev.json +++ b/infrastructure/modules/app_config/configurations/dev.json @@ -22,7 +22,14 @@ "name": "uploadDocumentIteration3Enabled" }, "versionNumberEnabled": { - "name": "versionNumberEnabled" + "name": "versionNumberEnabled", + "attributes": { + "gitRef": { + "constraints": { + "type": "string" + } + } + } } }, "values": { diff --git a/infrastructure/modules/app_config/configurations/pre-prod.json b/infrastructure/modules/app_config/configurations/pre-prod.json index bce0235f5..e8f1fdbf5 100644 --- a/infrastructure/modules/app_config/configurations/pre-prod.json +++ b/infrastructure/modules/app_config/configurations/pre-prod.json @@ -22,7 +22,14 @@ "name": "uploadDocumentIteration3Enabled" }, "versionNumberEnabled": { - "name": "versionNumberEnabled" + "name": "versionNumberEnabled", + "attributes": { + "gitRef": { + "constraints": { + "type": "string" + } + } + } } }, "values": { diff --git a/infrastructure/modules/app_config/configurations/prod.json b/infrastructure/modules/app_config/configurations/prod.json index bce0235f5..e8f1fdbf5 100644 --- a/infrastructure/modules/app_config/configurations/prod.json +++ b/infrastructure/modules/app_config/configurations/prod.json @@ -22,7 +22,14 @@ "name": "uploadDocumentIteration3Enabled" }, "versionNumberEnabled": { - "name": "versionNumberEnabled" + "name": "versionNumberEnabled", + "attributes": { + "gitRef": { + "constraints": { + "type": "string" + } + } + } } }, "values": { diff --git a/infrastructure/modules/app_config/configurations/sandbox.json b/infrastructure/modules/app_config/configurations/sandbox.json index 4959f319f..c75644a57 100644 --- a/infrastructure/modules/app_config/configurations/sandbox.json +++ b/infrastructure/modules/app_config/configurations/sandbox.json @@ -22,7 +22,14 @@ "name": "uploadDocumentIteration3Enabled" }, "versionNumberEnabled": { - "name": "versionNumberEnabled" + "name": "versionNumberEnabled", + "attributes": { + "gitRef": { + "constraints": { + "type": "string" + } + } + } } }, "values": {