[PRM-609] Add git ref feature flag

.github/workflows/deploy-sandbox.yml

@@ -107,7 +107,19 @@ jobs:
       - name: Checkout Branch
         uses: actions/checkout@v5
         with:
-          ref: ${{ github.event.inputs.git_ref}}
+          ref: ${{ github.event.inputs.git_ref }}
+
+      - name: Replace versionNumber in app config
+        run: |
+          git_ref="${{ github.event.inputs.git_ref }}"
+          config_file="./modules/app_config/configurations/sandbox.json"
+          if [[ -f "$config_file" ]]; then
+            sed -i "s/##GITREF##/${git_ref}/" "$config_file"
+          else
+            echo "Configuration file not found: $config_file"
+            exit 1
+          fi
+        working-directory: ./infrastructure
 
         # Checks that all Terraform configuration files adhere to a canonical format.
       - name: Check Terraform Formatting

infrastructure/modules/app_config/configurations/dev.json

@@ -20,6 +20,16 @@
         },
         "uploadDocumentIteration3Enabled": {
             "name": "uploadDocumentIteration3Enabled"
+        },
+        "versionNumberEnabled": {
+            "name": "versionNumberEnabled",
+            "attributes": {
+                "gitRef": {
+                    "constraints": {
+                        "type": "string"
+                    }
+                }
+            }
         }
     },
     "values": {
@@ -43,6 +53,10 @@
         },
         "uploadDocumentIteration3Enabled": {
             "enabled": "false"
+        },
+        "versionNumberEnabled": {
+            "enabled": "true",
+            "gitRef": "##GITREF##"
         }
     },
     "version": "1"

infrastructure/modules/app_config/configurations/pre-prod.json

@@ -20,6 +20,16 @@
         },
         "uploadDocumentIteration3Enabled": {
             "name": "uploadDocumentIteration3Enabled"
+        },
+        "versionNumberEnabled": {
+            "name": "versionNumberEnabled",
+            "attributes": {
+                "gitRef": {
+                    "constraints": {
+                        "type": "string"
+                    }
+                }
+            }
         }
     },
     "values": {
@@ -43,6 +53,10 @@
         },
         "uploadDocumentIteration3Enabled": {
             "enabled": "false"
+        },
+        "versionNumberEnabled": {
+            "enabled": "true",
+            "gitRef": "##GITREF##"
         }
     },
     "version": "1"

infrastructure/modules/app_config/configurations/prod.json

@@ -20,6 +20,16 @@
         },
         "uploadDocumentIteration3Enabled": {
             "name": "uploadDocumentIteration3Enabled"
+        },
+        "versionNumberEnabled": {
+            "name": "versionNumberEnabled",
+            "attributes": {
+                "gitRef": {
+                    "constraints": {
+                        "type": "string"
+                    }
+                }
+            }
         }
     },
     "values": {
@@ -43,6 +53,10 @@
         },
         "uploadDocumentIteration3Enabled": {
             "enabled": "false"
+        },
+        "versionNumberEnabled": {
+            "enabled": "true",
+            "gitRef": "##GITREF##"
         }
     },
     "version": "1"

infrastructure/modules/app_config/configurations/sandbox.json

@@ -20,6 +20,16 @@
         },
         "uploadDocumentIteration3Enabled": {
             "name": "uploadDocumentIteration3Enabled"
+        },
+        "versionNumberEnabled": {
+            "name": "versionNumberEnabled",
+            "attributes": {
+                "gitRef": {
+                    "constraints": {
+                        "type": "string"
+                    }
+                }
+            }
         }
     },
     "values": {
@@ -43,6 +53,10 @@
         },
         "uploadDocumentIteration3Enabled": {
             "enabled": "false"
+        },
+        "versionNumberEnabled": {
+            "enabled": "true",
+            "gitRef": "##GITREF##"
         }
     },
     "version": "1"

scripts/cleanup_sandboxes.py

@@ -1,10 +1,11 @@
+import json
 import time
 import boto3, os, requests, sys
 
 from botocore.exceptions import ClientError
 
 
-def trigger_delete_workflow(token: str, sandbox: str):
+def trigger_delete_workflow(token: str, git_ref: str, sandbox: str):
     owner = "NHSDigital"
     repo = "national-document-repository-infrastructure"
     workflow = "tear-down-sandbox.yml"
@@ -17,7 +18,7 @@ def trigger_delete_workflow(token: str, sandbox: str):
     }
 
     inputs = {
-        "git_ref": "main",
+        "git_ref": git_ref,
         "sandbox_name": sandbox,
         "environment": "development",
     }
@@ -50,6 +51,55 @@ def get_workspaces() -> list[str]:
         print(f"Failed to extract TF workspace from AppConfig applications: {str(e)}")
         sys.exit(1)
 
+def get_workspace_git_ref(sandbox: str) -> str:
+    client = boto3.client("appconfig")
+    application_name = f"RepositoryConfiguration-{sandbox}"
+    config_profile_name = f"config-profile-{sandbox}"
+    git_ref = "main"
+
+    try:
+        applications = client.list_applications().get("Items")
+        application_id = None
+        for application in applications:
+            if application.get("Name") == application_name:
+                application_id = application.get("Id")
+                break
+
+        if not application_id:
+            return git_ref
+
+        configuration_profiles = client.list_configuration_profiles(
+            ApplicationId=application_id
+        ).get("Items")
+
+        for config_profile in configuration_profiles:
+            if config_profile.get("Name") == config_profile_name:
+                profileId = config_profile.get("Id")
+
+                session_response = client.start_configuration_session(
+                    ApplicationIdentifier=application_id,
+                    EnvironmentIdentifier=sandbox,
+                    ConfigurationProfileIdentifier=profileId
+                )
+                initial_token = session_response['InitialConfigurationToken']
+
+                # Get latest configuration
+                config_response = client.get_latest_configuration(
+                    ConfigurationToken=initial_token
+                )
+
+                # Parse configuration content
+                config_content = config_response['Configuration'].read()
+                config_data = json.loads(config_content)
+
+                # Extract gitRef
+                git_ref=config_data.get('versionNumberEnabled', {}).get('gitRef')
+
+        return git_ref
+
+    except ClientError:
+        return git_ref
+
 
 if __name__ == "__main__":
     gh_pat = os.getenv("GIT_WORKFLOW_PAT")
@@ -62,5 +112,6 @@ def get_workspaces() -> list[str]:
     workspaces = get_workspaces()
     for workspace in workspaces:
         if workspace not in excluded:
-            trigger_delete_workflow(token=gh_pat, sandbox=workspace)
+            git_ref = get_workspace_git_ref(workspace)
+            trigger_delete_workflow(token=gh_pat, git_ref=git_ref, sandbox=workspace)
             time.sleep(300) # Wait 5 min between executions to avoid an AWS concurrency issue.